Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop-up ads of death


  • Please log in to reply
1 reply to this topic

#1 Bob The Chainsaw

Bob The Chainsaw

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 22 December 2008 - 12:49 PM

I've been getting a constant stream of pop-up ads. I use Firefox, but these all show up in Internet Explorer. They usually relate to what I'm browsing. For example, if I'm browsing these forums an ad for a bogus fake antivirus program might show up. Here's the log.
Logfile of random's system information tool 1.05 (written by random/random)
Run by Andrew at 2008-12-22 12:45:36
Microsoft Windows XP Professional Service Pack 2
System drive C: has 57 GB (51%) free of 111 GB
Total RAM: 1023 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:51 PM, on 12/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Andrew\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Andrew.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {22d681d0-f829-4eae-a524-cd480292f356} - C:\WINDOWS\system32\bajibuli.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [dogohukala] Rundll32.exe "C:\WINDOWS\system32\milokira.dll",s
O4 - HKLM\..\Run: [0cb71522] rundll32.exe "C:\WINDOWS\system32\hirihubi.dll",b
O4 - HKLM\..\Run: [CPM0f8426be] Rundll32.exe "c:\windows\system32\bodonope.dll",a
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKUS\S-1-5-19\..\Run: [dogohukala] Rundll32.exe "C:\WINDOWS\system32\milokira.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [dogohukala] Rundll32.exe "C:\WINDOWS\system32\milokira.dll",s (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\nivedusa.dll c:\windows\system32\bodonope.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bodonope.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bodonope.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 4382 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22d681d0-f829-4eae-a524-cd480292f356}]
C:\WINDOWS\system32\bajibuli.dll [2008-09-19 60416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe [2008-03-25 144784]
"dogohukala"=C:\WINDOWS\system32\milokira.dll [2008-09-19 60416]
"0cb71522"=C:\WINDOWS\system32\hirihubi.dll [2008-12-22 83174]
"CPM0f8426be"=c:\windows\system32\bodonope.dll [2008-12-22 96015]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=c:\program files\steam\steam.exe [2008-09-08 1410296]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2008-07-21 2752512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\nivedusa.dll c:\windows\system32\bodonope.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-09-29 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bodonope.dll [2008-12-22 96015]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bodonope.dll [2008-12-22 96015]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\nivedusa.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Steam\steamapps\dilandau_sama\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\dilandau_sama\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\dilandau_sama\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\dilandau_sama\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\dilandau_sama\the ship\ship.exe"="C:\Program Files\Steam\steamapps\dilandau_sama\the ship\ship.exe:*:Enabled:ship"
"C:\Program Files\THQ\Company of Heroes\RelicCOH.exe"="C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:*:Enabled:RelicCOH"
"C:\Program Files\Steam\steamapps\dilandau_sama\garrysmod\hl2.exe"="C:\Program Files\Steam\steamapps\dilandau_sama\garrysmod\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\dilandau_sama\day of defeat source\hl2.exe"="C:\Program Files\Steam\steamapps\dilandau_sama\day of defeat source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\dilandau_sama\day of defeat source beta\hl2.exe"="C:\Program Files\Steam\steamapps\dilandau_sama\day of defeat source beta\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Steam\steamapps\dilandau_sama\half-life\hl.exe"="C:\Program Files\Steam\steamapps\dilandau_sama\half-life\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\steamapps\thebunnylord\day of defeat source\hl2.exe"="C:\Program Files\Steam\steamapps\thebunnylord\day of defeat source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe"="C:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe:*:Enabled:Jedi Academy MultiPlayer"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Steam\steamapps\dilandau_sama\team fortress classic\hl.exe"="C:\Program Files\Steam\steamapps\dilandau_sama\team fortress classic\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\steamapps\rollercoastergy\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\rollercoastergy\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\thebunnylord\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\thebunnylord\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\dilandau_sama\source sdk base\hl2.exe"="C:\Program Files\Steam\steamapps\dilandau_sama\source sdk base\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\dilandau_sama\source sdk base 2007\hl2.exe"="C:\Program Files\Steam\steamapps\dilandau_sama\source sdk base 2007\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\dilandau_sama\half-life 2 deathmatch\hl2.exe"="C:\Program Files\Steam\steamapps\dilandau_sama\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\ericesn\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\ericesn\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\ericesn\half-life 2 deathmatch\hl2.exe"="C:\Program Files\Steam\steamapps\ericesn\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\thebunnylord\source sdk base\hl2.exe"="C:\Program Files\Steam\steamapps\thebunnylord\source sdk base\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2008-12-22 12:45:36 ----D---- C:\rsit
2008-12-22 12:45:10 ----D---- C:\Program Files\Trend Micro
2008-12-22 10:35:04 ----SH---- C:\WINDOWS\system32\ibuhirih.ini
2008-12-21 22:34:54 ----SH---- C:\WINDOWS\system32\uhafawep.ini
2008-12-21 10:34:34 ----SH---- C:\WINDOWS\system32\iwijahes.ini
2008-12-20 13:35:34 ----SH---- C:\WINDOWS\system32\oretarik.ini
2008-12-19 21:29:31 ----SH---- C:\WINDOWS\system32\ahesiboy.ini
2008-12-19 09:29:31 ----SH---- C:\WINDOWS\system32\awiroral.ini
2008-12-17 22:37:25 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-17 22:36:37 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-12-17 22:36:24 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-12-17 22:36:10 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-12-17 22:36:01 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-12-16 16:45:05 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2008-12-16 16:44:24 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-16 16:44:18 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-12-16 16:44:00 ----D---- C:\Program Files\Windows Media Connect 2
2008-12-16 16:43:48 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-12-16 16:42:59 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-12-16 16:42:20 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-12-09 21:24:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-09 21:24:48 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-09 21:24:29 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-09 21:24:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-09 21:24:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-08 20:47:37 ----A---- C:\WINDOWS\system32\kbdkor.dll
2008-12-08 20:47:37 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2008-12-08 20:47:37 ----A---- C:\WINDOWS\system32\kbd106.dll
2008-12-08 20:47:37 ----A---- C:\WINDOWS\system32\kbd103.dll
2008-12-08 20:47:37 ----A---- C:\WINDOWS\system32\kbd101c.dll
2008-12-08 20:47:34 ----A---- C:\WINDOWS\system32\kbd101b.dll

======List of files/folders modified in the last 1 months======

2008-12-22 12:45:21 ----D---- C:\WINDOWS\Prefetch
2008-12-22 12:45:10 ----RD---- C:\Program Files
2008-12-22 12:45:10 ----D---- C:\WINDOWS\system32
2008-12-22 12:04:54 ----D---- C:\Program Files\Mozilla Firefox
2008-12-22 11:56:32 ----D---- C:\Program Files\Steam
2008-12-22 10:35:05 ----ASH---- C:\WINDOWS\system32\bodonope.dll
2008-12-22 10:35:04 ----ASH---- C:\WINDOWS\system32\hirihubi.dll
2008-12-22 08:50:59 ----D---- C:\WINDOWS\Temp
2008-12-21 22:49:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-21 22:34:54 ----N---- C:\WINDOWS\system32\pewafahu.dll
2008-12-21 22:34:53 ----ASH---- C:\WINDOWS\system32\jokigaju.dll
2008-12-21 10:34:32 ----N---- C:\WINDOWS\system32\sehajiwi.dll
2008-12-21 10:34:32 ----ASH---- C:\WINDOWS\system32\fujegifu.dll
2008-12-20 13:35:34 ----N---- C:\WINDOWS\system32\kiratero.dll
2008-12-20 13:35:34 ----ASH---- C:\WINDOWS\system32\resemuzu.dll
2008-12-19 21:29:30 ----ASH---- C:\WINDOWS\system32\kugatugi.dll
2008-12-19 17:44:11 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-19 09:29:29 ----ASH---- C:\WINDOWS\system32\nepusenu.dll
2008-12-18 15:29:17 ----D---- C:\WINDOWS
2008-12-17 22:37:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-17 22:37:34 ----HD---- C:\WINDOWS\inf
2008-12-17 22:37:33 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-17 22:36:57 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-17 22:36:40 ----A---- C:\WINDOWS\imsins.BAK
2008-12-17 15:18:55 ----D---- C:\WINDOWS\AppPatch
2008-12-16 16:44:07 ----A---- C:\WINDOWS\win.ini
2008-12-16 16:44:00 ----D---- C:\Program Files\Windows Media Player
2008-12-16 16:43:57 ----D---- C:\WINDOWS\Help
2008-12-16 16:43:10 ----D---- C:\WINDOWS\system32\drivers
2008-12-16 16:42:32 ----D---- C:\WINDOWS\system32\LogFiles
2008-12-12 12:33:23 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-09 21:24:37 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-02-28 36096]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-02-28 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-09-29 2456064]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 ltmodem5;LT Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2003-03-31 625537]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-02-28 61824]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-02-28 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-02-28 57600]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-02-28 20480]
S3 aiqghzoj;aiqghzoj; C:\WINDOWS\system32\drivers\aiqghzoj.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2006-02-28 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-02-28 26496]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-09-29 483328]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-02-28 14336]

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:12:48 PM

Posted 30 December 2008 - 10:34 PM

hi Bob The Chainsaw,

Your post is 4 or 5 days (or more) old. If you still need help, simply reply to the post.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users