ComboFix Log
ComboFix 09-04-04.01 - Phrog 2009-04-11 19:03:51.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2814.2235 [GMT -4:00]
Running from: c:\documents and settings\Phrog\Desktop\ComboFix.exe
AV: Avira Premium Security Suite *On-access scanning disabled* (Updated)
FW: Avira Firewall *disabled*
.
((((((((((((((((((((((((( Files Created from 2009-03-11 to 2009-04-11 )))))))))))))))))))))))))))))))
.
2009-04-09 16:05 . 2009-04-09 16:05 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2009-04-08 08:51 . 2009-04-08 08:51 <DIR> d-------- c:\program files\Bonjour
2009-04-08 08:02 . 2009-04-08 08:02 <DIR> d-------- c:\program files\iPod
2009-04-08 08:02 . 2009-04-08 08:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-08 08:01 . 2009-04-08 08:02 <DIR> d-------- c:\program files\Common Files\Apple
2009-04-08 08:01 . 2009-04-08 08:01 <DIR> d-------- c:\program files\Apple Software Update
2009-04-08 07:21 . 2009-04-08 07:21 <DIR> d-------- c:\documents and settings\Phrog\Application Data\Apple Computer
2009-04-07 15:45 . 2009-04-07 15:45 <DIR> d-------- c:\documents and settings\Phrog\Application Data\Malwarebytes
2009-04-07 15:45 . 2009-04-07 15:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-07 15:45 . 2009-04-06 15:32 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-07 15:45 . 2009-04-06 15:32 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-05 11:07 . 2009-04-07 14:47 <DIR> d-------- c:\documents and settings\Administrator.PHR0G-3F7CE7C45.000
2009-04-01 08:43 . 2009-04-11 18:48 1,366 --a------ c:\windows\Obopuregadagakus.dat
2009-04-01 08:43 . 2009-04-11 18:49 16 --a------ c:\windows\Hgevifemeyudafaw.bin
2009-03-27 14:37 . 2009-03-27 14:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-20 18:32 . 2009-03-20 18:32 <DIR> d-------- c:\documents and settings\Phrog\Application Data\Windows Search
2009-03-13 18:51 . 2009-03-13 18:54 <DIR> d-------- c:\windows\NV2880404.TMP
2009-03-13 16:46 . 2009-03-13 17:36 <DIR> d-------- c:\windows\SxsCaPendDel
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-10 13:10 --------- d-----w c:\program files\SpywareDetector
2009-04-05 14:50 --------- d-----w c:\documents and settings\Phrog\Application Data\Desktopicon
2009-04-04 12:46 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-28 23:18 139,280 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-19 20:32 23,400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-13 22:51 --------- d-----w c:\program files\AGEIA Technologies
2009-03-11 23:14 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-09 00:28 --------- d-----w c:\documents and settings\Phrog\Application Data\The Creative Assembly
2009-02-18 18:44 6,308,224 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2008-11-29 20:37 22,328 ----a-w c:\documents and settings\Phrog\Application Data\PnkBstrK.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="e:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-09-29 106496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"SDActiveMonitor"="c:\program files\SpywareDetector\SDActiveMonitor.exe" [2009-01-07 1364944]
"avgnt"="e:\program files\Avira\Avira Premium Security Suite\avgnt.exe" [2008-06-12 266497]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"VolPanel"="e:\program files\Creative\Volume Panel\VolPanlu.exe" [2008-08-06 233576]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"UnlockerAssistant"="e:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"Pyuyenafidac"="c:\windows\ixebiqobacagayus.dll" [2007-03-08 157184]
"nwiz"="nwiz.exe" [2009-02-18 c:\windows\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2005-08-07 c:\windows\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-07-11 c:\windows\system32\Ctxfihlp.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2005-08-07 c:\windows\MIDIDEF.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDNotify]
2008-12-01 12:15 475136 c:\program files\SpywareDetector\SDNotify.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ SDEarlyDelete \??\c:\program files\SpywareDetector\
0autocheck autochk *
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli mpmonac.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"e:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"e:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"e:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"e:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"e:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"e:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"e:\\Program Files\\Bethesda Softworks\\Fallout 3\\Fallout3.exe"=
"e:\\Program Files\\Steam\\SteamApps\\common\\empire total war\\Empire.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [2008-08-05 71592]
R1 SDManager;SDManager;c:\program files\SpywareDetector\SDManager.sys [2009-01-12 13696]
R2 AntiVirFirewallService;Avira Premium Security Suite Firewall;e:\program files\Avira\Avira Premium Security Suite\avfwsvc.exe [2008-08-05 344321]
R2 AVEService;Avira Premium Security Suite MailGuard helper service;e:\program files\Avira\Avira Premium Security Suite\avesvc.exe [2008-08-05 41217]
R2 SDService;SDService;c:\program files\SpywareDetector\SDService.exe [2008-07-31 1713616]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [2008-08-05 71464]
R3 physX32;physX32;c:\windows\system32\drivers\physX32.sys [2007-09-30 120960]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2005-07-25 348352]
S3 athena;athena;c:\windows\system32\drivers\athena.sys [2006-01-18 107392]
S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [2005-07-25 43392]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2008-11-08 79360]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [2008-11-08 96256]
S3 SaiH8000;SaiH8000;c:\windows\system32\drivers\SaiH8000.sys [2004-07-30 56576]
S3 SDActMon;SDActMon;c:\program files\SpywareDetector\SDActMon.sys [2008-07-31 21888]
S3 SDAntiRtKt;SDAntiRtKt;c:\program files\SpywareDetector\SDAntiRtKt.sys [2008-07-31 11264]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
2009-04-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- e:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []
2009-04-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-04-05 c:\windows\Tasks\Crysis Wars® Updates.job
- c:\windows\Installer\Crysis Wars® Updates for All Users.lnk [2008-10-25 08:24]
2009-04-11 c:\windows\Tasks\User_Feed_Synchronization-{1BF35C0D-7D42-4398-A0DA-086795D423B3}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-Pyuyenafidac - c:\windows\iboguhim.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvLsp.dll
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-04-11 19:07:44
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-299502267-362288127-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-299502267-362288127-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:c4,24,83,0e,7e,54,02,7d,35,6b,b0,87,79,4b,4b,22,2b,f1,1e,ea,af,
23,53,12,47,93,0c,6d,a8,da,85,da,5a,d1,42,84,92,e1,26,4e,ed,8a,bd,f1,8f,05,\
"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1008)
c:\program files\SpywareDetector\SDNotify.dll
- - - - - - - > 'lsass.exe'(1064)
c:\windows\mpmonac.dll
c:\windows\system32\nvLsp.dll
.
------------------------ Other Running Processes ------------------------
.
e:\program files\Avira\Avira Premium Security Suite\sched.exe
c:\windows\system32\rundll32.exe
e:\program files\Avira\Avira Premium Security Suite\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
e:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
e:\program files\NVIDIA Corporation\System Update\UpdateCenterService.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\program files\iPod\bin\iPodService.exe
e:\program files\Avira\Avira Premium Security Suite\avwsc.exe
.
**************************************************************************
.
Completion time: 2009-04-11 19:10:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-11 23:10:29
ComboFix2.txt 2009-04-07 17:31:46
Pre-Run: 16,977,379,328 bytes free
Post-Run: 16,967,815,168 bytes free
190 --- E O F --- 2009-03-13 22:59:54
I ran the HJT scan after everything was done. Below is the log from that.
HJT Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:13:34 PM, on 4/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Avira\Avira Premium Security Suite\sched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\SpywareDetector\SDActiveMonitor.exe
E:\Program Files\Creative\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
E:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\WINDOWS\system32\svchost.exe
E:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
E:\Downloads\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SDActiveMonitor] C:\Program Files\SpywareDetector\SDActiveMonitor.exe -AUTO
O4 - HKLM\..\Run: [avgnt] "E:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [VolPanel] "E:\Program Files\Creative\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UnlockerAssistant] "E:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pyuyenafidac] rundll32.exe "C:\WINDOWS\ixebiqobacagayus.dll",e
O4 - HKCU\..\Run: [NVIDIA nTune] E:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -
http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windowsupd...b?1184716127546O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) -
http://www.creative.com/softwareupdate/su/...101/CTSUEng.cabO16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) -
https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cabO16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) -
http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cabO16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) -
http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cabO16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} -
http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-27-0.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) -
http://www.creative.com/softwareupdate/su/...15106/CTPID.cabO23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - E:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - E:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - E:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Creative Audio Service (CTAudSvcService) - Unknown owner - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - E:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - E:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - E:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
--
End of file - 8982 bytes