Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Safety Center Virus-Cannot run mbam or spybot


  • This topic is locked This topic is locked
10 replies to this topic

#1 DeniseC

DeniseC

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 14 September 2009 - 12:23 PM

I am infected with Safety Center. I dl and installed MBAM, it will run for 2 seconds then close. I also tried to run it in safe mode. I was able to locate some of the files in the registry and removed them.

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 PM

Posted 14 September 2009 - 07:29 PM

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 DeniseC

DeniseC
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 15 September 2009 - 10:24 AM

Doing it right now, thank you.

#4 DeniseC

DeniseC
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 15 September 2009 - 10:27 AM

O.K. Did as instructed ran about 4 seconds closed will not re-open. It created a file on my desktop called settings.dat
I rebooted tried to run it again and get the following messagem which happens to be the same message I get when I try to run Malware Bytes "Windows cannot access the specified device, path, or file. You may not hace the appropriate permissions to access the item. I also get that message when I try to turn my anit virus program on

Edited by DeniseC, 15 September 2009 - 10:34 AM.


#5 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 PM

Posted 15 September 2009 - 04:54 PM

  • Please download System Repair Engineer from here
  • Unzip/extract sreng2.zip to a folder on your desktop
  • Double-click on SREngLdr.EXE to launch System Repair Engineer
  • Click the Smart Scan Icon
  • Click Scan
  • Wait for the scan to finish
  • Click on the Save Reports button
  • Save it to your desktop, using the recommended name of SREngLOG.log
  • Close System Repair Engineer
  • Use notepad to open the SREngLOG.log file
  • Copy & paste the contents of that file as a reply to this topic
  • Note: The log may be long, and you may need several posts to post all of it
  • If you are using a custom HOSTS file, please leave out the HOSTS File section, as it will make the log far too long

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#6 DeniseC

DeniseC
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 18 September 2009 - 11:31 AM

[code=auto:0]

2009-09-18,11:26:55

System Repair Engineer 2.8.1.1279
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 3 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been selected:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Running Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan
Scheduled Tasks
Windows Security Update Check
API HOOK
Hidden Process


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Component Publisher]
<Monopod><C:\TEMP\b.exe> [File is missing]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<High Definition Audio Property Page Shortcut><HDAShCut.exe> [(Verified)Microsoft Windows XP Publisher]
<CoolSwitch><C:\WINDOWS\system32\taskswitch.exe> []
<IgfxTray><C:\WINDOWS\system32\igfxtray.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<Persistence><C:\WINDOWS\system32\igfxpers.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<TkBellExe><C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot> [RealNetworks, Inc.]
<QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Inc.]
<Acrobat Assistant 8.0><"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"> [(Verified)"Adobe Systems, Incorporated"]
<RoxioDragToDisc><"C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"> [(Verified)Sonic Solutions]
<ISUSPM Startup><C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup> [InstallShield Software Corporation]
<ISUSScheduler><"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start> [InstallShield Software Corporation]
<PDVDDXSrv><"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"> [CyberLink Corp.]
<ZCfgSvc.exe><C:\WINDOWS\system32\ZCfgSvc.exe> [Intel Corporation]
<PRONoMgr.exe><C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe> [Intel® Corporation]
<ATIPTA><"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"> [ATI Technologies, Inc.]
<Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"]
<GrooveMonitor><"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"> [(Verified)Microsoft Corporation]
<WinampAgent><"C:\Program Files\Winamp\winampa.exe"> []
<SunJavaUpdateSched><"C:\Program Files\Java\jre6\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL> [Sophos Plc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows Component Publisher]
<{B5A7F190-DDA6-4420-B3BA-52453494E6CD}><C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<WebCheck><C:\WINDOWS\system32\webcheck.dll> [(Verified)Microsoft Windows Component Publisher]
<SysTray><C:\WINDOWS\system32\stobject.dll> [(Verified)Microsoft Windows Component Publisher]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
<WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
<WinlogonNotify: igfxcui><igfxdev.dll> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring]
<WinlogonNotify: Sebring><C:\WINDOWS\system32\LgNotify.dll> [Intel Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
<Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA851-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Web Publishing Wizard 1.52><rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserStub> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\System32\logon.scr> [(Verified)Microsoft Windows Component Publisher]

==================================
Startup Folders
[AutoUpdate Monitor]
<C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk --> C:\PROGRA~1\Sophos\AUTOUP~1\ALMon.exe [Sophos Plc]><N>
[OneNote 2007 Screen Clipper and Launcher]
<C:\Documents and Settings\chandkd\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk --> C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [Microsoft Corporation]><N>

==================================
Services
[Ati HotKey Poller / Ati HotKey Poller][Stopped/Auto Start]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[BackLog EventLog Forwarder / BackLog][Running/Auto Start]
<C:\program files\BackLog\AuditService.exe><N/A>
[FLEXnet Licensing Service / FLEXnet Licensing Service][Running/Manual Start]
<"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"><Macrovision Europe Ltd.>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
<"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[Java Quick Starter / JavaQuickStarterService][Running/Auto Start]
<"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"><Sun Microsystems, Inc.>
[Intel NCS NetService / NetSvc][Stopped/Manual Start]
<C:\Program Files\Intel\NCS\Sync\NetSvc.exe><Intel® Corporation>
[RegSrvc / RegSrvc][Running/Auto Start]
<C:\WINDOWS\system32\RegSrvc.exe><Intel Corporation>
[RSH Daemon / rshd][Running/Auto Start]
<C:\WINDOWS\local\etc\rshd.exe><N/A>
[Spectrum24 Event Monitor / S24EventMonitor][Running/Auto Start]
<C:\WINDOWS\system32\S24EvMon.exe><Intel Corporation>
[Sophos Anti-Virus status reporter / SAVAdminService][Running/Auto Start]
<"C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe"><Sophos Plc>
[Sophos Anti-Virus / SAVService][Stopped/Auto Start]
<"C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe"><N/A>
[Sophos Agent / Sophos Agent][Running/Auto Start]
<"C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe" -service -name Agent ><Sophos Plc>
[Sophos AutoUpdate Service / Sophos AutoUpdate Service][Running/Auto Start]
<"C:\Program Files\Sophos\AutoUpdate\ALsvc.exe" ><Sophos Plc>
[Sophos Message Router / Sophos Message Router][Running/Auto Start]
<"C:\Program Files\Sophos\Remote Management System\RouterNT.exe" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194><Sophos Plc>
[stllssvr / stllssvr][Stopped/Manual Start]
<"C:\Program Files\Common Files\SureThing Shared\stllssvr.exe"><MicroVision Development, Inc.>

==================================
Drivers
[AEGIS Protocol (IEEE 802.1x) v3.2.0.3 / AegisP][Running/Auto Start]
<system32\DRIVERS\AegisP.sys><Meetinghouse Data Communications>
[ati2mtag / ati2mtag][Stopped/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Broadcom NetXtreme Gigabit Ethernet / b57w2k][Running/Manual Start]
<system32\DRIVERS\b57xp32.sys><Broadcom Corporation>
[DLABMFSM / DLABMFSM][Running/Auto Start]
<System32\DLA\DLABMFSM.SYS><Roxio>
[DLABOIOM / DLABOIOM][Running/Auto Start]
<System32\DLA\DLABOIOM.SYS><Roxio>
[DLACDBHM / DLACDBHM][Running/System Start]
<System32\Drivers\DLACDBHM.SYS><Roxio>
[DLADResM / DLADResM][Running/Auto Start]
<System32\DLA\DLADResM.SYS><Roxio>
[DLAIFS_M / DLAIFS_M][Running/Auto Start]
<System32\DLA\DLAIFS_M.SYS><Roxio>
[DLAOPIOM / DLAOPIOM][Running/Auto Start]
<System32\DLA\DLAOPIOM.SYS><Roxio>
[DLAPoolM / DLAPoolM][Running/Auto Start]
<System32\DLA\DLAPoolM.SYS><Roxio>
[DLARTL_M / DLARTL_M][Running/System Start]
<System32\Drivers\DLARTL_M.SYS><Roxio>
[DLAUDFAM / DLAUDFAM][Running/Auto Start]
<System32\DLA\DLAUDFAM.SYS><Roxio>
[DLAUDF_M / DLAUDF_M][Running/Auto Start]
<System32\DLA\DLAUDF_M.SYS><Roxio>
[DRVMCDB / DRVMCDB][Running/Boot Start]
<\SystemRoot\System32\Drivers\DRVMCDB.SYS><Sonic Solutions>
[DRVNDDM / DRVNDDM][Running/Auto Start]
<System32\Drivers\DRVNDDM.SYS><Roxio>
[GhostMountMonitor - Boot Phase Driver / GhMon][Stopped/Boot Start]
<\SystemRoot\System32\Drivers\ghmon.sys><N/A>
[GhostPostConfig - Boot Phase Driver / GhPostConfig][Stopped/Boot Start]
<\SystemRoot\System32\Drivers\ghpcw2k.sys><N/A>
[GhostPostConfig - Auto Phase Driver / GhPostConfig_Auto][Stopped/Auto Start]
<System32\Drivers\ghpcw2k.sys><N/A>
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Running/Manual Start]
<system32\drivers\HdAudio.sys><Windows ® Server 2003 DDK provider>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys><Windows ® Server 2003 DDK provider>
[ialm / ialm][Running/Manual Start]
<system32\DRIVERS\igxpmp32.sys><Intel Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[rootrepeal / rootrepeal][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\rootrepeal.sys><N/A>
[WLAN Transport / s24trans][Running/Auto Start]
<system32\DRIVERS\s24trans.sys><Intel Corporation>
[SAVOnAccessControl / SAVOnAccessControl][Running/System Start]
<system32\DRIVERS\savonaccesscontrol.sys><Sophos Plc>
[SAVOnAccessFilter / SAVOnAccessFilter][Running/System Start]
<system32\DRIVERS\savonaccessfilter.sys><Sophos Plc>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SMC IrCC Miniport Device Driver / SMCIRDA][Stopped/Manual Start]
<system32\DRIVERS\smcirda.sys><SMC>
[SophosBootDriver / SophosBootDriver][Stopped/Disabled]
<system32\DRIVERS\SophosBootDriver.sys><Sophos Plc>
[Audio Driver (WDM) - SigmaTel CODEC / STAC97][Stopped/Manual Start]
<system32\drivers\stac97.sys><SigmaTel, Inc.>
[Intel® PRO/Wireless 7100 Adapter Driver for Windows XP / w70n51][Stopped/Manual Start]
<system32\DRIVERS\w70n51.sys><Intel® Corporation>

==================================
Browser Add-ons
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[Sophos Web Content Scanner]
{39EA7695-B3F2-4C44-A4BC-297ADA8FD235} <C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll, (Signed) Sophos Plc>
[Spybot-S&D IE Protection]
{53707962-6F74-2D53-2644-206D7942484F} <C:\Program Files\spybot\SDHelper.dll, (Signed) Safer Networking Limited>
[]
{5C255C8A-E604-49b4-9D64-90988571CECB} <, >
[WsftpBrowserHelper Class]
{601ED020-FB6C-11D3-87D8-0050DA59922B} <C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll, Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421>
[Groove GFS Browser Helper]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} <C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll, (Signed) Microsoft Corporation>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[Adobe PDF Conversion Toolbar Helper]
{AE7CD045-E861-484f-8273-0445EE161910} <C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll, (Signed) Adobe Systems Incorporated>
[Java™ Plug-In 2 SSV Helper]
{DBC80044-A445-435b-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, Sun Microsystems, Inc.>
[JQSIEStartDetectorImpl Class]
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} <C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll, Sun Microsystems, Inc.>
[Send to OneNote from Internet Explorer button]
{2670000A-7350-4f3c-8081-5663EE0C6C49} <C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll, (Signed) Microsoft Corporation>
[&Research]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[Spybot-S&D IE Protection]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} <C:\Program Files\spybot\SDHelper.dll, (Signed) Safer Networking Limited>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[Adobe PDF]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll, (Signed) Adobe Systems Incorporated>
[Facebook Photo Uploader 5 Control]
{0CCA191D-13A6-4E29-B746-314DEE697D83} <C:\WINDOWS\Downloaded Program Files\PhotoUploader5.ocx, (Signed) The Facebook>
[Facebook Photo Uploader 5 Control]
{8100D56A-5661-482C-BEE8-AFECE305D968} <C:\WINDOWS\Downloaded Program Files\PhotoUploader55.ocx, (Signed) The Facebook>
[Java Plug-in 1.6.0_12]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[]
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, >
[Java Plug-in 1.5.0_06]
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[Java Plug-in 1.5.0_09]
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[Java Plug-in 1.6.0_12]
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[Java Plug-in 1.6.0_12]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\npjpi160_12.dll, (Signed) Sun Microsystems, Inc.>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >
[Facebook Photo Uploader 5 Control]
{0CCA191D-13A6-4E29-B746-314DEE697D83} <C:\WINDOWS\Downloaded Program Files\PhotoUploader5.ocx, (Signed) The Facebook>
[PeerDraw Class]
{10072CEC-8CC1-11D1-986E-00A0C955B42E} <%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll, (Signed) N/A>
[InformationCardSigninHelper Class]
{19916E01-B44E-4E31-94A4-4696DF46157B} <C:\WINDOWS\system32\icardie.dll, (Signed) Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[Shockwave ActiveX Control]
{233C1507-6A77-46A4-9443-F871F945D258} <C:\WINDOWS\system32\Macromed\Director\SwDir.dll, (Signed) Adobe Systems, Inc.>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation>
[]
{2670000A-7350-4F3C-8081-5663EE0C6C49} <, >
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XSL Template]
{2933BF94-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[HtmlDlgSafeHelper Class]
{3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, (Signed) Microsoft Corporation>
[IETag Factory]
{38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, (Signed) Microsoft Corporation>
[Sophos Web Content Scanner]
{39EA7695-B3F2-4C44-A4BC-297ADA8FD235} <C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll, (Signed) Sophos Plc>
[QuickTime Object]
{4063BE15-3B08-470D-A0D5-B37161CFFD69} <C:\Program Files\QuickTime\QTPlugin.ocx, (Signed) Apple Inc.>
[Adobe PDF]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll, (Signed) Adobe Systems Incorporated>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[Spybot-S&D IE Protection]
{53707962-6F74-2D53-2644-206D7942484F} <C:\Program Files\spybot\SDHelper.dll, (Signed) Safer Networking Limited>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[]
{5C255C8A-E604-49B4-9D64-90988571CECB} <, >
[]
{5D637FAD-E202-48D1-8F18-5B9C459BD1E3} <, >
[WsftpBrowserHelper Class]
{601ED020-FB6C-11D3-87D8-0050DA59922B} <C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll, Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[Groove GFS Browser Helper]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} <C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll, (Signed) Microsoft Corporation>
[]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <, >
[Facebook Photo Uploader 5 Control]
{8100D56A-5661-482C-BEE8-AFECE305D968} <C:\WINDOWS\Downloaded Program Files\PhotoUploader55.ocx, (Signed) The Facebook>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[XML DOM Document 6.0]
{88D96A05-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[Free Threaded XML DOM Document 6.0]
{88D96A06-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[XSL Template 6.0]
{88D96A08-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[XML HTTP 6.0]
{88D96A0A-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[Java Plug-in 1.6.0_12]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[]
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, >
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[]
{A8F2B9BD-A6A0-486A-9744-18920D898429} <, >
[Adobe PDF Conversion Toolbar Helper]
{AE7CD045-E861-484F-8273-0445EE161910} <C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll, (Signed) Adobe Systems Incorporated>
[Java Plug-in 1.6.0_12]
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[AUDIO__MID Moniker Class]
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[AUDIO__WAV Moniker Class]
{CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\Program Files\Real\RealPlayer Enterprise\rmoc3260.dll, RealNetworks, Inc.>
[Windows Live Sign-in Control]
{D2517915-48CE-4286-970F-921E881B8C5C} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx, (Signed) Adobe Systems, Inc.>
[Microsoft Agent Control 2.0]
{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F} <C:\WINDOWS\msagent\agentctl.dll, (Signed) Microsoft Corporation>
[MessengerChecker Class]
{DA4F543C-C8A9-4E88-9A79-548CBB46F18F} <C:\Program Files\Yahoo!\Messenger\YPagerChecker.dll, (Signed) Yahoo! Inc.>
[Java™ Plug-In 2 SSV Helper]
{DBC80044-A445-435B-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, Sun Microsystems, Inc.>
[]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} <, >
[Microsoft Silverlight]
{DFEAF541-F3E1-4C24-ACAC-99C30715084A} <c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll, (Signed) Microsoft Corporation>
[]
{E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGSC1~1.DLL, (Signed) Microsoft Corporation>
[]
{E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[JQSIEStartDetectorImpl Class]
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} <C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll, Sun Microsystems, Inc.>
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML HTTP 3.0]
{F5078F35-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML DOM Document]
{F6D90F11-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[Free Threaded XML DOM Document]
{F6D90F12-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[]
{FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[IERPCtl Class]
{FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} <C:\Program Files\Common Files\Real\RCAPlugins\chdo3260.dll, RealNetworks>
[Append to existing PDF]
<res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[Convert link target to Adobe PDF]
<res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[Convert link target to existing PDF]
<res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[Convert selected links to Adobe PDF]
<res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A>
[Convert selected links to existing PDF]
<res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A>
[Convert selection to Adobe PDF]
<res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[Convert selection to existing PDF]
<res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[Convert to Adobe PDF]
<res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[E&xport to Microsoft Excel]
<res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000, N/A>

#7 DeniseC

DeniseC
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 18 September 2009 - 11:32 AM

==================================
Running Processes
[PID: 636 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 684 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 708 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[\\?\globalroot\Device\__max++>\54BD6B90.x86.dll] [N/A, ]
[C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4124]
[C:\WINDOWS\system32\LgNotify.dll] [Intel Corporation, 7, 1, 4, 4]
[C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.4642]
[PID: 752 / SYSTEM][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[PID: 764 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[PID: 976 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[PID: 1060 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[\\?\globalroot\Device\__max++>\54BD6B90.x86.dll] [N/A, ]
[PID: 1152 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[\\?\globalroot\Device\__max++>\54BD6B90.x86.dll] [N/A, ]
[PID: 1220 / SYSTEM][C:\WINDOWS\system32\S24EvMon.exe] [Intel Corporation , 7, 1, 4, 4]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[PID: 1252 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[\\?\globalroot\Device\__max++>\54BD6B90.x86.dll] [N/A, ]
[PID: 1304 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[\\?\globalroot\Device\__max++>\54BD6B90.x86.dll] [N/A, ]
[PID: 1528 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[\\?\globalroot\Device\__max++>\54BD6B90.x86.dll] [N/A, ]
[C:\WINDOWS\system32\AdobePDF.dll] [Adobe Systems Incorporated., 8.0.0.00]
[C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adistres.dll] [Adobe Systems Incorporated., 8.1.0.2007051000]
[C:\WINDOWS\system32\hpbmmon.dll] [Hewlett-Packard, 10.00.16]
[C:\WINDOWS\system32\hpdomon.dll] [Hewlett-Packard, 03.42.00]
[C:\WINDOWS\system32\HPBHealr.dll] [N/A, ]
[C:\WINDOWS\system32\hpzlnt07.dll] [HP, 2,140,0,0]
[C:\WINDOWS\system32\pdfcmnnt.dll] [N/A, ]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp042.dll] [Hewlett-Packard Corporation, 60.042.108.11]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpzntp07.dll] [HP, 2,140,0,0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpz2ku07.dll] [HP, 2,140,0,0]
[PID: 1656 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[\\?\globalroot\Device\__max++>\54BD6B90.x86.dll] [N/A, ]
[PID: 1704 / SYSTEM][C:\program files\BackLog\AuditService.exe] [N/A, ]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[\\?\globalroot\Device\__max++>\54BD6B90.x86.dll] [N/A, ]
[PID: 1784 / SYSTEM][C:\Program Files\Java\jre6\bin\jqs.exe] [Sun Microsystems, Inc., 6.0.120.4]
[C:\Program Files\Java\jre6\bin\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[\\?\globalroot\Device\__max++>\54BD6B90.x86.dll] [N/A, ]
[PID: 1824 / SYSTEM][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[PID: 1936 / SYSTEM][C:\WINDOWS\system32\RegSrvc.exe] [Intel Corporation, 7, 1, 4, 4]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[PID: 192 / SYSTEM][C:\WINDOWS\local\etc\rshd.exe] [N/A, ]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[\\?\globalroot\Device\__max++>\54BD6B90.x86.dll] [N/A, ]
[PID: 228 / SYSTEM][C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe] [Sophos Plc, 1.0.0.4000]
[C:\Program Files\Sophos\Sophos Anti-Virus\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Sophos\Sophos Anti-Virus\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[C:\Program Files\Sophos\Sophos Anti-Virus\SAVI.dll] [Sophos Plc, 7.1.9.451]
[PID: 276 / SYSTEM][C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe] [Sophos Plc, 3,0,12,1746]
[C:\Program Files\Sophos\Remote Management System\ACE.dll] [, 5.4.5]
[\\?\globalroot\Device\__max++>\54BD6B90.x86.dll] [N/A, ]
[C:\Program Files\Sophos\Remote Management System\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Sophos\Remote Management System\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Sophos\Remote Management System\TAO.dll] [, 1.4.5]
[C:\Program Files\Sophos\Remote Management System\TAO_DynamicAny.dll] [, 1.4.5]
[C:\Program Files\Sophos\Remote Management System\CertificationClientLibrary.dll] [Sophos Plc, 3,0,12,1746]
[C:\Program Files\Sophos\Remote Management System\LIBEAY32.dll] [, ]
[C:\Program Files\Sophos\Remote Management System\CertificationLib.dll] [Sophos Plc, 3,0,12,1746]
[C:\Program Files\Sophos\Remote Management System\SSLEAY32.dll] [, ]
[C:\Program Files\Sophos\Remote Management System\MSClientLib.dll] [Sophos Plc, 3,0,12,1746]
[C:\Program Files\Sophos\Remote Management System\ACE_SSL.dll] [, 5.4.5]
[C:\Program Files\Sophos\Remote Management System\TAO_PortableServer.dll] [, 1.4.5]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[C:\Program Files\Sophos\AutoUpdate\AUAdapter.dll] [Sophos Plc, 2.5.5.190]
[C:\Program Files\Sophos\Remote Management System\TAO_SSLIOP.dll] [, 1.4.5]
[C:\Program Files\Sophos\Remote Management System\TAO_Security.dll] [, 1.4.5]
[C:\Program Files\Sophos\Remote Management System\TAO_Valuetype.dll] [, 1.4.5]
[C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdapter.dll] [Sophos Plc, 1.0.0.4031]
[PID: 320 / SYSTEM][C:\Program Files\Sophos\AutoUpdate\ALsvc.exe] [Sophos Plc, 3.8.25.190]
[C:\Program Files\Sophos\AutoUpdate\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Sophos\AutoUpdate\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[C:\Program Files\Sophos\AutoUpdate\config.dll] [Sophos Plc, 1.1.33.131]
[C:\Program Files\Sophos\AutoUpdate\inetconn.dll] [Sophos Plc, 1.2.5.131]
[PID: 452 / SYSTEM][C:\Program Files\Sophos\Remote Management System\RouterNT.exe] [Sophos Plc, 3,0,12,1746]
[C:\Program Files\Sophos\Remote Management System\ACE.dll] [, 5.4.5]
[\\?\globalroot\Device\__max++>\54BD6B90.x86.dll] [N/A, ]
[C:\Program Files\Sophos\Remote Management System\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Sophos\Remote Management System\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Sophos\Remote Management System\ACE_SSL.dll] [, 5.4.5]
[C:\Program Files\Sophos\Remote Management System\LIBEAY32.dll] [, ]
[C:\Program Files\Sophos\Remote Management System\SSLEAY32.dll] [, ]
[C:\Program Files\Sophos\Remote Management System\TAO.dll] [, 1.4.5]
[C:\Program Files\Sophos\Remote Management System\TAO_SSLIOP.dll] [, 1.4.5]
[C:\Program Files\Sophos\Remote Management System\TAO_Security.dll] [, 1.4.5]
[C:\Program Files\Sophos\Remote Management System\TAO_Valuetype.dll] [, 1.4.5]
[C:\Program Files\Sophos\Remote Management System\TAO_PortableServer.dll] [, 1.4.5]
[C:\Program Files\Sophos\Remote Management System\CertificationClientLibrary.dll] [Sophos Plc, 3,0,12,1746]
[C:\Program Files\Sophos\Remote Management System\CertificationLib.dll] [Sophos Plc, 3,0,12,1746]
[C:\Program Files\Sophos\Remote Management System\TAO_DynamicAny.dll] [, 1.4.5]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[PID: 1312 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[\\?\globalroot\Device\__max++>\54BD6B90.x86.dll] [N/A, ]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[PID: 3720 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[PID: 3608 / chandkd][C:\WINDOWS\system32\ZCfgSvc.exe] [Intel Corporation, 7, 1, 4, 4]
[C:\WINDOWS\system32\PfMgrApi.dll] [Intel Corporation, 7, 1, 4, 4]
[C:\WINDOWS\system32\PsRegApi.dll] [Intel Corporation, 7, 1, 4, 4]
[C:\WINDOWS\system32\C1XStngs.dll] [, 7, 1, 4, 4]
[C:\WINDOWS\system32\WConfig.DLL] [Intel Corporation, 7, 1, 4, 4]
[C:\WINDOWS\system32\WiFiAdap.DLL] [Intel Corporation, 7, 1, 4, 4]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[C:\WINDOWS\system32\LsaWrapi.dll] [N/A, ]
[C:\WINDOWS\system32\S24MUDLL.dll] [Intel Corporation, 7, 1, 4, 4]
[C:\WINDOWS\system32\D8021Xps.dll] [N/A, ]
[PID: 1912 / chandkd][C:\WINDOWS\system32\wscntfy.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[PID: 3060 / chandkd][C:\WINDOWS\system32\1XConfig.exe] [Intel Corporation, 7, 1, 4, 4]
[C:\WINDOWS\system32\IntelAE5.dll] [Meetinghouse Data Communications, 3, 0, 28, 0]
[C:\WINDOWS\system32\PsRegApi.dll] [Intel Corporation, 7, 1, 4, 4]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[C:\WINDOWS\system32\D8021Xps.dll] [N/A, ]
[PID: 176 / chandkd][C:\WINDOWS\Explorer.EXE] [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.DLL] [Microsoft Corporation, 8.00.50727.4053]
[c:\AUnet\hostex\HESHELL.DLL] [Hummingbird Communications Ltd., Version: 6.1.0.0]
[C:\Program Files\Roxio\Drag-to-Disc\Shellex.dll] [Roxio, 9.0.0.53]
[C:\WINDOWS\system32\DLAAPI_W.DLL] [N/A, ]
[C:\WINDOWS\system32\CDRTC.DLL] [Sonic Solutions, 9.0.1.6]
[C:\Program Files\Roxio\Drag-to-Disc\ShellRes.dll] [Roxio, 9.0.0.53]
[c:\AUnet\hostex\HESHELL.NLS] [Hummingbird Communications Ltd., Version: 6.1.0.0]
[c:\AUnet\hostex\ftpseui.dll] [Hummingbird Communications Ltd., Version: 6.1.0.0]
[c:\AUnet\hostex\ftpseui.nls] [N/A, ]
[c:\AUnet\hostex\hncomlib.dll] [Hummingbird Communications Ltd., Version: 6.1.0.0]
[C:\Program Files\IncrediMail\bin\B4ImApp.dll] [Babylon Ltd., BABIN_MAIN_VER_HI.BABIN_MAIN_VER_LO.BABIN_SUB_VERSION.BABIN_RELEASE_NUM]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 8.0.0.2006102200]
[C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll] [Sophos Plc, 2.4.2.4020]
[C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHORes.dll] [Sophos Plc, 1.0.0.3800]
[C:\Program Files\spybot\SDHelper.dll] [Safer Networking Limited, 1, 5, 0, 11]
[C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll] [Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421, 9,0,1,0]
[C:\Program Files\Ipswitch\WS_FTP Pro\wsftpext.dll] [Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421, 9,0,1,0]
[C:\Program Files\Ipswitch\WS_FTP Pro\LIBEAY32.dll] [N/A, ]
[C:\Program Files\Ipswitch\WS_FTP Pro\SSLEAY32.dll] [N/A, ]
[C:\Program Files\Ipswitch\WS_FTP Pro\sslsvc.dll] [Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421, 9,0,1,0]
[C:\Program Files\Ipswitch\WS_FTP Pro\wsftplib.dll] [N/A, ]
[C:\Program Files\Ipswitch\WS_FTP Pro\wsfirscr.dll] [N/A, ]
[C:\Program Files\Ipswitch\WS_FTP Pro\wshosts.dll] [N/A, ]
[C:\Program Files\Ipswitch\WS_FTP Pro\ipspgp.dll] [N/A, ]
[C:\Program Files\Ipswitch\WS_FTP Pro\res0409.dll] [Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421, 9,0,0,0]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0]
[PID: 3956 / chandkd][C:\WINDOWS\system32\taskswitch.exe] [N/A, ]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[PID: 2460 / chandkd][C:\WINDOWS\system32\hkcmd.exe] [Intel Corporation, 3.0.0.4642]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4642]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4642]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.4642]
[PID: 2672 / chandkd][C:\WINDOWS\system32\igfxpers.exe] [Intel Corporation, 3.0.0.4642]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4642]
[PID: 1624 / chandkd][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3189]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[PID: 124 / chandkd][C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe] [Adobe Systems Inc., 8.1.0.2007051000]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[C:\Program Files\Adobe\Acrobat 8.0\Acrobat\FNP_Act_Installer.dll] [Macrovision Europe Ltd., 11.03.005]
[C:\Program Files\Adobe\Acrobat 8.0\Acrobat\asneu.dll] [Adobe Systems Inc., 1, 6, 0, 8]
[C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adobe_personalization.dll] [Adobe Systems Incorporated, 2,0,0,37]
[C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adobe_epic.dll] [Adobe Systems Incorporated, 2,0,0,37]
[C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adobe_pcd.dll] [Adobe Systems Incorporated, 1,0,0]
[\\?\globalroot\Device\__max++>\54BD6B90.x86.dll] [N/A, ]
[PID: 3996 / chandkd][C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe] [Roxio, 9.0.0.53]
[C:\Program Files\Roxio\Drag-to-Disc\AS_Storage.dll] [Sonic Solutions, 3.0.88.500]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[C:\Program Files\Roxio\Drag-to-Disc\D2DRes.dll] [Roxio, 9.0.0.53]
[C:\WINDOWS\system32\DLAAPI_W.DLL] [N/A, ]
[C:\WINDOWS\system32\CDRTC.DLL] [Sonic Solutions, 9.0.1.6]
[C:\WINDOWS\system32\cdral.DLL] [Sonic Solutions, 9.0.1.6]
[PID: 3356 / chandkd][C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe] [InstallShield Software Corporation, 4, 50, 100, 33433]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[PID: 3556 / chandkd][C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe] [CyberLink Corp., 4, 5, 0, 0]
[C:\Program Files\CyberLink\PowerDVD DX\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\CyberLink\PowerDVD DX\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\CyberLink\PowerDVD DX\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[C:\WINDOWS\system32\MFC71ENU.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\CyberLink\PowerDVD DX\Kernel\common\CLRCEngine3.dll] [CyberLink Corp., 4.07.2129]
[PID: 2464 / SYSTEM][C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe] [Macrovision Europe Ltd., 11.03.005]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[PID: 3960 / chandkd][C:\WINDOWS\system32\wuauclt.exe] [(Verified) Microsoft Corporation, 7.4.7600.226 (winmain_wtr_wsus3sp2(wmbla).090806-1834)]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[PID: 2836 / chandkd][C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe] [Intel® Corporation, 7.1.4.0]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[C:\Program Files\Intel\NCS\PROSet\ENUPGUIR.dll] [Intel® Corporation, 7.1.4.4]
[C:\WINDOWS\system32\Pn802_11.dll] [Intel Corporation., 7, 1, 4, 4]
[C:\WINDOWS\system32\PfMgrApi.dll] [Intel Corporation, 7, 1, 4, 4]
[C:\WINDOWS\system32\PsRegApi.dll] [Intel Corporation, 7, 1, 4, 4]
[C:\WINDOWS\system32\C1XStngs.dll] [, 7, 1, 4, 4]
[C:\WINDOWS\system32\WConfig.DLL] [Intel Corporation, 7, 1, 4, 4]
[C:\WINDOWS\system32\WiFiAdap.DLL] [Intel Corporation, 7, 1, 4, 4]
[C:\WINDOWS\system32\ShellNav.dll] [, 7, 1, 4, 4]
[C:\WINDOWS\system32\LsaWrapi.dll] [N/A, ]
[C:\WINDOWS\system32\S24MUDLL.dll] [Intel Corporation, 7, 1, 4, 4]
[C:\WINDOWS\system32\D8021Xps.dll] [N/A, ]
[C:\Program Files\Intel\NCS\PROSet\8023\PNC802_3.dll] [Intel® Corporation, 7.1.4.4]
[C:\Program Files\Intel\NCS\PROSet\8023\ENUPCMRs.dll] [Intel® Corporation, 7.1.4.4]
[PID: 2292 / chandkd][C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe] [Microsoft Corporation, 12.0.6413.1000]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.DLL] [Microsoft Corporation, 8.00.50727.4053]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[PID: 3132 / chandkd][C:\Program Files\Winamp\winampa.exe] [N/A, ]
[C:\Program Files\Winamp\NSCRT.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[PID: 3788 / chandkd][C:\Program Files\Java\jre6\bin\jusched.exe] [Sun Microsystems, Inc., 6.0.120.4]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.DLL] [Microsoft Corporation, 8.00.50727.4053]
[PID: 2964 / chandkd][C:\WINDOWS\system32\ctfmon.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[PID: 3236 / chandkd][C:\Program Files\Sophos\AutoUpdate\ALMon.exe] [Sophos Plc, 3.11.56.190]
[C:\Program Files\Sophos\AutoUpdate\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Sophos\AutoUpdate\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Sophos\AutoUpdate\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[C:\WINDOWS\system32\MFC71ENU.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Sophos\AutoUpdate\en\ALMonres.dll] [Sophos Plc, 1.3.33.137]
[PID: 3748 / chandkd][C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE] [Microsoft Corporation, 12.0.6413.1000]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[PID: 3652 / chandkd][C:\Novell\GroupWise\grpwise.exe] [Novell, Inc., 7.0.2 HP]
[C:\WINDOWS\system32\gwenv1.dll] [Novell, Inc., 7.0.2 HP]
[C:\Novell\GroupWise\GWXPLT1.dll] [Novell, Inc., 7.0.2 HP]
[C:\WINDOWS\system32\GWWWW1.dll] [Novell, Inc., 7.0.2 HP]
[C:\WINDOWS\system32\GWXis10.dll] [Novell, Inc., 7.0.1]
[C:\Novell\GroupWise\GWMXLIB1.dll] [Novell, Inc., 7.0.2 HP]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[C:\WINDOWS\system32\xgbas10.dll] [Novell, Inc., 7.0.2 HP]
[C:\WINDOWS\system32\xgab10.dll] [Novell, Inc., 7.0.2 HP]
[C:\WINDOWS\system32\xgdm10.dll] [Novell, Inc., 7.0.2 HP]
[C:\WINDOWS\system32\xgmsg10.dll] [Novell, Inc., 7.0.2 HP]
[C:\WINDOWS\system32\xgcal10.dll] [Novell, Inc., 7.0.2 HP]
[C:\Novell\GroupWise\GWMXL1US.DLL] [Novell, Inc., 7.0.2 HP]
[C:\Novell\GroupWise\GWDTA1US.DLL] [Novell, Inc., 7.0.2 HP]
[C:\Novell\GroupWise\gwcma1.dll] [Novell, Inc., 7.0.2 HP]
[\\?\globalroot\Device\__max++>\54BD6B90.x86.dll] [N/A, ]
[C:\Novell\GroupWise\gwcma1US.dll] [Novell, Inc., 7.0.2 HP]
[C:\WINDOWS\system32\gwenl1us.dll] [Novell, Inc., 7.0.2 HP]
[C:\Novell\GroupWise\gwcma2US.dll] [Novell, Inc., 7.0.2 HP]
[C:\Novell\GroupWise\gwcma2.dll] [Novell, Inc., 7.0.2 HP]
[C:\Novell\GroupWise\gwdt31.dll] [Novell, Inc., 7.0.2 HP]
[C:\Novell\GroupWise\GwcXps.dll] [N/A, ]
[C:\Novell\GROUPW~1\gwatt1.ocx] [Novell, Inc., 7.0.2 HP]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.DLL] [Microsoft Corporation, 8.00.50727.4053]
[C:\Novell\GroupWise\GWATT1US.DLL] [N/A, ]
[C:\Novell\GROUPW~1\gwmim1.ocx] [Novell, Inc., 7.0.2 HP]
[C:\Novell\GroupWise\GWMIM1US.DLL] [Novell, Inc., 7.0.2 HP]
[C:\Novell\GroupWise\gwabdlg.dll] [Novell, Inc., 7.0.2 HP]
[C:\WINDOWS\system32\GWLDO132.DLL] [N/A, ]
[C:\WINDOWS\system32\LDAPSDK.DLL] [Novell, Inc., 3.4.0]
[C:\WINDOWS\system32\LDAPSSL.DLL] [Novell, Inc., 3.4.0]
[C:\Novell\GroupWise\gwabdgUS.DLL] [N/A, ]
[C:\Novell\GroupWise\gwdtctrl.dll] [N/A, ]
[C:\Novell\GroupWise\SCCVW.DLL] [Stellent, Inc., 8.1.5.4234 [Aug.4.2006]]
[C:\Novell\GroupWise\wvcore.dll] [Stellent, Inc., 8.1.5.4149 [May.11.2006]]
[C:\Novell\GroupWise\sccdu.dll] [Stellent, Inc., 8.1.5.4332 [Nov.10.2006]]
[C:\Novell\GroupWise\sccda.dll] [Stellent, Inc., 8.1.5.4282 [Sep.21.2006]]
[C:\Novell\GroupWise\sccfi.dll] [Stellent, Inc., 8.1.5.4247 [Aug.17.2006]]
[C:\Novell\GroupWise\sccut.dll] [Stellent, Inc., 8.1.5.4332 [Nov.10.2006]]
[C:\Novell\GroupWise\sccch.dll] [Stellent, Inc., 8.1.5.4234 [Aug.4.2006]]
[C:\Novell\GroupWise\sccfa.dll] [Stellent, Inc., 8.1.5.4175 [Jun.6.2006]]
[C:\Novell\GroupWise\sccfmt.dll] [Stellent, Inc., 8.1.5.4189 [Jun.20.2006]]
[C:\Novell\GroupWise\sccanno.dll] [Stellent, Inc., 8.1.5.4149 [May.11.2006]]
[C:\Novell\GroupWise\sccca.dll] [Stellent, Inc., 8.1.5.4266 [Sep.5.2006]]
[C:\Novell\GroupWise\sccind.dll] [Stellent, Inc., 8.1.5.4234 [Aug.4.2006]]
[C:\Novell\GroupWise\oswin32.dll] [Stellent, Inc., 8.1.5.4335 [Nov.13.2006]]
[C:\Program Files\IncrediMail\bin\B4ImApp.dll] [Babylon Ltd., BABIN_MAIN_VER_HI.BABIN_MAIN_VER_LO.BABIN_SUB_VERSION.BABIN_RELEASE_NUM]
[C:\Novell\GroupWise\gxmim1.dll] [Novell, Inc., 7.0.2 HP]
[PID: 2384 / chandkd][C:\Novell\GroupWise\GWSync.exe] [N/A, ]
[C:\WINDOWS\system32\gwenv1.dll] [Novell, Inc., 7.0.2 HP]
[C:\WINDOWS\system32\GWXis10.dll] [Novell, Inc., 7.0.1]
[C:\Novell\GroupWise\GWXPLT1.dll] [Novell, Inc., 7.0.2 HP]
[C:\WINDOWS\system32\GWWWW1.dll] [Novell, Inc., 7.0.2 HP]
[C:\Novell\GroupWise\GWMXLIB1.dll] [Novell, Inc., 7.0.2 HP]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[C:\WINDOWS\system32\xgbas10.dll] [Novell, Inc., 7.0.2 HP]
[C:\WINDOWS\system32\xgab10.dll] [Novell, Inc., 7.0.2 HP]
[C:\WINDOWS\system32\xgdm10.dll] [Novell, Inc., 7.0.2 HP]
[C:\WINDOWS\system32\xgmsg10.dll] [Novell, Inc., 7.0.2 HP]
[C:\WINDOWS\system32\xgcal10.dll] [Novell, Inc., 7.0.2 HP]
[C:\Novell\GroupWise\GWMXL1US.DLL] [Novell, Inc., 7.0.2 HP]
[C:\Novell\GroupWise\gwcma1.dll] [Novell, Inc., 7.0.2 HP]
[\\?\globalroot\Device\__max++>\54BD6B90.x86.dll] [N/A, ]
[C:\Novell\GroupWise\gwcma1US.dll] [Novell, Inc., 7.0.2 HP]
[C:\WINDOWS\system32\gwenl1us.dll] [Novell, Inc., 7.0.2 HP]
[C:\Novell\GroupWise\gwcma2US.dll] [Novell, Inc., 7.0.2 HP]
[C:\Novell\GroupWise\gwcma2.dll] [Novell, Inc., 7.0.2 HP]
[PID: 2428 / chandkd][C:\Program Files\Microsoft Office\Office12\EXCEL.EXE] [Microsoft Corporation, 12.0.6504.5001]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[C:\Program Files\Avery\Avery Wizard 3.1\AveryOAd.dll] [Avery Dennison Corporation. Envel Informationssysteme GmbH., 3.01.2151]
[C:\Program Files\Adobe\Acrobat 8.0\PDFMaker\Office\PDFMOfficeAddin.dll] [Adobe Systems Incorporated, 8.1.0.0]
[C:\Program Files\Avery\Avery Wizard 3.1\AvWizRes.dll] [Avery Dennison Corporation. Envel Informationssysteme GmbH., 3.1.5.2217]
[C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL] [, ]
[C:\Program Files\IncrediMail\bin\B4ImApp.dll] [Babylon Ltd., BABIN_MAIN_VER_HI.BABIN_MAIN_VER_LO.BABIN_SUB_VERSION.BABIN_RELEASE_NUM]
[PID: 3312 / chandkd][C:\Program Files\Java\jre6\bin\jucheck.exe] [Sun Microsystems, Inc., 6.0.120.4]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[\\?\globalroot\Device\__max++>\54BD6B90.x86.dll] [N/A, ]
[PID: 1584 / chandkd][C:\Program Files\IncrediMail\bin\IncMail.exe] [IncrediMail, Ltd., 5, 8, 6, 4038]
[C:\Program Files\IncrediMail\bin\ImUtilsU.dll] [IncrediMail, Ltd., 5, 8, 6, 4038]
[C:\Program Files\IncrediMail\bin\ImNtUtilU.dll] [IncrediMail, Ltd., 5, 8, 6, 4038]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\IncrediMail\bin\ImMapiU.dll] [IncrediMail, Ltd., 5, 8, 6, 4038]
[C:\Program Files\IncrediMail\bin\ImLookU.dll] [IncrediMail, Ltd., 5, 8, 6, 4038]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80ENU.DLL] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\IncrediMail\bin\IncMailRU.dll] [IncrediMail, Ltd., 5, 8, 6, 4038]
[C:\Program Files\IncrediMail\bin\ImFeatU.dll] [IncrediMail, Ltd., 5, 8, 6, 4038]
[C:\Program Files\IncrediMail\bin\ImLookExU.dll] [, 5, 8, 6, 4038]
[C:\Program Files\IncrediMail\bin\ImWrappU.dll] [IncrediMail, Ltd., 5, 8, 6, 4038]
[C:\Program Files\IncrediMail\bin\SFTTV32U.DLL] [Softel vdm, Inc., 4.02]
[C:\Program Files\IncrediMail\bin\SSCE5432.dll] [Wintertree Software Inc., 5.15.3.0]
[C:\Program Files\IncrediMail\bin\ImFeatRU.dll] [IncrediMail, Ltd., 5, 8, 6, 4038]
[C:\Program Files\IncrediMail\bin\ImSuppU.dll] [IncrediMail, Ltd., 5, 8, 6, 4038]
[C:\Program Files\IncrediMail\bin\ImSuppRU.dll] [IncrediMail, Ltd., 5, 8, 6, 4038]
[C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx] [Adobe Systems, Inc., 10,0,32,18]
[C:\Program Files\IncrediMail\bin\ImMangrU.dll] [IncrediMail, Ltd., 5, 8, 6, 4038]
[C:\Program Files\IncrediMail\bin\ImMangrRU.dll] [IncrediMail, Ltd., 5, 8, 6, 4038]
[C:\Program Files\IncrediMail\bin\ImParserU.dll] [IncrediMail, Ltd., 5, 8, 6, 4038]
[C:\Program Files\IncrediMail\bin\mimepp.dll] [Hunny Software, Ltd., 7, 0, 0, 0]
[C:\Program Files\IncrediMail\bin\ImViewU.dll] [IncrediMail, Ltd., 5, 8, 6, 4038]
[C:\Program Files\IncrediMail\bin\ImViewRU.dll] [IncrediMail, Ltd., 5, 8, 6, 4038]
[C:\Program Files\IncrediMail\bin\ImBookU.dll] [IncrediMail, Ltd., 5, 8, 6, 4038]
[C:\Program Files\IncrediMail\bin\ImBookRU.dll] [IncrediMail, Ltd., 5, 8, 6, 4038]
[C:\Program Files\IncrediMail\bin\B4ImApp.dll] [Babylon Ltd., BABIN_MAIN_VER_HI.BABIN_MAIN_VER_LO.BABIN_SUB_VERSION.BABIN_RELEASE_NUM]
[C:\Program Files\IncrediMail\bin\B4ImMain.dll] [Babylon Ltd., BABIN_MAIN_VER_HI.BABIN_MAIN_VER_LO.BABIN_SUB_VERSION.BABIN_RELEASE_NUM]
[\\?\globalroot\Device\__max++>\54BD6B90.x86.dll] [N/A, ]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.DLL] [Microsoft Corporation, 8.00.50727.4053]
[C:\Program Files\IncrediMail\bin\ImComUtlU.dll] [, 5, 8, 6, 4038]
[PID: 4008 / chandkd][C:\Program Files\IncrediMail\bin\IMApp.exe] [IncrediMail, Ltd., 5, 8, 6, 4038]
[C:\Program Files\IncrediMail\bin\ImUtilsU.dll] [IncrediMail, Ltd., 5, 8, 6, 4038]
[C:\Program Files\IncrediMail\bin\ImNtUtilU.dll] [IncrediMail, Ltd., 5, 8, 6, 4038]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\IncrediMail\bin\ImLookU.dll] [IncrediMail, Ltd., 5, 8, 6, 4038]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80ENU.DLL] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\IncrediMail\bin\ImAppRU.dll] [, 5, 8, 6, 4038]
[C:\Program Files\IncrediMail\bin\ImComUtlU.dll] [, 5, 8, 6, 4038]
[C:\Program Files\IncrediMail\bin\ImSpoolU.dll] [IncrediMail, Ltd., 5, 8, 6, 4038]
[C:\Program Files\IncrediMail\bin\ImFoldrsU.dll] [IncrediMail, Ltd., 5, 8, 6, 4038]
[C:\Program Files\IncrediMail\bin\ImServU.dll] [IncrediMail, Ltd., 5, 8, 6, 4038]
[C:\Program Files\IncrediMail\bin\ImJunkU.dll] [IncrediMail, Ltd., 5, 8, 6, 4038]
[C:\Program Files\IncrediMail\bin\ImNotfyU.dll] [IncrediMail, Ltd., 5, 8, 6, 4038]
[C:\Program Files\IncrediMail\bin\B4ImApp.dll] [Babylon Ltd., BABIN_MAIN_VER_HI.BABIN_MAIN_VER_LO.BABIN_SUB_VERSION.BABIN_RELEASE_NUM]
[\\?\globalroot\Device\__max++>\54BD6B90.x86.dll] [N/A, ]
[PID: 3416 / chandkd][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 7.00.6000.16876 (vista_gdr.090625-2339)]
[C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL] [Sophos Plc, 1.0.0.4030]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.DLL] [Microsoft Corporation, 8.00.50727.4053]
[C:\Program Files\IncrediMail\bin\B4ImApp.dll] [Babylon Ltd., BABIN_MAIN_VER_HI.BABIN_MAIN_VER_LO.BABIN_SUB_VERSION.BABIN_RELEASE_NUM]
[C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll] [Adobe Systems Incorporated, 8.1.0.0]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 8.0.0.2006102200]
[C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll] [Sophos Plc, 2.4.2.4020]
[C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHORes.dll] [Sophos Plc, 1.0.0.3800]
[C:\Program Files\spybot\SDHelper.dll] [Safer Networking Limited, 1, 5, 0, 11]
[C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll] [Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421, 9,0,1,0]
[C:\Program Files\Ipswitch\WS_FTP Pro\wsftpext.dll] [Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421, 9,0,1,0]
[C:\Program Files\Ipswitch\WS_FTP Pro\LIBEAY32.dll] [N/A, ]
[C:\Program Files\Ipswitch\WS_FTP Pro\SSLEAY32.dll] [N/A, ]
[C:\Program Files\Ipswitch\WS_FTP Pro\sslsvc.dll] [Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421, 9,0,1,0]
[C:\Program Files\Ipswitch\WS_FTP Pro\wsftplib.dll] [N/A, ]
[C:\Program Files\Ipswitch\WS_FTP Pro\wsfirscr.dll] [N/A, ]
[C:\Program Files\Ipswitch\WS_FTP Pro\wshosts.dll] [N/A, ]
[C:\Program Files\Ipswitch\WS_FTP Pro\ipspgp.dll] [N/A, ]
[C:\Program Files\Ipswitch\WS_FTP Pro\res0409.dll] [Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421, 9,0,0,0]
[C:\Program Files\Java\jre6\bin\jp2ssv.dll] [Sun Microsystems, Inc., 6.0.120.4]
[C:\Program Files\Java\jre6\bin\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll] [Sun Microsystems, Inc., 6.0.120.4]
[\\?\globalroot\Device\__max++>\54BD6B90.x86.dll] [N/A, ]
[C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx] [Adobe Systems, Inc., 10,0,32,18]
[PID: 3016 / chandkd][C:\Documents and Settings\chandkd\Desktop\sreng2\SREngLdr.EXE] [Smallfrogs Studio, 2.8.1.1279]
[PID: 2036 / chandkd][C:\Documents and Settings\chandkd\Desktop\sreng2\SRE32c30a32.EXE] [Smallfrogs Studio, 2.8.1.1279]
[C:\Program Files\IncrediMail\bin\B4ImApp.dll] [Babylon Ltd., BABIN_MAIN_VER_HI.BABIN_MAIN_VER_LO.BABIN_SUB_VERSION.BABIN_RELEASE_NUM]
[C:\Documents and Settings\chandkd\Desktop\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[\\?\globalroot\Device\__max++>\54BD6B90.x86.dll] [N/A, ]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================

Edited by DeniseC, 18 September 2009 - 11:38 AM.


#8 DeniseC

DeniseC
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 18 September 2009 - 11:35 AM

oops, I forgot to remove the hosts file...sorry

Edited by DeniseC, 18 September 2009 - 11:41 AM.


#9 DeniseC

DeniseC
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 18 September 2009 - 11:36 AM

==================================
Process Privileges Scan
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1220, C:\WINDOWS\SYSTEM32\S24EVMON.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1704, C:\PROGRAM FILES\BACKLOG\AUDITSERVICE.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1936, C:\WINDOWS\SYSTEM32\REGSRVC.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 192, C:\WINDOWS\LOCAL\ETC\RSHD.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 276, C:\PROGRAM FILES\SOPHOS\REMOTE MANAGEMENT SYSTEM\MANAGEMENTAGENTNT.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 320, C:\PROGRAM FILES\SOPHOS\AUTOUPDATE\ALSVC.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 452, C:\PROGRAM FILES\SOPHOS\REMOTE MANAGEMENT SYSTEM\ROUTERNT.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3956, C:\WINDOWS\SYSTEM32\TASKSWITCH.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1624, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3356, C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISSCH.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3556, C:\PROGRAM FILES\CYBERLINK\POWERDVD DX\PDVDDXSRV.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2464, C:\PROGRAM FILES\COMMON FILES\MACROVISION SHARED\FLEXNET PUBLISHER\FNPLICENSINGSERVICE.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2836, C:\PROGRAM FILES\INTEL\NCS\PROSET\PRONOMGR.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3132, C:\PROGRAM FILES\WINAMP\WINAMPA.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3236, C:\PROGRAM FILES\SOPHOS\AUTOUPDATE\ALMON.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2384, C:\NOVELL\GROUPWISE\GWSYNC.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3016, C:\DOCUMENTS AND SETTINGS\CHANDKD\DESKTOP\SRENG2\SRENGLDR.EXE]

==================================
Scheduled Tasks
[Enabled] {BB65B0FB-5712-401b-B616-E69AC55E2757}.job
C:\TEMP\b.exe
[Enabled] {7B02EF0B-A410-4938-8480-9BA26420A627}.job
C:\WINDOWS\msn.exe
[Enabled] workstation scheduled.job
C:\Program Files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe

==================================
Windows Security Update Check
KB968389, Update for Windows XP (KB968389)
KB971557, Security Update for Windows XP (KB971557) MS09-038
KB973869, Security Update for Windows XP (KB973869) MS09-037
KB956744, Security Update for Windows XP (KB956744) MS09-044
KB973354, Security Update for Windows XP (KB973354) MS09-037
KB973507, Security Update for Windows XP (KB973507) MS09-037
KB960859, Security Update for Windows XP (KB960859) MS09-042
KB973815, Security Update for Windows XP (KB973815) MS09-037
KB971657, Security Update for Windows XP (KB971657) MS09-041
KB956844, Security Update for Windows XP (KB956844) MS09-046
KB890830, Windows Malicious Software Removal Tool - September 2009 (KB890830)
KB971961, Security Update for Jscript 5.7 for Windows XP (KB971961) MS09-045

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================


[/CODE]

#10 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 PM

Posted 20 September 2009 - 05:43 PM

Soory for the late reply but I was out of town. I think it's time to head on over to the HijackThis forum for a closer look.

Preparation Guide for use before posting a HijackThis Log

Go straight to Step 6. Just post your System Repair Engineer log if you cannot get the other logs.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#11 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:57 AM

Posted 24 September 2009 - 09:23 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/259177/was-sent-here-from-im-infected/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users