I scanned the system with RootRepeal, Hijackthis and DDS
Please help !
Thanks !!
Here are the reports:
= = =============================
Root Repeal
= = =============================
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/07 13:26
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: BIOS.sys
Image Path: C:\WINDOWS\system32\drivers\BIOS.sys
Address: 0xF557B000 Size: 13696 File Visible: - Signed: No
Status: -
Name: cpuz132_x32.sys
Image Path: C:\WINDOWS\system32\drivers\cpuz132_x32.sys
Address: 0xF0205000 Size: 12672 File Visible: - Signed: No
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEFAD5000 Size: 49152 File Visible: No Signed: No
Status: -
Name: rtqj.sys
Image Path: rtqj.sys
Address: 0xF5DD8000 Size: 54016 File Visible: No Signed: No
Status: -
Name: tap0901.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tap0901.sys
Address: 0xF6138000 Size: 25216 File Visible: - Signed: No
Status: -
Name: uyowfi.sys
Image Path: uyowfi.sys
Address: 0xF5DC8000 Size: 54016 File Visible: No Signed: No
Status: -
==EOF==
= = =============================
DDS
= = =============================
DDS (Ver_09-12-01.01) - NTFSx86
Run by Administrator at 12:53:18.71 on Mon 12/07/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2772 [GMT -12:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Free Extended Task Manager\Extensions\TaskManager\ExtensionsTaskManager32.exe
C:\Program Files\Norton Security Scan\Engine\2.3.0.44\NSS.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Desktop\HousecallLauncher.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS22.tmp\setup.exe
C:\Documents and Settings\Administrator\Desktop\avast_home_setup.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr
============== Pseudo HJT Report ===============
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [VTTrayp] VTtrayp.exe
mRun: [OODefragTray] c:\windows\system32\oodtray.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [openvpn-gui] c:\program files\ultravpn\bin\openvpn-gui.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: {D3D6DBB7-7AE8-47E2-A68D-004688814060} = 202.188.0.133 202.188.1.5
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
IFEO: taskmgr.exe - c:\program files\free extended task manager\extensions\taskmanager\ExtensionsTaskManager32.exe
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\4x3ekcqo.default\
FF - prefs.js: browser.startup.homepage - google.com.au
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\4x3ekcqo.default\extensions\{4d144bc3-23fb-47de-90c5-63ccb0139ccf}\plugins\npww.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2009-9-9 13696]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-10-31 12672]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-12-7 38224]
R3 NVHDA;Service for NVIDIA HDMI Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2009-10-28 30880]
S0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [2007-3-26 16896]
S0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [2007-3-26 52224]
S3 FXDrv32;FXDrv32;\??\g:\fxdrv32.sys --> g:\FXDrv32.sys [?]
S3 GPUTool;GPUTool;\??\c:\docume~1\admini~1\locals~1\temp\gputool.sys --> c:\docume~1\admini~1\locals~1\temp\GPUTool.sys [?]
S3 RTCore32;RTCore32;c:\program files\rmclock\RTCore32.sys [2009-10-31 4608]
=============== Created Last 30 ================
2009-12-08 00:41:38 0 d-----w- c:\windows\system32\drivers\NSS
2009-12-08 00:41:38 0 d-----w- c:\program files\Norton Security Scan
2009-12-08 00:37:32 0 d-----w- c:\program files\NortonInstaller
2009-12-08 00:32:24 0 d-----w- c:\program files\CCleaner
2009-12-08 00:30:23 0 d-----w- c:\program files\Trend Micro
2009-12-08 00:28:15 0 d--h--w- c:\windows\PIF
2009-12-08 00:13:06 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-12-08 00:13:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-08 00:13:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-08 00:13:01 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-08 00:13:01 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-07 18:15:03 0 d--h--w- c:\windows\system32\GroupPolicy
2009-12-06 18:54:58 63957 ----a-w- C:\xyz.png
2009-12-05 04:37:29 53784 ----a-w- C:\DNS.png
2009-11-26 09:14:22 0 d-----w- c:\program files\Free Download Manager
2009-11-23 21:24:59 0 d-----w- c:\windows\system32\Adobe
2009-11-22 22:20:59 0 d-sh--w- c:\documents and settings\administrator\PrivacIE
2009-11-22 19:04:01 0 d-----w- c:\windows\system32\oodag
2009-11-14 15:39:50 0 d-----w- c:\program files\LopeSoft
2009-11-11 11:08:24 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2009-11-11 11:08:24 69632 ----a-w- c:\windows\system32\QuickTime.qts
2009-11-10 19:29:47 0 d-----w- c:\program files\UltraVPN
2009-11-08 16:14:48 0 d-----w- c:\windows\pss
==================== Find3M ====================
2009-10-29 04:48:52 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-29 04:48:52 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-10-21 07:08:02 69632 ----a-w- c:\windows\system32\XXPBAR.EXE
2009-10-21 07:08:02 450560 ----a-w- c:\windows\system32\XXCOPYSU.EXE
2009-10-21 07:08:02 450560 ----a-w- c:\windows\system32\XXCOPY.EXE
2009-10-21 07:08:02 2321 ----a-w- c:\windows\system32\UIXXCOPY.BAT
2009-10-21 07:08:02 230377 ----a-w- c:\windows\system32\XXCOPY16.EXE
2009-10-21 07:08:02 146936 ----a-w- c:\windows\system32\XXCONSOLE.EXE
2009-10-11 16:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-28 06:20:04 2173544 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-28 06:20:00 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-09-28 06:19:52 3166208 ----a-w- c:\windows\system32\nvwss.dll
2009-09-28 06:19:50 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-28 06:19:48 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-09-28 06:19:48 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-09-28 06:19:48 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-09-28 06:19:46 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-09-28 06:19:46 4935680 ----a-w- c:\windows\system32\nvdisps.dll
2009-09-28 06:19:46 172100 ----a-w- c:\windows\system32\nvsvc32.exe
2009-09-28 06:19:46 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-09-28 06:19:46 13918208 ----a-w- c:\windows\system32\nvcpl.dll
2009-09-28 06:19:40 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-09-28 04:12:22 888832 ----a-w- c:\windows\system32\nvapi.dll
2009-09-28 04:12:22 5900416 ----a-w- c:\windows\system32\nv4_disp.dll
2009-09-28 04:12:22 490088 ----a-w- c:\windows\system32\nvudisp.exe
2009-09-28 04:12:22 2194024 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-28 04:12:22 2007040 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-28 04:12:22 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-28 04:12:22 170600 ----a-w- c:\windows\system32\nvcodins.dll
2009-09-28 04:12:22 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-28 04:12:22 1604482 ----a-w- c:\windows\system32\nvdata.bin
2009-09-28 04:12:22 10756096 ----a-w- c:\windows\system32\nvoglnt.dll
2009-09-26 04:35:00 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-09-24 21:24:18 490088 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-09-23 22:39:28 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-09-23 22:38:26 299520 ----a-w- c:\windows\system32\ati2dvag.dll
2009-09-23 22:21:32 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-09-23 22:21:14 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-09-23 22:21:00 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-09-23 22:20:50 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-09-23 22:20:36 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-09-23 22:19:14 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-09-23 22:17:44 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-09-23 22:11:02 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-09-23 22:09:18 3506080 ----a-w- c:\windows\system32\ati3duag.dll
2009-09-23 21:58:16 12644352 ----a-w- c:\windows\system32\atioglxx.dll
2009-09-23 21:53:48 2096384 ----a-w- c:\windows\system32\ativvaxx.dll
2009-09-23 21:53:26 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-09-23 21:36:50 65024 ----a-w- c:\windows\system32\atimpc32.dll
2009-09-23 21:36:50 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2009-09-23 21:32:20 561152 ----a-w- c:\windows\system32\atikvmag.dll
2009-09-23 21:31:32 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-09-23 21:31:18 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-09-23 21:30:08 167936 ----a-w- c:\windows\system32\atiadlxx.dll
2009-09-23 21:29:42 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-09-23 21:29:36 3489792 ----a-w- c:\windows\system32\aticaldd.dll
2009-09-23 21:27:50 401408 ----a-w- c:\windows\system32\atiok3x2.dll
2009-09-23 21:23:08 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2009-09-11 12:01:57 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-09-11 11:56:39 5334 ----a-w- c:\windows\system32\unins000.dat
2009-09-11 11:56:31 716153 ----a-w- c:\windows\system32\unins000.exe
2009-09-11 11:12:54 249856 ------w- c:\windows\Setup1.exe
2009-09-11 11:12:53 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-09-10 13:29:21 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-10 04:24:52 315392 ----a-w- c:\windows\HideWin.exe
2008-03-09 19:25:10 236 ----a-w- c:\program files\common files\dx.reg
============= FINISH: 12:53:33.01 ===============
= = =============================
Hijackthis
= = =============================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:22 PM, on 12/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Free Extended Task Manager\Extensions\TaskManager\ExtensionsTaskManager32.exe
C:\Program Files\Norton Security Scan\Engine\2.3.0.44\NSS.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\UltraVPN\bin\openvpn-gui.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3D6DBB7-7AE8-47E2-A68D-004688814060}: NameServer = 202.188.0.133 202.188.1.5
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
--
End of file - 5032 bytes
= = =============================