johnb35

you are still majorly infected. Wait for buzz, punk, or a mod to help you clean your system. While waiting you can try downloading, updating and running superantispyware and see how much cleaner your system is.

__________________
Motherboard - Asus P5B-E
CPU - E6600
Memory - 2GB Corsair XMS2 (2x 1gb)
Graphics - x1650 pro 256mb
Hard Drives - 250GB WD and 250GB Samsung in Raid 1
DVD Drive - Lite-On
DVD Burner - Lite-On
Power Supply - Ultra 425 watt - upgrading to at least 550-600 Watt
22" Acer widescreen AL2216WBD

adarsh

Yes, you are still infected with Vundo.
Please do not browse as it may increase the infections and contibute to the infections present on this system.

__________________
http://img77.imageshack.us/img77/7130/kainzr2.jpg

Your views about my post are highly appreciated.
Please bear in mind that I too am human, and therefore am prone to making errors.
If you think that I am wrong, please do not hesitate to PM me suggesting a better fix.
Thank you.


Please visit Punk's gallery

GameMaster

Download Avenger, and unzip it to your desktop or somewhere you can find it. (Do not run it yet).

Note: This program is for use on Windows XP 32 bit systems only, and must be run from an Administrator account.

• Open a Notepad file by clicking Start > Run and typing Notepad.exe in the box, click OK.
• Click Format, and ensure Word Wrap is unchecked.
• Copy and Paste the text in the box below into Notepad.
• Now save the file as RemoveFiles.txt in a location where you can find it.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Start Avenger by double clicking on Avenger.exe.

• Check Load script from file:
• Click on the folder symbol below and to the right, and browse to RemoveFiles.txt.
• Double click it to enter it into Avenger.
• Click the green traffic light symbol.
• You will be asked if you want to execute the script, answer Yes.
• At this point you may get prompts from your protection systems, allow them please.
• Avenger will set itself up to run the next time you re-boot, and will prompt you to re-start immediately.
• Answer Yes, and allow your computer to re-boot.
• Upon re-boot a command window will briefly appear on screen (this is normal).
• A Notepad text file will be created C:\avenger.txt.
• Copy and Paste it into your next post please.

__________________
dznutz:

xxarlokxx

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\dbi100.dll" deleted successfully.
File "C:\WINDOWS\system32\tqgs27.exe" deleted successfully.
File "C:\WINDOWS\system32\mxtq9.exe" deleted successfully.
File "C:\WINDOWS\system32\divq38.exe" deleted successfully.
File "C:\WINDOWS\system32\uhhn27.exe" deleted successfully.
File "C:\WINDOWS\system32\jqcu9.exe" deleted successfully.
File "C:\WINDOWS\dcbdcatys32_080702a.dll" deleted successfully.
File "C:\WINDOWS\system32\jdsaex.dll" deleted successfully.
File "C:\WINDOWS\system32\flje29.exe" deleted successfully.
File "C:\WINDOWS\system\sgcxcxxaspf080702.exe" deleted successfully.
File "C:\WINDOWS\wftadfi16_080702a.dll" deleted successfully.
File "C:\WINDOWS\twisys.ini" deleted successfully.
File "C:\WINDOWS\system32\wolko.dll" deleted successfully.
File "C:\WINDOWS\system32\he1low.dll" deleted successfully.
File "C:\WINDOWS\system32\ziflok.dll" deleted successfully.
File "C:\WINDOWS\system32\wcpome.dll" deleted successfully.
File "C:\WINDOWS\system32\mymusi.dll" deleted successfully.
File "C:\WINDOWS\system32\gwofw.dll" deleted successfully.
File "C:\WINDOWS\system32\jpri38.exe" deleted successfully.
File "C:\WINDOWS\system32\qadu27.exe" deleted successfully.
File "C:\WINDOWS\system32\iwco9.exe" deleted successfully.
File "C:\WINDOWS\eqlk.exe" deleted successfully.
File "C:\WINDOWS\system32\szvy38.exe" deleted successfully.
File "C:\WINDOWS\system32\nuuu27.exe" deleted successfully.
File "C:\WINDOWS\system32\ljmy9.exe" deleted successfully.
File "C:\WINDOWS\system32\umfd38.exe" deleted successfully.
File "C:\WINDOWS\system32\bsdx27.exe" deleted successfully.
File "C:\WINDOWS\system32\bsdk9.exe" deleted successfully.
File "C:\WINDOWS\system32\sgdewg.dll" deleted successfully.
File "C:\WINDOWS\system32\jfdses.dll" deleted successfully.
File "C:\WINDOWS\system32\wvmk38.exe" deleted successfully.
File "C:\WINDOWS\system32\womsoy.dll" deleted successfully.
File "C:\WINDOWS\system32\otbb27.exe" deleted successfully.
File "C:\WINDOWS\system32\womsoyk.exe" deleted successfully.
File "C:\WINDOWS\system32\tdffdl.dll" deleted successfully.
File "C:\WINDOWS\system32\ngjxakin.sys" deleted successfully.
File "C:\WINDOWS\system32\ijzhatde.sys" deleted successfully.
File "C:\WINDOWS\system32\pedadt.dll" deleted successfully.
File "C:\WINDOWS\system32\ragc9.exe" deleted successfully.
File "C:\Documents and Settings\Steven C\Application Data\GDIPFONTCACHEV1.DAT" deleted successfully.
File "C:\WINDOWS\system32\aoqnabib.sys" deleted successfully.
File "C:\WINDOWS\system32\apsggjba.dll" deleted successfully.
File "C:\WINDOWS\system32\apzhctde.dll" deleted successfully.
File "C:\WINDOWS\system32\dfqnabib.exe" deleted successfully.
File "C:\WINDOWS\system32\erjxakin.sys" deleted successfully.
File "C:\WINDOWS\system32\gpzhatde.sys" deleted successfully.
File "C:\WINDOWS\system32\lpmxajkl.exe" deleted successfully.
File "C:\WINDOWS\system32\lpzhatde.exe" deleted successfully.
File "C:\WINDOWS\system32\mndshsrv.dll" deleted successfully.
File "C:\WINDOWS\system32\nhmxdjkl.dll" deleted successfully.
File "C:\WINDOWS\system32\pjjxfdwd.dll" deleted successfully.
File "C:\WINDOWS\system32\rijxbkin.dll" deleted successfully.
File "C:\WINDOWS\system32\rnmxajkl.sys" deleted successfully.
File "C:\WINDOWS\system32\skqnebib.dll" deleted successfully.
File "C:\WINDOWS\system32\smdsbsrv.sys" deleted successfully.
File "C:\WINDOWS\system32\snfybbyt.sys" deleted successfully.
File "C:\WINDOWS\system32\stjxakin.exe" deleted successfully.
File "C:\WINDOWS\system32\tjfyabyt.exe" deleted successfully.
File "C:\WINDOWS\system32\yzztkmsn.dll" deleted successfully.
File "C:\WINDOWS\system32\adsntzt.dll" deleted successfully.
File "C:\WINDOWS\system32\bootvidgj.dll" deleted successfully.
File "C:\WINDOWS\system32\catsrvwl.dll" deleted successfully.
File "C:\WINDOWS\system32\cliconfgzx.dll" deleted successfully.
File "C:\WINDOWS\system32\d3d9caps.dat" deleted successfully.

Error: file "C:\WINDOWS\system32\d3d9caps.dat" not found!
Deletion of file "C:\WINDOWS\system32\d3d9caps.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\dpvvoxmh.dll" deleted successfully.
File "C:\WINDOWS\system32\inf\scsys16_080702.dll" deleted successfully.
File "C:\WINDOWS\system32\inf\sppdcrs080702.scr" deleted successfully.
File "C:\WINDOWS\system32\inf\svchosd.exe" deleted successfully.
File "C:\WINDOWS\system32\kbdswjr.dll" deleted successfully.
File "C:\WINDOWS\system32\ksuserfy.dll" deleted successfully.
File "C:\WINDOWS\system32\midimapgj.dll" deleted successfully.
File "C:\WINDOWS\system32\midimappt.dll" deleted successfully.
File "C:\WINDOWS\system32\msobjstl.dll" deleted successfully.
File "C:\WINDOWS\system32\rasdlgcq.dll" deleted successfully.
File "C:\WINDOWS\system32\tscfgwmijxsj.dll" deleted successfully.
File "C:\WINDOWS\bootstat.dat" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.



So does that remove Vundo?? or its just temporary (a bit cleaner), but still heavily infected??

GameMaster

Erm...it's a lot cleaner now.
I'm sure there are some remnants so let's scan for them.

Please download VundoFix. When downloaded, install it and run. It will check for a Vundo infection ( or for what is left ).
When done, it will produce a log. Please post the log in your next reply, with the new HijackThs log.

Also, can you feel your computer feeling any better?

__________________
dznutz:

xxarlokxx

it does feel better....=]...
is it the same virus that i encountered be4? the one about QQ pop up?? and i asked for your help before..=P...

i'll do the vundofix now...post the log afterward...

thx alot, btw!! ..

Oh, one more thing..When i run vundofix..do i click fix vundo after scanning?? or i just post the log and u look it over first??

xxarlokxx

apparently. After i done the vundo scan, it said no infected file found?
Its a bit weird, because i found on the internet its quite hard to remove vundo. And i dont get a log produced. So does that mean i dun have vundo anymore??

johnb35

Post a fresh hijackthis log please.

__________________
Motherboard - Asus P5B-E
CPU - E6600
Memory - 2GB Corsair XMS2 (2x 1gb)
Graphics - x1650 pro 256mb
Hard Drives - 250GB WD and 250GB Samsung in Raid 1
DVD Drive - Lite-On
DVD Burner - Lite-On
Power Supply - Ultra 425 watt - upgrading to at least 550-600 Watt
22" Acer widescreen AL2216WBD

g25racer

Wow that system was Very Badly infected.

__________________
CPU - AMD Athlon 64x2 5200+ @ 2.6ghz
Ram - 2GB Stock clock
HD - 320gb seagate & Samsung 750gb 32mb cache
GPU - XFX 8600GT XXX Zalman @ 680 or 700mhz
PSU - Ultra X-finity 600watt
OS - Vista Home Premium(32) & Ubuntu (8.04) Ultimate Ed
Audio - JVC 460watts
Control - Logitech G25 Wheel & Logitech Rumblepad 2
Games - GTR2 and LFS
-- Race Sim's for Life --

xxarlokxx

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:12 AM, on 7/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V 1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V 1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: rijxbkin.dll - {25FD6584-698F-BCD2-602C-698745210352} - C:\WINDOWS\system32\rijxbkin.dll (file missing)
O2 - BHO: apzhctde.dll - {3D698451-2015-6358-9871-2015987452D3} - C:\WINDOWS\system32\apzhctde.dll (file missing)
O2 - BHO: nhmxdjkl.dll - {47AC9076-C898-B098-D098-A18319080974} - C:\WINDOWS\system32\nhmxdjkl.dll (file missing)
O2 - BHO: skqnebib.dll - {52023698-6984-8541-9654-698745012525} - C:\WINDOWS\system32\skqnebib.dll (file missing)
O2 - BHO: pjjxfdwd.dll - {64FAE856-AD58-20CB-A025-CD4895FA6E46} - C:\WINDOWS\system32\pjjxfdwd.dll (file missing)
O2 - BHO: (no name) - {74381DEC-D78B-43E4-BA5D-5244F669EBE4} - C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys
O2 - BHO: apsggjba.dll - {7FD45A54-9875-698F-E56E-65102358FDF7} - C:\WINDOWS\system32\apsggjba.dll (file missing)
O2 - BHO: mndshsrv.dll - {87FD640A-158F-48AC-FD14-1597F14A9778} - C:\WINDOWS\system32\mndshsrv.dll (file missing)
O2 - BHO: yzztkmsn.dll - {B490415F-65F8-B5C5-D8BA-9405FB12054B} - C:\WINDOWS\system32\yzztkmsn.dll (file missing)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX1500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V 1.EXE /P26 "EPSON Stylus CX1500 Series" /O5 "LPT1:" /M "Stylus CX1500"
O4 - HKLM\..\Run: [EPSON Stylus CX1500 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4V 1.EXE /P35 "EPSON Stylus CX1500 Series (Copy 1)" /O6 "USB001" /M "Stylus CX1500"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [initnyuser] C:\WINDOWS\system32\inf\svchosd.exe C:\WINDOWS\wftadfi16_080702a.dll tanlt88
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://stevenching28.spaces.live.com...d/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/.../GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1214379191747
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1162425286125
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45ABDAA6-9586-4E5E-A01E-2E395570E348}: NameServer = 203.198.23.208 205.252.144.126
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: welldon.dll,nhmxcjkl.dll,yzztkmsn.dll msbod.dll,tisqatyu.dll termilly.dll verptw.dll quaryfy.dll padlod.dll,arjreler.dll,ietzbpaq.dll jordspa.dll,skqncbib.dll womsoy.dll,nhmxdjkl.dll,skqnebib.dll wolko.dll he1low.dll gwofw.dll ziflok.dll mymusi.dll wcpome.dll
O21 - SSODL: midimapgj - {4F4F0064-71E0-4f0d-0003-708476C7815F} - C:\WINDOWS\system32\midimapgj.dll (file missing)
O21 - SSODL: cliconfgzx.dll - {00050005-0005-0005-0005-00050005BB15} - C:\WINDOWS\system32\cliconfgzx.dll (file missing)
O21 - SSODL: catsrvwl.dll - {00040004-0004-0004-0004-00040004BB15} - C:\WINDOWS\system32\catsrvwl.dll (file missing)
O21 - SSODL: kbdswjr.dll - {00120012-0012-0012-0012-00120012BB15} - C:\WINDOWS\system32\kbdswjr.dll (file missing)
O21 - SSODL: tscfgwmijxsj.dll - {00330033-0033-0033-0033-00330033BB15} - C:\WINDOWS\system32\tscfgwmijxsj.dll (file missing)
O21 - SSODL: msobjstl.dll - {00170017-0017-0017-0017-00170017BB15} - C:\WINDOWS\system32\msobjstl.dll (file missing)
O21 - SSODL: adsntzt.dll - {00010001-0001-0001-0001-00010001BB15} - C:\WINDOWS\system32\adsntzt.dll (file missing)
O21 - SSODL: bootvidgj.dll - {00030003-0003-0003-0003-00030003BB15} - C:\WINDOWS\system32\bootvidgj.dll (file missing)
O21 - SSODL: midimappt - {4F4F0064-71E0-4f0d-0021-708476C7815F} - C:\WINDOWS\system32\midimappt.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 10070 bytes