Combofix ser således ud:
“XP Media” - 2007-05-16 23:23:57 Service Pack 2
ComboFix 07-05.17.V - Running from: “C:\Documents and Settings\XP Media\Skrivebord\”
(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\amwoqvog.dll
C:\WINDOWS\system32\nantjsxf.dll
C:\WINDOWS\system32\tsadxork.dll
C:\WINDOWS\system32\govqowma.ini
C:\WINDOWS\system32\fxsjtnan.ini
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\XPMEDI~1\SKRIVE~1.\internet explorer.lnk
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\DOCUME~1
C:\qoobox\purity\C\DOCUME~1\XPMEDI~1
C:\qoobox\purity\C\DOCUME~1\XPMEDI~1\DOKUME~1
C:\qoobox\purity\C\DOCUME~1\XPMEDI~1\DOKUME~1\ICROSO~1.NET
((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
———-\LEGACY_NTIO256
———-\ntio256
((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-16 ))))))))))))))))))))))))))))))))))
2007-05-15 21:18 0—a———C:\WINDOWS\system32\qommkii.dll.vir
2007-05-15 20:57 <DIR> d————C:\!KillBox
2007-05-15 19:09 <DIR> d————C:\Rustbfix
2007-05-14 22:56 666,490—-hs——C:\WINDOWS\system32\nqtss.bak2
2007-05-14 22:13 3,968—a———C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-14 21:36 <DIR> d————C:\Programmer\CCleaner
2007-05-14 20:09 76,560—a———C:\WINDOWS\system32\drivers\tmcomm.sys
2007-05-14 18:39 524,288—ah——- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-05-14 18:39 <DIR> dr———- C:\DOCUME~1\ADMINI~1\Menuen Start
2007-05-14 18:39 <DIR> d—h——- C:\DOCUME~1\ADMINI~1\Skabeloner
2007-05-14 18:39 <DIR> d—h——- C:\DOCUME~1\ADMINI~1\Printere
2007-05-14 18:39 <DIR> d—h——- C:\DOCUME~1\ADMINI~1\Lokale indstillinger
2007-05-14 18:39 <DIR> d—h——- C:\DOCUME~1\ADMINI~1\Andre computere
2007-05-14 18:39 <DIR> d————C:\DOCUME~1\ADMINI~1\Skrivebord
2007-05-14 18:39 <DIR> d————C:\DOCUME~1\ADMINI~1\Foretrukne
2007-05-14 18:39 <DIR> d————C:\DOCUME~1\ADMINI~1\Dokumenter
2007-05-13 22:56 657,788—-hs——C:\WINDOWS\system32\nqtss.bak1
2007-05-13 22:56 285,268—ahs——C:\WINDOWS\system32\sstqn.dll.vir
2007-05-12 22:29 662,824—-hs——C:\WINDOWS\system32\qrutv.ini2
2007-05-12 22:19 <DIR> d————C:\WINDOWS\system32\appmgmt
2007-05-12 21:13 <DIR> d————C:\DOCUME~1\XPMEDI~1\APPLIC~1\BullGuard
2007-05-12 21:13 <DIR> d————C:\DOCUME~1\ALLUSE~1\APPLIC~1\BullGuard
2007-05-12 21:12 50,904—a———C:\WINDOWS\system32\drivers\BdFileSpy.sys
2007-05-12 21:12 <DIR> d————C:\Programmer\BullGuard Software
2007-05-12 20:42 <DIR> d—hs——C:\WINDOWS\CSC
2007-05-12 20:08 657,828—-hs——C:\WINDOWS\system32\qrutv.bak1
2007-05-12 17:09 34,308—a———C:\WINDOWS\system32\Chip.dll
2007-05-12 16:46 <DIR> d————C:\Programmer\Ashampoo
2007-05-12 16:37 <DIR> d————C:\DOCUME~1\XPMEDI~1\APPLIC~1\SlySoft
2007-05-12 16:36 <DIR> d————C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft
2007-05-12 16:34 <DIR> d————C:\Programmer\SlySoft
2007-05-12 16:16 658,174—-hs——C:\WINDOWS\system32\ghkmp.ini2
2007-05-12 16:14 657,788—-hs——C:\WINDOWS\system32\ghkmp.bak1
2007-05-12 16:11 <DIR> d————C:\Programmer\MSXML 4.0
2007-05-12 15:58 1—a———C:\WINDOWS\system32\ps.dat
2007-05-12 15:58 1—a———C:\WINDOWS\system32\cookie.dat
2007-05-12 15:55 <DIR> d————C:\Programmer\DVD Shrink
2007-05-12 15:55 <DIR> d————C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2007-05-12 15:39 29,206—a———C:\WINDOWS\system32\qommkii.dll
2007-05-12 15:26 0—a———C:\WINDOWS\system32\CMMGR32.EXE
2007-05-12 15:22 <DIR> d————C:\DOCUME~1\XPMEDI~1\APPLIC~1\SUPERAntiSpyware.com
2007-05-12 15:22 <DIR> d————C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-05-12 14:58 <DIR> d————C:\DOCUME~1\XPMEDI~1\APPLIC~1\Ahead
2007-05-11 22:49 82,304—a———C:\WINDOWS\system32\drivers\grclass.sys
2007-05-11 22:49 167,936—a———C:\WINDOWS\system32\SetCSP.dll
2007-05-11 22:49 106,496—a———C:\WINDOWS\system32\pluginhostctrl.dll
2007-05-11 22:49 <DIR> d————C:\Programmer\Setec
2007-05-11 22:48 85,034—a———C:\WINDOWS\system32\drivers\GemUsb.sys
2007-05-11 22:48 <DIR> d————C:\PBS
2007-05-11 22:47 305,152—a———C:\WINDOWS\IsUn0406.exe
2007-05-11 22:44 <DIR> d————C:\Programmer\Windows Media Connect 2
2007-05-11 22:42 <DIR> d————C:\WINDOWS\system32\LogFiles
2007-05-11 22:42 <DIR> d————C:\WINDOWS\system32\drivers\UMDF
2007-05-11 22:37 221,184—a———C:\WINDOWS\system32\wmpns.dll
2007-05-11 22:32 <DIR> d————C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
2007-05-11 22:11 15,104—a———C:\WINDOWS\system32\drivers\usbscan.sys
2007-05-11 21:59 94,208—a———C:\WINDOWS\system32\ippcv11.dll
2007-05-11 21:59 77,824—a———C:\WINDOWS\system32\ippsr11.dll
2007-05-11 21:59 65,536—a———C:\WINDOWS\system32\ippj11.dll
2007-05-11 21:59 466,944—a———C:\WINDOWS\system32\ippcvw711.dll
2007-05-11 21:59 40,960—a———C:\WINDOWS\system32\IPPCPUID.DLL
2007-05-11 21:59 306,688—a———C:\WINDOWS\IsUninst.exe
2007-05-11 21:59 266,240—a———C:\WINDOWS\system32\ippsrw711.dll
2007-05-11 21:59 225,280—a———C:\WINDOWS\system32\ippi11.dll
2007-05-11 21:59 2,592,768—a———C:\WINDOWS\system32\ippiw711.dll
2007-05-11 21:59 176,128—a———C:\WINDOWS\system32\ipps11.dll
2007-05-11 21:59 159,744—a———C:\WINDOWS\system32\ippjw711.dll
2007-05-11 21:59 11,776—a———C:\WINDOWS\system32\pmsbfn32.dll
2007-05-11 21:59 1,589,248—a———C:\WINDOWS\system32\ippsw711.dll
2007-05-11 21:59 <DIR> d————C:\Programmer\NewSoft
2007-05-11 21:59 <DIR> d————C:\DOCUME~1\XPMEDI~1\WINDOWS
2007-05-11 21:59 <DIR> d————C:\DOCUME~1\XPMEDI~1\APPLIC~1\NewSoft
2007-05-11 21:57 <DIR> d————C:\Programmer\ScanSoft
2007-05-11 21:57 <DIR> d————C:\Programmer\F‘lles filer\ScanSoft Shared
2007-05-11 21:57 <DIR> d————C:\DOCUME~1\XPMEDI~1\APPLIC~1\ScanSoft
2007-05-11 21:57 <DIR> d————C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard
2007-05-11 21:57 <DIR> d————C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
2007-05-11 21:52 <DIR> d————C:\DOCUME~1\XPMEDI~1\APPLIC~1\Help
2007-05-11 21:51 <DIR> d—h——- C:\Programmer\InstallShield Installation Information
2007-05-11 21:51 <DIR> d————C:\Programmer\F‘lles filer\InstallShield
2007-05-11 21:51 <DIR> d————C:\Programmer\Canon
2007-05-11 21:50 749,568—a———C:\WINDOWS\system32\CNQA2405.dll
2007-05-11 21:50 40,960—a———C:\WINDOWS\system32\CNQU72.DLL
2007-05-11 21:50 389,180—a———C:\WINDOWS\system32\UCS32P.DLL
2007-05-11 21:50 192,512—a———C:\WINDOWS\system32\CNQL2405.dll
2007-05-11 21:50 <DIR> d—h——- C:\CanoScan
2007-05-11 21:05 <DIR> d————C:\DOCUME~1\XPMEDI~1\APPLIC~1\Google
2007-05-11 21:01 <DIR> d————C:\Programmer\Google
2007-05-11 21:01 <DIR> d————C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-05-11 20:55 <DIR> d————C:\WEBBANK
2007-05-11 19:14 <DIR> d————C:\WINDOWS\system32\da-dk
2007-05-11 19:12 <DIR> d————C:\WINDOWS\network diagnostic
2007-05-11 18:44 <DIR> d—hs——C:\RECYCLER
2007-05-08 12:35 73,928—a———C:\WINDOWS\system32\drivers\AnyDVD.sys
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-14 19:30:30————d——-w C:\Programmer\Fælles filer
2007-05-12 19:17:47 14,416——a-w C:\WINDOWS\system32\lccl.dll
2007-05-12 19:17:47 14,416——a-w C:\WINDOWS\system32\client_cc.dll
2007-05-12 19:17:45 20,048——a-w C:\WINDOWS\system32\BgOutlookHook.dll
2007-05-12 19:12:27————d——-w C:\Programmer\Fælles filer\Microsoft Shared
2007-05-11 19:57:47————d——-w C:\Programmer\Fælles filer\ScanSoft Shared
2007-05-11 19:52:00————d——-w C:\Programmer\Microsoft Image Composer
2007-05-11 19:51:16————d——-w C:\Programmer\Fælles filer\InstallShield
2007-05-11 18:43:13————d——-w C:\Programmer\Fælles filer\Symantec Shared
2007-05-11 17:02:24————d——-w C:\Programmer\Fælles filer\System
2007-05-11 16:55:29————d——-w C:\Programmer\Symantec
2007-04-01 12:34:21 86,016——a-w C:\WINDOWS\system32\ElbyCDIO.dll
2007-03-17 13:45:03 292,864——a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:38:16 577,536——a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:38:16 40,960——a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:38:16 281,600——a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:35:19 1,843,584——a-w C:\WINDOWS\system32\win32k.sys
2007-02-05 20:19:14 185,344——a-w C:\WINDOWS\system32\upnphost.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2002-11-18 15:15]
“nwiz”=“nwiz.exe” [2002-11-18 15:15 C:\WINDOWS\system32\nwiz.exe]
“SoundMan”=“SOUNDMAN.EXE” []
“SunJavaUpdateSched”=“C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe” [2007-03-14 03:43]
“Omnipage”=“C:\Programmer\ScanSoft\OmniPageSE\opware32.exe” [2002-06-03 11:38]
“SManager”=“smanager.7.exe” []
“BullGuard”=“C:\Programmer\BullGuard Software\BullGuard\bullguard.exe” [2007-05-15 19:00]
“!AVG Anti-Spyware”=“C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-05-14 22:16]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“MSMSGS”=“C:\Programmer\Messenger\msmsgs.exe” [2004-10-13 18:24]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-27 14:00]
“swg”=“C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” [2007-05-11 21:05]
“BullGuard”=“C:\Programmer\BullGuard Software\BullGuard\bullguard.exe” [2007-05-15 19:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
“DisableRegistryTools”=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
“{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [2006-09-28 16:13]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkhg]
C:\WINDOWS\system32\pmkhg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmqx32]
winmqx32.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0
Security Packages kerberos msv1_0 schannel wdigest
Notification Packages scecli
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HTTPFilter HTTPFilter
LocalService Alerter WebClient LmHosts RemoteRegistry upnphost SSDPSRV
NetworkService DnsCache
DcomLaunch DcomLaunch TermService
rpcss RpcSs
imgsvc StiSvc
termsvcs TermService
WudfServiceGroup WUDFSvc
BullGuard BgMainSvc BsFileScan BsMailProxy
BullGuardFw BsFwall
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-16 23:26:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
********************************************************************
Completion time: 2007-05-16 23:28:20 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-16 23:28
—- E O F—-
HJT ser således ud:
Logfile of HijackThis v1.99.1
Scan saved at 23:31:12, on 16-05-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmer\ScanSoft\OmniPageSE\opware32.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmer\BullGuard Software\BullGuard\bullguard.exe
C:\Programmer\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\XP Media\Skrivebord\Ny mappe\hjt.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {575385B4-774C-48BF-AA3C-FE2D8706B453} - (no file)
O3 - Toolbar: &Google; - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] “C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe”
O4 - HKLM\..\Run: [Omnipage] C:\Programmer\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [BullGuard] “C:\Programmer\BullGuard Software\BullGuard\bullguard.exe” -boot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] “C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKCU\..\Run: [MSMSGS] “C:\Programmer\Messenger\msmsgs.exe” /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BullGuard] “C:\Programmer\BullGuard Software\BullGuard\bullguard.exe”
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmer\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160317481614
O20 - Winlogon Notify: pmkhg - C:\WINDOWS\system32\pmkhg.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winmqx32 - winmqx32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
