Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Loading And Services.exe Takes 100%


  • Please log in to reply
8 replies to this topic

#1 rvn

rvn

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 19 October 2007 - 08:39 AM

hi! recently, my post-login takes more than 5 minutes (services.exe occupies ~100% cpu time)... same horrible thing upon dialing up (something even when disconnecting) to my isp using the windows dialer and on some other (seemingly random) occasions... i'm also having some odd time-outs from kgs (unable to logon using the applet at http://gokgs.com) even though my ping seems just fine and everything... @_@

also upon every boot, something asks to add another icq auto_run and mobsync, even though i disabled both with spybot
i've also scanned using AVG Anti-Rootkit, f-secure and bitdeffenders' online scanners but in addition to having avast!...

ahh yes, it's a p4 2.66 with 1024+256-64(video onboard) ddr 333 on a p4s533 board, running win2k sp4 (as seen in the hjt log...=)) nothing fancy ^_^*

any help understanding these would be greatly appreciated... ^_^*

Here's my HJT log of the moment (should i add any other logs generated by it? i even have a couple of older ones)
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:16:37 PM, on 10/19/2007Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\Program Files\Comodo\Firewall\cmdagent.exeC:\WINNT\System32\svchost.exeC:\WINNT\system32\regsvc.exeC:\WINNT\system32\stisvc.exeC:\Program Files\UPHClean\uphclean.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\system32\svchost.exec:\winnt\Explorer.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Comodo\Firewall\CPF.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\WINNT\system32\internat.exeC:\BACKUP\NO INSTALL\PROCEXP.EXEC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\Mozilla Firefox\firefox.exe<strong class='bbc'>C:\Documents and Settings\Administrator\Desktop\w00t.exe</strong> This is HJTF2 - REG:system.ini: Shell=c:\winnt\Explorer.exeO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocxO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /backgroundO4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimizeO4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [internat.exe] internat.exeO4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exeO9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exeO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - [url="http://support.f-secure.com/ols/fscax.cab"]http://support.f-secure.com/ols/fscax.cab[/url]O17 - HKLM\System\CCS\Services\Tcpip\..\{E58E9881-12D5-41BB-9CC1-57D8C5D3C5BF}: NameServer = 212.116.161.38 212.117.129.5O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exeO23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe - I have no idea why it's there--End of file - 4162 bytes

And here's my spybot autorun log @_@ -

Edit: There's also a sysinternals ( http://www.microsoft.com/technet/sysinternals/default.mspx ) autoruns.exe log -
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit			+ C:\WINNT\system32\userinit.exe	Userinit Logon Application	Microsoft Corporation	c:\winnt\system32\userinit.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell			+ c:\winnt\Explorer.exe	Windows Explorer	Microsoft Corporation	c:\winnt\explorer.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run			+ avast!	avast! service GUI component	ALWIL Software	c:\program files\alwil software\avast4\ashdisp.exe+ Comodo Firewall	COMODO Firewall Pro	COMODO	c:\program files\comodo\firewall\cpf.exe+ ICQ Lite	ICQLite	ICQ Ltd.	c:\program files\icqlite\icqlite.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Run			+ internat.exe	Keyboard Language Indicator Applet	Microsoft Corporation	c:\winnt\system32\internat.exe+ SpybotSD TeaTimer	System settings protector	Safer Networking Limited	c:\program files\spybot - search & destroy\teatimer.exe+ uTorrent			c:\program files\utorrent\utorrent.exeHKLM\SOFTWARE\Classes\Protocols\Filter			+ application/octet-stream	Microsoft .NET Runtime Execution Engine	Microsoft Corporation	c:\winnt\system32\mscoree.dll+ application/x-complus	Microsoft .NET Runtime Execution Engine	Microsoft Corporation	c:\winnt\system32\mscoree.dll+ application/x-msdownload	Microsoft .NET Runtime Execution Engine	Microsoft Corporation	c:\winnt\system32\mscoree.dll+ Class Install Handler	OLE32 Extensions for Win32	Microsoft Corporation	c:\winnt\system32\urlmon.dll+ deflate	OLE32 Extensions for Win32	Microsoft Corporation	c:\winnt\system32\urlmon.dll+ gzip	OLE32 Extensions for Win32	Microsoft Corporation	c:\winnt\system32\urlmon.dll+ lzdhtml	OLE32 Extensions for Win32	Microsoft Corporation	c:\winnt\system32\urlmon.dll+ text/webviewhtml	Windows Shell Common Dll	Microsoft Corporation	c:\winnt\system32\shell32.dllHKLM\SOFTWARE\Classes\Protocols\Handler			+ about	Microsoft ® HTML Viewer	Microsoft Corporation	c:\winnt\system32\mshtml.dll+ cdl	OLE32 Extensions for Win32	Microsoft Corporation	c:\winnt\system32\urlmon.dll+ file	OLE32 Extensions for Win32	Microsoft Corporation	c:\winnt\system32\urlmon.dll+ ftp	OLE32 Extensions for Win32	Microsoft Corporation	c:\winnt\system32\urlmon.dll+ gopher	OLE32 Extensions for Win32	Microsoft Corporation	c:\winnt\system32\urlmon.dll+ http	OLE32 Extensions for Win32	Microsoft Corporation	c:\winnt\system32\urlmon.dll+ https	OLE32 Extensions for Win32	Microsoft Corporation	c:\winnt\system32\urlmon.dll+ its	Microsoft® InfoTech Storage System Library	Microsoft Corporation	c:\winnt\system32\itss.dll+ javascript	Microsoft ® HTML Viewer	Microsoft Corporation	c:\winnt\system32\mshtml.dll+ local	OLE32 Extensions for Win32	Microsoft Corporation	c:\winnt\system32\urlmon.dll+ mailto	Microsoft ® HTML Viewer	Microsoft Corporation	c:\winnt\system32\mshtml.dll+ mhtml	Microsoft Internet Messaging API	Microsoft Corporation	c:\winnt\system32\inetcomm.dll+ mk	OLE32 Extensions for Win32	Microsoft Corporation	c:\winnt\system32\urlmon.dll+ ms-its	Microsoft® InfoTech Storage System Library	Microsoft Corporation	c:\winnt\system32\itss.dll+ res	Microsoft ® HTML Viewer	Microsoft Corporation	c:\winnt\system32\mshtml.dll+ skype4com	Skype for COM API	Skype Technologies	c:\program files\common files\skype\skype4com.dll+ sysimage	Microsoft ® HTML Viewer	Microsoft Corporation	c:\winnt\system32\mshtml.dll+ vbscript	Microsoft ® HTML Viewer	Microsoft Corporation	c:\winnt\system32\mshtml.dll+ vnd.ms.radio	Windows Media Player 2 ActiveX Control	Microsoft Corporation	c:\winnt\system32\msdxm.ocxHKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components			+ 0			File not found: About:HomeHKLM\SOFTWARE\Microsoft\Active Setup\Installed Components			+ Address Book 5	Outlook Express Setup Library	Microsoft Corporation	c:\program files\outlook express\setup50.exe+ Browser Customizations	Microsoft Internet Explorer Customization DLL	Microsoft Corporation	c:\winnt\system32\iedkcs32.dll+ CRLUpdate	UPDCRL	Microsoft Corporation	c:\winnt\system32\updcrl.exe+ EnableRevocation	Microsoft© Register Server	Microsoft Corporation	c:\winnt\system32\regsvr32.exe+ Internet Explorer 6	IE 5.0 Per-User Install Utility	Microsoft Corporation	c:\winnt\system32\ie4uinit.exe+ Internet Explorer Access	Windows NT User Data Migration Tool	Microsoft Corporation	c:\winnt\system32\shmgrate.exe+ Microsoft Outlook Express 6	Outlook Express Setup Library	Microsoft Corporation	c:\program files\outlook express\setup50.exe+ Microsoft Windows Media Player	ADVPACK	Microsoft Corporation	c:\winnt\system32\advpack.dll+ n/a	Microsoft .NET IE SECURITY REGISTRATION	Microsoft Corporation	c:\winnt\system32\mscories.dll+ NetMeeting 3.01	ADVPACK	Microsoft Corporation	c:\winnt\system32\advpack.dll+ Outlook Express Access	Windows NT User Data Migration Tool	Microsoft Corporation	c:\winnt\system32\shmgrate.exe+ Windows Desktop Update	Microsoft© Register Server	Microsoft Corporation	c:\winnt\system32\regsvr32.exe+ Windows Media Player	Microsoft Windows Media Player Setup Utility	Microsoft Corporation	c:\winnt\inf\unregmp2.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler			+ Browseui preloader	Shell Browser UI Library	Microsoft Corporation	c:\winnt\system32\browseui.dll+ Component Categories cache daemon	Shell Browser UI Library	Microsoft Corporation	c:\winnt\system32\browseui.dllHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad			+ Network.ConnectionTray	Network Connections Shell	Microsoft Corporation	c:\winnt\system32\netshell.dll+ SysTray	Systray shell service object	Microsoft Corporation	c:\winnt\system32\stobject.dll+ WebCheck	Web Site Monitor	Microsoft Corporation	c:\winnt\system32\webcheck.dllHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks			+ shell32.dll	Windows Shell Common Dll	Microsoft Corporation	c:\winnt\system32\shell32.dllHKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved			+ ?????? ???????			c:\program files\common files\microsoft shared\web folders\msonsext.dllHKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved			+ &Address	Shell Browser UI Library	Microsoft Corporation	c:\winnt\system32\browseui.dll+ &Links	Shell Browser UI Library	Microsoft Corporation	c:\winnt\system32\browseui.dll+ .CAB file viewer	Cabinet File Viewer Shell Extension	Microsoft Corporation	c:\winnt\system32\cabview.dll+ 7-Zip Shell Extension	7-Zip Shell Extension	Igor Pavlov	c:\program files\7-zip\7-zip.dll+ Accessible	Shell Browser UI Library	Microsoft Corporation	c:\winnt\system32\browseui.dll+ ActiveDesktop	Windows Shell Common Dll	Microsoft Corporation	c:\winnt\system32\shell32.dll+ ActiveX Cache Folder	Object Control Viewer	Microsoft Corporation	c:\winnt\system32\occache.dll+ Add encryption item to context menus in explorer	Windows Shell Common Dll	Microsoft Corporation	c:\winnt\system32\shell32.dll+ Address Bar Parser	Shell Browser UI Library	Microsoft Corporation	c:\winnt\system32\browseui.dll+ Address EditBox	Shell Browser UI Library	Microsoft Corporation	c:\winnt\system32\browseui.dll+ Augmented Shell Folder	Shell Browser UI Library	Microsoft Corporation	c:\winnt\system32\browseui.dll+ Augmented Shell Folder 2	Shell Browser UI Library	Microsoft Corporation	c:\winnt\system32\browseui.dll+ avast	avast! Shell Extension	ALWIL Software	c:\program files\alwil software\avast4\ashshell.dll+ BandProxy	Shell Browser UI Library	Microsoft Corporation	c:\winnt\system32\browseui.dll+ Briefcase	Windows Briefcase	Microsoft Corporation	c:\winnt\system32\syncui.dll+ Briefcase Folder	Windows Shell Common Dll	Microsoft Corporation	c:\winnt\system32\shell32.dll+ CDF Extension Copy Hook	Shell Doc Object and Control Library	Microsoft Corporation	c:\winnt\system32\shdocvw.dll+ Channel File	Channel Definition File Viewer	Microsoft Corporation	c:\winnt\system32\cdfview.dll+ Channel Handler Object	Channel Definition File Viewer	Microsoft Corporation	c:\winnt\system32\cdfview.dll+ Channel Menu	Channel Definition File Viewer	Microsoft Corporation	c:\winnt\system32\cdfview.dll+ Channel Properties	Channel Definition File Viewer	Microsoft Corporation	c:\winnt\system32\cdfview.dll+ Channel Shortcut	Channel Definition File Viewer	Microsoft Corporation	c:\winnt\system32\cdfview.dll+ CmdFileIcon	Windows Shell Common Dll	Microsoft Corporation	c:\winnt\system32\shell32.dll+ Code Download Agent	Web Site Monitor	Microsoft Corporation	c:\winnt\system32\webcheck.dll+ ConnectionAgent	Web Site Monitor	Microsoft Corporation	c:\winnt\system32\webcheck.dll+ Crypto PKO Extension	Crypto Shell Extensions	Microsoft Corporation	c:\winnt\system32\cryptext.dll+ Crypto Sign Extension	Crypto Shell Extensions	Microsoft Corporation	c:\winnt\system32\cryptext.dll+ Custom MRU AutoCompleted List	Shell Browser UI Library	Microsoft Corporation	c:\winnt\system32\browseui.dll+ Darwin App Publisher	Shell Application Manager	Microsoft Corporation	c:\winnt\system32\appwiz.cpl+ Directory Context Menu Verbs	Directory Service Common UI	Microsoft Corporation	c:\winnt\system32\dsuiext.dll+ Directory Namespace	Directory Service UI	Microsoft Corporation	c:\winnt\system32\dsfolder.dll+ Directory Object Find	Directory Service Find	Microsoft Corporation	c:\winnt\system32\dsquery.dll+ Directory Property UI	Directory Service Common UI	Microsoft Corporation	c:\winnt\system32\dsuiext.dll+ Directory Query UI	Directory Service Find	Microsoft Corporation	c:\winnt\system32\dsquery.dll+ Directory Start/Search Find	Directory Service Find	Microsoft Corporation	c:\winnt\system32\dsquery.dll+ Disk Copy Extension	Windows DiskCopy	Microsoft Corporation	c:\winnt\system32\diskcopy.dll+ Disk Quota UI	Windows Shell Disk Quota UI DLL	Microsoft Corporation	c:\winnt\system32\dskquoui.dll+ Display Adapter CPL Extension	Advanced display adapter properties	Microsoft Corporation	c:\winnt\system32\deskadp.dll+ Display Control Panel HTML Extensions	Windows Shell Common Dll	Microsoft Corporation	c:\winnt\system32\shell32.dll+ Display Monitor CPL Extension	Advanced display monitor properties	Microsoft Corporation	c:\winnt\system32\deskmon.dll+ Display Panning CPL Extension			File not found: deskpan.dll+ Display TroubleShoot CPL Extension	Advanced display performance properties	Microsoft Corporation	c:\winnt\system32\deskperf.dll+ Download Status	Shell Browser UI Library	Microsoft Corporation	c:\winnt\system32\browseui.dll+ DS Security Page	Directory Service Security UI	Microsoft Corporation	c:\winnt\system32\dssec.dll+ Explorer Band	Shell Doc Object and Control Library	Microsoft Corporation	c:\winnt\system32\shdocvw.dll+ Favorites Band	Shell Doc Object and Control Library	Microsoft Corporation	c:\winnt\system32\shdocvw.dll+ File Property Page Extension	Windows Shell Common Dll	Microsoft Corporation	c:\winnt\system32\shell32.dll+ File Types Page	Windows Shell Common Dll	Microsoft Corporation	c:\winnt\system32\shell32.dll+ Folder Options Property Page Extension	Windows Shell Common Dll	Microsoft Corporation	c:\winnt\system32\shell32.dll+ Folder Shortcut	Windows Shell Common Dll	Microsoft Corporation	c:\winnt\system32\shell32.dll+ Fonts	Windows Font Folder	Microsoft Corporation	c:\winnt\system32\fontext.dll+ For &People...	Find People	Microsoft Corporation	c:\program files\outlook express\wabfind.dll+ Fusion Cache	Microsoft .NET Runtime Execution Engine	Microsoft Corporation	c:\winnt\system32\mscoree.dll+ Global Folder Settings	Shell Browser UI Library	Microsoft Corporation	c:\winnt\system32\browseui.dll+ History	Shell Doc Object and Control Library	Microsoft Corporation	c:\winnt\system32\shdocvw.dll+ HTML Thumbnail Extractor	Thumbnail View Extension	Microsoft Corporation	c:\winnt\system32\thumbvw.dll+ HyperTerminal Icon Ext	HyperTerminal Applet Library	Hilgraeve, Inc.	c:\winnt\system32\hticons.dll+ ICC Profile	Microsoft Color Matching System User Interface DLL	Microsoft Corporation	c:\winnt\system32\icmui.dll+ ICM Monitor Management	Microsoft Color Matching System User Interface DLL	Microsoft Corporation	c:\winnt\system32\icmui.dll+ ICM Printer Management	Microsoft Color Matching System User Interface DLL	Microsoft Corporation	c:\winnt\system32\icmui.dll+ ICM Scanner Management	Microsoft Color Matching System User Interface DLL	Microsoft Corporation	c:\winnt\system32\icmui.dll+ ICQ Lite Shell Extension	ICQLiteShell Module		c:\program files\icqlite\icqliteshell.dll+ IE4 Suite Splash Screen	Shell Doc Object and Control Library	Microsoft Corporation	c:\winnt\system32\shdocvw.dll+ In-pane search	Shell Browser UI Library	Microsoft Corporation	c:\winnt\system32\browseui.dll+ Installed Apps Enumerator	Shell Application Manager	Microsoft Corporation	c:\winnt\system32\appwiz.cpl+ Internet Name Space	Shell Doc Object and Control Library	Microsoft Corporation	c:\winnt\system32\shdocvw.dll+ InternetShortcut	Shell Doc Object and Control Library	Microsoft Corporation	c:\winnt\system32\shdocvw.dll+ ISFBand OC	Shell Doc Object and Control Library	Microsoft Corporation	c:\winnt\system32\shdocvw.dll+ IShellFolderBand	Shell Browser UI Library	Microsoft Corporation	c:\winnt\system32\browseui.dll+ LNK file thumbnail interface delegator	Thumbnail View Extension	Microsoft Corporation	c:\winnt\system32\thumbvw.dll+ Media Band	Shell Browser UI Library	Microsoft Corporation	c:\winnt\system32\browseui.dll+ Menu Band	Shell Browser UI Library	Microsoft Corporation	c:\winnt\system32\browseui.dll+ Menu Desk Bar	Shell Browser UI Library	Microsoft Corporation	c:\winnt\system32\browseui.dll+ Menu Shell Folder	Shell Browser UI Library	Microsoft Corporation	c:\winnt\system32\browseui.dll+ Menu Site	Shell Browser UI Library	Microsoft Corporation	c:\winnt\system32\browseui.dll+ Microsoft AutoComplete	Shell Browser UI Library	Microsoft Corporation	c:\winnt\system32\browseui.dll+ Microsoft Browser Architecture	Shell Doc Object and Control Library	Microsoft Corporation	c:\winnt\system32\shdocvw.dll+ Microsoft BrowserBand	Shell Browser UI Library	Microsoft Corporation	c:\winnt\system32\browseui.dll+ Microsoft CopyTo Service	Windows Shell Common Dll	Microsoft Corporation	c:\winnt\system32\shell32.dll+ Microsoft History AutoComplete List	Shell Browser UI Library	Microsoft Corporation	c:\winnt\system32\browseui.dll+ Microsoft Internet Toolbar	Shell Browser UI Library	Microsoft Corporation	c:\winnt\system32\browseui.dll+ Microsoft MoveTo Service	Windows Shell Common Dll	Microsoft Corporation	c:\winnt\system32\shell32.dll+ Microsoft Multiple AutoComplete List Container	Shell Browser UI Library	Microsoft Corporation	c:\winnt\system32\browseui.dll+ Microsoft New Object Service	Windows Shell Common Dll	Microsoft Corporation	c:\winnt\system32\shell32.dll+ Microsoft SendTo Service	Windows Shell Common Dll	Microsoft Corporation	c:\winnt\system32\shell32.dll+ Microsoft Shell Folder AutoComplete List	Shell Browser UI Library	Microsoft Corporation	c:\winnt\system32\browseui.dll+ Microsoft Url History Service	Shell Doc Object and Control Library	Microsoft Corporation	c:\winnt\system32\shdocvw.dll+ Microsoft Url Search Hook	Shell Doc Object and Control Library	Microsoft Corporation	c:\winnt\system32\shdocvw.dll+ MIME File Types Hook	Windows Shell Common Dll	Microsoft Corporation	c:\winnt\system32\shell32.dll+ MMC Icon Handler	MMC Shell Extension DLL	Microsoft Corporation	c:\winnt\system32\mmcshext.dll+ Mounted Volume	Windows Shell Common Dll	Microsoft Corporation	c:\winnt\system32\shell32.dll+ MRU AutoComplete List	Shell Browser UI Library	Microsoft Corporation	c:\winnt\system32\browseui.dll+ Multimedia File Property Sheet	Control Panel Drivers Applet	Microsoft Corporation	c:\winnt\system32\mmsys.cpl+ My Computer	Windows Shell Common Dll	Microsoft Corporation	c:\winnt\system32\shell32.dll+ MyDocs Copy Hook	My Documents Folder UI	Microsoft Corporation	c:\winnt\system32\mydocs.dll+ MyDocs Drop Target	My Documents Folder UI	Microsoft Corporation	c:\winnt\system32\mydocs.dll+ MyDocs Folder	My Documents Folder UI	Microsoft Corporation	c:\winnt\system32\mydocs.dll+ MyDocs Properties	My Documents Folder UI	Microsoft Corporation	c:\winnt\system32\mydocs.dll+ Network and Dial-up Connections	Network Connections Shell	Microsoft Corporation	c:\winnt\system32\netshell.dll+ NTFS Security Page	Security Shell Extension	Microsoft Corporation	c:\winnt\system32\rshx32.dll+ Office Graphics Filters Thumbnail Extractor	Thumbnail View Extension	Microsoft Corporation	c:\winnt\system32\thumbvw.dll+ Offline Files Folder	Client Side Caching UI	Microsoft Corporation	c:\winnt\system32\cscui.dll+ Offline Files Folder Options	Client Side Caching UI	Microsoft Corporation	c:\winnt\system32\cscui.dll+ Offline Files Menu	Client Side Caching UI	Microsoft Corporation	c:\winnt\system32\cscui.dll+ OLE Docfile Property Page	OLE DocFile Property Page	Microsoft Corporation	c:\winnt\system32\docprop.dll+ Open With Context Menu Handler	Windows Shell Common Dll	Microsoft Corporation	c:\winnt\system32\shell32.dll+ PlusPack CPL Extension	Effects Control Panel extension	Microsoft Corporation	c:\winnt\system32\plustab.dll+ PostAgent	Web Site Monitor	Microsoft Corporation	c:\winnt\system32\webcheck.dll+ Printers Security Page	Security Shell Extension	Microsoft Corporation	c:\winnt\system32\rshx32.dll+ Registry Tree Options Utility	Shell Browser UI Library	Microsoft Corporation	c:\winnt\system32\browseui.dll+ Scheduled Tasks	Task Scheduler interface DLL	Microsoft Corporation	c:\winnt\system32\mstask.dll+ Search Assistant OC	Shell Doc Object and Control Library	Microsoft Corporation	c:\winnt\system32\shdocvw.dll+ Search Band	Shell Browser UI Library	Microsoft Corporation	c:\winnt\system32\browseui.dll+ Sendmail service	Send Mail	Microsoft Corporation	c:\winnt\system32\sendmail.dll+ Sendmail service	Send Mail	Microsoft Corporation	c:\winnt\system32\sendmail.dll+ Shell Application Manager	Shell Application Manager	Microsoft Corporation	c:\winnt\system32\appwiz.cpl+ Shell Automation Folder View	Windows Shell Common Dll	Microsoft Corporation	c:\winnt\system32\shell32.dll+ Shell Automation Inproc Service	Shell Doc Object and Control Library	Microsoft Corporation	c:\winnt\system32\shdocvw.dll+ Shell Automation Service	Windows Shell Common Dll	Microsoft Corporation	c:\winnt\system32\shell32.dll+ Shell Band Site Menu	Shell Browser UI Library	Microsoft Corporation	c:\winnt\system32\browseui.dll+ Shell DeskBar	Shell Browser UI Library	Microsoft Corporation	c:\winnt\system32\browseui.dll+ Shell DeskBarApp	Shell Browser UI Library	Microsoft Corporation	c:\winnt\system32\browseui.dll+ Shell DocObject Viewer	Shell Doc Object and Control Library	Microsoft Corporation	c:\winnt\system32\shdocvw.dll+ Shell Drag and Drop helper	Windows Shell Common Dll	Microsoft Corporation	c:\winnt\system32\shell32.dll+ Shell extensions for Microsoft Windows Network objects	Network object shell UI	Microsoft Corporation	c:\winnt\system32\ntlanui2.dll+ Shell extensions for sharing	Shell extensions for sharing	Microsoft Corporation	c:\winnt\system32\ntshrui.dll+ Shell extensions for sharing	Shell extensions for sharing	Microsoft Corporation	c:\winnt\system32\ntshrui.dll+ Shell extensions for Windows Script Host	Microsoft ® Shell Extension for Windows Script Host	Microsoft Corporation	c:\winnt\system32\wshext.dll+ Shell Favorite Folder	Windows Shell Common Dll	Microsoft Corporation	c:\winnt\system32\shell32.dll+ Shell properties for a DS object	Directory Service UI	Microsoft Corporation	c:\winnt\system32\dsfolder.dll+ Shell Rebar BandSite	Shell Browser UI Library	Microsoft Corporation	c:\winnt\system32\browseui.dll+ Shell Scrap DataHandler	Shell scrap object handler	Microsoft Corporation	c:\winnt\system32\shscrap.dll+ Start Menu	Windows Shell Common Dll	Microsoft Corporation	c:\winnt\system32\shell32.dll+ Subscription Folder	Web Site Monitor	Microsoft Corporation	c:\winnt\system32\webcheck.dll+ Subscription Mgr	Web Site Monitor	Microsoft Corporation	c:\winnt\system32\webcheck.dll+ Summary Info Thumbnail handler (DOCFILES)	Thumbnail View Extension	Microsoft Corporation	c:\winnt\system32\thumbvw.dll+ Tasks Folder Icon Handler	Task Scheduler interface DLL	Microsoft Corporation	c:\winnt\system32\mstask.dll+ Tasks Folder Shell Extension	Task Scheduler interface DLL	Microsoft Corporation	c:\winnt\system32\mstask.dll+ Temporary Internet Files	Shell Doc Object and Control Library	Microsoft Corporation	c:\winnt\system32\shdocvw.dll+ Temporary Internet Files	Shell Doc Object and Control Library	Microsoft Corporation	c:\winnt\system32\shdocvw.dll+ The Internet	Shell Doc Object and Control Library	Microsoft Corporation	c:\winnt\system32\shdocvw.dll+ Thumbnail Image	Shell Browser UI Library	Microsoft Corporation	c:\winnt\system32\browseui.dll+ Thumbnails	Thumbnail View Extension	Microsoft Corporation	c:\winnt\system32\thumbvw.dll+ Track Popup Bar	Shell Browser UI Library	Microsoft Corporation	c:\winnt\system32\browseui.dll+ Tracking Shell Menu	Shell Browser UI Library	Microsoft Corporation	c:\winnt\system32\browseui.dll+ TrayAgent	Web Site Monitor	Microsoft Corporation	c:\winnt\system32\webcheck.dll+ TridentImageExtractor	Shell Browser UI Library	Microsoft Corporation	c:\winnt\system32\browseui.dll+ User Assist	Shell Browser UI Library	Microsoft Corporation	c:\winnt\system32\browseui.dll+ Web Printer Shell Extension	Print UI DLL	Microsoft Corporation	c:\winnt\system32\printui.dll+ Web Search	Shell Browser UI Library	Microsoft Corporation	c:\winnt\system32\browseui.dll+ WebCheck	Web Site Monitor	Microsoft Corporation	c:\winnt\system32\webcheck.dll+ WebCheck SyncMgr Handler	Web Site Monitor	Microsoft Corporation	c:\winnt\system32\webcheck.dll+ WebCheckChannelAgent	Web Site Monitor	Microsoft Corporation	c:\winnt\system32\webcheck.dll+ WebCheckWebCrawler	Web Site Monitor	Microsoft Corporation	c:\winnt\system32\webcheck.dllHKLM\Software\Classes\Folder\Shellex\ColumnHandlers			+ Fax Tiff Data Column Provider	Fax Tiff Data Column Provider	Microsoft Corporation	c:\winnt\system32\faxshell.dll+ PDF Shell Extension	PDF Shell Extension	Adobe Systems, Inc.	c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll+ ShAVColumnProvider class	DocProp2	Microsoft Corporation	c:\winnt\system32\docprop2.dll+ Version Column Provider	DocProp2	Microsoft Corporation	c:\winnt\system32\docprop2.dll+ {0D2E74C4-3C34-11d2-A27E-00C04FC30871}	Windows Shell Common Dll	Microsoft Corporation	c:\winnt\system32\shell32.dll+ {24F14F01-7B1C-11d1-838f-0000F80461CF}	Windows Shell Common Dll	Microsoft Corporation	c:\winnt\system32\shell32.dll+ {24F14F02-7B1C-11d1-838f-0000F80461CF}	Windows Shell Common Dll	Microsoft Corporation	c:\winnt\system32\shell32.dllHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects			+ Adobe PDF Reader Link Helper	Adobe Acrobat IE Helper Version 7.0 for ActiveX	Adobe Systems Incorporated	c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll+ Spybot-S&D IE Protection	SBSD IE Protection	Safer Networking Limited	c:\program files\spybot - search & destroy\sdhelper.dll+ SSVHelper Class	Java(tm) Platform SE binary	Sun Microsystems, Inc.	c:\program files\java\jre1.6.0_03\bin\ssv.dllHKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks			+ shdocvw.dll	Shell Doc Object and Control Library	Microsoft Corporation	c:\winnt\system32\shdocvw.dllHKLM\Software\Microsoft\Internet Explorer\Toolbar			+ msdxm.ocx	Windows Media Player 2 ActiveX Control	Microsoft Corporation	c:\winnt\system32\msdxm.ocxHKLM\Software\Microsoft\Internet Explorer\Extensions			+ ICQ Lite	ICQLite	ICQ Ltd.	c:\program files\icqlite\icqlite.exeHKLM\System\CurrentControlSet\Services			+ aswUpdSv	Provides automatic updating for the avast! antivirus.	ALWIL Software	c:\program files\alwil software\avast4\aswupdsv.exe+ avast! Antivirus	Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.	ALWIL Software	c:\program files\alwil software\avast4\ashserv.exe+ Browser	Maintains an up-to-date list of computers on your network and supplies the list to programs that request it.	Microsoft Corporation	c:\winnt\system32\services.exe+ CmdAgent	Comodo Firewall Application Agent	COMODO	c:\program files\comodo\firewall\cmdagent.exe+ Dhcp	Manages network configuration by registering and updating IP addresses and DNS names.	Microsoft Corporation	c:\winnt\system32\services.exe+ dmserver	Logical Disk Manager Watchdog Service	Microsoft Corporation	c:\winnt\system32\services.exe+ Dnscache	Resolves and caches Domain Name System (DNS) names.	Microsoft Corporation	c:\winnt\system32\services.exe+ Eventlog	Logs event messages issued by programs and Windows.  Event Log reports contain information that can be useful in diagnosing problems.  Reports are viewed in Event Viewer.	Microsoft Corporation	c:\winnt\system32\services.exe+ lanmanserver	Provides RPC support and file, print, and named pipe sharing.	Microsoft Corporation	c:\winnt\system32\services.exe+ lanmanworkstation	Provides network connections and communications.	Microsoft Corporation	c:\winnt\system32\services.exe+ Messenger	Sends and receives messages transmitted by administrators or by the Alerter service.	Microsoft Corporation	c:\winnt\system32\services.exe+ NtmsSvc	Manages removable media, drives, and libraries.	Microsoft Corporation	c:\winnt\system32\ntmssvc.dll+ PlugPlay	Manages device installation and configuration and notifies programs of device changes.	Microsoft Corporation	c:\winnt\system32\services.exe+ PolicyAgent	Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.	Microsoft Corporation	c:\winnt\system32\lsass.exe+ ProtectedStorage	Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.	Microsoft Corporation	c:\winnt\system32\services.exe+ RemoteRegistry	Allows remote registry manipulation.	Microsoft Corporation	c:\winnt\system32\regsvc.exe+ RpcSs	Provides the endpoint mapper and other miscellaneous RPC services.	Microsoft Corporation	c:\winnt\system32\rpcss.dll+ SamSs	Stores security information for local user accounts.	Microsoft Corporation	c:\winnt\system32\lsass.exe+ seclogon	Enables starting processes under alternate credentials	Microsoft Corporation	c:\winnt\system32\services.exe+ SENS	Tracks system events such as Windows logon, network, and power events.  Notifies COM+ Event System subscribers of these events.	Microsoft Corporation	c:\winnt\system32\sens.dll+ Spooler	Loads files to memory for later printing.	Microsoft Corporation	c:\winnt\system32\spoolsv.exe+ StiSvc	Still Image Devices Monitor	Microsoft Corporation	c:\winnt\system32\stisvc.exe+ TrkWks	Sends notifications of files moving between NTFS volumes in a network domain.	Microsoft Corporation	c:\winnt\system32\services.exe+ UPHClean	Cleans up handles to allow unloading of user profile hive.  This can help speed up logging off, reconciliation of roaming profiles and prevent exceeding the registry size limit.	Microsoft Corporation	c:\program files\uphclean\uphclean.exe+ WinMgmt	Provides system management information.	Microsoft Corporation	c:\winnt\system32\wbem\winmgmt.exe+ wuauserv	Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.	Microsoft Corporation	c:\winnt\system32\wuauserv.dllHKLM\System\CurrentControlSet\Services			+ ACPI	ACPI Driver for NT	Microsoft Corporation	c:\winnt\system32\drivers\acpi.sys+ aeaudio	Andrea Audio Stub Driver	Andrea Electronics Corporation	c:\winnt\system32\drivers\aeaudio.sys+ AFD	Ancillary Function Driver for WinSock	Microsoft Corporation	c:\winnt\system32\drivers\afd.sys+ AsyncMac	RAS Asynchronous Media Driver	Microsoft Corporation	c:\winnt\system32\drivers\asyncmac.sys+ atapi	IDE/ATAPI Port Driver	Microsoft Corporation	c:\winnt\system32\drivers\atapi.sys+ Atmarpc	ATM ARP Client Protocol	Microsoft Corporation	c:\winnt\system32\drivers\atmarpc.sys+ audstub	AudStub Driver	Microsoft Corporation	c:\winnt\system32\drivers\audstub.sys+ AVG Anti-Rootkit	AVG Anti-Rootkit Driver	GRISOFT, s.r.o.	c:\winnt\system32\drivers\avgarkt.sys+ AvgArCln	AVG7 Clean Driver	GRISOFT, s.r.o.	c:\winnt\system32\drivers\avgarcln.sys+ BOCDRIVE			File not found: C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys+ CCDECODE	WDM Closed Caption VBI Codec	Microsoft Corporation	c:\winnt\system32\drivers\ccdecode.sys+ Cdrom	SCSI CD-ROM Driver	Microsoft Corporation	c:\winnt\system32\drivers\cdrom.sys+ CmdMon	Comodo Firewall Application Engine	Comodo Research Lab., Inc.	c:\winnt\system32\drivers\cmdmon.sys+ Disk	PnP Disk Driver	Microsoft Corporation	c:\winnt\system32\drivers\disk.sys+ dmio	NT Disk Manager I/O Driver	VERITAS Software Corp.	c:\winnt\system32\drivers\dmio.sys+ dmload	NT Disk Manager Startup Driver	VERITAS Software Corp.	c:\winnt\system32\drivers\dmload.sys+ DMusic	Microsoft DirectMusic Software Synthesizer (WDM)	Microsoft Corporation	c:\winnt\system32\drivers\dmusic.sys+ Fdc	Floppy Disk Controller Driver	Microsoft Corporation	c:\winnt\system32\drivers\fdc.sys+ Flpydisk	Floppy Driver	Microsoft Corporation	c:\winnt\system32\drivers\flpydisk.sys+ Ftdisk	FT Disk Driver	Microsoft Corporation	c:\winnt\system32\drivers\ftdisk.sys+ gameenum	Game Port Enumerator	Microsoft Corporation	c:\winnt\system32\drivers\gameenum.sys+ Gpc	Generic Packet Classifier	Microsoft Corporation	c:\winnt\system32\drivers\msgpc.sys+ hidusb	USB Miniport Driver for Input Devices	Microsoft Corporation	c:\winnt\system32\drivers\hidusb.sys+ i8042prt	i8042 Port Driver	Microsoft Corporation	c:\winnt\system32\drivers\i8042prt.sys+ Inspect	Comodo Firewall Network Engine	COMODO	c:\winnt\system32\drivers\inspect.sys+ IpFilterDriver	IP Traffic Filter Driver	Microsoft Corporation	c:\winnt\system32\drivers\ipfltdrv.sys+ IpInIp	IP in IP Tunnel Driver	Microsoft Corporation	c:\winnt\system32\drivers\ipinip.sys+ IpNat	IP Network Address Translator	Microsoft Corporation	c:\winnt\system32\drivers\ipnat.sys+ IPSEC	IPSEC driver	Microsoft Corporation	c:\winnt\system32\drivers\ipsec.sys+ IRENUM	Infra-Red Bus Enumerator	Microsoft Corporation	c:\winnt\system32\drivers\irenum.sys+ isapnp	PNP ISA Bus Driver	Microsoft Corporation	c:\winnt\system32\drivers\isapnp.sys+ Kbdclass	Keyboard Class Driver	Microsoft Corporation	c:\winnt\system32\drivers\kbdclass.sys+ kmixer	Kernel Mode Audio Mixer	Microsoft Corporation	c:\winnt\system32\drivers\kmixer.sys+ MagicTune			File not found: system32\drivers\MTiCtwl.sys+ Mouclass	Mouse Class Driver	Microsoft Corporation	c:\winnt\system32\drivers\mouclass.sys+ mouhid	HID Mouse Filter Driver	Microsoft Corporation	c:\winnt\system32\drivers\mouhid.sys+ MPE	Microsoft MPE to IP Filter	Microsoft Corporation	c:\winnt\system32\drivers\mpe.sys+ ms_mpu401	MPU401 Adapter Driver	Microsoft Corporation	c:\winnt\system32\drivers\msmpu401.sys+ MSKSSRV	MS KS Server	Microsoft Corporation	c:\winnt\system32\drivers\mskssrv.sys+ MSPCLOCK	MS Proxy Clock	Microsoft Corporation	c:\winnt\system32\drivers\mspclock.sys+ MSPQM	MS Proxy Quality Manager	Microsoft Corporation	c:\winnt\system32\drivers\mspqm.sys+ MSTEE	WDM Tee/Communication Transform Filter 	Microsoft Corporation	c:\winnt\system32\drivers\mstee.sys+ NABTSFEC	WDM NABTS/FEC VBI Codec	Microsoft Corporation	c:\winnt\system32\drivers\nabtsfec.sys+ NdisTapi	Remote Access NDIS TAPI Driver	Microsoft Corporation	c:\winnt\system32\drivers\ndistapi.sys+ Ndisuio	NDIS Usermode I/O Protocol	Microsoft Corporation	c:\winnt\system32\drivers\ndisuio.sys+ NdisWan	Remote Access NDIS WAN Driver	Microsoft Corporation	c:\winnt\system32\drivers\ndiswan.sys+ NetBT	NetBios over Tcpip	Microsoft Corporation	c:\winnt\system32\drivers\netbt.sys+ NetDetect	Network Card Detection driver	Microsoft Corporation	c:\winnt\system32\drivers\netdtect.sys+ NwlnkFlt	IPX Traffic Filter Driver	Microsoft Corporation	c:\winnt\system32\drivers\nwlnkflt.sys+ NwlnkFwd	IPX Traffic Forwarder Driver	Microsoft Corporation	c:\winnt\system32\drivers\nwlnkfwd.sys+ openhci	Open Host Controller Interface USB Driver	Microsoft Corporation	c:\winnt\system32\drivers\openhci.sys+ Parallel	Parallel Printer Driver	Microsoft Corporation	c:\winnt\system32\drivers\parallel.sys+ Parport	Parallel Port Driver	Microsoft Corporation	c:\winnt\system32\drivers\parport.sys+ PCI	NT Plug and Play PCI Enumerator	Microsoft Corporation	c:\winnt\system32\drivers\pci.sys+ PCIIde	Generic PCI IDE Bus Driver	Microsoft Corporation	c:\winnt\system32\drivers\pciide.sys+ pgfilter			File not found: C:\Program Files\PeerGuardian2\pgfilter.sys+ PptpMiniport	WAN Miniport (PPTP)	Microsoft Corporation	c:\winnt\system32\drivers\raspptp.sys+ Ptilink	Direct Parallel Link Driver	Parallel Technologies, Inc.	c:\winnt\system32\drivers\ptilink.sys+ PxHelp20	Px Engine Device Driver for Windows 2000/XP	Sonic Solutions	c:\winnt\system32\drivers\pxhelp20.sys+ RasAcd	Remote Access Auto Connection Driver	Microsoft Corporation	c:\winnt\system32\drivers\rasacd.sys+ Rasl2tp	WAN Miniport (L2TP)	Microsoft Corporation	c:\winnt\system32\drivers\rasl2tp.sys+ Raspti	Direct Parallel	Microsoft Corporation	c:\winnt\system32\drivers\raspti.sys+ RCA	RCA filter	Microsoft Corporation	c:\winnt\system32\drivers\rca.sys+ redbook	Redbook Audio Filter Driver	Microsoft Corporation	c:\winnt\system32\drivers\redbook.sys+ serenum	Serial Port Enumerator	Microsoft Corporation	c:\winnt\system32\drivers\serenum.sys+ Serial	Serial Device Driver	Microsoft Corporation	c:\winnt\system32\drivers\serial.sys+ SiS315	SiS Compatible Super VGA Driver	Silicon Integrated Systems Corporation	c:\winnt\system32\drivers\sisgrp.sys+ SISAGP	SiS AGPv3.5 Filter	Silicon Integrated Systems Corporation	c:\winnt\system32\drivers\sisagpx.sys+ SiSkp	SiS VGA Driver Manager	Silicon Integrated Systems Corporation	c:\winnt\system32\drivers\srvkp.sys+ SISNIC	SiS PCI Fast Ethernet Adapter Driver	SiS Corporation	c:\winnt\system32\drivers\sisnic.sys+ SLIP	Microsoft Slip Deframing Filter Minidriver	Microsoft Corporation	c:\winnt\system32\drivers\slip.sys+ smwdm	SoundMAX Integrated Digital Audio 	Analog Devices, Inc.	c:\winnt\system32\drivers\smwdm.sys+ sptd			c:\winnt\system32\drivers\sptd.sys+ streamip	Microsoft IP Driver	Microsoft Corporation	c:\winnt\system32\drivers\streamip.sys+ swenum	Plug and Play Software Device Enumerator	Microsoft Corporation	c:\winnt\system32\drivers\swenum.sys+ swmidi	Microsoft GS Wavetable Synthesizer	Microsoft Corporation	c:\winnt\system32\drivers\swmidi.sys+ sysaudio	System Audio WDM Filter	Microsoft Corporation	c:\winnt\system32\drivers\sysaudio.sys+ Tcpip	TCP/IP Protocol Driver	Microsoft Corporation	c:\winnt\system32\drivers\tcpip.sys+ Update	Update Driver	Microsoft Corporation	c:\winnt\system32\drivers\update.sys+ usbehci	EHCI eUSB Miniport Driver	Microsoft Corporation	c:\winnt\system32\drivers\usbehci.sys+ usbhub	Default Hub Driver for USB	Microsoft Corporation	c:\winnt\system32\drivers\usbhub.sys+ usbhub20	Default Hub Driver for USB 2.0	Microsoft Corporation	c:\winnt\system32\drivers\usbhub20.sys+ usbprint	USB Printer driver	Microsoft Corporation	c:\winnt\system32\drivers\usbprint.sys+ usbscan	USB Scanner Driver	Microsoft Corporation	c:\winnt\system32\drivers\usbscan.sys+ USBSTOR	USB Mass Storage Class Driver	Microsoft Corporation	c:\winnt\system32\drivers\usbstor.sys+ VgaSave	VGA/Super VGA Video Driver	Microsoft Corporation	c:\winnt\system32\drivers\vga.sys+ Wanarp	Remote Access IP ARP Driver	Microsoft Corporation	c:\winnt\system32\drivers\wanarp.sys+ wdmaud	MMSYSTEM Wave/Midi API mapper	Microsoft Corporation	c:\winnt\system32\drivers\wdmaud.sys+ WSTCODEC	WDM WST Codec Driver	Microsoft Corporation	c:\winnt\system32\drivers\wstcodec.sysHKLM\System\CurrentControlSet\Control\Session Manager\BootExecute			+ autocheck autochk *	Auto Check Utility	Microsoft Corporation	c:\winnt\system32\autochk.exeHKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options			+ taskmgr.exe	Sysinternals Process Explorer	Sysinternals	c:\backup\no install\procexp.exe+ Your Image File Name Here without a path	Symbolic Debugger for Windows 2000	Microsoft Corporation	c:\winnt\system32\ntsd.exeHKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls			+ advapi32	Advanced Windows 32 Base API	Microsoft Corporation	c:\winnt\system32\advapi32.dll+ comdlg32	Common Dialogs DLL	Microsoft Corporation	c:\winnt\system32\comdlg32.dll+ gdi32	GDI Client DLL	Microsoft Corporation	c:\winnt\system32\gdi32.dll+ imagehlp	Windows NT Image Helper	Microsoft Corporation	c:\winnt\system32\imagehlp.dll+ kernel32	Windows NT BASE API Client DLL	Microsoft Corporation	c:\winnt\system32\kernel32.dll+ lz32	LZ Expand/Compress API DLL	Microsoft Corporation	c:\winnt\system32\lz32.dll+ ole32	Microsoft OLE for Windows	Microsoft Corporation	c:\winnt\system32\ole32.dll+ oleaut32		Microsoft Corporation	c:\winnt\system32\oleaut32.dll+ olecli32	Object Linking and Embedding Client Library	Microsoft Corporation	c:\winnt\system32\olecli32.dll+ olecnv32	Microsoft OLE for Windows	Microsoft Corporation	c:\winnt\system32\olecnv32.dll+ olesvr32	Object Linking and Embedding Server Library	Microsoft Corporation	c:\winnt\system32\olesvr32.dll+ olethk32	Microsoft OLE for Windows	Microsoft Corporation	c:\winnt\system32\olethk32.dll+ rpcrt4	Remote Procedure Call Runtime	Microsoft Corporation	c:\winnt\system32\rpcrt4.dll+ shell32	Windows Shell Common Dll	Microsoft Corporation	c:\winnt\system32\shell32.dll+ url	Internet Shortcut Shell Extension DLL	Microsoft Corporation	c:\winnt\system32\url.dll+ urlmon	OLE32 Extensions for Win32	Microsoft Corporation	c:\winnt\system32\urlmon.dll+ user32	Windows 2000 USER API Client DLL	Microsoft Corporation	c:\winnt\system32\user32.dll+ version	Version Checking and File Installation Libraries	Microsoft Corporation	c:\winnt\system32\version.dll+ wininet	Internet Extensions for Win32	Microsoft Corporation	c:\winnt\system32\wininet.dll+ wldap32	Win32 LDAP API DLL	Microsoft Corporation	c:\winnt\system32\wldap32.dllHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify			+ crypt32chain	Crypto API32	Microsoft Corporation	c:\winnt\system32\crypt32.dll+ cryptnet	Crypto Network Related API	Microsoft Corporation	c:\winnt\system32\cryptnet.dll+ cscdll	Offline Network Agent	Microsoft Corporation	c:\winnt\system32\cscdll.dll+ sclgntfy	Secondary Logon Service Notification DLL	Microsoft Corporation	c:\winnt\system32\sclgntfy.dll+ SensLogn	Common DLL to receive Winlogon notifications	Microsoft Corporation	c:\winnt\system32\wlnotify.dll+ wzcnotif	Wireless Zero Configuration Service UI	Microsoft Corporation	c:\winnt\system32\wzcdlg.dllHKCU\Control Panel\Desktop\Scrnsave.exe			+ C:\WINNT\system32\ssflwbox.scr	OpenGL 3D Flowerbox Screen Saver	Microsoft Corporation	c:\winnt\system32\ssflwbox.scrHKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9			+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{7232D792-8CE9-4680-A54F-50C7924ECEE1}] DATAGRAM 3	Microsoft Windows Sockets 2.0 Service Provider	Microsoft Corporation	c:\winnt\system32\msafd.dll+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{7232D792-8CE9-4680-A54F-50C7924ECEE1}] SEQPACKET 3	Microsoft Windows Sockets 2.0 Service Provider	Microsoft Corporation	c:\winnt\system32\msafd.dll+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{AB43398C-2BDE-4939-A930-CCEDF23F62D2}] DATAGRAM 0	Microsoft Windows Sockets 2.0 Service Provider	Microsoft Corporation	c:\winnt\system32\msafd.dll+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{AB43398C-2BDE-4939-A930-CCEDF23F62D2}] SEQPACKET 0	Microsoft Windows Sockets 2.0 Service Provider	Microsoft Corporation	c:\winnt\system32\msafd.dll+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{CB1F82BD-F632-4D1D-BABF-B22BDBAC186D}] DATAGRAM 2	Microsoft Windows Sockets 2.0 Service Provider	Microsoft Corporation	c:\winnt\system32\msafd.dll+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{CB1F82BD-F632-4D1D-BABF-B22BDBAC186D}] SEQPACKET 2	Microsoft Windows Sockets 2.0 Service Provider	Microsoft Corporation	c:\winnt\system32\msafd.dll+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{E58E9881-12D5-41BB-9CC1-57D8C5D3C5BF}] DATAGRAM 4	Microsoft Windows Sockets 2.0 Service Provider	Microsoft Corporation	c:\winnt\system32\msafd.dll+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{E58E9881-12D5-41BB-9CC1-57D8C5D3C5BF}] SEQPACKET 4	Microsoft Windows Sockets 2.0 Service Provider	Microsoft Corporation	c:\winnt\system32\msafd.dll+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{FF2744F7-7C1A-4ECD-9E81-4251366BA075}] DATAGRAM 1	Microsoft Windows Sockets 2.0 Service Provider	Microsoft Corporation	c:\winnt\system32\msafd.dll+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{FF2744F7-7C1A-4ECD-9E81-4251366BA075}] SEQPACKET 1	Microsoft Windows Sockets 2.0 Service Provider	Microsoft Corporation	c:\winnt\system32\msafd.dll+ MSAFD Tcpip [RAW/IP]	Microsoft Windows Sockets 2.0 Service Provider	Microsoft Corporation	c:\winnt\system32\msafd.dll+ MSAFD Tcpip [TCP/IP]	Microsoft Windows Sockets 2.0 Service Provider	Microsoft Corporation	c:\winnt\system32\msafd.dll+ MSAFD Tcpip [UDP/IP]	Microsoft Windows Sockets 2.0 Service Provider	Microsoft Corporation	c:\winnt\system32\msafd.dll+ RSVP TCP Service Provider	Microsoft Windows Rsvp 1.0 Service Provider	Microsoft Corporation	c:\winnt\system32\rsvpsp.dll+ RSVP UDP Service Provider	Microsoft Windows Rsvp 1.0 Service Provider	Microsoft Corporation	c:\winnt\system32\rsvpsp.dllHKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors			+ BJ Language Monitor	Langage Monitor for Canon Bubble-Jet Printer	Microsoft Corporation	c:\winnt\system32\cnbjmon.dll+ Canon BJ Language Monitor iP4200	IJ Language Monitor	CANON INC.	c:\winnt\system32\cnmlm78.dll+ Local Port	Local Spooler DLL	Microsoft Corporation	c:\winnt\system32\localspl.dll+ PJL Language Monitor	Spooler Setup DLL	Microsoft Corporation	c:\winnt\system32\pjlmon.dll+ Standard TCP/IP Port	Standard TCP/IP Port Monitor DLL	Microsoft Corporation	c:\winnt\system32\tcpmon.dll+ USB Monitor	Standard USB printing Port Monitor DLL	Microsoft Corporation	c:\winnt\system32\usbmon.dllHKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders			+ digest.dll	Digest SSPI Authentication Package	Microsoft Corporation	c:\winnt\system32\digest.dll+ msapsspc.dll	DPA Client for 32 bit platforms	Microsoft Corporation	c:\winnt\system32\msapsspc.dll+ msnsspc.dll	MSN Client for 32 bit platforms	Microsoft Corporation	c:\winnt\system32\msnsspc.dll+ schannel.dll	TLS / SSL Security Provider	Microsoft Corporation	c:\winnt\system32\schannel.dllHKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages			+ msv1_0	Microsoft Authentication Package v1.0	Microsoft Corporation	c:\winnt\system32\msv1_0.dllHKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages			+ scecli	Windows Security Configuration Editor Client Engine	Microsoft Corporation	c:\winnt\system32\scecli.dllHKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages			+ kerberos	Kerberos Security Package	Microsoft Corporation	c:\winnt\system32\kerberos.dll+ msv1_0	Microsoft Authentication Package v1.0	Microsoft Corporation	c:\winnt\system32\msv1_0.dll+ schannel	TLS / SSL Security Provider	Microsoft Corporation	c:\winnt\system32\schannel.dllHKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order			+ LanmanWorkstation	Microsoft Windows Network	Microsoft Corporation	c:\winnt\system32\ntlanman.dll

edit2: i'd also like to know if dmadmin.exe (should only run when i mess with partitions?) , regsvc (_remote_ registry control?) should be constantly running and if the entire wbem directory under winnt/system32 should exist and if so for what purpose? @_@ is there any good reading about win processes and services around? how did u guys get so good at it? =)
Anything else I should add? ^_^*

edit3: ahh http://www.blackviper.com/WIN2K/servicecfg.htm suggests regsvc should be disabled, so i did... interesting enough it was set to auto and constantly running - i wish i could find what executed it... also winmgmt is set to auto instead of the defualt menual (i didn't change it for sure) and is constantly running - should i change it to manual? also dmadmin disapeared and it's indeed set to manual - perhaps it just remained there after the defraging i did earlier (having restarted since, due to java reinstal - it acts weird on me, i can't be sure...)

Thanks, ahead! =)

Edited by rvn, 19 October 2007 - 03:49 PM.


BC AdBot (Login to Remove)

 


#2 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:53 PM

Posted 05 November 2007 - 06:20 AM

Hi rvn, :thumbsup:

If you still need help please post a fresh HijackThis log and I'll be happy to look at it for you.

Thanks for your patience. :blink:

P.S. Please copy/paste the log into this thread using the Add Reply button.

#3 rvn

rvn
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 09 November 2007 - 07:11 AM

hi! ^_^

please do take a look at it...
the more time passes i'm becomming more paranoid... services takes up 100% for a couple fo mins after i log in, when i turn my (cable) modem on and when i dial-up... also my connection's become a bit slow... i did try avast,avg rootkit,f-secure and bitdeffender but found nothing... ^_^*
either way, here's the hjt log's -

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:05:57 PM, on 11/9/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
c:\winnt\Explorer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\PROGRAM FILES\NO INSTALL\PROCEXP.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINNT\system32\internat.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\w00t.exe - hjt ^_^*

F2 - REG:system.ini: Shell=c:\winnt\Explorer.exec:\winnt\Explorer.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (filesize 59032 bytes, MD5 4EA3A6CD9D20584FFAFDB1E47DBF0E20)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (filesize 1122128 bytes, MD5 B8958471DAA4481E93B03DF8F991DD6E)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (filesize 501136 bytes, MD5 D787E3123FAD2BD58AB45B9A5C360ACD)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx (filesize 844560 bytes, MD5 755AA1F85E3788C3C287FFA03CF58627)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize (filesize 3144800 bytes, MD5 7B2CB5259CED4485CE0D6B06A45FF561)
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup (filesize 271360 bytes, MD5 BC41EF142D76F423CF1CF261201D5623)
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe" (filesize 219952 bytes, MD5 8DF7F16F3DA69893CEF9F74DDDB767FD)
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe (filesize 20752 bytes, MD5 F4206FCA3B1D2FEAB50738EC2485D5F3)
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (filesize 501136 bytes, MD5 D787E3123FAD2BD58AB45B9A5C360ACD)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (filesize 501136 bytes, MD5 D787E3123FAD2BD58AB45B9A5C360ACD)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (filesize 3144800 bytes, MD5 7B2CB5259CED4485CE0D6B06A45FF561)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (filesize 3144800 bytes, MD5 7B2CB5259CED4485CE0D6B06A45FF561)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (filesize 1122128 bytes, MD5 B8958471DAA4481E93B03DF8F991DD6E)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (filesize 1122128 bytes, MD5 B8958471DAA4481E93B03DF8F991DD6E)
O17 - HKLM\System\CCS\Services\Tcpip\..\{E58E9881-12D5-41BB-9CC1-57D8C5D3C5BF}: NameServer = 212.116.161.38 212.117.129.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (filesize 1828176 bytes, MD5 CB211D1B0EC6E334EADE510156FCBAC5)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeC:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exeC:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exeC:\WINNT\System32\dmadmin.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exeC:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5799 bytes

#4 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:53 PM

Posted 11 November 2007 - 12:46 PM

Hi rvn, :thumbsup:

Welcome to BleepingComputer Forums and thanks again for your patience.

HijackThis log looks clean so let's dig some deeper.

1. Download Deckard's System Scanner and save it to your Desktop.

* Double click dss.exe and follow the prompts.
* When finished, it will produce a log for you.
* Post the contents of that log in your next reply.
* Using Windows Explorer (to get there right-click your Start button and go to "Explore"), navigate to the C:\Deckard\System Scanner folder. You will find two logs in the folder, main.txt and extra.txt.
* Open the main.txt log in Notepad
* Also Copy and Paste its contents in a reply.

2. Run the F-Secure Online Scanner
Note: This Scanner is for Internet Explorer Only!
Follow the Instruction here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.

Please post the F-Secure report together with the DSS main/extra logs.

#5 rvn

rvn
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 22 November 2007 - 04:03 PM

hi! sorry for the delayed reply, i wasn't home for a while...

ahh and i scanned using f-secure but forgot to copy the log - it was all fine except for a single "windows" vulnerability meaning a lowered security setting...

here's my dss main.txt -
Run by someuser on 2007-11-22 22 _linenums:44'>Deckard's System Scanner v20071014.68Run by someuser on 2007-11-22 22:44:05Computer is in Normal Mode.--------------------------------------------------------------------------------System Drive C: has 1.75 GiB (less than 15%) free.-- HijackThis (run as someuser.exe) ---------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:44:38 PM, on 11/22/2007Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\Program Files\Comodo\Firewall\cmdagent.exeC:\WINNT\System32\svchost.exeC:\WINNT\system32\stisvc.exeC:\Program Files\UPHClean\uphclean.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\system32\svchost.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exec:\winnt\Explorer.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Comodo\Firewall\CPF.exeC:\Program Files\uTorrent\utorrent.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\WINNT\system32\internat.exeC:\Program Files\PC Connectivity Solution\ServiceLayer.exeC:\PROGRAM FILES\NO INSTALL\PROCEXP.EXEC:\PROGRA~1\MOZILL~1\FIREFOX.EXEC:\Program Files\Comodo\Firewall\cpfsubmit.exeC:\Documents and Settings\Administrator\Desktop\dss.exeC:\DOCUME~1\ADMINI~1\Desktop\someuser.exeF2 - REG:system.ini: Shell=c:\winnt\Explorer.exeO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocxO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /backgroundO4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimizeO4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startupO4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [internat.exe] internat.exeO4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exeO9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exeO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - [url="http://support.f-secure.com/ols/fscax.cab"]http://support.f-secure.com/ols/fscax.cab[/url]O17 - HKLM\System\CCS\Services\Tcpip\..\{E58E9881-12D5-41BB-9CC1-57D8C5D3C5BF}: NameServer = 212.116.161.38 212.117.129.5O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exeO23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exeO23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe--End of file - 4658 bytes-- Files created between 2007-10-22 and 2007-11-22 -----------------------------2007-11-22 20:24:01     16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_560.dat2007-11-22 20:11:59     25992 --a------ C:\WINNT\system32\pgdfgsvc.exe <Not Verified; Sysinternals - www.sysinternals.com; Page File Defragmenter>2007-11-21 18:08:03     16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_230.dat2007-11-20 21:59:12         0 d-------- C:\Documents and Settings\Administrator\Application Data\InfraRecorder2007-11-20 21:58:58         0 d-------- C:\Program Files\InfraRecorder2007-11-20 18:16:15     16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_22c.dat2007-11-17 23:46:16     16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_434.dat2007-11-17 22:10:39     16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2ec.dat2007-11-17 22:02:59     16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_35c.dat2007-11-10 10:54:42         0 d-------- C:\Documents and Settings\Administrator\Application Data\OpenArena2007-11-08 23:39:48     67584 -----n--- C:\WINNT\system32\WNASPINT.DLL <Not Verified; NexiTech, Inc.; NexiTech ASPI for Win32>2007-11-08 23:39:46     15840 -----n--- C:\WINNT\system32\Machnm1.exe2007-11-02 16:49:10         0 d-------- C:\Documents and Settings\Administrator\Application Data\Nokia Multimedia Player2007-11-02 16:40:22         0 d-------- C:\Program Files\Common Files\PCSuite2007-11-02 16:40:21         0 d-------- C:\Program Files\Common Files\Nokia2007-11-02 16:40:05         0 d-------- C:\Program Files\PC Connectivity Solution2007-11-02 16:39:40         0 d-------- C:\Program Files\Nokia2007-11-02 15:58:45         0 d-------- C:\Documents and Settings\Administrator\Phone Browser2007-11-02 15:56:28         0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite2007-11-02 15:56:07         0 d-------- C:\Documents and Settings\Administrator\Application Data\Nokia2007-11-02 15:56:04         0 d-------- C:\Program Files\DIFX2007-11-02 15:55:28         0 d-------- C:\Documents and Settings\Administrator\Application Data\PC Suite2007-11-02 15:55:06         0 d------c- C:\WINNT\system32\DRVSTORE2007-11-02 15:54:06         0 d-------- C:\Documents and Settings\All Users\Application Data\Installations2007-10-22 21:26:25         0 d-------- C:\Documents and Settings\Administrator\Application Data\CrystalSpace2007-10-22 21:26:25         0 d-------- C:\Documents and Settings\Administrator\Application Data\CrystalApp2007-10-22 21:25:13         0 d-------- C:\Program Files\PlaneShift Crystal Blue-- Find3M Report ---------------------------------------------------------------2007-11-22 22:44:27         0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent2007-11-22 20:22:00         0 d-------- C:\Program Files\Combined Community Codec Pack2007-11-22 18:55:56         0 d-------- C:\Program Files\Mozilla Thunderbird2007-11-21 20:37:30         0 d-------- C:\Program Files\eMule2007-11-20 22:47:14   1194702 ---h----- C:\WINNT\ShellIconCache2007-11-17 21:57:04         0 d-------- C:\Documents and Settings\Administrator\Application Data\ChessBase2007-11-17 12:33:51    370334 --a------ C:\Documents and Settings\Administrator\Application Data\NMM-MetaData.db2007-11-10 11:34:40         0 d-------- C:\Program Files\No Install2007-11-08 23:39:41         0 d--h----- C:\Program Files\InstallShield Installation Information2007-11-02 16:40:22         0 d-a------ C:\Program Files\Common Files2007-10-28 21:54:55         0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM2007-10-27 18:00:36         0 d-------- C:\Documents and Settings\Administrator\Application Data\Skype2007-10-22 23:07:11         0 --a------ C:\Documents and Settings\Administrator\Application Data\pssetup.cfg2007-10-19 19:17:43         0 d-------- C:\Program Files\Java2007-10-19 19:17:09         0 d-------- C:\Program Files\Common Files\Java2007-10-19 13:34:45         0 d-------- C:\Program Files\Snapshot Viewer2007-10-18 19:33:05     16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_3a8.dat2007-10-06 20:38:31         0 d-------- C:\Program Files\Skype2007-10-06 19:45:45         0 d-------- C:\Program Files\Common Files\Skype2007-10-02 00:30:43         0 d-------- C:\Program Files\7-Zip2007-09-29 19:20:14         0 d-------- C:\Program Files\Common Files\AVSMedia2007-09-23 09:44:47     16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_234.dat2007-09-22 19:36:04         0 d-------- C:\Documents and Settings\Administrator\Application Data\WinRAR2007-09-22 19:17:11     16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_23c.dat2007-09-13 11:22:35     16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_1f0.dat2007-09-11 22:11:24     16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_524.dat2007-09-05 16:59:43     16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_1f8.dat2007-08-29 11:22:04     16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_238.dat2007-08-26 08:34:11     16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_4cc.dat-- Registry Dump ---------------------------------------------------------------*Note* empty entries & legit default entries are not shown[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [10/25/07 05:20p]"Comodo Firewall"="C:\Program Files\Comodo\Firewall\CPF.exe" [02/09/07 12:57a]"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [07/11/06 12:06p]"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [06/18/07 03:10p][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"uTorrent"="C:\Program Files\uTorrent\utorrent.exe" [09/13/07 02:30a]"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/07 04:46p]"internat.exe"="internat.exe" [12/07/99 02:00p C:\WINNT\system32\internat.exe][HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"internat.exe"=internat.exe"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"disablecad"=0 (0x0)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe]Debugger="C:\PROGRAM FILES\NO INSTALL\PROCEXP.EXE"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]@="Driver"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]@="Driver"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]"HTpatch"=C:\WINNT\htpatch.exe"Synchronization Manager"=mobsync.exe /logon"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"-- End of Deckard's System Scanner: finished at 2007-11-22 22:45:27 ------------

no extra.txt was generated... my fw did report a ngVFKX.exe file requesting a ff launch (couldnt find it on disk) - was it a random filename generated for the test? could be the reasoni don't have an extra.txt... >_<

(meh, i know really should put a clean install with seprate user accounts instead of this run-as-admin by defualt mess... but it'll take a while as u might've noticed, i'm short on space (on c from the dss report) and backuping stuff's a problem...)

#6 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:53 PM

Posted 23 November 2007 - 03:32 PM

Hi rvn, :thumbsup:

hi! sorry for the delayed reply, i wasn't home for a while...


No problem at all, post whenever it suits you.

forgot to copy the log


Hmmmmmmm

Go to Start > Run and copy/paste the following command between code into the open command box:

"%userprofile%/desktop/dss.exe" /config

This will run DSS again. When asked check extra.txt and post that report into this thread.

#7 rvn

rvn
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 30 November 2007 - 06:14 AM

here's the extra log ^_^* -

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows 2000 Professional (build 2195) SP 4.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.66GHz
Percentage of Memory in Use: 48%
Physical Memory (total/avail): 1215.53 MiB / 627.95 MiB
Pagefile Memory (total/avail): 2101.74 MiB / 1602.34 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1982.49 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 16 GiB total, 3.05 GiB free.
D: is Fixed (NTFS) - 32 GiB total, 0.36 GiB free.
E: is Fixed (NTFS) - 28.68 GiB total, 1.2 GiB free.
G: is CDROM (No Media)
H: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - HDS722580VLAT20 - 76.69 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 16 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 60.68 GiB - D: - E:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SOMECOMP
ComSpec=C:\WINNT\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\SOMECOMP
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Os2LibPath=C:\WINNT\system32\os2\dll;
Path=C:\Program Files\PC Connectivity Solution\;C:\Program Files\PHP\;C:\WINNT\system32;C:\WINNT;C:\WINNT\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PHPRC=C:\Program Files\PHP\
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SystemDrive=C:
SystemRoot=C:\WINNT
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=SOMECOMP
USERNAME=someuser
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINNT


-- User Profiles ---------------------------------------------------------------

postgres (profile directory not found)
Administrator (admin, profile directory not found)


-- Add/Remove Programs ---------------------------------------------------------

µTorrent --> "C:\Program Files\uTorrent\uninstall.exe"
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
7-Zip 4.55 beta --> "C:\Program Files\7-Zip\Uninstall.exe"
Adobe Reader 7.0.5 Language Support --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Reader Japanese Fonts --> MsiExec.exe /I{AC76BA86-7AD7-5760-0000-705000000001}
Apache HTTP Server 2.2.4 --> MsiExec.exe /I{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}
Aspell Russian Dictionary-0.50-2 --> "C:\Program Files\Aspell\unins001.exe"
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AVG Anti-Rootkit Free --> C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CGoban 3 --> C:\WINNT\system32\javaws.exe -uninstall -prompt "http://files.gokgs.com/javaBin/cgoban.jnlp"
Combined Community Codec Pack 2007-07-22 --> "C:\Program Files\Combined Community Codec Pack\unins000.exe"
Comodo Firewall --> C:\Program Files\Comodo\Firewall\fwconfig.exe -uninstalln
eMule --> "C:\Program Files\eMule\Uninstall.exe"
GNU Aspell 0.50-3 --> "C:\Program Files\Aspell\unins000.exe"
GNU Privacy Guard --> "C:\Program Files\GNU\GnuPG\uninst-gnupg.exe"
GTK+ Runtime 2.12.1 rev a (remove only) --> C:\Program Files\Common Files\GTK\2.0\uninst.exe
HijackThis 2.0.2 --> "C:\DOCUME~1\ADMINI~1\Desktop\HijackThis.exe" /uninstall
HP Image Zone 5.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Cameras 5.0 --> C:\Program Files\HP\Digital Imaging\{C83A12B9-B31B-461A-BBD4-CE9B988094F1}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
ICQ 5.1 --> C:\Program Files\ICQLite\ICQLiteUninstall.EXE
InfraRecorder --> C:\Program Files\InfraRecorder\uninstall.exe
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB886903) --> "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"
Microsoft Internet Explorer 6 SP1 --> rundll32 C:\WINNT\system32\setupwbv.dll,IE6Maintenance C:\Program Files\Internet Explorer\IE Uninstall\W2KEXCP.EXE /u
Microsoft Office 2000 Professional --> MsiExec.exe /I{000104E7-78E1-11D2-B60F-006097C998E7}
Microsoft XML Parser and SDK --> MsiExec.exe /I{3E908702-AF35-4611-9518-955DA24B7E07}
Mozilla Firefox (2.0.0.10) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.9) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Nero - Burning Rom --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
Nokia Connectivity Cable Driver --> MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}
Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_heb_web.exe
Nokia PC Suite --> MsiExec.exe /I{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}
Notepad++ --> C:\Program Files\Notepad++\uninstall.exe
Opera 9.02 --> MsiExec.exe /X{738179D8-3D76-4AFF-A7BE-AEF3B4370CB4}
PC Connectivity Solution --> MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}
PHP 5.2.1 --> MsiExec.exe /I{EF812FEC-6B0C-4B1C-8C4F-C88FEB415EFE}
Pidgin --> C:\Program Files\Pidgin\pidgin-uninst.exe
PlaneShift Crystal Blue - Tech Demo --> C:\Program Files\PlaneShift Crystal Blue\Uninstall.exe
Security Update for Windows 2000 (KB904706) -->
SiS 900 PCI Fast Ethernet Adapter Driver --> C:\Progra~1\SiSLan\Uninst.exe
SiSAGP driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC226AC9-0314-496C-BE6A-B6A132628466}\setup.exe" -l0x9
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
User Profile Hive Cleanup Service --> MsiExec.exe /I{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINNT\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINNT\system32\DRVSTORE\nokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108\nokbtmdm.inf
Windows Media Player system update (9 Series) --> C:\PROGRA~1\WINDOW~2\setup_wm.exe /Uninstall
World Community Grid - BOINC Agent --> MsiExec.exe /I{EC1DB926-53CE-45C6-AD3C-B57310A39BE0}


-- End of Deckard's System Scanner: finished at 2007-11-30 13:07:02 ------------


a fresh copy of main log -

Deckard's System Scanner v20071014.68
Run by someuser on 2007-11-30 13:06:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as someuser.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:06:12 PM, on 11/30/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
c:\winnt\Explorer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\BOINC\projects\www.worldcommunitygrid.org\wcg_hcc1_img_5.15_windows_intelx86
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\PROGRAM FILES\NO INSTALL\PROCEXP.EXE
C:\Documents and Settings\Administrator\desktop\dss.exe
C:\WINNT\system32\internat.exe
C:\DOCUME~1\ADMINI~1\Desktop\someuser.exe

F2 - REG:system.ini: Shell=c:\winnt\Explorer.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: World Community Grid - BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E58E9881-12D5-41BB-9CC1-57D8C5D3C5BF}: NameServer = 212.116.161.38 212.117.129.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4851 bytes

-- Files created between 2007-10-30 and 2007-11-30 -----------------------------

2007-11-30 13:00:34 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_5f8.dat
2007-11-30 11:23:32 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_22c.dat
2007-11-29 10:59:49 0 d-a------ C:\Program Files\BOINC
2007-11-29 10:59:12 0 d-------- C:\WINNT\Downloaded Installations
2007-11-29 10:17:06 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_230.dat
2007-11-29 01:13:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2007-11-24 13:47:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\.purple
2007-11-24 13:43:28 0 d-------- C:\Program Files\Aspell
2007-11-24 13:42:10 0 d-------- C:\Program Files\Pidgin
2007-11-24 13:41:59 0 d-------- C:\Program Files\Common Files\GTK
2007-11-22 20:11:59 25992 --a------ C:\WINNT\system32\pgdfgsvc.exe <Not Verified; Sysinternals - www.sysinternals.com; Page File Defragmenter>
2007-11-20 21:59:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\InfraRecorder
2007-11-20 21:58:58 0 d-------- C:\Program Files\InfraRecorder
2007-11-17 23:46:16 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_434.dat
2007-11-17 22:10:39 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2ec.dat
2007-11-17 22:02:59 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_35c.dat
2007-11-10 10:54:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\OpenArena
2007-11-08 23:39:48 67584 -----n--- C:\WINNT\system32\WNASPINT.DLL <Not Verified; NexiTech, Inc.; NexiTech ASPI for Win32>
2007-11-08 23:39:46 15840 -----n--- C:\WINNT\system32\Machnm1.exe
2007-11-02 16:49:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Nokia Multimedia Player
2007-11-02 16:40:22 0 d-------- C:\Program Files\Common Files\PCSuite
2007-11-02 16:40:21 0 d-------- C:\Program Files\Common Files\Nokia
2007-11-02 16:40:05 0 d-------- C:\Program Files\PC Connectivity Solution
2007-11-02 16:39:40 0 d-------- C:\Program Files\Nokia
2007-11-02 15:58:45 0 d-------- C:\Documents and Settings\Administrator\Phone Browser
2007-11-02 15:56:28 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2007-11-02 15:56:07 0 d-------- C:\Documents and Settings\Administrator\Application Data\Nokia
2007-11-02 15:56:04 0 d-------- C:\Program Files\DIFX
2007-11-02 15:55:28 0 d-------- C:\Documents and Settings\Administrator\Application Data\PC Suite
2007-11-02 15:55:06 0 d------c- C:\WINNT\system32\DRVSTORE
2007-11-02 15:54:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations


-- Find3M Report ---------------------------------------------------------------

2007-11-30 13:05:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2007-11-30 12:28:32 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-11-29 21:55:53 0 d-------- C:\Program Files\eMule
2007-11-29 02:05:49 1286016 ---h----- C:\WINNT\ShellIconCache
2007-11-24 13:41:59 0 d-a------ C:\Program Files\Common Files
2007-11-23 19:41:04 375398 --a------ C:\Documents and Settings\Administrator\Application Data\NMM-MetaData.db
2007-11-22 20:22:00 0 d-------- C:\Program Files\Combined Community Codec Pack
2007-11-17 21:57:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\ChessBase
2007-11-10 11:34:40 0 d-------- C:\Program Files\No Install
2007-11-08 23:39:41 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-28 21:54:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-10-27 18:00:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Skype
2007-10-22 23:47:43 0 d-------- C:\Program Files\PlaneShift Crystal Blue
2007-10-22 23:07:11 0 --a------ C:\Documents and Settings\Administrator\Application Data\pssetup.cfg
2007-10-22 21:26:25 0 d-------- C:\Documents and Settings\Administrator\Application Data\CrystalSpace
2007-10-22 21:26:25 0 d-------- C:\Documents and Settings\Administrator\Application Data\CrystalApp
2007-10-19 19:17:43 0 d-------- C:\Program Files\Java
2007-10-19 19:17:09 0 d-------- C:\Program Files\Common Files\Java
2007-10-19 13:34:45 0 d-------- C:\Program Files\Snapshot Viewer
2007-10-06 20:38:31 0 d-------- C:\Program Files\Skype
2007-10-06 19:45:45 0 d-------- C:\Program Files\Common Files\Skype
2007-10-02 00:30:43 0 d-------- C:\Program Files\7-Zip
2007-09-23 09:44:47 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_234.dat
2007-09-22 19:17:11 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_23c.dat
2007-09-13 11:22:35 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_1f0.dat
2007-09-11 22:11:24 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_524.dat
2007-09-05 16:59:43 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_1f8.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [10/25/07 05:20p]
"Comodo Firewall"="C:\Program Files\Comodo\Firewall\CPF.exe" [02/09/07 12:57a]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Program Files\uTorrent\utorrent.exe" [09/13/07 02:30a]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/07 04:46p]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"=internat.exe
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
World Community Grid - BOINC Manager.lnk - C:\Program Files\BOINC\boincmgr.exe [11/26/2007 2:25:32 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe]
Debugger="C:\PROGRAM FILES\NO INSTALL\PROCEXP.EXE"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HTpatch"=C:\WINNT\htpatch.exe
"Synchronization Manager"=mobsync.exe /logon
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" -minimize




-- End of Deckard's System Scanner: finished at 2007-11-30 13:07:02 ------------

interesting, i just noticed i removed internat (language tray bay icon) from the auto-ran list somehow... o_O
ah and there's another odd phenomenon with hijackthis, it immunizes everything normally except for the hosts, where it won't immunize more than 6634, i wonder why... @_@
(btw, is it better to post stuff like this or in a code box?)

#8 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:53 PM

Posted 01 December 2007 - 08:23 AM

Hi rvn, :thumbsup:

(btw, is it better to post stuff like this or in a code box?)


Like this is better/easier.

1.

AUOptions is disabled.


Of course it's up to you but I really do think it's better to enable Automatic Updates in Windows Security Center.

2. I see you are running Teatimer. Of course this is very good but now you have to disable it because it can interfere with the changes you'll make on your system. When your log is clean, you can enable it again: I will let you know.

> Run Spybot S&D, go to the Mode menu and select Advanced Mode;
> On the left hand side choose Tools > Resident;
> Uncheck Resident Teatimer and click Ok (close Spybot).

3. Run HijackThis, click Scan and checkmark the following entries:

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm


Close all browsers and windows, except for HijackThis and click the Fix Checked button; close HijackThis!

4. Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete the following file in bold if it still exists:

C:\WINNT\web\related.htm

5. Download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please post a fresh HijackThis log for review and let me know if you have any complaints.

#9 rvn

rvn
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 16 February 2008 - 05:24 AM

hi, (sorry for the long delay) i did it all back then, here's a fresh hijack log -
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:23:14 PM, on 2/16/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\BOINC\boincmgr.exe
C:\PROGRAM FILES\NO INSTALL\PROCEXP.EXE
C:\Program Files\BOINC\boinc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\explorer.exe
C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\avgarkt.exe
C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\E2oNuOumGf.exe
C:\Documents and Settings\Administrator\Desktop\new.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - .DEFAULT Startup: World Community Grid - BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe (User 'Default user')
O4 - Startup: World Community Grid - BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E58E9881-12D5-41BB-9CC1-57D8C5D3C5BF}: NameServer = 212.117.129.5 212.116.161.38
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4002 bytes

(i've temporarily removed spybot s&d) is there anything abnormal about it? the problem remains... :S
(i've also tried reinstalling comodo fw)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users