GrayeDog

Members
 View Profile  See their activity

  • Content Count

    6

  • Joined

  • Last visited

 Content Type 

Posts posted by GrayeDog

  1. Socks.exe Problems / Hjt Log

    in Malware Removal

    Posted

    here's an updated logfile -- note, i couldn't find either of these files:

    C:\WINDOWS\system32\6bdjgqr.dll

    C:\Windows\System32\system.exe

    nor couldi find this folder:

    C:\Program Files\Accoona\

    but everything else seems to be running well for now. let me know if i need anything!

    Logfile of HijackThis v1.99.1

    Scan saved at 5:48:08 PM, on 2/1/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\carpserv.exe

    C:\WINDOWS\system32\atiptaxx.exe

    C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe

    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE

    C:\windows\system\hpsysdrv.exe

    C:\Windows\system32\HpSrvUI.exe

    C:\WINDOWS\system32\dla\tfswctrl.exe

    C:\Program Files\Real\RealPlayer\RealPlay.exe

    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

    C:\Program Files\QuickTime\qttask.exe

    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\Picasa2\PicasaMediaDetector.exe

    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\Program Files\AIM\aim.exe

    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

    C:\Program Files\LimeWire\LimeWire.exe

    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

    C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe

    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe

    C:\WINDOWS\System32\PackethSvc.exe

    C:\WINDOWS\System32\Ati2evxx.exe

    C:\WINDOWS\system32\HPConfig.exe

    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

    C:\Program Files\Network Associates\VirusScan\Mcshield.exe

    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

    C:\WINDOWS\system32\RadioSvr.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\imapi.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com/info/e-center-p

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4nb.hpwis.com/

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us4nb.hpwis.com/

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)

    O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL

    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

    O4 - HKLM\..\Run: [CARPService] carpserv.exe

    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

    O4 - HKLM\..\Run: [HP TV Now] C:\Program Files\Hewlett-Packard\HP TV Now\HpTvNow.exe /RK

    O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe /s

    O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

    O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE

    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

    O4 - HKLM\..\Run: [HP Presentation Ready] C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r

    O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe

    O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe

    O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d

    O4 - HKLM\..\Run: [PowerDirector] C:\WINDOWS\Temp\TPDIR\setup.exe

    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

    O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

    O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 6.0a\aoltray.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe

    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe

    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/e-center-p

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

    O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe

    O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

    O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe

    O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe

  2. Socks.exe Problems / Hjt Log

    in Malware Removal

    Posted

    hey, thanks matt

    just wanted to let you know that she uses LimeWire so i'm not gonna delete the limewire-associated files, and I use party poker so i'm not gonna delete the party poker-associated files...

    so thats:

    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe

    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe

    from HJT, and deleting

    C:\Program Files\LimeWire\

    C:\Program Files\PartyPoker\

    thank you though!

  3. Socks.exe Problems / Hjt Log

    in Malware Removal

    Posted

    Hey everyone, I'm gonna post the HJT log from my girlfriend's computer...things seem to be happening strangely, coupled with errors from "socks.exe" and mostly website just lagging horribly. Some sites just don't open (espn, yahoo) that should, giving the non-DNS errors as if you typed www.as;dflhjk.com ... I"m leaving in a few days for a trip so she wanted me to post it and see what we could fix. Any help would be great!

    Thanks

    Logfile of HijackThis v1.99.1

    Scan saved at 9:14:55 PM, on 1/31/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\system32\carpserv.exe

    C:\WINDOWS\system32\atiptaxx.exe

    C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe

    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE

    C:\windows\system\hpsysdrv.exe

    C:\Windows\system32\HpSrvUI.exe

    C:\WINDOWS\system32\dla\tfswctrl.exe

    C:\Documents and Settings\Owner\socks.exe

    C:\Program Files\Real\RealPlayer\RealPlay.exe

    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

    C:\Program Files\QuickTime\qttask.exe

    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\Picasa2\PicasaMediaDetector.exe

    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\Program Files\AIM\aim.exe

    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

    C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe

    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe

    C:\WINDOWS\System32\PackethSvc.exe

    C:\WINDOWS\System32\Ati2evxx.exe

    C:\WINDOWS\system32\HPConfig.exe

    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

    C:\Program Files\Network Associates\VirusScan\Mcshield.exe

    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

    C:\WINDOWS\system32\RadioSvr.exe

    C:\WINDOWS\System32\imapi.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

    C:\Program Files\GameTimePlus\GameTimePlus.exe

    C:\WINDOWS\explorer.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\WINDOWS\cl2.exe

    C:\WINDOWS\system32\cl2.exe

    C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com/info/e-center-p

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4nb.hpwis.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4nb.hpwis.com/

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us4nb.hpwis.com/

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\6bdjgqr.dll

    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

    O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)

    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll

    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)

    O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL

    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll

    O4 - HKLM\..\Run: [CARPService] carpserv.exe

    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

    O4 - HKLM\..\Run: [HP TV Now] C:\Program Files\Hewlett-Packard\HP TV Now\HpTvNow.exe /RK

    O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe /s

    O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

    O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE

    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

    O4 - HKLM\..\Run: [HP Presentation Ready] C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r

    O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe

    O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe

    O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d

    O4 - HKLM\..\Run: [PowerDirector] C:\WINDOWS\Temp\TPDIR\setup.exe

    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

    O4 - HKLM\..\Run: [system Kernal Support] system.exe

    O4 - HKLM\..\Run: [services] C:\Documents and Settings\Owner\socks.exe

    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

    O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

    O4 - HKLM\..\RunServices: [system Kernal Support] system.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [system Kernal Support] system.exe

    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

    O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 6.0a\aoltray.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html

    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe

    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe

    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/e-center-p

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

    O18 - Filter: text/html - {03974811-C15F-462c-B6B0-2D2336AA57D0} - (no file)

    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

    O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe

    O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

    O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe

    O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe

  5. Spysheriff Turned Into...

    in Malware Removal

    Posted

    Dragon...not good...I think I accidentally killed instead of Delete after Reboot some of those files...after deleting smss.exe I realized the problem and now my computer won't load windows. I tried burning the c:\windows\smss.exe onto a CD from this computer (another in the house) so I could copy it in, but it won't even let me reload in safe mode (with or without command prompt). I do get options on restart to restart with last known configuration...so I imagine that's the only thing I can do, which is fine, I haven't done anything of consequence in the last few days, I've just been trying to fix this problem.

    Is this what I should do? I'm losing my mind here.

    Also, of less importance, I couldn't delete the DRM kit, it couldn't locate sc to run it and I tried downloading swsc.exe to run it and it failed.

    I'm gonna give this about 10 minutes before I restart in last known good config even if I'm back at square-one virus-wise.

    Thanks for your help though

  6. Spysheriff Turned Into...

    in Malware Removal

    Posted

    Hi everyone, my name is Adam, its my first post here...

    Yesterday or the day before, I got Spy Sheriff. Nasty little thing. I searched around everywhere and found some fixes, ran RunThis.bat from smitRem (not sure it did anything, opened a prompt and closed immediately) and then ewido all in safe mode, and restarted and it was gone. That's the good news. Since then I've been working on getting rid of various bad things I have, most recently removing New.net. However, I'm still having some issues.

    First, I'm having IE trouble -- normally I use Firefox so I don't know when this started, but usually when I open IE it works (I set home page to about:blank) but when I hit a new website, it crashes. I just restarted, however, and made it to google without a problem. Not sure what causes it to come up like that. Similarly, I'm having the "This window is busy. Closing it may cause problems. Would you like to close it anyway? [Y] / [N]" error, but only occasionally...with no rhyme or reason to it -- I used to get it when closing IE when it redirected me to c:\system32.html but I fixed that with HJT among others.

    Next, I've got a few .exe's open that I've read are not good, so I'd like to get rid of them but I don't know how: namely, smss.exe (there's 2 copies of it open, and I know one is necessary for the system but I don't believe the other is), mxPMSPv.exe, and services.exe. All of these are trojans as far as I know, so, I don't like them.

    Furthermore, and I don't know if anyone has ANY clue why, but I discovered there were more problems than I thought because a little app I use called iTunesLibraryUpdater just won't open, and for the life of me I can't figure out why. So that tipped me off -- if anyone knows anything about that, that'd be great.

    Last, whenever I open My Documents\My Videos, (if the folder is in thumbnail mode), Windows Explorer crashes. if I don't close the crash window I can still surf in the folder, but it's very odd -- I've been looking at things with codecs and such (to no avail) to try and fix that.

    NOTE: just now, checking to see if that error still ocurrued, it crashed, and now System Idle Process keeps spawning itself over and over again in my Task Manager!

    I've run a HJT log to be posted below (before the Idle Processes started filling up -- ther'e's about 40 running right now).

    Any help would be greatly appreciated as to why any of these things are happening.

    Thanks!

    Adam

    Logfile of HijackThis v1.99.1

    Scan saved at 5:24:18 AM, on 1/14/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:

    C:\windows\System32\smss.exe

    C:\windows\system32\csrss.exe

    C:\windows\system32\services.exe

    C:\windows\system32\lsass.exe

    C:\windows\system32\svchost.exe

    C:\windows\system32\svchost.exe

    C:\windows\System32\svchost.exe

    C:\windows\System32\svchost.exe

    C:\windows\System32\svchost.exe

    C:\windows\system32\spoolsv.exe

    C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe

    C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe

    C:\WINDOWS\CDProxyServ.exe

    C:\windows\system32\cisvc.exe

    C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

    C:\WINDOWS\System32\CTsvcCDA.exe

    C:\Program Files\ewido anti-malware\ewidoctrl.exe

    C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe

    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

    c:\matlab6p5\bin\win32\matlab.exe

    C:\Program Files\Network Associates\VirusScan\mcshield.exe

    C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe

    C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\Program Files\Network Monitor\netmon.exe

    C:\windows\System32\nvsvc32.exe

    C:\windows\System32\svchost.exe

    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

    C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe

    C:\WINDOWS\system32\wdfmgr.exe

    C:\WINDOWS\wanmpsvc.exe

    C:\WINDOWS\System32\MsPMSPSv.exe

    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe

    C:\Program Files\Common Files\Dell\EUSW\Support.exe

    C:\Program Files\Logitech\iTouch\iTouch.exe

    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

    C:\PROGRA~1\mcafee.com\agent\mcagent.exe

    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

    C:\WINDOWS\System32\DSentry.exe

    C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

    C:\windows\system32\CTHELPER.EXE

    C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\QuickTime\qttask.exe

    C:\windows\smss.exe

    C:\Program Files\AIM\aim.exe

    C:\windows\system32\ctfmon.exe

    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    C:\Program Files\Logitech\MouseWare\system\em_exec.exe

    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

    C:\windows\System32\svchost.exe

    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

    C:\windows\system32\taskmgr.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\windows\system32\cidaemon.exe

    C:\windows\system32\cidaemon.exe

    C:\Documents and Settings\Adam\My Documents\download\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

    O2 - BHO: - {1E6CE4CD-161B-4847-B8BF-E2EF72299D69} - C:\WINDOWS\system32\ib6.dll

    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)

    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

    O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

    O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"

    O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe

    O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [Microsoft Windows Session Manager Subsystem] C:\windows\smss.exe

    O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\windows\winlogon.exe

    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

    O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe

    O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe

    O4 - HKCU\..\Run: [EQTraffic] "C:\Program Files\EQTraffic\EQTraffic.exe"

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: hp psc 1000 series.lnk = ?

    O4 - Global Startup: hpoddt01.exe.lnk = ?

    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll

    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

    O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409

    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedCon...bin/AvSniff.cab

    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...64/mcinsctl.cab

    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab

    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

    O20 - Winlogon Notify: avpe32 - C:\windows\SYSTEM32\avpe32.dll

    O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

    O20 - Winlogon Notify: WRNotifier - C:\windows\SYSTEM32\WRLogonNTF.dll

    O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe

    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe

    O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe

    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe

    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe

    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

    O23 - Service: Intel NCS NetService (NetSvc) - IntelĀ® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)

    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)