AdAware SE (updated entirely), as yet...Turns up completely blank. I've checked configuration settings and ran the test three times..tried restarting and safe-mode..Alas, it draws a blank.
Spybot S&D shows the same results, clean system, no imidate threats. Configuration settings have been pruned and tested...no bannanas.
CWShredder turns up negatory, I'm sure it isnt coolwebsearch...had a dual with it a bit back, heh.
Alas, I've run Hijack this and pruned my own logs, checked the Event veiwer and application logs, checked my startup and running processes via msconfig...Theres some program sitting there..I know it, because every time I change or remove my edited registry entry...It pops back up not a second later.
I pride myself on running a clean and fast system, has to be for gaming, but perhaps theres something you'll see that I havnt.
Logfile of HijackThis v1.99.1 Scan saved at 5:33:40 AM, on 4/16/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\Program Files\ABIT\ABIT uGuru\uGuru.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Saitek\Software\Profiler.exe C:\Program Files\Saitek\Software\SaiSmart.exe C:\WINDOWS\system32\svcnut.exe C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Comcast Rhapsody\rhapsody.exe C:\Program Files\Comcast Rhapsody\rhaphlpr.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\FALLEN~1\LOCALS~1\Temp\Rar$EX00.516\HijackThis.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Alwil Software\Avast4\ashSimpl.exe C:\Program Files\Internet Explorer\iexplore.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\shdocpl.dll/security.htm#subID=MPV;401 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocpl.dll/asst.htm O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [GuruClock] C:\Program Files\ABIT\ABIT uGuru\GuruClock.exe O4 - HKLM\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [razertra] C:\Program Files\Razer\razertra.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe O4 - HKLM\..\Run: [FastStart] C:\WINDOWS\system32\svcnut.exe home O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Program Files\Internet Explorer\Toolbar\toolbar.hta O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Program Files\Internet Explorer\Toolbar\toolbar.hta O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra button: Microsoft AntiSpyware helper - {545A0CA0-FA05-4D1B-91B9-6967D7941763} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {545A0CA0-FA05-4D1B-91B9-6967D7941763} - (no file) (HKCU) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1112378671687 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
A breif breakdown to save you time:
ATI is my graphics card, and i'm running a few sound applications for Audigy 7.1, my prosesses are rather standard. ABIT uGuru is my BIOS tweak, and Alwil/Avast is my anti-virus. the Saitek programs are the drivers and whatnot for my keyboard and the rest is gravy. Nothing too out of the ordinary to my eyes...
Obviously we're dealing with the two R0 values at the very top, yet change or remove those and...you guessed it, they're back. Even in safe mode. Alas I've no system restore point recent enough to solve this, either.
O4 - HKLM\..\Run: [FastStart] C:\WINDOWS\system32\svcnut.exe homeThis, however..is new...
The toolbar/wallpaper entries are for the Windows Internet Explore Wallpaper thing they released through microsoft...its kosher, just a skin for windows IE - had them for ages with no issues.
X10 device network services...this has been around for quite some time without question. I assumed it had something to do with my LAN/dual ethernet sockets.
I am at an utter loss of how to get my wonderful default "About:Blank" back to normal (faster load times) and would appriciate all the help you can offer.
--
Hero
-Out
Edited by Hero, 17 April 2005 - 01:10 AM.