Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

heavy infection ! no way to get rid of it so far... hackthis log i

Started by ayambad , Apr 12 2008 02:06 PM

  • This topic is locked This topic is locked

#31
RatHat
Posted 18 April 2008 - 01:52 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
OK, lets see if there has been something blocking your hosts file:

Download the HostsXpert 4.2 - Hosts File Manager.
  • Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
  • Run HostsXpert 4.2 - Hosts File Manager from its new home
  • Click on "File Handling".
  • Click on "Restore MS Hosts File".
  • Click OK on the Confirmation box.
  • Now lets import a custom hosts file to block unwanted sites:
    • Right click Here and save hosts.txt to your Desktop
    • In HostsXpert 4.2 click Import Options
    • Click Replace Hosts File
    • In the Select File dialog, navigate to your Desktop and choose hosts.txt
    • Click the Open button
    • Click OK to Replace Your Hosts File
  • Click on "Make Read Only?"
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Let me know if it makes any difference.
  • 0

Advertisements

#32
ayambad
Posted 18 April 2008 - 02:24 PM

ayambad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
RatHat,

Nothing happens still i cannot go to www.msn.com, and i tried several other websites, this is the only one that seems not to be working

also I uninstalled the windows live messenger and tried to setup windows messenger instead but cannot login
  • 0

#33
RatHat
Posted 18 April 2008 - 02:37 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
MOLNA.COM belongs to your company right?

Could you ask the IT people if there is a block on MSN.
  • 0

#34
ayambad
Posted 18 April 2008 - 03:52 PM

ayambad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
yes MOLNA.COM belongs to our company and no there is no block on MSN.COM all my other colleagues next to me can access all websites without problem and use messenger.

fyi,
i had to download the hostsxpert fm another computer because the website was not opening in mine, same as with msn.com or windowsupdate.com
  • 0

#35
RatHat
Posted 18 April 2008 - 03:57 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Could you run DSS again for me, and post me the log, lets have another look at it.
  • 0

#36
ayambad
Posted 19 April 2008 - 03:40 PM

ayambad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
RatHat,

Here is the latest DSS log
------------------------------------------------------------------
Deckard's System Scanner v20071014.68
Run by loboj on 2008-04-18 17:30:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as loboj.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:30, on 2008-04-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\mnmsrvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\CNAC1RPK.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Documents and Settings\loboj\notes\NLNOTES.EXE
C:\Documents and Settings\loboj\notes\nwrdaemn.EXE
C:\Documents and Settings\loboj\notes\nupdate.EXE
C:\Documents and Settings\loboj\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\loboj.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\DOCUME~1\loboj\LOCALS~1\Temp\{FE50708E-1BC0-439A-A956-FE54B7A82D6F}\{20A6985E-4516-4042-BCAB-FEA3BED712CD}\bgstb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [Synchronization Manager] "C:\WINDOWS\system32\mobsync.exe" /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: VPN Client.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://static.35mb.c...et/applet_o.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MOLNA.COM
O17 - HKLM\Software\..\Telephony: DomainName = MOLNA.COM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = MOLNA.COM
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11810 bytes

-- Files created between 2008-03-18 and 2008-04-18 -----------------------------

2008-04-18 15:18:22 0 d-------- C:\HostsXpert
2008-04-13 21:42:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-13 21:42:23 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-13 21:14:24 68096 --a------ C:\WINDOWS\zip.exe
2008-04-13 21:14:24 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-13 21:14:24 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-13 21:14:24 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-13 21:14:24 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-13 21:14:24 98816 --a------ C:\WINDOWS\sed.exe
2008-04-13 21:14:24 80412 --a------ C:\WINDOWS\grep.exe
2008-04-13 21:14:24 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-13 17:28:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-04-13 16:30:49 0 d-------- C:\Documents and Settings\loboj\Application Data\Malwarebytes
2008-04-13 16:30:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-13 16:30:43 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-13 16:01:03 0 d-------- C:\WINDOWS\ERUNT
2008-04-11 13:45:27 0 d-------- C:\WINDOWS\pss
2008-04-10 22:00:47 67272 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-04-10 19:05:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-04-10 19:03:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Simply Super Software
2008-04-10 17:23:05 0 d-------- C:\Documents and Settings\loboj\Application Data\AVG7
2008-04-10 17:22:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-10 16:13:29 0 d-------- C:\Program Files\Trend Micro
2008-04-08 23:08:10 0 d-------- C:\Documents and Settings\loboj\.housecall6.6
2008-04-06 15:18:09 0 d-------- C:\Program Files\KONAMI
2008-04-06 10:29:07 0 d-------- C:\MDT
2008-04-06 10:28:12 0 d-------- C:\Documents and Settings\loboj\Application Data\CyberLink
2008-04-06 10:28:12 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-04-06 07:39:06 45056 --a------ C:\WINDOWS\system32\WNASPI32.DLL <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-04-06 07:39:06 16877 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-04-06 07:39:06 4672 --a------ C:\WINDOWS\system\WOWPOST.EXE <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-04-06 07:39:06 5600 --a------ C:\WINDOWS\system\WINASPI.DLL <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-04-06 07:38:52 0 d-------- C:\Program Files\DeadDiskDoctor
2008-04-05 15:45:12 4608 -ra------ C:\WINDOWS\system32\W95Inf32.DLL <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2008-04-05 15:45:11 2272 -ra------ C:\WINDOWS\system32\W95Inf16.DLL <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2008-04-05 15:44:52 12400 -ra------ C:\WINDOWS\system32\drivers\usbscan.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-04-05 15:43:31 0 d-------- C:\Documents and Settings\loboj\Application Data\Ulead Systems
2008-04-05 15:28:03 0 d-------- C:\Program Files\Common Files\LightScribe
2008-04-05 15:14:34 0 d-------- C:\Program Files\Common Files\InterVideo
2008-04-05 15:14:26 0 d-------- C:\Documents and Settings\All Users\Application Data\InterVideo
2008-04-05 13:22:54 0 d-------- C:\Program Files\Smart Projects
2008-04-05 08:10:21 0 d-------- C:\Program Files\iPod
2008-04-05 08:10:15 0 d-------- C:\Program Files\iTunes
2008-04-05 08:08:32 0 d-------- C:\Program Files\QuickTime
2008-04-04 16:43:41 0 d-------- C:\Program Files\Webteh
2008-04-04 16:24:45 0 d-------- C:\Documents and Settings\loboj\Application Data\Roxio
2008-04-04 15:57:54 0 d-------- C:\SmartSound Software
2008-04-04 15:56:51 0 d-------- C:\WINDOWS\system32\Quicktime
2008-04-04 15:56:51 0 d-------- C:\Program Files\SmartSound Software
2008-04-04 15:56:51 0 d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-04-04 15:51:25 0 d-------- C:\WINDOWS\system32\windows media
2008-04-04 15:48:35 0 d-------- C:\Program Files\Windows Media Components
2008-04-04 15:48:19 0 d-------- C:\Program Files\Common Files\Ulead Systems
2008-04-04 15:48:17 0 d-------- C:\Program Files\Ulead Systems
2008-04-04 15:48:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-04-04 14:13:28 0 d-------- C:\Documents and Settings\loboj\Application Data\LimeWire
2008-04-04 10:39:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-03 07:04:07 0 d-------- C:\Documents and Settings\Administrator\Application Data\Nero
2008-04-03 07:04:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-03-30 22:23:00 164 --a------ C:\install.dat
2008-03-30 21:55:09 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-30 00:43:33 0 d-------- C:\Documents and Settings\LocalService\Application Data\Real
2008-03-30 00:43:32 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-03-30 00:43:32 0 d-------- C:\Documents and Settings\LocalService\Application Data\MEGAUPLOADTOOLBAR
2008-03-30 00:43:32 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-03-29 20:20:03 0 d-------- C:\Program Files\Common Files\NSV
2008-03-29 15:10:51 0 d-------- C:\Program Files\NeroInstall.bak
2008-03-29 14:58:05 0 d-------- C:\Program Files\Nero
2008-03-28 11:19:07 0 d-------- C:\Program Files\Navis
2008-03-25 21:52:47 0 d-------- C:\Program Files\Copy of Frets on Fire
2008-03-25 21:45:16 0 d-------- C:\Program Files\FretsOnFire
2008-03-25 19:50:46 0 d-------- C:\Program Files\Frets on Fire
2008-03-21 10:39:58 0 d-------- C:\Program Files\Avanquest update
2008-03-21 10:39:01 0 d-------- C:\Program Files\Common Files\Motorola Shared
2008-03-21 10:38:56 0 d-------- C:\Program Files\Motorola Phone Tools
2008-03-21 10:38:56 0 d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-03-20 10:39:02 153088 --a------ C:\WINDOWS\UNWISE.EXE
2008-03-20 10:32:07 0 d-------- C:\WINDOWS\system32\Silabs
2008-03-20 10:32:04 118784 --a------ C:\WINDOWS\system32\Co_Mux.dll <Not Verified; Thesycon GmbH; Device Installation Toolkit>
2008-03-20 10:32:04 118784 --a------ C:\WINDOWS\system32\Co_Mod.dll <Not Verified; Thesycon GmbH; Device Installation Toolkit>
2008-03-20 10:32:04 0 d-------- C:\Program Files\UsbEdgeModem


-- Find3M Report ---------------------------------------------------------------

2008-04-18 17:28:38 0 d-------- C:\Program Files\Symantec AntiVirus
2008-04-18 14:51:18 0 d-------- C:\Program Files\Broadcom
2008-04-18 14:50:50 0 d-------- C:\Program Files\Wave Systems Corp
2008-04-18 14:46:39 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-18 14:21:55 0 d-a------ C:\Program Files\Common Files
2008-04-18 14:17:08 0 d-------- C:\Program Files\Common Files\Nero
2008-04-18 09:27:28 0 d-------- C:\Documents and Settings\loboj\Application Data\Wave Systems Corp
2008-04-13 20:40:12 0 d-------- C:\Program Files\eMule
2008-04-13 16:11:04 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-12 14:45:21 0 d-------- C:\Program Files\Picasa2
2008-04-05 15:28:36 0 d-------- C:\Program Files\DivX
2008-04-05 08:38:54 0 d-------- C:\Documents and Settings\loboj\Application Data\Apple Computer
2008-04-04 13:47:40 0 d-------- C:\Documents and Settings\loboj\Application Data\Winamp
2008-04-04 13:05:48 0 d-------- C:\Program Files\Winamp
2008-04-04 11:32:50 0 d-------- C:\Program Files\Baplie
2008-03-27 19:23:23 0 d-------- C:\Program Files\MetaTrader - Inversiones
2008-03-17 08:17:28 0 d-------- C:\Program Files\Java
2008-03-08 09:57:56 0 d-------- C:\Program Files\Common Files\xing shared
2008-03-08 09:57:52 0 d-------- C:\Program Files\Common Files\Real
2008-03-03 09:42:41 0 d-------- C:\Documents and Settings\loboj\Application Data\Real
2008-02-05 12:31:37 0 --a------ C:\WINDOWS\nsreg.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-04-15 22:49]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-05-18 12:45]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-05-18 12:45]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-05-18 12:45]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 00:26 C:\WINDOWS\stsystra.exe]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-03-16 04:10]
"KADxMain"="C:\WINDOWS\system32\KADxMain.exe" [2006-11-02 15:05]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 10:00]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-12-21 11:33]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-05-27 15:06]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 17:30]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 06:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-06 17:53]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-01-11 21:43:46]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-12-07 12:24:12]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-06 17:53:49]
VPN Client.lnk - C:\WINDOWS\Installer\{00CD55D6-EE5A-4570-9875-8A306628C032}\Icon3E5562ED7.ico [2007-12-20 11:55:09]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)




-- End of Deckard's System Scanner: finished at 2008-04-18 17:31:04 ------------
  • 0

#37
RatHat
Posted 19 April 2008 - 05:48 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Well there is no malware shown in you log. Could you try to run ISeeYouXP again, and post me that log.

Regards,
RatHat
  • 0

#38
ayambad
Posted 21 April 2008 - 09:43 AM

ayambad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
RatHat,

Please find attached the iseeyouxp log


********************************************************************************
****
ISeeYouXP v2.0 Beta 13

ISeeYouXP v1.3.0-v2.0 Beta 13 Copyright - ShadowPuterDude
ISeeYouXP v1.2.9 and earlier Copyright - PhilliePhan
------------------------------------------------------------------------------------
**** PLEASE NOTE THAT MOST (if not ALL) OF THE ITEMS BELOW ARE NOT BADDIES! ****
**** PLEASE CONSULT A KNOWLEDGEABLE PERSON BEFORE TAKING ANY ACTION. ****
********************************************************************************
****

Windows/Browser/Java Versions:

Microsoft Windows XP Professional
Version: 5.1.2600
Service Pack: 2.0
Windows Directory: C:\WINDOWS

Internet Explorer
Version: 7.0.5730.13
Build: 75730
Language: English (United States)
Path: C:\Program Files\Internet Explorer

Sun Microsystems Java Runtime
Version: 1.6.0_05

Boot State: Normal boot

Scan done at 10:31:37.37, 2008-04-21

------------------------------------------------------------------------------------

ISeeYouXP installation folder and files

"C:\ISeeYouXP\"
bootst~1.vbs May 28 2007 359 "bootstate.vbs"
change.log Oct 17 2007 4902 "change.log"
chodefix.bat Apr 18 2007 5387 "chodefix.bat"
fixchode.reg Apr 18 2007 528 "fixChode.reg"
fixexp~1.bat Feb 24 2007 487 "FixExplorerPolicies.bat"
getunk~1.bat Aug 12 2006 1478 "GetUnKeys.bat"
grep.exe Dec 24 2004 160768 "grep.exe"
hideit.bat Oct 17 2007 1072 "HideIT.bat"
ieinfo.vbs May 28 2007 514 "ieinfo.vbs"
iesecu~1.bat Oct 28 2007 72 "IESecurityZones.bat"
iesecu~1.vbs Nov 7 2007 2399 "IESecurityZones.vbs"
iseeyo~1.bat Oct 17 2007 209237 "ISeeYouXP.bat"
libico~1.dll Mar 16 2004 898048 "libiconv2.dll"
libintl3.dll Oct 9 2004 101888 "libintl3.dll"
locate.com Jan 14 2005 11254 "locate.com"
md5sum.exe Aug 5 2007 49152 "md5sum.exe"
msconf~1.bat Feb 24 2007 578 "MSConfigFix.bat"
osinfo.vbs May 28 2007 598 "osinfo.vbs"
pcbutts.txt Mar 25 2007 5167 "PCBUTTS.TXT"
pcre.dll Nov 14 2004 183313 "pcre.dll"
pv.exe Mar 2 2006 73728 "pv.exe"
regedi~1.bat Mar 30 2007 650 "RegEditFix.bat"
regfix.bat Apr 18 2007 145 "Regfix.bat"
servic~1.vbs May 28 2007 672 "servicesinfo.vbs"
showit.bat Oct 17 2007 1013 "ShowIT.bat"
swreg.exe Apr 5 2007 139776 "swreg.exe"
system~1.bat Feb 28 2007 369 "SystemRestoreFix.bat"
taskmg~1.bat Feb 24 2007 288 "TaskMgrFix.bat"

28 items found: 28 files, 0 directories.
Total of file sizes: 1,853,842 bytes 1.77 M
3 Dir(s) 37,592,289,280 bytes free

------------------------------------------------------------------------------------

System Environment Variables

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\loboj\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PNW2551
ComSpec=C:\WINDOWS\system32\cmd.exe
errcode=0
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\loboj
LOGONSERVER=\\HSNS01
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin;C:\Program Files\Wave Systems Corp\Dell Preboot Manager\Access Client\v5;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Smart Projects\IsoBuster
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\loboj\LOCALS~1\Temp
TMP=C:\DOCUME~1\loboj\LOCALS~1\Temp
USERDNSDOMAIN=MOLNA.COM
USERDOMAIN=MOLNA
USERNAME=loboj
USERPROFILE=C:\Documents and Settings\loboj
windir=C:\WINDOWS

------------------------------------------------------------------------------------

Showing any Pocket Killbox backup files

No matches found.

------------------------------------------------------------------------------------

Displaying BOOT.INI:

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

------------------------------------------------------------------------------------

Displaying SYSTEM.INI:

; for 16-bit app support
[drivers]
wave=mmdrv.dll
timer=timer.drv
[mci]
[driver32]
[386enh]
woafont=dosapp.FON
EGA80WOA.FON=EGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
CGA40WOA.FON=CGA40WOA.FON
[TTFontDimenCacheDBCS]
0 4=2 4
0 5=3 5
0 6=4 6
0 7=4 7
0 8=5 8
0 9=5 9
0 10=6 10
0 11=7 11
0 12=7 12
0 13=8 13
0 14=8 14
0 15=9 15
0 16=10 16
0 18=11 18
0 20=12 20
0 22=13 22

------------------------------------------------------------------------------------

Displaying WIN.INI:

; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[MCI Extensions.BAK]
aif=MPEGVideo
aifc=MPEGVideo
aiff=MPEGVideo
asf=MPEGVideo
asx=MPEGVideo
au=MPEGVideo
m1v=MPEGVideo
m3u=MPEGVideo
mp2=MPEGVideo
mp2v=MPEGVideo
mp3=MPEGVideo
mpa=MPEGVideo
mpe=MPEGVideo
mpeg=MPEGVideo
mpg=MPEGVideo
mpv2=MPEGVideo
snd=MPEGVideo
wax=MPEGVideo
wm=MPEGVideo
wma=MPEGVideo
wmv=MPEGVideo
wmx=MPEGVideo
wpl=MPEGVideo
wvx=MPEGVideo
m2v=MPEGVideo
mod=MPEGVideo
[Drivers.drv]
{F9491F42-550D-4DCC-93B6-8FB4D5E2911F}=2828282848760B683031372E2828282835E658515247625053476250

------------------------------------------------------------------------------------

Displaying AUTOEXEC.BAT:


------------------------------------------------------------------------------------

Displaying CONFIG.SYS:


------------------------------------------------------------------------------------

Displaying Running Processes:

PROCESS PID PRIO PATH
smss.exe 1268 Normal C:\WINDOWS\System32\smss.exe
csrss.exe 1316 Normal C:\WINDOWS\system32\csrss.exe
winlogon.exe 1344 High C:\WINDOWS\system32\winlogon.exe
services.exe 1388 Normal C:\WINDOWS\system32\services.exe
lsass.exe 1400 Normal C:\WINDOWS\system32\lsass.exe
svchost.exe 1616 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1704 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1900 Normal C:\WINDOWS\System32\svchost.exe
svchost.exe 1932 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 2036 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 308 Normal C:\WINDOWS\system32\svchost.exe
ccEvtMgr.exe 652 Normal C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
ccSetMgr.exe 668 Normal C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
SNDSrvc.exe 700 Normal C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
WLTRYSVC.EXE 880 Normal C:\WINDOWS\System32\WLTRYSVC.EXE
bcmwltry.exe 892 Normal C:\WINDOWS\System32\bcmwltry.exe
spoolsv.exe 940 Normal C:\WINDOWS\system32\spoolsv.exe
SCardSvr.exe 1008 Normal C:\WINDOWS\System32\SCardSvr.exe
AppleMobileDeviceService.exe 1292 Normal C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
AsfIpMon.exe 1300 Normal C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
BcmSqlStartupSvc.exe 1464 Normal C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
DevSvc.exe 1404 Normal C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
cvpnd.exe 1668 Normal C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
DefWatch.exe 1768 Normal C:\Program Files\Symantec AntiVirus\DefWatch.exe
GoogleUpdaterService.exe 1792 Normal C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
LSSrvc.exe 1836 Normal C:\Program Files\Common Files\LightScribe\LSSrvc.exe
mnmsrvc.exe 160 Normal C:\WINDOWS\system32\mnmsrvc.exe
rundll32.exe 292 Normal C:\WINDOWS\system32\rundll32.exe
NICCONFIGSVC.exe 312 Normal C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
SavRoam.exe 788 Normal C:\Program Files\Symantec AntiVirus\SavRoam.exe
StacSV.exe 1072 Normal C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
Rtvscan.exe 1132 Normal C:\Program Files\Symantec AntiVirus\Rtvscan.exe
CNAC1RPK.EXE 2140 Normal C:\WINDOWS\system32\CNAC1RPK.EXE
wmiprvse.exe 2548 Normal C:\WINDOWS\system32\wbem\wmiprvse.exe
alg.exe 2620 Normal C:\WINDOWS\System32\alg.exe
Explorer.EXE 3244 Normal C:\WINDOWS\Explorer.EXE
Apoint.exe 1556 Normal C:\Program Files\Apoint\Apoint.exe
hkcmd.exe 436 Normal C:\WINDOWS\system32\hkcmd.exe
igfxpers.exe 444 Normal C:\WINDOWS\system32\igfxpers.exe
jusched.exe 456 Normal C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
stsystra.exe 472 Normal C:\WINDOWS\stsystra.exe
WLTRAY.exe 480 Normal C:\WINDOWS\system32\WLTRAY.exe
KADxMain.exe 524 Normal C:\WINDOWS\system32\KADxMain.exe
issch.exe 552 Normal C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
DrgToDsc.exe 564 Normal C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
ccApp.exe 616 Normal C:\Program Files\Common Files\Symantec Shared\ccApp.exe
igfxsrvc.exe 1664 Normal C:\WINDOWS\system32\igfxsrvc.exe
VPTray.exe 1740 Normal C:\PROGRA~1\SYMANT~1\VPTray.exe
taskswitch.exe 2044 Normal C:\WINDOWS\system32\taskswitch.exe
ApMsgFwd.exe 2368 Normal C:\Program Files\Apoint\ApMsgFwd.exe
HidFind.exe 2416 Normal C:\Program Files\Apoint\HidFind.exe
Apntex.exe 2524 Normal C:\Program Files\Apoint\Apntex.exe
ctfmon.exe 2760 Normal C:\WINDOWS\system32\ctfmon.exe
msmsgs.exe 1160 Normal C:\Program Files\Messenger\msmsgs.exe
TosBtMng.exe 3408 Normal C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
DLG.exe 3424 Normal C:\Program Files\Digital Line Detect\DLG.exe
GoogleUpdater.exe 3436 Normal C:\Program Files\Google\Google Updater\GoogleUpdater.exe
TosA2dp.exe 3576 Normal C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
TosBtHid.exe 3596 Normal C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
TosBtHsp.exe 3668 Normal C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
NLNOTES.EXE 4000 Normal C:\Documents and Settings\loboj\notes\NLNOTES.EXE
nwrdaemn.EXE 2492 Normal C:\Documents and Settings\loboj\notes\nwrdaemn.EXE
nupdate.EXE 1156 Normal C:\Documents and Settings\loboj\notes\nupdate.EXE
iexplore.exe 3968 Normal C:\Program Files\Internet Explorer\iexplore.exe
cmd.exe 3572 Normal C:\WINDOWS\system32\cmd.exe
ntvdm.exe 4020 Normal C:\WINDOWS\system32\ntvdm.exe
wmiprvse.exe 4048 Normal C:\WINDOWS\system32\wbem\wmiprvse.exe
pv.exe 2272 Normal C:\ISEEYO~1\pv.exe

------------------------------------------------------------------------------------

Displaying Windows Services:

Name: Alerter
Display Name: Alerter
Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Disabled
State: Stopped

Name: ALG
Display Name: Application Layer Gateway Service
Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
Path Name: C:\WINDOWS\System32\alg.exe
Start Mode: Manual
State: Running

Name: Apple Mobile Device
Display Name: Apple Mobile Device
Description: Provides the interface to Apple mobile devices.
Path Name: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
Start Mode: Auto
State: Running

Name: AppMgmt
Display Name: Application Management
Description: Provides software installation services such as Assign, Publish, and Remove.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped

Name: ASFIPmon
Display Name: Broadcom ASF IP and SMBIOS Mailbox Monitor
Description: Monitors and propagates changes in the IP settings of ASF-enabled Broadcom network interfaces.
Path Name: "C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service
Start Mode: Auto
State: Running

Name: aspnet_state
Display Name: ASP.NET State Service
Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
Start Mode: Manual
State: Stopped

Name: AudioSrv
Display Name: Windows Audio
Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: BcmSqlStartupSvc
Display Name: Business Contact Manager SQL Server Startup Service
Description: Controls the start of the Business Contact Manager SQL Server instance (MSSMLBIZ).
Path Name: "C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe"
Start Mode: Auto
State: Running

Name: BITS
Display Name: Background Intelligent Transfer Service
Description: Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped

Name: Browser
Display Name: Computer Browser
Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: Capture Device Service
Display Name: Capture Device Service
Description: Manages device arrival and removal event. This service is provided by InterVideo.
Path Name: "C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe"
Start Mode: Auto
State: Running

Name: ccEvtMgr
Display Name: Symantec Event Manager
Description: Event propagation and logging service
Path Name: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
Start Mode: Auto
State: Running

Name: ccPwdSvc
Display Name: Symantec Password Validation
Description: User account management service
Path Name: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
Start Mode: Manual
State: Stopped

Name: ccSetMgr
Display Name: Symantec Settings Manager
Description: Settings storage and management service
Path Name: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
Start Mode: Auto
State: Running

Name: CiSvc
Display Name: Indexing Service
Description: Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
Path Name: C:\WINDOWS\system32\cisvc.exe
Start Mode: Manual
State: Stopped

Name: ClipSrv
Display Name: ClipBook
Description: Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\clipsrv.exe
Start Mode: Disabled
State: Stopped

Name: clr_optimization_v2.0.50727_32
Display Name: .NET Runtime Optimization Service v2.0.50727_X86
Description: Microsoft .NET Framework NGEN
Path Name: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Start Mode: Manual
State: Stopped

Name: COMSysApp
Display Name: COM+ System Application
Description: Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Start Mode: Manual
State: Stopped

Name: CryptSvc
Display Name: Cryptographic Services
Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: CVPND
Display Name: Cisco Systems, Inc. VPN Service
Description:
Path Name: "C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe"
Start Mode: Auto
State: Running

Name: DcomLaunch
Display Name: DCOM Server Process Launcher
Description: Provides launch functionality for DCOM services.
Path Name: C:\WINDOWS\system32\svchost -k DcomLaunch
Start Mode: Auto
State: Running

Name: DefWatch
Display Name: Symantec AntiVirus Definition Watcher
Description: Monitors and maintains virus definitions.
Path Name: "C:\Program Files\Symantec AntiVirus\DefWatch.exe"
Start Mode: Auto
State: Running

Name: Dhcp
Display Name: DHCP Client
Description: Manages network configuration by registering and updating IP addresses and DNS names.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: dmadmin
Display Name: Logical Disk Manager Administrative Service
Description: Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
Path Name: C:\WINDOWS\System32\dmadmin.exe /com
Start Mode: Manual
State: Stopped

Name: dmserver
Display Name: Logical Disk Manager
Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped

Name: Dnscache
Display Name: DNS Client
Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k NetworkService
Start Mode: Auto
State: Running

Name: ERSvc
Display Name: Error Reporting Service
Description: Allows error reporting for services and applictions running in non-standard environments.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: Eventlog
Display Name: Event Log
Description: Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
Path Name: C:\WINDOWS\system32\services.exe
Start Mode: Auto
State: Running

Name: EventSystem
Display Name: COM+ Event System
Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running

Name: FastUserSwitchingCompatibility
Display Name: Fast User Switching Compatibility
Description: Provides management for applications that require assistance in a multiple user environment.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped

Name: Fax
Display Name: Fax
Description: Enables you to send and receive faxes, utilizing fax resources available on this computer or on the network.
Path Name: C:\WINDOWS\system32\fxssvc.exe
Start Mode: Auto
State: Stopped

Name: FontCache3.0.0.0
Display Name: Windows Presentation Foundation Font Cache 3.0.0.0
Description: Optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already running. It can be disabled, though doing so will degrade the performance of WPF applications.
Path Name: c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
Start Mode: Manual
State: Stopped

Name: GoogleDesktopManager-093007-112848
Display Name: Google Desktop Manager 5.5.709.30344
Description:
Path Name: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe"
Start Mode: Manual
State: Stopped

Name: gusvc
Display Name: Google Updater Service
Description:
Path Name: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
Start Mode: Auto
State: Running

Name: helpsvc
Display Name: Help and Support
Description: Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: HidServ
Display Name: HID Input Service
Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: HTTPFilter
Display Name: HTTP SSL
Description: This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k HTTPFilter
Start Mode: Manual
State: Stopped

Name: idsvc
Display Name: Windows CardSpace
Description: Securely enables the creation, management, and disclosure of digital identities.
Path Name: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
Start Mode: Manual
State: Stopped

Name: ImapiService
Display Name: IMAPI CD-Burning COM Service
Description: Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\imapi.exe
Start Mode: Manual
State: Stopped

Name: iPod Service
Display Name: iPod Service
Description: iPod hardware management services
Path Name: "C:\Program Files\iPod\bin\iPodService.exe"
Start Mode: Manual
State: Stopped

Name: lanmanserver
Display Name: Server
Description: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: lanmanworkstation
Display Name: Workstation
Description: Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: LightScribeService
Display Name: LightScribeService Direct Disc Labeling Service
Description: Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work.
Path Name: "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
Start Mode: Auto
State: Running

Name: LmHosts
Display Name: TCP/IP NetBIOS Helper
Description: Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Auto
State: Running

Name: Messenger
Display Name: Messenger
Description: Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Disabled
State: Stopped

Name: mnmsrvc
Display Name: NetMeeting Remote Desktop Sharing
Description: Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\mnmsrvc.exe
Start Mode: Auto
State: Running

Name: MSDTC
Display Name: Distributed Transaction Coordinator
Description: Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\msdtc.exe
Start Mode: Manual
State: Stopped

Name: MSIServer
Display Name: Windows Installer
Description: Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\msiexec.exe /V
Start Mode: Manual
State: Stopped

Name: NetDDE
Display Name: Network DDE
Description: Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\netdde.exe
Start Mode: Disabled
State: Stopped

Name: NetDDEdsdm
Display Name: Network DDE DSDM
Description: Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\netdde.exe
Start Mode: Disabled
State: Stopped

Name: Netlogon
Display Name: Net Logon
Description: Supports pass-through authentication of account logon events for computers in a domain.
Path Name: C:\WINDOWS\system32\lsass.exe
Start Mode: Auto
State: Running

Name: Netman
Display Name: Network Connections
Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running

Name: NetTcpPortSharing
Display Name: Net.Tcp Port Sharing Service
Description: Provides ability to share TCP ports over the net.tcp protocol.
Path Name: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
Start Mode: Disabled
State: Stopped

Name: NICCONFIGSVC
Display Name: NICCONFIGSVC
Description: Configure your Internal Network Card power management settings.
Path Name: C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
Start Mode: Auto
State: Running

Name: Nla
Display Name: Network Location Awareness (NLA)
Description: Collects and stores network configuration and location information, and notifies applications when this information changes.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running

Name: NtLmSsp
Display Name: NT LM Security Support Provider
Description: Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
Path Name: C:\WINDOWS\system32\lsass.exe
Start Mode: Manual
State: Stopped

Name: NtmsSvc
Display Name: Removable Storage
Description:
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped

Name: ose
Display Name: Office Source Engine
Description: Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports.
Path Name: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
Start Mode: Manual
State: Stopped

Name: PlugPlay
Display Name: Plug and Play
Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
Path Name: C:\WINDOWS\system32\services.exe
Start Mode: Auto
State: Running

Name: PolicyAgent
Display Name: IPSEC Services
Description: Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
Path Name: C:\WINDOWS\system32\lsass.exe
Start Mode: Auto
State: Running

Name: ProtectedStorage
Display Name: Protected Storage
Description: Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
Path Name: C:\WINDOWS\system32\lsass.exe
Start Mode: Auto
State: Running

Name: RasAuto
Display Name: Remote Access Auto Connection Manager
Description: Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped

Name: RasMan
Display Name: Remote Access Connection Manager
Description: Creates a network connection.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running

Name: RDSessMgr
Display Name: Remote Desktop Help Session Manager
Description: Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
Path Name: C:\WINDOWS\system32\sessmgr.exe
Start Mode: Manual
State: Stopped

Name: RemoteAccess
Display Name: Routing and Remote Access
Description: Offers routing services to businesses in local area and wide area network environments.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Disabled
State: Stopped

Name: RemoteRegistry
Display Name: Remote Registry
Description: Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Auto
State: Running

Name: RpcLocator
Display Name: Remote Procedure Call (RPC) Locator
Description: Manages the RPC name service database.
Path Name: C:\WINDOWS\system32\locator.exe
Start Mode: Manual
State: Stopped

Name: RpcSs
Display Name: Remote Procedure Call (RPC)
Description: Provides the endpoint mapper and other miscellaneous RPC services.
Path Name: C:\WINDOWS\system32\svchost -k rpcss
Start Mode: Auto
State: Running

Name: RSVP
Display Name: QoS RSVP
Description: Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
Path Name: C:\WINDOWS\system32\rsvp.exe
Start Mode: Manual
State: Stopped

Name: SamSs
Display Name: Security Accounts Manager
Description: Stores security information for local user accounts.
Path Name: C:\WINDOWS\system32\lsass.exe
Start Mode: Auto
State: Running

Name: SavRoam
Display Name: SAVRoam
Description: Symantec AntiVirus Roaming Service
Path Name: "C:\Program Files\Symantec AntiVirus\SavRoam.exe"
Start Mode: Auto
State: Running

Name: SCardSvr
Display Name: Smart Card
Description: Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\SCardSvr.exe
Start Mode: Auto
State: Running

Name: Schedule
Display Name: Task Scheduler
Description: Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: seclogon
Display Name: Secondary Logon
Description: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: SENS
Display Name: System Event Notification
Description: Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: SharedAccess
Display Name: Windows Firewall/Internet Connection Sharing (ICS)
Description: Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: ShellHWDetection
Display Name: Shell Hardware Detection
Description: Provides notifications for AutoPlay hardware events.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: SNDSrvc
Display Name: Symantec Network Drivers Service
Description: Symantec Network Drivers Service
Path Name: "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
Start Mode: Auto
State: Running

Name: SPBBCSvc
Display Name: Symantec SPBBCSvc
Description: Symantec SPBBC
Path Name: "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"
Start Mode: Manual
State: Stopped

Name: Spooler
Display Name: Print Spooler
Description: Loads files to memory for later printing.
Path Name: C:\WINDOWS\system32\spoolsv.exe
Start Mode: Auto
State: Running

Name: srservice
Display Name: System Restore Service
Description: Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: SSDPSRV
Display Name: SSDP Discovery Service
Description: Enables discovery of UPnP devices on your home network.
Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Manual
State: Running

Name: STacSV
Display Name: SigmaTel Audio Service
Description: Manages SigmaTel Audio Universal Jack configurations.
Path Name: C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
Start Mode: Auto
State: Running

Name: stisvc
Display Name: Windows Image Acquisition (WIA)
Description: Provides image acquisition services for scanners and cameras.
Path Name: C:\WINDOWS\system32\svchost.exe -k imgsvc
Start Mode: Manual
State: Stopped

Name: stllssvr
Display Name: stllssvr
Description:
Path Name: "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe"
Start Mode: Manual
State: Stopped

Name: SwPrv
Display Name: MS Software Shadow Copy Provider
Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\dllhost.exe /Processid:{2F130D52-0BDB-47EB-AF81-1E09BA7E21E7}
Start Mode: Manual
State: Stopped

Name: Symantec AntiVirus
Display Name: Symantec AntiVirus
Description: Provides real-time virus scanning, reporting, and management functionality for Symantec AntiVirus.
Path Name: "C:\Program Files\Symantec AntiVirus\Rtvscan.exe"
Start Mode: Auto
State: Running

Name: SysmonLog
Display Name: Performance Logs and Alerts
Description: Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\smlogsvc.exe
Start Mode: Manual
State: Stopped

Name: TapiSrv
Display Name: Telephony
Description: Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running

Name: TermService
Display Name: Terminal Services
Description: Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
Path Name: C:\WINDOWS\System32\svchost -k DComLaunch
Start Mode: Manual
State: Running

Name: Themes
Display Name: Themes
Description: Provides user experience theme management.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: TlntSvr
Display Name: Telnet
Description: Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\tlntsvr.exe
Start Mode: Manual
State: Stopped

Name: TrkWks
Display Name: Distributed Link Tracking Client
Description: Maintains links between NTFS files within a computer or across computers in a network domain.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: upnphost
Display Name: Universal Plug and Play Device Host
Description: Provides support to host Universal Plug and Play devices.
Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Manual
State: Stopped

Name: UPS
Display Name: Uninterruptible Power Supply
Description: Manages an uninterruptible power supply (UPS) connected to the computer.
Path Name: C:\WINDOWS\System32\ups.exe
Start Mode: Manual
State: Stopped

Name: VSS
Display Name: Volume Shadow Copy
Description: Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\System32\vssvc.exe
Start Mode: Manual
State: Stopped

Name: w32time
Display Name: Windows Time
Description: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: WebClient
Display Name: WebClient
Description: Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Auto
State: Running

Name: winmgmt
Display Name: Windows Management Instrumentation
Description: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: wltrysvc
Display Name: Dell Wireless WLAN Tray Service
Description: Provides automatic configuration for the 802.11 adapter using the Broadcom supplicant.
Path Name: C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe
Start Mode: Auto
State: Running

Name: WmdmPmSN
Display Name: Portable Media Serial Number Service
Description: Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped

Name: Wmi
Display Name: Windows Management Instrumentation Driver Extensions
Description: Provides systems management information to and from drivers.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped

Name: WmiApSrv
Display Name: WMI Performance Adapter
Description: Provides performance library information from WMI HiPerf providers.
Path Name: C:\WINDOWS\system32\wbem\wmiapsrv.exe
Start Mode: Manual
State: Stopped

Name: WMPNetworkSvc
Display Name: Windows Media Player Network Sharing Service
Description: Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play
Path Name: "C:\Program Files\Windows Media Player\WMPNetwk.exe"
Start Mode: Manual
State: Stopped

Name: wscsvc
Display Name: Security Center
Description: Monitors system security settings and configurations.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Stopped

Name: wuauserv
Display Name: Automatic Updates
Description: Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
Path Name: C:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running

Name: WudfSvc
Display Name: Windows Driver Foundation - User-mode Driver Framework
Description: Manages user-mode driver host processes
Path Name: C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
Start Mode: Auto
State: Running

Name: WZCSVC
Display Name: Wireless Zero Configuration
Description: Provides automatic configuration for the 802.11 adapters
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Stopped

Name: xmlprov
Display Name: Network Provisioning Service
Description: Manages XML configuration files on a domain basis for automatic network provisioning.
Path Name: C:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped


------------------------------------------------------------------------------------

Displaying LOG for Microsoft Windows Malicious Software Removal Tool:

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.29, May 2007
Started On Wed Dec 19 22:02:43 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Dec 19 22:03:15 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.36, December 2007
Started On Wed Dec 19 22:09:14 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Dec 19 22:09:46 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.36, December 2007
Started On Wed Dec 19 22:12:17 2007

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Dec 19 22:12:45 2007


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.37, January 2008
Started On Wed Jan 09 08:12:31 2008
->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))
->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jan 09 08:13:50 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.38, February 2008
Started On Wed Feb 13 06:19:49 2008
->Scan ERROR: resource process://pid:4440 (code 0x00000057 (87))
->Scan ERROR: resource process://pid:4440 (code 0x0000054F (1359))
->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))
->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))
->Scan ERROR: resource file://C:\Program Files\DivX\DivX Web Player\npdivx32.dll (code 0x0000000D (13))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 13 06:21:28 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.39, March 2008
Started On Wed Mar 12 10:55:38 2008
->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))
->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))
->Scan ERROR: resource file://C:\Program Files\DivX\DivX Web Player\npdivx32.dll (code 0x0000000D (13))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Wed Mar 12 10:56:59 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.40, April 2008
Started On Thu Apr 10 22:23:20 2008
->Scan ERROR: resource file://C:\Program Files\DivX\DivX Player\DivX Player.exe (code 0x0000000D (13))
->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))
->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))
->Scan ERROR: resource file://C:\Program Files\DivX\DivX Player\DivX Player.exe (code 0x0000000D (13))
->Scan ERROR: resource file://C:\Program Files\DivX\DivX Web Player\npdivx32.dll (code 0x0000000D (13))

Results Summary:
----------------
No infection found.

Return code: 0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 10 22:28:38 2008


---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v1.40, April 2008
Started On Thu Apr 10 22:28:49 2008

Extended Scan Results
----------------
->Scan ERROR: resource file://C:\Program Files\DivX\DivX Player\DivX Player.exe (code 0x0000000D (13))
->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))
->Scan ERROR: resource file://C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (code 0x0000000D (13))
->Scan ERROR: resource file://C:\Program Files\DivX\DivX Player\DivX Player.exe (code 0x0000000D (13))
->Scan ERROR: resource file://C:\Program Files\DivX\DivX Web Player\npdivx32.dll (code 0x0000000D (13))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\Documents and Settings\loboj\Desktop\Misc\DivXInstaller.exe->(nsis-6-$(ENVVAR))#31 (code 0x0000000D (13))
->Scan ERROR: resource file://C:\Documents and Settings\loboj\Desktop\Ulead.DVD.MovieFactory.v6.0.Plus.with.keys\ulead.DVD.Movie.Factory.Plus.6.0.iso->ulead.DVD.Movie.Factory.Plus.6.0\DVDCopy5_SILVER\3rdPartyApp\GoogleDesktopSearch\GoogleDesktopSearchSetup_de.exe (code 0x0000000D (13))
->Scan ERROR: resource file://C:\Documents and Settings\loboj\Desktop\Ulead.DVD.MovieFactory.v6.0.Plus.with.keys\ulead.DVD.Movie.Factory.Plus.6.0.iso->ulead.DVD.Movie.Factory.Plus.6.0\DVDCopy5_SILVER\3rdPartyApp\GoogleDesktopSearch\GoogleDesktopSearchSetup_en.exe (code 0x0000000D (13))
->Scan ERROR: resource file://C:\Documents and Settings\loboj\Desktop\Ulead.DVD.MovieFactory.v6.0.Plus.with.keys\ulead.DVD.Movie.Factory.Plus.6.0.iso->ulead.DVD.Movie.Factory.Plus.6.0\DVDCopy5_SILVER\3rdPartyApp\GoogleDesktopSearch\GoogleDesktopSearchSetup_es.exe (code 0x0000000D (13))
->Scan ERROR: resource file://C:\Documents and Settings\loboj\Desktop\Ulead.DVD.MovieFactory.v6.0.Plus.with.keys\ulead.DVD.Movie.Factory.Plus.6.0.iso->ulead.DVD.Movie.Factory.Plus.6.0\DVDCopy5_SILVER\3rdPartyApp\GoogleDesktopSearch\GoogleDesktopSearchSetup_fr.exe (code 0x0000000D (13))
->Scan ERROR: re
  • 0

#39
RatHat
Posted 21 April 2008 - 09:44 AM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
The log is cut off, could you attach it please:

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#40
ayambad
Posted 21 April 2008 - 12:21 PM

ayambad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
RatHat,

sorry about that, please find the attached file

Attached File  ISeeYouXP.txt   177.75KB   242 downloads
  • 0

Advertisements

#41
RatHat
Posted 21 April 2008 - 07:43 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Well I see no malware in that log either.

Have a look at this post, and tell me if it is the same as what you are experiencing.
  • 0

#42
ayambad
Posted 21 April 2008 - 08:00 PM

ayambad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
well RatHat, understand there is no malware but still i'm experiencing trouble not only with msn messenger and it's very weird.

i.e. at the office i cannot access the following websites: www.msn.com www.hotmail.com www.windowsupdate.com just to name a few + cannot log in to messenger

at home when connecting through my wireless network (which is currently running perfectly as it was tested with my xbox and friends laptop) i cannot access almost any website nor messenger

if i cannot directly to my cable modem through ethernet port i can access almost anything even msn messenger???

any idea what could be so wrong!!!

thanks in advance
  • 0

#43
RatHat
Posted 21 April 2008 - 08:48 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
I have a feeling it has something to do with these entries in your log:

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MOLNA.COM
O17 - HKLM\Software\..\Telephony: DomainName = MOLNA.COM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = MOLNA.COM

Now we could try deleting them with HijackThis, to see if it makes any difference. If it does, we know where the problem lies. If not, we can restore the entries from HijackThis's backups.
  • 0

#44
RatHat
Posted 24 April 2008 - 10:48 AM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Do you still require assistance with this log?

Regards,
RatHat
  • 0

#45
ayambad
Posted 25 April 2008 - 10:11 PM

ayambad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
RatHat,

I'm sorry i have been away for a while...

still i'm experiencing the same situation, i.e. at the office cannot visit certain websites like msn.com windowsupdate.com and msn messenger will not work even older versions or windows messenger. When at home the only way i can browse the web is if i'm connected directly to the cable modem through ethernet cable, i can connect to my wireless network but no actual internet access??? my xbox 360 can work wireless without any issues and my sisters laptop can work wireless so it's not the network

i'm no sure about removing those lines you mentioned before because those are including my company address molna.com and i don't want to have more trouble, not able to connect to the office network
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP