Sooo many popups and Adware/spybot isn't doing its job!!!

Up your ringer · 2004/12/08

Jeez will somone help me before i fdisk and do it all again......

I have had problems with a 'Windows securty centre' dialog box appearing telling me that my system is infected, along with a ballon on the task bar.

With this, i get 'Play poker' advertisments, along with all manner of **** including 'Personals' ads.

Help me get rid before i go insane!!!!

Here is my hijack this! log.

Logfile of HijackThis v1.98.2
Scan saved at 18:12:15, on 08/12/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\Yahoo.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\pingnet.exe
C:\WINDOWS\System32\odcfg.exe
C:\WINDOWS\System32\getdns.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Rob\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://fastsearchweb.com/srh.php?q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINDOWS\System32\iecust.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Microsoft Update Machine] wininigo.exe
O4 - HKLM\..\Run: [Microsoft Update] winsyst.exe
O4 - HKLM\..\Run: [win update] wupfyny.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe "
O4 - HKLM\..\Run: [KAZAA] F:\rebuild****upcuntingpc\Program Files\KaZaA Lite\Kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\jhfgw.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Registry Scan] regscan32.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Security Management] winnt.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKLM\..\Run: [Yahoo Update] Yahoo.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe "
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] wininigo.exe
O4 - HKLM\..\RunServices: [Microsoft Update] winsyst.exe
O4 - HKLM\..\RunServices: [win update] wupfyny.exe
O4 - HKLM\..\RunServices: [Windows Registry Scan] regscan32.exe
O4 - HKLM\..\RunServices: [Microsoft Security Management] winnt.exe
O4 - HKLM\..\RunServices: [Yahoo Update] Yahoo.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Update] winsyst.exe
O4 - HKCU\..\Run: [win update] wupfyny.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] wininigo.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Yahoo Update] Yahoo.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://*.63.219.181.7
O15 - Trusted Zone: http://*.search-soft.net
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binar...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binar...er.cab31267.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2451d34...ip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binar...ro.cab31267.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binar...ot.cab31267.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flash.ladbrokescasino.com/ladbrokes/FlashAX.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC4D1E0C-0E38-429C-A97B-B24FAC9728D3}: NameServer = 194.74.65.85 194.72.9.44

Many thanks

noahdfear · 2004/12/08

Quite the mess there. Several things to do prior to being able to give you proper cleanup instructions. All of the requested logs are needed and will take several posts because of a 20,000 character limit per post.

1. Kazaa. This is not technically malware by itself, but it installs malware in order to run properly and it opens the door for every other nasty program you can think of. I strongly recommend that you remove it. Read this article for alternatives that will provide some of the same function without the garbage: http://www.spywareinfo.com/articles/p2p/ If you opt to remove it, first use Add/Remove Program to remove it and any reference to Altnet and P2P Networking. Go to your control panel, then to add/remove programs...uninstall P2P networking...If/when asked whether you also want to remove Altnet components, say 'Yes'.
P2P Networking is a totally useless Kazaa add-on, and it's been reported to be responsible for serious system slowdowns. You may also want to run KazaaBegone to completely purge it from the system. Make sure to get the available LSPFix, just in case you lose your internet connection.

2. In add/remove programs, uninstall Messenger Plus 3.

3. Download this zip.

http://tools.zerosrealm.com/pv.zip

Unzip it to the desktop. It will not work if you run it from inside the zip. After unzipping open the pv folder. Double click on the runme.bat. A dos window will open. Select option 1 for explorer dlls by typing 1 and then pressing enter. Notepad will open with a log in it. Copy and paste the log into this thread. Usually pretty large and take more than one post. Also, run option 2 for Internet explorer dlls and post it's log.

4. Download GetService.zip Extract it to a new folder on the desktop. Double click on the Getservice.bat file to run it. This will create and open a text file named getservice.txt in the same folder. Copy and paste the contents here.

5. Download and install Reglite. Open and copy/paste the following string in the address window then click go.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

Double click on the AppInit_DLLs entry to open a "Data Editor" properties window. If the Value line contains a .dll filename, copy/paste it here.

This may not work while in Windows due to one of the infections on your machine. If not, try it while in safe mode.

6. Reboot to safe mode. Click start, then run and type regedit, then hit enter. BE VERY CAUTIOUS HERE! Click the plus sign next to HKEY_Local_Machine, then Software, Microsoft, Windows, CurrentVersion, then if present, right click on the key named Ms4Hd and select export. Save it as Ms4Hd to the desktop. Close the registry editor. Right click the Ms4Hd.reg file on the desktop and choose rename, then change only the .reg extension to .txt.....open and copy/paste it here when back in Windows.

7. Scan your PC with RAV. If any files are infected, click the report button then copy and paste it here.

Up your ringer · 2004/12/08

Thanks for the reply.

KAZZA is on the F drive, and i will eventually remove it, but seing as it has been there for some time, i am happy to leave just that for now, and get the more serious problem fixed.

I have removed Messenger plus! 3.

Here is the DLL log from RUNME.BAT

Module information for 'Explorer.EXE'
MODULE BASE SIZE PATH
Explorer.EXE 1000000 1011712 C:\WINDOWS\Explorer.EXE 6.00.2600.0000 (xpclient.010817-1148) Windows Explorer
ntdll.dll 77f50000 692224 C:\WINDOWS\System32\ntdll.dll 5.1.2600.0 (xpclient.010817-1148) NT Layer DLL
kernel32.dll 77e60000 937984 C:\WINDOWS\system32\kernel32.dll 5.1.2600.0 (xpclient.010817-1148) Windows NT BASE API Client DLL
msvcrt.dll 77c10000 339968 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.0 (xpclient.010817-1148) Windows NT CRT DLL
ADVAPI32.dll 77dd0000 569344 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.0 (XPClient.010817-1148) Advanced Windows 32 Base API
RPCRT4.dll 77cc0000 479232 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.0 (XPClient.010817-1148) Remote Procedure Call Runtime
GDI32.dll 77c70000 262144 C:\WINDOWS\system32\GDI32.dll 5.1.2600.0 (xpclient.010817-1148) GDI Client DLL
USER32.dll 77d40000 577536 C:\WINDOWS\system32\USER32.dll 5.1.2600.0 (xpclient.010817-1148) Windows XP USER API Client DLL
SHLWAPI.dll 772d0000 405504 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Light-weight Utility Library
SHELL32.dll 773d0000 8339456 C:\WINDOWS\system32\SHELL32.dll 6.00.2600.0000 (xpclient.010817-1148) Windows Shell Common Dll
ole32.dll 771b0000 1155072 C:\WINDOWS\system32\ole32.dll 5.1.2600.0 (XPClient.010817-1148) Microsoft OLE for Windows
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 3.50.5014.0 Microsoft OLE 3.50 for Windows NT(TM) and Windows 95(TM) Operating Systems
BROWSEUI.dll 75f80000 1032192 C:\WINDOWS\System32\BROWSEUI.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Browser UI Library
SHDOCVW.dll 769c0000 1347584 C:\WINDOWS\System32\SHDOCVW.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Doc Object and Control Library
UxTheme.dll 5ad70000 212992 C:\WINDOWS\System32\UxTheme.dll 6.00.2600.0000 (xpclient.010817-1148) Microsoft UxTheme Library
comctl32.dll 71950000 933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll 6.0 (xpclient.010817-1148) User Experience Controls Library
comctl32.dll 77340000 569344 C:\WINDOWS\system32\comctl32.dll 5.82 (xpclient.010817-1148) Common Controls Library
appHelp.dll 75f40000 118784 C:\WINDOWS\system32\appHelp.dll 5.1.2600.0 (xpclient.010817-1148) Application Compatibility Client Library
CLBCATQ.DLL 76fd0000 491520 C:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.42
COMRes.dll 77050000 806912 C:\WINDOWS\System32\COMRes.dll 2001.12.4414.42
VERSION.dll 77c00000 28672 C:\WINDOWS\system32\VERSION.dll 5.1.2600.0 (xpclient.010817-1148) Version Checking and File Installation Libraries
cscui.dll 76620000 319488 C:\WINDOWS\System32\cscui.dll 5.1.2600.0 (xpclient.010817-1148) Client Side Caching UI
CSCDLL.dll 76600000 110592 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.0 (xpclient.010817-1148) Offline Network Agent
themeui.dll 5b630000 458752 C:\WINDOWS\System32\themeui.dll 6.00.2600.0000 (xpclient.010817-1148) Windows Theme API
Secur32.dll 76f90000 65536 C:\WINDOWS\System32\Secur32.dll 5.1.2600.0 (xpclient.010817-1148) Security Support Provider Interface
MSIMG32.dll 76380000 20480 C:\WINDOWS\System32\MSIMG32.dll 5.1.2600.0 (xpclient.010817-1148) GDIEXT Client DLL
netapi32.dll 71c20000 323584 C:\WINDOWS\System32\netapi32.dll 5.1.2600.0 (xpclient.010817-1148) Net Win32 API DLL
USERENV.dll 75a70000 667648 C:\WINDOWS\system32\USERENV.dll 5.1.2600.0 (xpclient.010817-1148) Userenv
msutb.dll 5fc10000 221184 C:\WINDOWS\System32\msutb.dll 5.1.2600.0 (xpclient.010817-1148) MSUTB Server DLL
MSCTF.dll 74720000 307200 C:\WINDOWS\System32\MSCTF.dll 5.1.2600.0 (xpclient.010817-1148) MSCTF Server DLL
SAMLIB.dll 71bf0000 69632 C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.0 (xpclient.010817-1148) SAM Library DLL
ntshrui.dll 76990000 147456 C:\WINDOWS\System32\ntshrui.dll 5.1.2600.0 (xpclient.010817-1148) Shell extensions for sharing
ATL.DLL 76b20000 86016 C:\WINDOWS\System32\ATL.DLL 3.00.9238 ATL Module for Windows NT (Unicode)
LINKINFO.dll 76980000 28672 C:\WINDOWS\System32\LINKINFO.dll 5.1.2600.0 (xpclient.010817-1148) Windows Volume Tracking
SETUPAPI.dll 76670000 933888 C:\WINDOWS\System32\SETUPAPI.dll 5.1.2600.0 (xpclient.010817-1148) Windows Setup API
WINSTA.dll 76360000 61440 C:\WINDOWS\System32\WINSTA.dll 5.1.2600.0 (xpclient.010817-1148) Winstation Library
webcheck.dll 74b30000 266240 C:\WINDOWS\System32\webcheck.dll 6.00.2600.0000 (xpclient.010817-1148) Web Site Monitor
stobject.dll 74b00000 131072 C:\WINDOWS\System32\stobject.dll 5.1.2600.0 (xpclient.010817-1148) Systray shell service object
BatMeter.dll 74af0000 36864 C:\WINDOWS\System32\BatMeter.dll 6.00.2600.0000 (xpclient.010817-1148) Battery Meter Helper DLL
POWRPROF.dll 74ad0000 28672 C:\WINDOWS\System32\POWRPROF.dll 6.00.2600.0000 (xpclient.010817-1148) Power Profile Helper DLL
WTSAPI32.dll 76f50000 32768 C:\WINDOWS\System32\WTSAPI32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Terminal Server SDK APIs
NETSHELL.dll 75cf0000 1638400 C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.0 (xpclient.010817-1148) Network Connections Shell
credui.dll 76c00000 184320 C:\WINDOWS\system32\credui.dll 5.1.2600.0 (xpclient.010817-1148) Credential Manager User Interface
WS2_32.dll 71ab0000 86016 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 Helper for Windows NT
iphlpapi.dll 76d60000 86016 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.2 (xpclient.010817-1148) IP Helper API
netman.dll 76de0000 155648 C:\WINDOWS\system32\netman.dll 5.1.2600.0 (xpclient.010817-1148) Network Connections Manager
MPRAPI.dll 76d40000 90112 C:\WINDOWS\system32\MPRAPI.dll 5.1.2600.0 (xpclient.010817-1148) Windows NT MP Router Administration DLL
ACTIVEDS.dll 76e40000 192512 C:\WINDOWS\system32\ACTIVEDS.dll 5.1.2600.0 (xpclient.010817-1148) ADs Router Layer DLL
adsldpc.dll 76e10000 147456 C:\WINDOWS\system32\adsldpc.dll 5.1.2600.0 (xpclient.010817-1148) ADs LDAP Provider C DLL
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.0 (xpclient.010817-1148) Win32 LDAP API DLL
rtutils.dll 76e80000 53248 C:\WINDOWS\system32\rtutils.dll 5.1.2600.0 (xpclient.010817-1148) Routing Utilities
RASAPI32.dll 76ee0000 225280 C:\WINDOWS\system32\RASAPI32.dll 5.1.2600.0 (xpclient.010817-1148) Remote Access API
rasman.dll 76e90000 69632 C:\WINDOWS\system32\rasman.dll 5.1.2600.0 (xpclient.010817-1148) Remote Access Connection Manager
TAPI32.dll 76eb0000 172032 C:\WINDOWS\system32\TAPI32.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft® Windows(TM) Telephony API Client DLL
WINMM.dll 76b40000 180224 C:\WINDOWS\system32\WINMM.dll 5.1.2600.0 (xpclient.010817-1148) MCI API DLL
WZCSvc.DLL 76da0000 196608 C:\WINDOWS\system32\WZCSvc.DLL 5.1.2600.0 (xpclient.010817-1148) Wireless Zero Configuration Service
WMI.dll 76d30000 16384 C:\WINDOWS\system32\WMI.dll 5.1.2600.0 (XPClient.010817-1148) WMI DC and DP functionality
DHCPCSVC.DLL 76d80000 106496 C:\WINDOWS\system32\DHCPCSVC.DLL 5.1.2600.0 (xpclient.010817-1148) DHCP Client Service
DNSAPI.dll 76f20000 151552 C:\WINDOWS\system32\DNSAPI.dll 5.1.2600.0 (xpclient.010817-1148) DNS Client API DLL
CRYPT32.dll 762c0000 565248 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.0 (xpclient.010817-1148) Crypto API32
MSASN1.dll 762a0000 61440 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.0 (XPClient.010817-1148) ASN.1 Runtime APIs
wdmaud.drv 72d20000 36864 C:\WINDOWS\System32\wdmaud.drv 5.1.2600.0 (XPClient.010817-1148) WDM Audio driver mapper
msi.dll 76400000 2076672 C:\WINDOWS\System32\msi.dll 2.0.2600.0 Windows Installer
msacm32.drv 72d10000 32768 C:\WINDOWS\System32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
MSACM32.dll 77be0000 81920 C:\WINDOWS\System32\MSACM32.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft ACM Audio Filter
midimap.dll 77bd0000 28672 C:\WINDOWS\System32\midimap.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft MIDI Mapper
SXS.DLL 75e90000 659456 C:\WINDOWS\System32\SXS.DLL 5.1.2600.0 (xpclient.010817-1148) Fusion 2.5
MPR.dll 71b20000 69632 C:\WINDOWS\system32\MPR.dll 5.1.2600.0 (xpclient.010817-1148) Multiple Provider Router DLL
drprov.dll 75f60000 24576 C:\WINDOWS\System32\drprov.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Terminal Server Network Provider
ntlanman.dll 71c10000 53248 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft® Lan Manager
NETUI0.dll 71cd0000 90112 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - GUI Classes
NETUI1.dll 71c90000 245760 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - Networking classes
NETRAP.dll 71c80000 24576 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.0 (xpclient.010817-1148) Net Remote Admin Protocol DLL
davclnt.dll 75f70000 36864 C:\WINDOWS\System32\davclnt.dll 5.1.2600.0 (xpclient.010817-1148) Web DAV Client DLL
printui.dll 74b80000 532480 C:\WINDOWS\System32\printui.dll 5.1.2600.0 (XPClient.010817-1148) Print UI DLL
WINSPOOL.DRV 73000000 143360 C:\WINDOWS\System32\WINSPOOL.DRV 5.1.2600.0 (XPClient.010817-1148) Windows Spooler Driver
CFGMGR32.dll 74ae0000 28672 C:\WINDOWS\System32\CFGMGR32.dll 5.1.2600.0 (xpclient.010817-1148) Configuration Manager Forwarder DLL
RASDLG.dll 75550000 647168 C:\WINDOWS\System32\RASDLG.dll 5.1.2600.0 (xpclient.010817-1148) Remote Access Common Dialog API
rsaenh.dll ffd0000 139264 C:\WINDOWS\System32\rsaenh.dll 5.1.2518.0 (main.010714-2114) Microsoft Base Cryptographic Provider
WININET.dll 76200000 618496 C:\WINDOWS\system32\WININET.dll 6.00.2600.0000 (xpclient.010817-1148) Internet Extensions for Win32
shdoclc.dll 76170000 557056 C:\WINDOWS\System32\shdoclc.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Doc Object and Control Library
zipfldr.dll 73380000 331776 C:\WINDOWS\System32\zipfldr.dll 6.00.2600.0000 (xpclient.010817-1148) Compressed (zipped) Folders
browselc.dll 72430000 73728 C:\WINDOWS\System32\browselc.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Browser UI Library
netcfg.dll 1910000 950272 C:\WINDOWS\System32\netcfg.dll
DUSER.dll 6c1b0000 274432 C:\WINDOWS\System32\DUSER.dll 5.1.2600.0 (xpclient.010817-1148) Windows DirectUser Engine
iecust.dll 23a0000 102400 C:\WINDOWS\System32\iecust.dll
avgse.dll 621a0000 57344 C:\Program Files\Grisoft\AVG Free\avgse.dll 7,1,0,285 AVG Shell Extension
MSVCP71.dll 7c3a0000 503808 C:\WINDOWS\System32\MSVCP71.dll 7.10.3077.0 Microsoft® C++ Runtime Library
MSVCR71.dll 7c340000 352256 C:\WINDOWS\System32\MSVCR71.dll 7.10.3052.4 Microsoft® C Runtime Library
NTMARTA.DLL 76ce0000 126976 C:\WINDOWS\System32\NTMARTA.DLL 5.1.2600.0 (xpclient.010817-1148) Windows NT MARTA provider
mydocs.dll 72410000 102400 C:\WINDOWS\System32\mydocs.dll 6.00.2600.0000 (xpclient.010817-1148) My Documents Folder UI
wmpshell.dll 592c0000 81920 C:\WINDOWS\System32\wmpshell.dll 8.00.00.4477 Windows Media Player Launcher
rpshell.dll 62d80000 49152 C:\Program Files\Real\RealPlayer\rpshell.dll 1.0.1.1783 RealPlayer Shell Extensions
PNCRT.dll 60a20000 294912 C:\WINDOWS\System32\PNCRT.dll 6.0.0.0 Real Networks C/C++ Runtime Library
shimgvw.dll 5cb00000 430080 C:\WINDOWS\System32\shimgvw.dll 6.00.2600.0000 (xpclient.010817-1148) Windows Picture and Fax Viewer
gdiplus.dll 70d00000 1703936 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\gdiplus.dll 5.1.3097.0 (xpclient.010817-1148) Microsoft GDI+
urlmon.dll 760f0000 491520 C:\WINDOWS\system32\urlmon.dll 6.00.2600.0000 (xpclient.010817-1148) OLE32 Extensions for Win32
MLANG.dll 74770000 585728 C:\WINDOWS\System32\MLANG.dll 6.00.2600.0000 (xpclient.010817-1148) Multi Language Support DLL
msohev.dll 32520000 73728 C:\Program Files\Microsoft Office\Office10\msohev.dll 10.0.2609 Microsoft Office XP component
WINTRUST.dll 76c30000 176128 C:\WINDOWS\System32\WINTRUST.dll 5.131.2600.0 (xpclient.010817-1148) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 139264 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.0 (XPClient.010817-1148) Windows NT Image Helper
asfsipc.dll 70eb0000 28672 C:\WINDOWS\System32\asfsipc.dll 1.1.00.3917 ASFSipc Object
MSISIP.DLL 605f0000 53248 C:\WINDOWS\System32\MSISIP.DLL 2.0.2600.0 MSI Signature SIP Provider
wshext.dll 74ea0000 65536 C:\WINDOWS\System32\wshext.dll 5.6.0.6626 Microsoft (r) Shell Extension for Windows Script Host
comdlg32.dll 763b0000 282624 C:\WINDOWS\system32\comdlg32.dll 6.00.2600.0000 (xpclient.010817-1148) Common Dialogs DLL
MCPS.DLL 365a0000 86016 C:\PROGRA~1\MICROS~2\Office10\MCPS.DLL 10.0.2625 Media Catalog Proxy/Stub
MSVCP60.DLL 76080000 397312 C:\WINDOWS\System32\MSVCP60.DLL 6.00.8972.0 Microsoft (R) C++ Runtime Library

This is the complete log.

Up your ringer · 2004/12/08

Here is the log for IE DLL's

Module information for 'iexplore.exe'
MODULE BASE SIZE PATH
iexplore.exe 400000 102400 C:\Program Files\Internet Explorer\iexplore.exe 6.00.2600.0000 (xpclient.010817-1148) Internet Explorer
ntdll.dll 77f50000 692224 C:\WINDOWS\System32\ntdll.dll 5.1.2600.0 (xpclient.010817-1148) NT Layer DLL
kernel32.dll 77e60000 937984 C:\WINDOWS\system32\kernel32.dll 5.1.2600.0 (xpclient.010817-1148) Windows NT BASE API Client DLL
msvcrt.dll 77c10000 339968 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.0 (xpclient.010817-1148) Windows NT CRT DLL
USER32.dll 77d40000 577536 C:\WINDOWS\system32\USER32.dll 5.1.2600.0 (xpclient.010817-1148) Windows XP USER API Client DLL
GDI32.dll 77c70000 262144 C:\WINDOWS\system32\GDI32.dll 5.1.2600.0 (xpclient.010817-1148) GDI Client DLL
ADVAPI32.dll 77dd0000 569344 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.0 (XPClient.010817-1148) Advanced Windows 32 Base API
RPCRT4.dll 77cc0000 479232 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.0 (XPClient.010817-1148) Remote Procedure Call Runtime
SHLWAPI.dll 772d0000 405504 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Light-weight Utility Library
SHDOCVW.dll 769c0000 1347584 C:\WINDOWS\System32\SHDOCVW.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Doc Object and Control Library
comctl32.dll 71950000 933888 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll 6.0 (xpclient.010817-1148) User Experience Controls Library
SHELL32.dll 773d0000 8339456 C:\WINDOWS\system32\SHELL32.dll 6.00.2600.0000 (xpclient.010817-1148) Windows Shell Common Dll
comctl32.dll 77340000 569344 C:\WINDOWS\system32\comctl32.dll 5.82 (xpclient.010817-1148) Common Controls Library
ole32.dll 771b0000 1155072 C:\WINDOWS\system32\ole32.dll 5.1.2600.0 (XPClient.010817-1148) Microsoft OLE for Windows
uxtheme.dll 5ad70000 212992 C:\WINDOWS\system32\uxtheme.dll 6.00.2600.0000 (xpclient.010817-1148) Microsoft UxTheme Library
comdlg32.dll 763b0000 282624 C:\WINDOWS\system32\comdlg32.dll 6.00.2600.0000 (xpclient.010817-1148) Common Dialogs DLL
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 3.50.5014.0 Microsoft OLE 3.50 for Windows NT(TM) and Windows 95(TM) Operating Systems
MSCTF.dll 74720000 307200 C:\WINDOWS\System32\MSCTF.dll 5.1.2600.0 (xpclient.010817-1148) MSCTF Server DLL
BROWSEUI.dll 75f80000 1032192 C:\WINDOWS\System32\BROWSEUI.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Browser UI Library
browselc.dll 72430000 73728 C:\WINDOWS\System32\browselc.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Browser UI Library
appHelp.dll 75f40000 118784 C:\WINDOWS\system32\appHelp.dll 5.1.2600.0 (xpclient.010817-1148) Application Compatibility Client Library
CLBCATQ.DLL 76fd0000 491520 C:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.42
COMRes.dll 77050000 806912 C:\WINDOWS\System32\COMRes.dll 2001.12.4414.42
VERSION.dll 77c00000 28672 C:\WINDOWS\system32\VERSION.dll 5.1.2600.0 (xpclient.010817-1148) Version Checking and File Installation Libraries
WININET.dll 76200000 618496 C:\WINDOWS\system32\WININET.dll 6.00.2600.0000 (xpclient.010817-1148) Internet Extensions for Win32
CRYPT32.dll 762c0000 565248 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.0 (xpclient.010817-1148) Crypto API32
MSASN1.dll 762a0000 61440 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.0 (XPClient.010817-1148) ASN.1 Runtime APIs
Secur32.dll 76f90000 65536 C:\WINDOWS\System32\Secur32.dll 5.1.2600.0 (xpclient.010817-1148) Security Support Provider Interface
SETUPAPI.dll 76670000 933888 C:\WINDOWS\System32\SETUPAPI.dll 5.1.2600.0 (xpclient.010817-1148) Windows Setup API
iecust.dll eb0000 102400 C:\WINDOWS\System32\iecust.dll
msntb.dll fd0000 299008 C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll 01.02.3000.1001 MSN Toolbar extension
urlmon.dll 760f0000 491520 C:\WINDOWS\system32\urlmon.dll 6.00.2600.0000 (xpclient.010817-1148) OLE32 Extensions for Win32
WINMM.dll 76b40000 180224 C:\WINDOWS\System32\WINMM.dll 5.1.2600.0 (xpclient.010817-1148) MCI API DLL
mtbres.dll 1050000 151552 C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\mtbres.dll 01.02.3000.1001 MSN Toolbar resource library
netcfg.dll 10c0000 950272 C:\WINDOWS\System32\netcfg.dll
mshtml.dll 74810000 2805760 C:\WINDOWS\System32\mshtml.dll 6.00.2600.0000 (xpclient.010817-1148) Microsoft (R) HTML Viewer
shdoclc.dll 76170000 557056 C:\WINDOWS\System32\shdoclc.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Doc Object and Control Library
MLANG.dll 74770000 585728 C:\WINDOWS\System32\MLANG.dll 6.00.2600.0000 (xpclient.010817-1148) Multi Language Support DLL
p2pserv.dll 1870000 921600 C:\WINDOWS\System32\p2pserv.dll
odbcfg32.dll 1b60000 888832 C:\WINDOWS\System32\odbcfg32.dll
SXS.DLL 75e90000 659456 C:\WINDOWS\System32\SXS.DLL 5.1.2600.0 (xpclient.010817-1148) Fusion 2.5
MSLS31.DLL 746c0000 159744 C:\WINDOWS\System32\MSLS31.DLL 3.10.349.0 Microsoft Line Services library file
IMM32.DLL 76390000 106496 C:\WINDOWS\System32\IMM32.DLL 5.1.2600.0 (xpclient.010817-1148) Windows XP IMM32 API Client DLL
netapi32.dll 71c20000 323584 C:\WINDOWS\System32\netapi32.dll 5.1.2600.0 (xpclient.010817-1148) Net Win32 API DLL
MPR.dll 71b20000 69632 C:\WINDOWS\system32\MPR.dll 5.1.2600.0 (xpclient.010817-1148) Multiple Provider Router DLL
drprov.dll 75f60000 24576 C:\WINDOWS\System32\drprov.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Terminal Server Network Provider
ntlanman.dll 71c10000 53248 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft® Lan Manager
NETUI0.dll 71cd0000 90112 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - GUI Classes
NETUI1.dll 71c90000 245760 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - Networking classes
NETRAP.dll 71c80000 24576 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.0 (xpclient.010817-1148) Net Remote Admin Protocol DLL
SAMLIB.dll 71bf0000 69632 C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.0 (xpclient.010817-1148) SAM Library DLL
davclnt.dll 75f70000 36864 C:\WINDOWS\System32\davclnt.dll 5.1.2600.0 (xpclient.010817-1148) Web DAV Client DLL
MSGINA.dll 75970000 987136 C:\WINDOWS\System32\MSGINA.dll 5.1.2600.0 (xpclient.010817-1148) Windows NT Logon GINA DLL
USERENV.dll 75a70000 667648 C:\WINDOWS\system32\USERENV.dll 5.1.2600.0 (xpclient.010817-1148) Userenv
WINSTA.dll 76360000 61440 C:\WINDOWS\System32\WINSTA.dll 5.1.2600.0 (xpclient.010817-1148) Winstation Library
ODBC32.dll 1f7b0000 200704 C:\WINDOWS\System32\ODBC32.dll 3.520.7713.0 Microsoft Data Access - ODBC Driver Manager
odbcint.dll 1f850000 90112 C:\WINDOWS\System32\odbcint.dll 3.520.7713.0 Microsoft Data Access - ODBC Resources
wsock32.dll 71ad0000 32768 C:\WINDOWS\System32\wsock32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 32-Bit DLL
WS2_32.dll 71ab0000 86016 C:\WINDOWS\System32\WS2_32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\System32\WS2HELP.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 Helper for Windows NT
mswsock.dll 71a50000 241664 C:\WINDOWS\system32\mswsock.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Windows Sockets 2.0 Service Provider
RASAPI32.DLL 76ee0000 225280 C:\WINDOWS\System32\RASAPI32.DLL 5.1.2600.0 (xpclient.010817-1148) Remote Access API
rasman.dll 76e90000 69632 C:\WINDOWS\System32\rasman.dll 5.1.2600.0 (xpclient.010817-1148) Remote Access Connection Manager
TAPI32.dll 76eb0000 172032 C:\WINDOWS\System32\TAPI32.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft® Windows(TM) Telephony API Client DLL
rtutils.dll 76e80000 53248 C:\WINDOWS\System32\rtutils.dll 5.1.2600.0 (xpclient.010817-1148) Routing Utilities
wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.0 (xpclient.010817-1148) Windows Sockets Helper DLL
DNSAPI.dll 76f20000 151552 C:\WINDOWS\System32\DNSAPI.dll 5.1.2600.0 (xpclient.010817-1148) DNS Client API DLL
winrnr.dll 76fb0000 28672 C:\WINDOWS\System32\winrnr.dll 5.1.2600.0 (xpclient.010817-1148) LDAP RnR Provider DLL
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.0 (xpclient.010817-1148) Win32 LDAP API DLL
rasadhlp.dll 76fc0000 20480 C:\WINDOWS\System32\rasadhlp.dll 5.1.2600.0 (xpclient.010817-1148) Remote Access AutoDial Helper
jscript.dll 75c50000 593920 C:\WINDOWS\System32\jscript.dll 5.6.0.6626 Microsoft (r) JScript
mshtmled.dll 74cb0000 454656 C:\WINDOWS\System32\mshtmled.dll 6.00.2600.0000 (xpclient.010817-1148) Microsoft (R) HTML Editing Component
actxprxy.dll 71d40000 110592 C:\WINDOWS\System32\actxprxy.dll 6.00.2600.0000 (XPClient.010817-1148) ActiveX Interface Marshaling Library
plugin.ocx 72b20000 98304 C:\WINDOWS\System32\plugin.ocx 6.00.2600.0000 (xpclient.010817-1148) ActiveX Plugin OCX
OLEACC.DLL 74c80000 180224 C:\WINDOWS\System32\OLEACC.DLL 4.2.5406.0 (xpclient.010817-1148) Active Accessibility Core Component
MSVCP60.dll 76080000 397312 C:\WINDOWS\System32\MSVCP60.dll 6.00.8972.0 Microsoft (R) C++ Runtime Library
dxtrans.dll 6bdd0000 208896 C:\WINDOWS\System32\dxtrans.dll 6.00.2600.0000 (xpclient.010817-1148) DirectX Media -- DirectX Transform Core
ATL.DLL 76b20000 86016 C:\WINDOWS\System32\ATL.DLL 3.00.9238 ATL Module for Windows NT (Unicode)
ddrawex.dll 6d430000 36864 C:\WINDOWS\System32\ddrawex.dll 5.1.2600.0 (xpclient.010817-1148) Direct Draw Ex
DDRAW.dll 73760000 282624 C:\WINDOWS\System32\DDRAW.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft DirectDraw
DCIMAN32.dll 73bc0000 24576 C:\WINDOWS\System32\DCIMAN32.dll 5.1.2600.0 (xpclient.010817-1148) DCI Manager
dxtmsft.dll 6be10000 348160 C:\WINDOWS\System32\dxtmsft.dll 6.00.2600.0000 (xpclient.010817-1148) DirectX Media -- Image DirectX Transforms
imgutil.dll 66880000 40960 C:\WINDOWS\System32\imgutil.dll 6.00.2600.0000 (xpclient.010817-1148) IE plugin image decoder support DLL
shgina.dll 73d70000 73728 C:\WINDOWS\System32\shgina.dll 6.00.2600.0000 (xpclient.010817-1148) Windows Shell User Logon
iepeers.dll 66e50000 241664 C:\WINDOWS\System32\iepeers.dll 6.00.2600.0000 (xpclient.010817-1148) Internet Explorer Peer Objects
WINSPOOL.DRV 73000000 143360 C:\WINDOWS\System32\WINSPOOL.DRV 5.1.2600.0 (XPClient.010817-1148) Windows Spooler Driver
sensapi.dll 722b0000 20480 C:\WINDOWS\System32\sensapi.dll 5.1.2600.0 (XPClient.010817-1148) SENS Connectivity API DLL
wintrust.dll 76c30000 176128 C:\WINDOWS\System32\wintrust.dll 5.131.2600.0 (xpclient.010817-1148) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 139264 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.0 (XPClient.010817-1148) Windows NT Image Helper
sti.dll 73ba0000 73728 C:\WINDOWS\System32\sti.dll 5.1.2600.0 (XPClient.010817-1148) Still Image Devices client DLL
CFGMGR32.dll 74ae0000 28672 C:\WINDOWS\System32\CFGMGR32.dll 5.1.2600.0 (xpclient.010817-1148) Configuration Manager Forwarder DLL
schannel.dll 767f0000 147456 C:\WINDOWS\System32\schannel.dll 5.1.2600.0 (xpclient.010817-1148) TLS / SSL Security Provider
rsaenh.dll ffd0000 139264 C:\WINDOWS\System32\rsaenh.dll 5.1.2518.0 (main.010714-2114) Microsoft Base Cryptographic Provider
dssenh.dll ffa0000 135168 C:\WINDOWS\System32\dssenh.dll 5.1.2518.0 (main.010714-2114) Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider
vbscript.dll 73300000 479232 C:\WINDOWS\System32\vbscript.dll 5.6.0.6626 Microsoft (r) VBScript
wdmaud.drv 72d20000 36864 C:\WINDOWS\System32\wdmaud.drv 5.1.2600.0 (XPClient.010817-1148) WDM Audio driver mapper
msacm32.drv 72d10000 32768 C:\WINDOWS\System32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
MSACM32.dll 77be0000 81920 C:\WINDOWS\System32\MSACM32.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft ACM Audio Filter
midimap.dll 77bd0000 28672 C:\WINDOWS\System32\midimap.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft MIDI Mapper
ntshrui.dll 76990000 147456 C:\WINDOWS\System32\ntshrui.dll 5.1.2600.0 (xpclient.010817-1148) Shell extensions for sharing
LINKINFO.dll 76980000 28672 C:\WINDOWS\System32\LINKINFO.dll 5.1.2600.0 (xpclient.010817-1148) Windows Volume Tracking
avgse.dll 621a0000 57344 C:\Program Files\Grisoft\AVG Free\avgse.dll 7,1,0,285 AVG Shell Extension
MSVCP71.dll 7c3a0000 503808 C:\WINDOWS\System32\MSVCP71.dll 7.10.3077.0 Microsoft® C++ Runtime Library
MSVCR71.dll 7c340000 352256 C:\WINDOWS\System32\MSVCR71.dll 7.10.3052.4 Microsoft® C Runtime Library
NTMARTA.DLL 76ce0000 126976 C:\WINDOWS\System32\NTMARTA.DLL 5.1.2600.0 (xpclient.010817-1148) Windows NT MARTA provider
mydocs.dll 72410000 102400 C:\WINDOWS\System32\mydocs.dll 6.00.2600.0000 (xpclient.010817-1148) My Documents Folder UI
wmploc.dll 592e0000 1998848 C:\WINDOWS\System32\wmploc.dll 8.00.00.4477 Windows Media Player
rmoc3260.dll 631a0000 176128 C:\WINDOWS\System32\rmoc3260.dll 6.0.9.1860 Real Player(tm) ActiveX Control
PNCRT.dll 60a20000 294912 C:\WINDOWS\System32\PNCRT.dll 6.0.0.0 Real Networks C/C++ Runtime Library
dsound.dll 73f10000 348160 C:\WINDOWS\System32\dsound.dll 5.1.2600.0 (xpclient.010817-1148) DirectSound
hxltcolor.dll 611f0000 434176 C:\Program Files\Common Files\Real\Codecs\hxltcolor.dll 10.0.0.0 Helix DNA Color Conversion Library
KsUser.dll 73ee0000 16384 C:\WINDOWS\System32\KsUser.dll 5.1.2600.0 (xpclient.010817-1148) User CSA Library
HLINK.DLL 76820000 77824 C:\WINDOWS\System32\HLINK.DLL 5.0.4513 Microsoft Hyperlink Library
Module information for 'iexplore.exe'
MODULE BASE SIZE PATH
iexplore.exe 400000 102400 C:\Program Files\Internet Explorer\iexplore.exe 6.00.2600.0000 (xpclient.010817-1148) Internet Explorer
ntdll.dll 77f50000 692224 C:\WINDOWS\System32\ntdll.dll 5.1.2600.0 (xpclient.010817-1148) NT Layer DLL
kernel32.dll 77e60000 937984 C:\WINDOWS\system32\kernel32.dll 5.1.2600.0 (xpclient.010817-1148) Windows NT BASE API Client DLL
msvcrt.dll 77c10000 339968 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.0 (xpclient.010817-1148) Windows NT CRT DLL
USER32.dll 77d40000 577536 C:\WINDOWS\system32\USER32.dll 5.1.2600.0 (xpclient.010817-1148) Windows XP USER API Client DLL
GDI32.dll 77c70000 262144 C:\WINDOWS\system32\GDI32.dll 5.1.2600.0 (xpclient.010817-1148) GDI Client DLL
ADVAPI32.dll 77dd0000 569344 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.0 (XPClient.010817-1148) Advanced Windows 32 Base API
RPCRT4.dll 77cc0000 479232 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.0 (XPClient.010817-1148) Remote Procedure Call Runtime
SHLWAPI.dll 772d0000 405504 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Light-weight Utility Library
SHDOCVW.dll 769c0000 1347584 C:\WINDOWS\System32\SHDOCVW.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Doc Object and Control Library
comctl32.dll 71950000 933888

Up your ringer · 2004/12/08

Here is Part 2 of the IE DLL's

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll 6.0 (xpclient.010817-1148) User Experience Controls Library
SHELL32.dll 773d0000 8339456 C:\WINDOWS\system32\SHELL32.dll 6.00.2600.0000 (xpclient.010817-1148) Windows Shell Common Dll
comctl32.dll 77340000 569344 C:\WINDOWS\system32\comctl32.dll 5.82 (xpclient.010817-1148) Common Controls Library
ole32.dll 771b0000 1155072 C:\WINDOWS\system32\ole32.dll 5.1.2600.0 (XPClient.010817-1148) Microsoft OLE for Windows
uxtheme.dll 5ad70000 212992 C:\WINDOWS\system32\uxtheme.dll 6.00.2600.0000 (xpclient.010817-1148) Microsoft UxTheme Library
comdlg32.dll 763b0000 282624 C:\WINDOWS\system32\comdlg32.dll 6.00.2600.0000 (xpclient.010817-1148) Common Dialogs DLL
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 3.50.5014.0 Microsoft OLE 3.50 for Windows NT(TM) and Windows 95(TM) Operating Systems
MSCTF.dll 74720000 307200 C:\WINDOWS\System32\MSCTF.dll 5.1.2600.0 (xpclient.010817-1148) MSCTF Server DLL
BROWSEUI.dll 75f80000 1032192 C:\WINDOWS\System32\BROWSEUI.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Browser UI Library
browselc.dll 72430000 73728 C:\WINDOWS\System32\browselc.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Browser UI Library
appHelp.dll 75f40000 118784 C:\WINDOWS\system32\appHelp.dll 5.1.2600.0 (xpclient.010817-1148) Application Compatibility Client Library
CLBCATQ.DLL 76fd0000 491520 C:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.42
COMRes.dll 77050000 806912 C:\WINDOWS\System32\COMRes.dll 2001.12.4414.42
VERSION.dll 77c00000 28672 C:\WINDOWS\system32\VERSION.dll 5.1.2600.0 (xpclient.010817-1148) Version Checking and File Installation Libraries
WININET.dll 76200000 618496 C:\WINDOWS\system32\WININET.dll 6.00.2600.0000 (xpclient.010817-1148) Internet Extensions for Win32
CRYPT32.dll 762c0000 565248 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.0 (xpclient.010817-1148) Crypto API32
MSASN1.dll 762a0000 61440 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.0 (XPClient.010817-1148) ASN.1 Runtime APIs
Secur32.dll 76f90000 65536 C:\WINDOWS\System32\Secur32.dll 5.1.2600.0 (xpclient.010817-1148) Security Support Provider Interface
SETUPAPI.dll 76670000 933888 C:\WINDOWS\System32\SETUPAPI.dll 5.1.2600.0 (xpclient.010817-1148) Windows Setup API
iecust.dll fd0000 102400 C:\WINDOWS\System32\iecust.dll
msntb.dll 10f0000 299008 C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll 01.02.3000.1001 MSN Toolbar extension
urlmon.dll 760f0000 491520 C:\WINDOWS\system32\urlmon.dll 6.00.2600.0000 (xpclient.010817-1148) OLE32 Extensions for Win32
WINMM.dll 76b40000 180224 C:\WINDOWS\System32\WINMM.dll 5.1.2600.0 (xpclient.010817-1148) MCI API DLL
mtbres.dll 1170000 151552 C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\mtbres.dll 01.02.3000.1001 MSN Toolbar resource library
netcfg.dll 11e0000 950272 C:\WINDOWS\System32\netcfg.dll
mshtml.dll 74810000 2805760 C:\WINDOWS\System32\mshtml.dll 6.00.2600.0000 (xpclient.010817-1148) Microsoft (R) HTML Viewer
shdoclc.dll 76170000 557056 C:\WINDOWS\System32\shdoclc.dll 6.00.2600.0000 (xpclient.010817-1148) Shell Doc Object and Control Library
MLANG.dll 74770000 585728 C:\WINDOWS\System32\MLANG.dll 6.00.2600.0000 (xpclient.010817-1148) Multi Language Support DLL
p2pserv.dll 1aa0000 921600 C:\WINDOWS\System32\p2pserv.dll
odbcfg32.dll 1d90000 888832 C:\WINDOWS\System32\odbcfg32.dll
SXS.DLL 75e90000 659456 C:\WINDOWS\System32\SXS.DLL 5.1.2600.0 (xpclient.010817-1148) Fusion 2.5
MSLS31.DLL 746c0000 159744 C:\WINDOWS\System32\MSLS31.DLL 3.10.349.0 Microsoft Line Services library file
IMM32.DLL 76390000 106496 C:\WINDOWS\System32\IMM32.DLL 5.1.2600.0 (xpclient.010817-1148) Windows XP IMM32 API Client DLL
msohev.dll 32520000 73728 C:\Program Files\Microsoft Office\Office10\msohev.dll 10.0.2609 Microsoft Office XP component
netapi32.dll 71c20000 323584 C:\WINDOWS\System32\netapi32.dll 5.1.2600.0 (xpclient.010817-1148) Net Win32 API DLL
MPR.dll 71b20000 69632 C:\WINDOWS\system32\MPR.dll 5.1.2600.0 (xpclient.010817-1148) Multiple Provider Router DLL
drprov.dll 75f60000 24576 C:\WINDOWS\System32\drprov.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Terminal Server Network Provider
ntlanman.dll 71c10000 53248 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft® Lan Manager
NETUI0.dll 71cd0000 90112 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - GUI Classes
NETUI1.dll 71c90000 245760 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - Networking classes
NETRAP.dll 71c80000 24576 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.0 (xpclient.010817-1148) Net Remote Admin Protocol DLL
SAMLIB.dll 71bf0000 69632 C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.0 (xpclient.010817-1148) SAM Library DLL
davclnt.dll 75f70000 36864 C:\WINDOWS\System32\davclnt.dll 5.1.2600.0 (xpclient.010817-1148) Web DAV Client DLL
MSGINA.dll 75970000 987136 C:\WINDOWS\System32\MSGINA.dll 5.1.2600.0 (xpclient.010817-1148) Windows NT Logon GINA DLL
USERENV.dll 75a70000 667648 C:\WINDOWS\system32\USERENV.dll 5.1.2600.0 (xpclient.010817-1148) Userenv
WINSTA.dll 76360000 61440 C:\WINDOWS\System32\WINSTA.dll 5.1.2600.0 (xpclient.010817-1148) Winstation Library
ODBC32.dll 1f7b0000 200704 C:\WINDOWS\System32\ODBC32.dll 3.520.7713.0 Microsoft Data Access - ODBC Driver Manager
odbcint.dll 1f850000 90112 C:\WINDOWS\System32\odbcint.dll 3.520.7713.0 Microsoft Data Access - ODBC Resources
sti.dll 73ba0000 73728 C:\WINDOWS\System32\sti.dll 5.1.2600.0 (XPClient.010817-1148) Still Image Devices client DLL
CFGMGR32.dll 74ae0000 28672 C:\WINDOWS\System32\CFGMGR32.dll 5.1.2600.0 (xpclient.010817-1148) Configuration Manager Forwarder DLL
wsock32.dll 71ad0000 32768 C:\WINDOWS\System32\wsock32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 32-Bit DLL
WS2_32.dll 71ab0000 86016 C:\WINDOWS\System32\WS2_32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\System32\WS2HELP.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 Helper for Windows NT
mswsock.dll 71a50000 241664 C:\WINDOWS\system32\mswsock.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Windows Sockets 2.0 Service Provider
wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.0 (xpclient.010817-1148) Windows Sockets Helper DLL
RASAPI32.DLL 76ee0000 225280 C:\WINDOWS\System32\RASAPI32.DLL 5.1.2600.0 (xpclient.010817-1148) Remote Access API
rasman.dll 76e90000 69632 C:\WINDOWS\System32\rasman.dll 5.1.2600.0 (xpclient.010817-1148) Remote Access Connection Manager
TAPI32.dll 76eb0000 172032 C:\WINDOWS\System32\TAPI32.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft® Windows(TM) Telephony API Client DLL
rtutils.dll 76e80000 53248 C:\WINDOWS\System32\rtutils.dll 5.1.2600.0 (xpclient.010817-1148) Routing Utilities
DNSAPI.dll 76f20000 151552 C:\WINDOWS\System32\DNSAPI.dll 5.1.2600.0 (xpclient.010817-1148) DNS Client API DLL
winrnr.dll 76fb0000 28672 C:\WINDOWS\System32\winrnr.dll 5.1.2600.0 (xpclient.010817-1148) LDAP RnR Provider DLL
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.0 (xpclient.010817-1148) Win32 LDAP API DLL
rasadhlp.dll 76fc0000 20480 C:\WINDOWS\System32\rasadhlp.dll 5.1.2600.0 (xpclient.010817-1148) Remote Access AutoDial Helper
jscript.dll 75c50000 593920 C:\WINDOWS\System32\jscript.dll 5.6.0.6626 Microsoft (r) JScript
mshtmled.dll 74cb0000 454656 C:\WINDOWS\System32\mshtmled.dll 6.00.2600.0000 (xpclient.010817-1148) Microsoft (R) HTML Editing Component
dxtrans.dll 6bdd0000 208896 C:\WINDOWS\System32\dxtrans.dll 6.00.2600.0000 (xpclient.010817-1148) DirectX Media -- DirectX Transform Core
ATL.DLL 76b20000 86016 C:\WINDOWS\System32\ATL.DLL 3.00.9238 ATL Module for Windows NT (Unicode)
ddrawex.dll 6d430000 36864 C:\WINDOWS\System32\ddrawex.dll 5.1.2600.0 (xpclient.010817-1148) Direct Draw Ex
DDRAW.dll 73760000 282624 C:\WINDOWS\System32\DDRAW.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft DirectDraw
DCIMAN32.dll 73bc0000 24576 C:\WINDOWS\System32\DCIMAN32.dll 5.1.2600.0 (xpclient.010817-1148) DCI Manager
dxtmsft.dll 6be10000 348160 C:\WINDOWS\System32\dxtmsft.dll 6.00.2600.0000 (xpclient.010817-1148) DirectX Media -- Image DirectX Transforms
actxprxy.dll 71d40000 110592 C:\WINDOWS\System32\actxprxy.dll 6.00.2600.0000 (XPClient.010817-1148) ActiveX Interface Marshaling Library
imgutil.dll 66880000 40960 C:\WINDOWS\System32\imgutil.dll 6.00.2600.0000 (xpclient.010817-1148) IE plugin image decoder support DLL
pngfilt.dll 5e310000 45056 C:\WINDOWS\System32\pngfilt.dll 6.00.2600.0000 (xpclient.010817-1148) IE PNG plugin image decoder
plugin.ocx 72b20000 98304 C:\WINDOWS\System32\plugin.ocx 6.00.2600.0000 (xpclient.010817-1148) ActiveX Plugin OCX
OLEACC.DLL 74c80000 180224 C:\WINDOWS\System32\OLEACC.DLL 4.2.5406.0 (xpclient.010817-1148) Active Accessibility Core Component
MSVCP60.dll 76080000 397312 C:\WINDOWS\System32\MSVCP60.dll 6.00.8972.0 Microsoft (R) C++ Runtime Library
shgina.dll 73d70000 73728 C:\WINDOWS\System32\shgina.dll 6.00.2600.0000 (xpclient.010817-1148) Windows Shell User Logon
wiashext.dll 5a500000 577536 C:\WINDOWS\System32\wiashext.dll 5.1.2600.0 (XPClient.010817-1148) Imaging Devices Shell Folder UI
gdiplus.dll 70d00000 1703936 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\gdiplus.dll 5.1.3097.0 (xpclient.010817-1148) Microsoft GDI+

Up your ringer · 2004/12/08

GETSERVICE log.

PsService v1.1 - local and remote services viewer/controller
Copyright (C) 2001-2003 Mark Russinovich
Sysinternals - www.sysinternals.com

SERVICE_NAME: Alerter
Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Alerter
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: ALG
Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Internet Connection Firewall
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\alg.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Application Layer Gateway Service
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: AppMgmt
Provides software installation services such as Assign, Publish, and Remove.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Application Management
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: AudioSrv
Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : AudioGroup
TAG : 0
DISPLAY_NAME : Windows Audio
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Avg7Alrt
(null)
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : AVG7 Alert Manager Server
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Avg7UpdSvc
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : AVG7 Update Service
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: BITS
Uses idle network bandwidth to transfer data.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Background Intelligent Transfer Service
DEPENDENCIES : LanmanWorkstation
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Browser
Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Computer Browser
DEPENDENCIES : LanmanWorkstation
: LanmanServer
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: cisvc
Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\cisvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Indexing Service
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ClipSrv
Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\clipsrv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : ClipBook
DEPENDENCIES : NetDDE
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: COMSysApp
Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : COM+ System Application
DEPENDENCIES : rpcss
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 30 seconds
FAILURE_ACTIONS : Restart DELAY: 1000 seconds
: Restart DELAY: 5000 seconds
: None DELAY: 1000 seconds

SERVICE_NAME: CryptSvc
Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Cryptographic Services
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Dhcp
Manages network configuration by registering and updating IP addresses and DNS names.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DHCP Client
DEPENDENCIES : Tcpip
: Afd
: NetBT
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmadmin
Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\dmadmin.exe /com
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Logical Disk Manager Administrative Service
DEPENDENCIES : RpcSs
: PlugPlay
: DmServer
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmserver
Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Logical Disk Manager
DEPENDENCIES : RpcSs
: PlugPlay
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Dnscache
Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k NetworkService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DNS Client
DEPENDENCIES : Tcpip
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: ERSvc
Allows error reporting for services and applictions running in non-standard environments.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Error Reporting Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Eventlog
Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
LOAD_ORDER_GROUP : Event log
TAG : 0
DISPLAY_NAME : Event Log
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: EventSystem
Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : COM+ Event System
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: FastUserSwitchingCompatibility
Provides management for applications that require assistance in a multiple user environment.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Fast User Switching Compatibility
DEPENDENCIES : TermService
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: helpsvc
Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Help and Support
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 100 seconds
: Restart DELAY: 100 seconds
: None DELAY: 100 seconds

SERVICE_NAME: HidServ
Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : HID Input Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ImapiService
Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\imapi.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IMAPI CD-Burning COM Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Irmon
Supports infrared devices installed on the computer and detects other devices that are in range.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : Infrared Monitor
DEPENDENCIES : irda
: RpcSs
: TermService
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanserver
Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Server
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanworkstation
Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : Workstation
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: LmHosts
Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : TCP/IP NetBIOS Helper
DEPENDENCIES : NetBT
: Afd
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: Messenger
Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Messenger
DEPENDENCIES : LanmanWorkstation
: NetBIOS
: PlugPlay
: RpcSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: mnmsrvc
Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\mnmsrvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NetMeeting Remote Desktop Sharing
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: MSDTC
Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\msdtc.exe
LOAD_ORDER_GROUP : MS Transactions
TAG : 1
DISPLAY_NAME : Distributed Transaction Coordinator
DEPENDENCIES : RPCSS
: SamSS
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: MSIServer
Installs, repairs and removes software according to instructions contained in .MSI files.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\msiexec.exe /V
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Installer
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

Up your ringer · 2004/12/08

GETSERVICE Part 2.

SERVICE_NAME: NetDDE
Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\netdde.exe
LOAD_ORDER_GROUP : NetDDEGroup
TAG : 0
DISPLAY_NAME : Network DDE
DEPENDENCIES : NetDDEDSDM
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDEdsdm
Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\netdde.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network DDE DSDM
DEPENDENCIES :
: EGrLocalSystem
: Network DDE DSDM
: etwork DDE
: workService
: Distributed Transaction Coordinator
: ion
: CommonPr^
:
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netlogon
Supports pass-through authentication of account logon events for computers in a domain.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\lsass.exe
LOAD_ORDER_GROUP : RemoteValidation
TAG : 0
DISPLAY_NAME : Net Logon
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netman
Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Connections
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Nla
Collects and stores network configuration and location information, and notifies applications when this information changes.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Location Awareness (NLA)
DEPENDENCIES : Tcpip
: Afd
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtLmSsp
Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NT LM Security Support Provider
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtmsSvc
(null)
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Removable Storage
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PlugPlay
Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
LOAD_ORDER_GROUP : PlugPlay
TAG : 0
DISPLAY_NAME : Plug and Play
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PolicyAgent
Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IPSEC Services
DEPENDENCIES : RPCSS
: Tcpip
: IPSec
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ProtectedStorage
Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Protected Storage
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasAuto
Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Access Auto Connection Manager
DEPENDENCIES : RasMan
: Tapisrv
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasMan
Creates a network connection.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Access Connection Manager
DEPENDENCIES : Tapisrv
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RDSessMgr
Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\sessmgr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Desktop Help Session Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RemoteAccess
Offers routing services to businesses in local area and wide area network environments.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Routing and Remote Access
DEPENDENCIES : RpcSS
: +NetBIOSGroup
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RemoteRegistry
Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Registry
DEPENDENCIES : RPCSS
SERVICE_START_NAME: NT AUTHORITY\LocalService
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Restart DELAY: 1000 seconds

SERVICE_NAME: RpcLocator
Manages the RPC name service database.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\locator.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC) Locator
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: RpcSs
Provides the endpoint mapper and other miscellaneous RPC services.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost -k rpcss
LOAD_ORDER_GROUP : COM Infrastructure
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC)
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Reboot DELAY: 60000 seconds

SERVICE_NAME: RSVP
Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\rsvp.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : QoS RSVP
DEPENDENCIES : TcpIp
: Afd
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SamSs
Stores security information for local user accounts.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP : LocalValidation
TAG : 0
DISPLAY_NAME : Security Accounts Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SCardDrv
Enables support for legacy non-plug and play smart-card readers used by this computer. If this service is stopped, this computer will not support legacy reader. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\SCardSvr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Smart Card Helper
DEPENDENCIES : +Smart Card Reader
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: SCardSvr
Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\SCardSvr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Smart Card
DEPENDENCIES : PlugPlay
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: Schedule
Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : SchedulerGroup
TAG : 0
DISPLAY_NAME : Task Scheduler
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: seclogon
Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Secondary Logon
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SENS
Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : System Event Notification
DEPENDENCIES : EventSystem
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SharedAccess
Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)
DEPENDENCIES : Netman
: NLA
: RasMan
: ALG
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ShellHWDetection
Provides notifications for AutoPlay hardware events.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : ShellSvcGroup
TAG : 0
DISPLAY_NAME : Shell Hardware Detection
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Spooler
Loads files to memory for later printing.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\spoolsv.exe
LOAD_ORDER_GROUP : SpoolerGroup
TAG : 0
DISPLAY_NAME : Print Spooler
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: None DELAY: 0 seconds

SERVICE_NAME: srservice
Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : System Restore Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SSDPSRV
Enables discovery of UPnP devices on your home network.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : SSDP Discovery Service
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: stisvc
Provides image acquisition services for scanners and cameras.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k imgsvc
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Image Acquisition (WIA)
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SwPrv
Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\dllhost.exe /Processid:{BD875CC9-D289-4E02-B164-088EFE516FBE}
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : MS Software Shadow Copy Provider
DEPENDENCIES : rpcss
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SysmonLog
Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\smlogsvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Performance Logs and Alerts
DEPENDENCIES :
SERVICE_START_NAME: NT Authority\NetworkService

SERVICE_NAME: TapiSrv
Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Telephony
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TermService
Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Terminal Services
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Themes
Provides user experience theme management.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : UIGroup
TAG : 0
DISPLAY_NAME : Themes
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: None DELAY: 0 seconds

SERVICE_NAME: TlntSvr
Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\tlntsvr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Telnet
DEPENDENCIES : RPCSS
: TCPIP
: NTLMSSP
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TrkWks
Maintains links between NTFS files within a computer or across computers in a network domain.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Distributed Link Tracking Client
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

Up your ringer · 2004/12/08

GETSERVICE part 3.

SERVICE_NAME: uploadmgr
Manages synchronous and asynchronous file transfers between clients and servers on the network. If this service is stopped, synchronous and asynchronous file transfers between clients and servers on the network will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Upload Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 100 seconds
: Restart DELAY: 100 seconds
: None DELAY: 100 seconds

SERVICE_NAME: upnphost
Provides support to host Universal Plug and Play devices.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Universal Plug and Play Device Host
DEPENDENCIES : SSDPSRV
SERVICE_START_NAME: NT AUTHORITY\LocalService
FAIL_RESET_PERIOD : -1 seconds
FAILURE_ACTIONS : Restart DELAY: 0 seconds

SERVICE_NAME: UPS
Manages an uninterruptible power supply (UPS) connected to the computer.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\ups.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Uninterruptible Power Supply
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: vsmon
Monitors internet traffic and generates alerts for disallowed access.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
LOAD_ORDER_GROUP : TrueVector Group
TAG : 0
DISPLAY_NAME : TrueVector Internet Monitor
DEPENDENCIES : Afd
: RpcSs
: vsdatant
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: VSS
Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\vssvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Volume Shadow Copy
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: W32Time
Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Time
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WebClient
Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : WebClient
DEPENDENCIES : MRxDAV
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: winmgmt
Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Management Instrumentation
DEPENDENCIES : RPCSS
: Eventlog
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds

SERVICE_NAME: WmdmPmSp
Retrieves the serial number of any portable music player connected to your computer
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Portable Media Serial Number
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Wmi
Provides systems management information to and from drivers.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Management Instrumentation Driver Extensions
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WmiApSrv
Provides performance library information from WMI HiPerf providers.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\wbem\wmiapsrv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : WMI Performance Adapter
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: wuauserv
Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Automatic Updates
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WZCSVC
Provides automatic configuration for the 802.11 adapters
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : Wireless Zero Configuration
DEPENDENCIES : RpcSs
: Ndisuio
SERVICE_START_NAME: LocalSystem

Up your ringer · 2004/12/08

I have downloaded REGLITE and i CAN open a Data Editor window, but there is no .DLL file name in the value. Actually nothing in the value what so ever.

I do not seem to have MS4HD key in reg edit either, but would you like me to try in safe mode?

noahdfear · 2004/12/08

You would only be able to see that key in safe mode. It won't be necessary though, as I can identify which variant of one of the infections you have by the dll logs. It's gonna take me a while to work up a recommended fix, so hang in there.

I understand your reluctance to remove Kazaa, but know this. Several of the infections on your machine are most likely a direct result of using it, and no matter what we do to help you clean up and protect your machine, there is no protection that I can offer you from being re-infected through it's use.

Up your ringer · 2004/12/08

noahdfear said:

You would only be able to see that key in safe mode. It won't be necessary though, as I can identify which variant of one of the infections you have by the dll logs. It's gonna take me a while to work up a recommended fix, so hang in there.

I understand your reluctance to remove Kazaa, but know this. Several of the infections on your machine are most likely a direct result of using it, and no matter what we do to help you clean up and protect your machine, there is no protection that I can offer you from being re-infected through it's use.
Click to expand...

Ok, i really apreciate you taking time out to work up a fix for me! Thanks alot.

The only reason that i do not want to remove Kazza (i don't even use it anymore!!!) is that it is on a seperate drive, and i have some data that i would like to move from the Kazza folders and try to remove it. Also a bit paranoid about 'losing the internet connection' as you mentioned, so i will need to look into that.

The RAV scan is still going, and it does seem to have quite a few infections (although i use AVG everyday!?!?), i am reluctant to post them here, as they have my personal email address in the path.... any ideas?

Thanks again.

Rob.

noahdfear · 2004/12/08

You could always clean up the infected email files and scan again, or save the scan to notepad and edit the addy out first. Be very selective about what you save from the Kazaa files. It would be a good idea to scan those before saving also. You can use RAV to scan just a file or folder too. As long as you don't use Kazaa, then disabling the components should suffice. Should you lose IE connectivity through the use of KazaBeGone, the LSPFix will get things back in order easily enough. Have a few other things to tend to, so as I said earlier, it will take me a while to work up a fix (probably 2 to 3 hours), but will post one yet tonight. Would like to see that RAV scan first anyway.

Up your ringer · 2004/12/08

I was hoping that the RAV scan would be complete in an hour, but it seems not. Unfortunatly due to buisiness commitments tommorrow, i have to go to bed now, as its just gone midnight here in the UK.

However i shall be able to post the scan results before i leave in approx 7hrs time, then check back tommorrow afternoon.

Thanks again.

Newt · 2004/12/08

Up your ringer said:

The RAV scan is still going, and it does seem to have quite a few infections (although i use AVG everyday!?!?), i am reluctant to post them here, as they have my personal email address in the path .... any ideas?
Click to expand...

Before you post the log, use the search/replace feature and replace the beginning part of your email with something else. So if it were

joe.smith@someisp.com

you could search for joe.smith and replace it with my.email and what we saw would be

my.email@someisp.com

That way we'd know what you had done but your email addy would not be shown. Leaving the real ending should not be a problem unless it is also personalized and in that case

joe.smith@someisp.com

search/replace joe.smith@someisp.com with my.email@bogusisp.com

noahdfear · 2004/12/08

You should print this out and/or save it to text where you can access it in safe mode. It's very important to follow the instructions completely, and in the order given.

Please download Rem.zip. Inside the zip file are 2 files, rem.bat and zip.exe. Extract the files to the C:\Windows\System32 folder.

Download CWShredder 2.0 from here. Save it to the desktop. Double click to install.

Download Ad-aware SE from my signature. Install and check for updates. Close for now.

Right click the desktop and choose new>folder. Name it HJT. Cut and paste HijackThis.exe to that folder. That will keep backup files from scattering all over the desktop.

Right click My Computer and choose properties. On system restore tab, check the box to turn off. OK out.

Scan again with HijackThis and place a check next to the following entries. Close ALL other windows and click fix.

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://fastsearchweb.com/srh.php?q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R3 - Default URLSearchHook is missing
O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINDOWS\System32\iecust.dll
O4 - HKLM\..\Run: [Microsoft Update Machine] wininigo.exe
O4 - HKLM\..\Run: [Microsoft Update] winsyst.exe
O4 - HKLM\..\Run: [win update] wupfyny.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe "
O4 - HKLM\..\Run: [KAZAA] F:\rebuild****upcuntingpc\Program Files\KaZaA Lite\Kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\jhfgw.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Registry Scan] regscan32.exe
O4 - HKLM\..\Run: [Microsoft Security Management] winnt.exe
O4 - HKLM\..\Run: [Yahoo Update] Yahoo.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe "
O4 - HKLM\..\RunServices: [Microsoft Update Machine] wininigo.exe
O4 - HKLM\..\RunServices: [Microsoft Update] winsyst.exe
O4 - HKLM\..\RunServices: [win update] wupfyny.exe
O4 - HKLM\..\RunServices: [Windows Registry Scan] regscan32.exe
O4 - HKLM\..\RunServices: [Microsoft Security Management] winnt.exe
O4 - HKLM\..\RunServices: [Yahoo Update] Yahoo.exe
O4 - HKCU\..\Run: [Microsoft Update] winsyst.exe
O4 - HKCU\..\Run: [win update] wupfyny.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] wininigo.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Yahoo Update] Yahoo.exe
These 016 entries are activeX controls and will be reinstalled as needed by the programs using them.
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binar...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binar...er.cab31267.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2451d34...ip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binar...ro.cab31267.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binar...ot.cab31267.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flash.ladbrokescasino.com/ladbrokes/FlashAX.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab

Go to start>run and type msconfig, hit enter. On the boot.ini tab, check the box next to /safeboot and OK. Yes to restart. This will restart your computer in safe mode. Logon to you user account.

Now in safe mode, you will need to show hidden files and folders, as well as system files.

Open CWShredder from the new shortcut on the desktop. Close ALL other windows and click fix.

Open C:\Windows\System32 and double click the rem.bat file. Close the log that opens when done. Look for the following files while in that folder. Delete if found.

jhfgw.exe
regscan32.exe
winnt.exe
Yahoo.exe
winsyst.exe
wupfyny.exe
wininigo.exe
iecust.dll

You should also check the C:\Windows\System folder, as well as C:\Windows for copies of those files.

Open C:\Program Files and delete the folder Messenger Plus! 3.
Open C:\Temp if present, select all and delete.
Open C:\Windows\Temp, select all and delete.
Open C:\Windows\Prefetch, select all and delete.
Open C:\Documents and Settings\username\Local Settings\temp, select all and delete. Do this for all usernames.

Open C:\Documents and Settings\Rob\Favorites, look for and delete any entries related to the offending advertisements.

Open Internet Options in the control panel and delete Temporary Internet Files. Check the box for offline content too. Close IE Options and open the Java Plug-in (it may be under other control panel options in the left column). Click the cache tab, then empty. Close control panel.

Open Ad-aware and run in full scan mode. Delete all it finds.

Open My Computer, right click Local disk C: and choose properties, then disk cleanup. Check all boxes except compress old files and OK.
Uncheck the /safeboot box in msconfig and ok to reboot.

Scan again with HijackThis and place a check next to any of the R1 and R0 about:blank entries that may be present. Reboot again and do another HJT scan, saving the log.

Open Local Disk C: and locate log.txt. Open and copy/paste it and the HJT logs here.

Re-enable system restore. Then visit Windows Update. Accept all critical updates.
Reboot and go back to Windows Update until there are no more criticals offered.

Visit the SUN Java website and download the latest version of JRE. I think it's currently version 1.4.2_06

We'll deal with the RAV scan later.

shadowhawk · 2004/12/08

Just a note to say that Messenger Plus 3 is OK to have as long as you decline the sponsor when you install it.

Up your ringer · 2004/12/09

Hi again,

First of all, i'm sorry for not posting the results last night, but it was either computer or defrost the car.... i opted for the latter.

Here is the RAV scan report :

Statistics
Scanned files: 55110
Scanned directories: 4554
Scanned archives: 1550
Size of the scanned files: 2783688657
Packed files: 3280
Known viruses found: 69
Virus bodies: 13
Suspicious files: 0

Disinfected files: 0
Deleted files: 0
Renamed files: 0
Copied files: 0
I/O errors: 0
Warnings: 0
Corrupted files: 0
New files: 183765
Mail files: 627

Found viruses
File: C:\Documents and Settings\Rob\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-41deb812-2616deaf.zip->GetAccess.class
Virus: Trojan:Java/ClassLoader Status: Infected

File: C:\Documents and Settings\Rob\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-41deb812-2616deaf.zip->InsecureClassLoader.class
Virus: Java/Bytverify Status: Infected

File: C:\Documents and Settings\Rob\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-41deb812-2616deaf.zip->Installer.class
Virus: TrojanDownloader:Java/OpenConnection.F Status: Infected

File: C:\Documents and Settings\Rob\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-76ba5970-41ef2da2.zip->GetAccess.class
Virus: Trojan:Java/ClassLoader Status: Infected

File: C:\Documents and Settings\Rob\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-76ba5970-41ef2da2.zip->InsecureClassLoader.class
Virus: Java/Bytverify Status: Infected

File: C:\Documents and Settings\Rob\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-76ba5970-41ef2da2.zip->Installer.class
Virus: TrojanDownloader:Java/OpenConnection.F Status: Infected

File: C:\Documents and Settings\Rob\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-79d90b40-6daf1f08.zip->GetAccess.class
Virus: Trojan:Java/ClassLoader Status: Infected

File: C:\Documents and Settings\Rob\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-79d90b40-6daf1f08.zip->InsecureClassLoader.class
Virus: Java/Bytverify Status: Infected

File: C:\Documents and Settings\Rob\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-79d90b40-6daf1f08.zip->Installer.class
Virus: TrojanDownloader:Java/OpenConnection.F Status: Infected

File: C:\Documents and Settings\Rob\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count4.jar-4a5f2737-77fab745.zip->VerifierBug.class
Virus: Java/Bytverify Status: Infected

File: C:\Documents and Settings\Rob\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count4.jar-4a5f2737-77fab745.zip->Dummy.class
Virus: Trojan:Java/Dummy.C (exact) Status: Infected

File: C:\Documents and Settings\Rob\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count4.jar-4a5f2737-77fab745.zip->Beyond.class
Virus: TrojanDownloader:Java/OpenConnection.K Status: Infected

File: C:\Documents and Settings\Rob\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv307.jar-1327dabe-7cd7218d.zip->Counter.class
Virus: Trojan:Java/ClassLoader Status: Infected

File: C:\Documents and Settings\Rob\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv307.jar-1327dabe-7cd7218d.zip->Matrix.class
Virus: TrojanDownloader:Java/OpenStream.C Status: Infected

File: C:\Documents and Settings\Rob\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv307.jar-1327dabe-7cd7218d.zip->Parser.class
Virus: Java/Bytverify Status: Infected

File: C:\Documents and Settings\Rob\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv453.jar-797d9df3-5d4908aa.zip->Counter.class
Virus: Trojan:Java/ClassLoader Status: Infected

File: C:\Documents and Settings\Rob\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv453.jar-797d9df3-5d4908aa.zip->Matrix.class
Virus: TrojanDownloader:Java/OpenStream.C Status: Infected

File: C:\Documents and Settings\Rob\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv453.jar-797d9df3-5d4908aa.zip->Parser.class
Virus: Java/Bytverify Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.171: (MAILER-DAEMON@ns1.dealtime.com (Mail Delivery System) [Undelivered Mail Returned to S...
Virus: Win32/Mydoom.O@mm Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.106: (=?iso-8859-1?q? "Yahoo!=20Mail=20Virus=20Protection=20 [=?iso-8859-1?q? "Alert:=20Virus...
Virus: Win32/Netsky.P@mm Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.105: (Mail Delivery System [Mail delivery failed: returning message to sender])->(part0002...
Virus: HTML/IFrame_Exploit* Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.105: (Mail Delivery System [Mail delivery failed: returning message to sender])->(part0003...
Virus: Win32/Netsky.P@mm Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.104: (crazy_han1@hotmail.com [Mail Delivery (failure mypersonalemailaddress@here.com)])->(part000...
Virus: HTML/IFrame_Exploit* Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.104: (crazy_han1@hotmail.com [Mail Delivery (failure mypersonalemailaddress@here.com)])->(part000...
Virus: Win32/Netsky.P@mm Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.90: (catty_diva@hotmail.com [Mail Delivery (failure mypersonalemailaddress@here.com)])->(part0001...
Virus: HTML/IFrame_Exploit* Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.90: (catty_diva@hotmail.com [Mail Delivery (failure mypersonalemailaddress@here.com)])->(part0002...
Virus: Win32/Netsky.P@mm Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.87: (nightwatcha@hotmail.com [Mail Delivery (failure mypersonalemailaddress@here.com)])->(part000...
Virus: HTML/IFrame_Exploit* Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.87: (nightwatcha@hotmail.com [Mail Delivery (failure mypersonalemailaddress@here.com)])->(part000...
Virus: Win32/Netsky.P@mm Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.85: (robert_major_199@hotmail.com [Mail Delivery (failure mypersonalemailaddress@here.com)])->(pa...
Virus: HTML/IFrame_Exploit* Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.85: (robert_major_199@hotmail.com [Mail Delivery (failure mypersonalemailaddress@here.com)])->(pa...
Virus: Win32/Netsky.P@mm Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.83: (kml_sexkitten@hotmail.com [Mail Delivery (failure mypersonalemailaddress@here.com)])->(part0...
Virus: HTML/IFrame_Exploit* Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.83: (kml_sexkitten@hotmail.com [Mail Delivery (failure mypersonalemailaddress@here.com)])->(part0...
Virus: Win32/Netsky.P@mm Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.80: (21800145@mwinf3102.me.freeserve.com [Mail Delivery (failure mypersonalemailaddress@here.com)...
Virus: HTML/IFrame_Exploit* Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.80: (21800145@mwinf3102.me.freeserve.com [Mail Delivery (failure mypersonalemailaddress@here.com)...
Virus: Win32/Netsky.P@mm Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.76: (sabrecat@cyberbeach.net [Mail Delivery (failure mypersonalemailaddress@here.com)])->(part000...
Virus: HTML/IFrame_Exploit* Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.76: (sabrecat@cyberbeach.net [Mail Delivery (failure mypersonalemailaddress@here.com)])->(part000...
Virus: Win32/Netsky.P@mm Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.71: (kml_sexkitten@hotmail.com [Mail Delivery (failure mypersonalemailaddress@here.com)])->(part0...
Virus: HTML/IFrame_Exploit* Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.71: (kml_sexkitten@hotmail.com [Mail Delivery (failure mypersonalemailaddress@here.com)])->(part0...
Virus: Win32/Netsky.P@mm Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.67: (un@aol.com [Mail Delivery (failure mypersonalemailaddress@here.com)])->(part0001->(IFRAME0...
Virus: HTML/IFrame_Exploit* Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.67: (un@aol.com [Mail Delivery (failure mypersonalemailaddress@here.com)])->(part0002:message.scr)
Virus: Win32/Netsky.P@mm Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.66: (emzie_2003@hotmail.com [Mail Delivery (failure mypersonalemailaddress@here.com)])->(part0001...
Virus: HTML/IFrame_Exploit* Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.66: (emzie_2003@hotmail.com [Mail Delivery (failure mypersonalemailaddress@here.com)])->(part0002...
Virus: Win32/Netsky.P@mm Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.65: (dj_cameron11@hotmail.com [Mail Delivery (failure mypersonalemailaddress@here.com)])->(part00...
Virus: HTML/IFrame_Exploit* Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.65: (dj_cameron11@hotmail.com [Mail Delivery (failure mypersonalemailaddress@here.com)])->(part00...
Virus: Win32/Netsky.P@mm Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.61: (guardingangel_uk@hotmail.com [Mail Delivery (failure mypersonalemailaddress@here.com)])->(pa...
Virus: HTML/IFrame_Exploit* Status: Infected

I hope this is some assistance to you, i really realy do...

Up your ringer · 2004/12/09

Here is part 2

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.61: (guardingangel_uk@hotmail.com [Mail Delivery (failure mypersonalemailaddress@here.com)])->(pa...
Virus: Win32/Netsky.P@mm Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.58: (rycebutt83@hotmail.com [Mail Delivery (failure mypersonalemailaddress@here.com)])->(part0001...
Virus: HTML/IFrame_Exploit* Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.58: (rycebutt83@hotmail.com [Mail Delivery (failure mypersonalemailaddress@here.com)])->(part0002...
Virus: Win32/Netsky.P@mm Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.57: (sprat_fish@msn.com [Mail Delivery (failure mypersonalemailaddress@here.com)])->(part0001->...
Virus: HTML/IFrame_Exploit* Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.57: (sprat_fish@msn.com [Mail Delivery (failure mypersonalemailaddress@here.com)])->(part0002:mes...
Virus: Win32/Netsky.P@mm Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.53: (adamluvinsheena4eva@msn.com [Mail Delivery (failure mypersonalemailaddress@here.com)])->(par...
Virus: HTML/IFrame_Exploit* Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.53: (adamluvinsheena4eva@msn.com [Mail Delivery (failure mypersonalemailaddress@here.com)])->(par...
Virus: Win32/Netsky.P@mm Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.49: (drlinkin@hotmail.com [Mail Delivery (failure mypersonalemailaddress@here.com)])->(part0001...
Virus: HTML/IFrame_Exploit* Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.49: (drlinkin@hotmail.com [Mail Delivery (failure mypersonalemailaddress@here.com)])->(part0002:m...
Virus: Win32/Netsky.P@mm Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.44: (915-269919@webserver2.eqtr.com [Mail Delivery (failure mypersonalemailaddress@here.com)])->(...
Virus: HTML/IFrame_Exploit* Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.44: (915-269919@webserver2.eqtr.com [Mail Delivery (failure mypersonalemailaddress@here.com)])->(...
Virus: Win32/Netsky.P@mm Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.42: (nicktheman83@hotmail.com [Mail Delivery (failure mypersonalemailaddress@here.com)])->(part00...
Virus: HTML/IFrame_Exploit* Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.42: (nicktheman83@hotmail.com [Mail Delivery (failure mypersonalemailaddress@here.com)])->(part00...
Virus: Win32/Netsky.P@mm Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.38: (slimleigh@hotmail.com [Mail Delivery (failure mypersonalemailaddress@here.com)])->(part0001:...
Virus: HTML/IFrame_Exploit* Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.38: (slimleigh@hotmail.com [Mail Delivery (failure mypersonalemailaddress@here.com)])->(part0002:...
Virus: Win32/Netsky.P@mm Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.33: (isa_iz_hot@hotmail.com [Mail Delivery (failure mypersonalemailaddress@here.com)])->(part0001...
Virus: HTML/IFrame_Exploit* Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.33: (isa_iz_hot@hotmail.com [Mail Delivery (failure mypersonalemailaddress@here.com)])->(part0002...
Virus: Win32/Netsky.P@mm Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.30: (mojo_1992@yahoo.co.uk [Mail Delivery (failure mypersonalemailaddress@here.com)])->(part0001:...
Virus: HTML/IFrame_Exploit* Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Deleted Items.dbx->Message.30: (mojo_1992@yahoo.co.uk [Mail Delivery (failure mypersonalemailaddress@here.com)])->(part0002:...
Virus: Win32/Netsky.P@mm Status: Infected

File: C:\Documents and Settings\Rob\Local Settings\Application Data\Identities\{B211A070-3E1F-4195-8599-035D8C243EC1}\Microsoft\Outlook Express\Sent Items.dbx->Message.22: ( "Rob Surname" [Re: Mail Delivery (failure mypersonalemailaddress@here.com)])->(part0002->(IFR...
Virus: HTML/IFrame_Exploit* Status: Infected

File: C:\WINDOWS\system32\TFTP1832
Virus: Backdoor:Win32/Rbot.dam#2 Status: Infected

File: C:\WINDOWS\system32\TFTP4368
Virus: Backdoor:IRC/SdBot.dam#2 Status: Infected

File: C:\WINDOWS\system32\Yahoo.exe
Virus: Backdoor:Win32/Rbot.BD Status: Infected

File: F:\rebuild****upcuntingpc\Program Files\Windows Media Player\wmplayer.exe.tmp
Virus: Win32/Wallon.A@mm Status: Infected

noahdfear · 2004/12/09

Clearing the Java Plug-in cache will take care of those Java files. You obviously have quite a few email files to delete. Other than that, delete the following.

C:\WINDOWS\system32\TFTP1832
C:\WINDOWS\system32\TFTP4368
F:\rebuild****upcuntingpc\Program Files\Windows Media Player\wmplayer.exe.tmp

Up your ringer · 2004/12/09

Right, ok.

I have done all of the first instructions up to this point of posting the results.

Only thing i COULDN'T do, was the 'My computer, right click, disk cleanup' as it just hangs when scanning 'compress old files'. Doesn't even get to the delete/selction stage.

Here are the logs.

Zipping files............
---------------------------------------------------------

deleting files........
---------------------------------------------------------

Files Not deleted
------------------------------------------------------------

Merging registry entries
-----------------------------------------------------------------
The Registry Entries Found...
-----------------------------------------------------------------

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ms4Hd]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ms4Hd\Files]
"taskrun.exe "=" "
"trayinfo.exe "=" "
"subsys.exe "=" "
"spoolsvc.exe "=" "
"smlogvcc.exe "=" "
"sessngr.exe "=" "
"rsvxp.exe "=" "
"rsn.exe "=" "
"rexecs.exe "=" "
"resrvc32.exe "=" "
"rcip.exe "=" "
"proxyconf.exe "=" "
"powerconf.exe "=" "
"pingnet.exe "=" "
"dnsping.exe "=" "
"odcfg.exe "=" "
"netstart.exe "=" "
"netdns.exe "=" "
"getdns.exe "=" "
"msswchxp.exe "=" "
"msng.exe "=" "
"msinfo.exe "=" "
"netssl.exe "=" "
"netdetect.exe "=" "
"sfcver.exe "=" "
"netcfg.dll "=" "
"odbcfg32.dll "=" "
"p2pserv.dll "=" "
"clfmon.exe "=" "
"netssh.exe "=" "
"syspack.dll "=" "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ms4Hd\Processes]
"taskrun.exe "=" "
"trayinfo.exe "=" "
"subsys.exe "=" "
"spoolsvc.exe "=" "
"smlogvcc.exe "=" "
"sessngr.exe "=" "
"rsvxp.exe "=" "
"rsn.exe "=" "
"rexecs.exe "=" "
"resrvc32.exe "=" "
"rcip.exe "=" "
"proxyconf.exe "=" "
"powerconf.exe "=" "
"pingnet.exe "=" "
"dnsping.exe "=" "
"odcfg.exe "=" "
"netstart.exe "=" "
"netdns.exe "=" "
"getdns.exe "=" "
"msswchxp.exe "=" "
"msng.exe "=" "
"msinfo.exe "=" "
"netssl.exe "=" "
"netdetect.exe "=" "
"sfcver.exe "=" "
"clfmon.exe "=" "
"netssh.exe "=" "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ms4Hd\RegKeys]
"{98DBBF16-CA43-4c33-BE80-99E6694468A4} "=" "
"{E9590744-812B-46C3-96EB-33212855927D} "=" "
"Files "=" "
"Ms4Hd "=" "
"Processes "=" "
"RegKeys "=" "
"RegValues "=" "
"Vendor "=" "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ms4Hd\RegValues]
"clfmon.exe "=" "
"netssh.exe "=" "
"sessngr.exe "=" "
"spoolsvc.exe "=" "

-----------------------------------------------------------------

Done

HJT Log

Logfile of HijackThis v1.98.2
Scan saved at 20:33:53, on 09/12/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\Rob\Desktop\HJT\HijackThis.exe

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
O2 - BHO: (no name) - {E9590744-812B-46C3-96EB-33212855927D} - C:\WINDOWS\System32\netcfg.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKLM\..\Run: [clfmon.exe] clfmon.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Yahoo Update] Yahoo.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [Yahoo Update] Yahoo.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo Update] Yahoo.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://*.63.219.181.7
O15 - Trusted Zone: http://*.search-soft.net
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} -
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2451d34ec92d874d5316/netzip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} -
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC4D1E0C-0E38-429C-A97B-B24FAC9728D3}: NameServer = 194.74.65.85 194.72.9.44

Log in or Sign up

Sooo many popups and Adware/spybot isn't doing its job!!!

Up your ringer Inactive Thread Starter

noahdfear Inactive

Up your ringer Inactive Thread Starter

Up your ringer Inactive Thread Starter

Up your ringer Inactive Thread Starter

Up your ringer Inactive Thread Starter

Up your ringer Inactive Thread Starter

Up your ringer Inactive Thread Starter

Up your ringer Inactive Thread Starter

noahdfear Inactive

Up your ringer Inactive Thread Starter

noahdfear Inactive

Up your ringer Inactive Thread Starter

Newt Inactive

noahdfear Inactive

shadowhawk Inactive

Up your ringer Inactive Thread Starter

Up your ringer Inactive Thread Starter

noahdfear Inactive

Up your ringer Inactive Thread Starter

Share This Page

Log in or Sign up

Sooo many popups and Adware/spybot isn't doing its job!!!

Up your ringer Inactive Thread Starter

noahdfear Inactive

Up your ringer Inactive Thread Starter

Up your ringer Inactive Thread Starter

Up your ringer Inactive Thread Starter

Up your ringer Inactive Thread Starter

Up your ringer Inactive Thread Starter

Up your ringer Inactive Thread Starter

Up your ringer Inactive Thread Starter

noahdfear Inactive

Up your ringer Inactive Thread Starter

noahdfear Inactive

Up your ringer Inactive Thread Starter

Newt Inactive

noahdfear Inactive

shadowhawk Inactive

Up your ringer Inactive Thread Starter

Up your ringer Inactive Thread Starter

noahdfear Inactive

Up your ringer Inactive Thread Starter

Share This Page

Useful Searches