Graphic VIRUS Windows 2000 - PLEASE HELP

We have encounterd a strange problem with the graphics in Windows 2000.

*It started that one computer in our network got the problem and then it spread to everyone. All with different service packs, different grafic cards, different software and so on.

-->So our conclusion is that it is a virus.

*The problem occurs normaly when a computer hasn´t been turned off for a day o two. The entire windows graphic start to flash, the start menu moves around and nothing makes sense. The only way to make it go away is to reboot!

We have searched for virus with norton, spybot and ad-aware.

-->Is its hard to explain how it looks but we managed to take a "print screen":

http://www.vikaris.com/problem.jpg

--> Anyone know what this is and how we remove it?

hello Turbo123,
It is difficult to diagnose what the problem is with one system from that snapshot, let alone several computers over a network. I cannot tell whether what you have is indeed an malware infection. You have a lot (and i mean a lot) of shorcuts on your taskbar. and a number in your system tray as well. what are the specs for your system especially the ram and procesor ? its possible that you might be experiancing a memory leak, or having memory management problems. The description you gave me might fit this if the other machine are similar to this one in terms of the number of quicklaunch shortcuts. everyone of those shorcuts are laoded into the memory during bootup. Have there been any software installs or system changes on all the problem systems in the recent past. since when have you noticed this problem ? Remove all the quicklaunch shortcuts and see if the problem goes away.

If you suspect malware/virii of some kind could you please download Hiajackthis from here http://www.majorgeeks.com/download3155.html ( or from the site mentioned in my signature)

Install it on the computer on which the problems all began, to a permanent folder. Run the scan and save a log file. please post the log back here after that. It will allow the experts at this site to take a look over your computer and understand what exactly is going on.

cheers

--> Well the computer where it began is a P4 2.8 GHz and 1024 MB RAM with many applications installed.

*BuT we don´t think its about a memory leak becuse others in the network who also have this problem has computers with newly installed clean windows 2000 and office.

Be right back with hijack log.

Here is the hijack log from the computer where it all started:

http://www.vikaris.com/hijackthis.log

I have pasted your log below so that the other users and experts here can go through it and suggest a fix

Logfile of HijackThis v1.99.1
Scan saved at 08:11:57, on 2005-05-26
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program\Delade filer\Symantec Shared\ccProxy.exe
C:\Program\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program\Executive Software\Diskeeper\DkService.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program\VeriSign\NAVI\naviagent.exe
C:\WINNT\system32\regsvc.exe
C:\Program\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\WINNT\system32\MSTask.exe
C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
C:\WINNT\System32\snmp.exe
C:\Program\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\Program\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program\Logitech\iTouch\iTouch.exe
C:\Program\Logitech\MouseWare\system\em_exec.exe
C:\Program\DU Meter\DUMeter.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program\NetLimiter\NetLimiter.exe
C:\WINNT\system32\wfxsnt40.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\ICQLite\ICQLite.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Outlook Express\msimn.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\DOCUME~1\JOACHI~1.VIK\LOKALA~1\Temp\Adobelm_Cleanup.0001
C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\JOACHI~1.VIK\LOKALA~1\Temp\Adobelm_Cleanup.0001
C:\Program\DC++\DCPlusPlus.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\GlobalSCAPE\CuteFTP Professional\cuteftppro.exe
C:\Program\GlobalSCAPE\CuteFTP Professional\ftpte.exe
C:\Program\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program\VeriSign\i-Nav\i-nav_4_2_1.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program\VeriSign\i-Nav\i-nav_4_2_1.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program\FlashFXP\IEFlash.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [DU Meter] C:\Program\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\Program\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NetLimiter] C:\Program\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\program\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\Program\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe
O9 - Extra button: i-Nav hjälp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav hjälp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: i-Nav - alternativ - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program\VeriSign\i-Nav\i-nav_4_2_1.dll

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2F2953D4-4AAD-4967-9684-CA10726E2E2A} (VikabStart.VikabStarter) - http://10.11.11.1/vikab_intranat/activeX/ax7.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = VIKABDN1.LOKAL
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A50BD04-C145-46C5-A931-CD68A3A95248}: NameServer = 10.11.11.1,148.160.16.66,148.160.16.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{11FAF7E9-FAF0-4678-A7FB-34F6EC66DFA6}: NameServer = 10.11.11.1,148.160.16.66,148.160.16.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{32A0AB4C-90EC-4F95-9D4E-8A11E164A13E}: NameServer = 10.11.11.1,148.160.16.66,148.160.16.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EA71F3D-56FF-4034-9F14-B92AEB11791C}: NameServer = 148.160.16.66,148.160.16.67
O17 - HKLM\System\CCS\Services\Tcpip\..\{55FD09A1-163C-446A-ADEB-7890FA363EF8}: NameServer = 10.11.11.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F2D004E-BDAE-4A39-BEC8-A779D320230E}: NameServer = 10.11.11.1,10.11.12.196
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = VIKABDN1.LOKAL
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A50BD04-C145-46C5-A931-CD68A3A95248}: NameServer = 10.11.11.1,148.160.16.66,148.160.16.67
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = VIKABDN1.LOKAL
O17 - HKLM\System\CS2\Services\Tcpip\..\{0A50BD04-C145-46C5-A931-CD68A3A95248}: NameServer = 10.11.11.1,148.160.16.66,148.160.16.67
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program\Executive Software\Diskeeper\DkService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program\VeriSign\NAVI\naviagent.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

Well, does anyone see anything unusual?

my apologies Turbo123, i have not had the time to go over your log. will check it sometime today and see if i am able to detect anything that should not be there.

i went over your log as well as i could. i cannot see anything that looks amiss. but it is possible i am missing something. there are others at this fourm who have a much keener eye than i do. If you wish to give them some more information to work with, you can try a software called Stardeck available here: http://www.spyware911.net/downloads/startdreck.zip

Run it, and post a log here.

Hi Turbo123,

You HijackThis log is clean.

Any change as to how your computers have been behaving?

Tom

StartDreck (build 2.1.7 public stable) - 2005-06-14 @ 10:47:52 (GMT +02:00)
Platform: Windows 2000 (Win NT 5.0.2195 Service Pack 4)
Internet Explorer: 6.0.2800.1106
Logged in as johan at JOHANS

»Registry
»Run Keys
»Current User
»Run
*MsnMsgr="C:\Program\MSN Messenger\MsnMsgr.Exe" /background
»RunOnce
»Default User
»Run
*internat.exe=internat.exe
»RunOnce
*^SetupICWDesktop=C:\Program\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
»Local Machine
»Run
*Synchronization Manager=mobsync.exe /logon
*SoundMan=SOUNDMAN.EXE
*NeroCheck=C:\WINNT\system32\NeroCheck.exe
*Tweak UI=RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
*QuickTime Task="C:\Program\QuickTime\qttask.exe" -atboottime
*CloneCDElbyCDFL="C:\Program\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
*ccApp="C:\Program\Delade filer\Symantec Shared\ccApp.exe"
*vptray=C:\Program\SYMANT~1\SYMANT~2\VPTray.exe
*HP SchedIndexer=C:\Program\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe
*HP AutoIndexer=C:\Program\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe
*Device Detector="C:\Program\Delade filer\ACD Systems\EN\DevDetect.exe" -autorun
*DAEMON Tools-1033="C:\Program\D-Tools\daemon.exe" -lang 1033
*Logitech Utility=Logi_MwX.Exe
*Acrobat Assistant 7.0="C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
*NvCplDaemon=RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
*nwiz=nwiz.exe /install
*NvMediaCenter=RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
+OptionalComponents
+MSFS
*Installed=1
+MAPI
*Installed=1
*NoChange=1
+MAPI
*Installed=1
*NoChange=1
»RunOnce
»RunServices
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.disabled
*SpybotSD.DisabledFile="C:\Program\Spybot - Search & Destroy\blindman.exe" %1
+.exe
*exefile="%1" %*
+.hta
*htafile=C:\WINNT\system32\mshta.exe "%1" %*
+.htm
*htmlfile="C:\Program\Internet Explorer\iexplore.exe" -nohome
+.html
*htmlfile="C:\Program\Internet Explorer\iexplore.exe" -nohome
+.js
*JSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.jse
*JSEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" /S
+.txt
*txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1
+.vbs
*VBSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.vbe
*VBEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsh
*WSHFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsf
*WSFFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
»Browser Helper Objects (LM)
*AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
`InprocServer32=C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
*IELogSystem.IEWatchObj.1/{9527D42F-D666-11D3-B8DD-00600838CD5F}
`InprocServer32=C:\WINNT\system32\IETie.dll
*Google Toolbar Helper/{AA58ED58-01DD-4d91-8333-CF10577473F7}
`InprocServer32=c:\program\google\googletoolbar1.dll
*Adobe.AcroIEToolbarHelper.1/{AE7CD045-E861-484f-8273-0445EE161910}
`InprocServer32=C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
*LangResolve.BHOLangResolve.1/{CE000992-A58C-4441-8938-744CD72AB27F}
`InprocServer32=C:\Program\VeriSign\i-Nav\i-nav_4_2_1.dll
»Files
»Autostart Folders
»Current User
*C:\Documents and Settings\johan\Start-meny\Program\Autostart\Adobe Gamma.lnk
»Default User
»Local Machine
*C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Adobe Acrobat Speed Launcher.lnk
*C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Adobe Gamma Loader.exe.lnk
*C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Adobe Gamma Loader.lnk
*C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Adobe Reader Speed Launch.lnk
*C:\Documents and Settings\All Users\Start-meny\Program\Autostart\HP LaserJet Director.lnk
*C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Microsoft Office.lnk
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=
»SYSTEM.INI\[boot]
*SHELL=Explorer.exe
»Text Files
*C:\boot.ini
*C:\msdos.sys
*C:\config.sys
*C:\WINNT\system32\config.nt
*C:\autoexec.bat
*C:\WINNT\system32\autoexec.nt
*C:\WINNT\system32\drivers\etc\hosts
»System/Drivers
»Running Processes
+0=<idle>
+8=<system>
+124=\SystemRoot\System32\smss.exe
+192=\??\C:\WINNT\system32\csrss.exe
+212=\??\C:\WINNT\system32\winlogon.exe
+240=C:\WINNT\system32\services.exe
+252=C:\WINNT\system32\lsass.exe
+432=C:\WINNT\system32\svchost.exe
+464=C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
+492=C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
+372=C:\WINNT\system32\spoolsv.exe
+636=C:\Program\Delade filer\Symantec Shared\ccProxy.exe
+652=C:\Program\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
+716=C:\WINNT\System32\svchost.exe
+764=C:\Program\VeriSign\NAVI\naviagent.exe
+796=C:\WINNT\system32\nvsvc32.exe
+880=C:\WINNT\system32\regsvc.exe
+904=C:\Program\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
+1016=C:\WINNT\system32\MSTask.exe
+1072=C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
+1136=C:\WINNT\System32\snmp.exe
+1156=C:\Program\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
+1244=C:\Program\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
+1276=C:\WINNT\System32\WBEM\WinMgmt.exe
+1336=C:\WINNT\system32\svchost.exe
+1360=C:\WINNT\System32\inetsrv\inetinfo.exe
+1380=C:\Program\VeriSign\NAVI\NAVICL~1.EXE
+1616=C:\WINNT\Explorer.EXE
+2020=C:\WINNT\SOUNDMAN.EXE
+2060=C:\Program\QuickTime\qttask.exe
+868=C:\Program\Delade filer\Symantec Shared\ccApp.exe
+632=C:\Program\SYMANT~1\SYMANT~2\VPTray.exe
+2124=C:\Program\Delade filer\ACD Systems\EN\DevDetect.exe
+2140=C:\Program\D-Tools\daemon.exe
+2216=C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
+2232=C:\Program\Logitech\MouseWare\system\em_exec.exe
+1668=C:\Program\MSN Messenger\MsnMsgr.Exe
+2048=C:\Program\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
+2328=C:\WINNT\System32\svchost.exe
+2312=C:\WINNT\system32\hppapml0.exe
+3004=C:\WINNT\system32\dllhost.exe
+3040=C:\WINNT\system32\dllhost.exe
+3732=C:\Program\Internet Explorer\IEXPLORE.EXE
+3432=C:\Download\Säkerhet\StartDreck.exe
»NT Services
*Adobe LM Service Adobe LM Service - on demand
*Alerter Alerter - on demand
*Application Management AppMgmt - on demand
*ASP.NET State Service aspnet_state - on demand
*Background Intelligent Transfer Service BITS running on demand
*Computer Browser Browser running auto
*Symantec Event Manager ccEvtMgr running auto
*Symantec Network Proxy ccProxy running auto
*Symantec Password Validation ccPwdSvc - on demand
*Symantec Settings Manager ccSetMgr running auto
*Indexing Service cisvc - on demand
*ClipBook ClipSrv - on demand
*Symantec AntiVirus Definition Watcher DefWatch running auto
*DHCP Client Dhcp running auto
*Logical Disk Manager Administrative Service dmadmin - on demand
*Logical Disk Manager dmserver running auto
*DNS Client Dnscache running auto
*Event Log Eventlog running auto
*COM+ Event System EventSystem running on demand
*Fax Service Fax - on demand
*IIS Admin Service IISADMIN running auto
*Server LanmanServer running auto
*Workstation LanmanWorkstation running auto
*TCP/IP NetBIOS Helper Service LmHosts running auto
*Messenger Messenger running auto
*NetMeeting Remote Desktop Sharing mnmsrvc - on demand
*Distributed Transaction Coordinator MSDTC - on demand
*Windows Installer MSIServer - on demand
*VeriSign Updater navi running auto
*Network DDE NetDDE - on demand
*Network DDE DSDM NetDDEdsdm - on demand
*Net Logon Netlogon running auto
*Network Connections Netman running on demand
*NT LM Security Support Provider NtLmSsp - on demand
*Removable Storage NtmsSvc running auto
*NVIDIA Display Driver Service NVSvc running auto
*Plug and Play PlugPlay running auto
*IPSEC Policy Agent PolicyAgent running auto
*Protected Storage ProtectedStorage running auto
*Remote Access Auto Connection Manager RasAuto - on demand
*Remote Access Connection Manager RasMan running on demand
*Routing and Remote Access RemoteAccess - disabled
*Remote Registry Service RemoteRegistry running auto
*Remote Procedure Call (RPC) Locator RpcLocator - on demand
*Remote Procedure Call (RPC) RpcSs running auto
*QoS RSVP RSVP - on demand
*Security Accounts Manager SamSs running auto
*Sandra Data Service SandraDataSrv - on demand
*Sandra Service SandraTheSrv - on demand
*SavRoam SavRoam running auto
*Smart Card Helper SCardDrv - on demand
*Smart Card SCardSvr - on demand
*Task Scheduler Schedule running auto
*RunAs Service seclogon running auto
*System Event Notification SENS running auto
*Internet Connection Sharing SharedAccess - on demand
*Symantec Network Drivers Service SNDSrvc running auto
*SNMP Service SNMP running auto
*SNMP Trap Service SNMPTRAP - on demand
*Print Spooler Spooler running auto
*Symantec AntiVirus Symantec AntiVirus running auto
*Symantec SecurePort SymSecurePort running auto
*Performance Logs and Alerts SysmonLog - on demand
*Telephony TapiSrv running on demand
*Telnet TlntSvr - on demand
*Distributed Link Tracking Client TrkWks running auto
*Uninterruptible Power Supply UPS - on demand

*Utility Manager UtilMan - on demand
*Windows Time W32Time running auto
*World Wide Web Publishing Service W3SVC running auto
*Windows Management Instrumentation WinMgmt running auto
*Windows Management Instrumentation Driver Exten Wmi running on demand
`sions
*Automatiska uppdateringar wuauserv running auto
*Konfiguration för trådlös kommunikation WZCSVC -