|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
Laplink Gold 2008 - $15 Off with Coupon Code CJM9NE
|
|
#1
July 23rd, 2004, 09:54 AM
|
|||
|
|||
|
Help with Your-Searcher (And Other Issues)
I was just blasted with spyware as well as a couple of worms (removed by McAfee) and need some assistance if possible. Brower hijaced by your-searcher and it also keeps putting favorites in my list. I am also having the following other issues:
- Everytime I start a program, I get a Microsoft Office XP setup dialog box directing me to the CD to install something. - Everytime I shutdown I get a program not responding for something called "WinMin" - when I type an address in the bar, it redirects me..... Hijack This log attached. Any help would be appriciated!!!!! Logfile of HijackThis v1.98.0 Scan saved at 9:05:00 AM, on 7/23/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\myCIO\VScan\McShield.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\myCIO\Agent\myAgtSvc.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ienq32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\pctspk.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Dell\AccessDirect\dadapp.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\myCIO\Agent\myagttry.exe C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\WLANSTA.EXE C:\WINDOWS\system32\ieps32.exe C:\Program Files\SpyKiller\spykiller.exe C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe C:\Program Files\Dell\AccessDirect\DadTray.exe C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlgn.exe C:\Program Files\Palm\HOTSYNC.EXE C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\AIM\aim.exe C:\Program Files\Messenger\MSMSGS.EXE C:\WINDOWS\System32\msiexec.exe C:\Documents and Settings\rallen\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://your-searcher.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://your-searcher.com/index.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://your-searcher.com/index.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://qhdqn.dll/index.html#96676 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\qhdqn.dll/sp.html#96676 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qhdqn.dll/sp.html#96676 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://qhdqn.dll/index.html#96676 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://your-searcher.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://your-searcher.com/index.htm R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {5F180D9D-9458-3702-9EB3-84B7CCFF9CC5} - C:\WINDOWS\apiwf.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [myCIO.com ASaP] C:\WINDOWS\myCIO\Agent\myagttry.exe O4 - HKLM\..\Run: [myCIO.com Splash] C:\WINDOWS\myCIO\VScan\Splash.exe O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [WLANSTA.EXE] WLANSTA.EXE START O4 - HKLM\..\Run: [ieps32.exe] C:\WINDOWS\system32\ieps32.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\RunOnce: [ienq32.exe] C:\WINDOWS\system32\ienq32.exe O4 - HKCU\..\Run: [\IEService.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.exe O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: winlgn.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: axscanner - http://www.pestscan.com/scanner/axscanner.cab O16 - DPF: axscannerruntime - http://www.pestscan.com/scanner/axscannerruntime.cab O16 - DPF: mscomctl - http://www.pestscan.com/scanner/mscomctl.cab O16 - DPF: msvcp71 - http://download.pestpatrol.com/Down...nts/msvcp71.cab O16 - DPF: msvcr71 - http://download.pestpatrol.com/Down...nts/msvcr71.cab O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://195.225.177.13/sv/online.chm::/on-line.exe O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://virusscanasap.mcafeeasap.com...in/myCioAgt.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - C:\WINDOWS\myCIO\Agent\myRmProt2.8.0.201.dll
|
|
#2
July 24th, 2004, 10:12 AM
|
|||
|
|||
|
You are infected with a variant of the CoolWebSearch.
Download CWShredder from the below link and unzip it into a directory. Start CWShredder and click on the FIx button to have it remove all CWS infections it finds. Download CWShredder from: http://www.merijn.org/files/cwshredder.zip or http://tools.zerosrealm.com/CWShredder.zip After you download the program, unzip it into a directory. Make sure all browser windows are closed and double click on the cwshredder.exe to start the program. When the program is loaded click on the "Check for Update" button, and if it finds an new version it will download it. You should then double click on cwshredder.exe again and click on the "FIX" button (not the "Scan only" button) and let it scan your computer. To get the best results it is recommended that you run it in safe mode. Reboot windows and press F8 at boot/windows startup, usually right after the beep. Then select safe mode. A tutorial that goes over this process step by step can be found here: How to remove CoolWebSearch with CoolWeb Shredder Once that is completed you should follow these steps in order to clean your computer of Malware which can include Viruses, Trojans, Worms, Spyware, Hijackers and Dialers Step 1: Download Spybot and Adaware from the following locations and install them. You should run both programs and clean up what it finds. This is to gaurantee that you find the most malware you can installed on your computer. Before running the scans on both programs, it is mandatory that you update the programs. There are update options in each program when you run them. Spybot Ad-aware If you would like to learn more about how to use these two programs with the proper settings you can read the tutorials below: AD-AWARE - Using Ad-aware to remove Spyware/Hijackers from Your Computer. SPYBOT SEARCH AND DESTROY - Using Spybot - Search & Destroy to remove Spyware from Your Computer. When you scan with both programs, fix everything that it finds. When you are done with the scan and fixing the items. Please continue with the next step. Step 2: It is important that you run Spybot and Adaware before you proceed with this step. Fixing enties with Hijackthis may leave behind unwanted files on your computer if the previous step was not done first. Create a directory on your hardrive to save HijackThis.exe. A directory like c:\hijackthis. If you do not do this, you will not be able to use the backup/restore features. Download HijackThis from: HijackThis Save this file into the directory you made previously and then run the program. Click on the Scan button and when it is finished click on the Save Log button. A Notepad window will open with the contents of this log. Click on Edit then click on Select all. Then click on Edit and then Click on Copy. Create a reply to this post, and right click in message area and select paste to paste the log into the post. Someone will reply to you after reading this post. DO NOT fix any entries unless you understand what you are doing. To see a tutorial on using HijackThis you can click on the link below: HijackThis - Using HijackThis to Remove Spyware, Browser Hijackers, and Dialers When that is done we will remove the other cws variant
|
|
#3
July 26th, 2004, 12:11 PM
|
|||
|
|||
|
Did everything as directed. New HJT log below:
Logfile of HijackThis v1.98.0 Scan saved at 1:10:33 PM, on 7/26/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\myCIO\VScan\McShield.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\myCIO\Agent\myAgtSvc.exe C:\WINDOWS\System32\ScsiAccess.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ienq32.exe C:\WINDOWS\System32\pctspk.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Dell\AccessDirect\dadapp.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\myCIO\Agent\myagttry.exe C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Dell\AccessDirect\DadTray.exe C:\WINDOWS\System32\WLANSTA.EXE C:\WINDOWS\system32\ieps32.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe C:\Program Files\Palm\HOTSYNC.EXE C:\WINDOWS\System32\msiexec.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\rallen\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jkhll.dll/sp.html#96676 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://jkhll.dll/index.html#96676 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://jkhll.dll/index.html#96676 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\jkhll.dll/sp.html#96676 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jkhll.dll/sp.html#96676 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://jkhll.dll/index.html#96676 R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {25713B9E-3A18-4906-71FE-9FE3C5B4B02A} - C:\WINDOWS\winph32.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [myCIO.com ASaP] C:\WINDOWS\myCIO\Agent\myagttry.exe O4 - HKLM\..\Run: [myCIO.com Splash] C:\WINDOWS\myCIO\VScan\Splash.exe O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [WLANSTA.EXE] WLANSTA.EXE START O4 - HKLM\..\Run: [ieps32.exe] C:\WINDOWS\system32\ieps32.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\RunOnce: [ienq32.exe] C:\WINDOWS\system32\ienq32.exe O4 - HKCU\..\Run: [\IEService.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.exe O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: axscanner - http://www.pestscan.com/scanner/axscanner.cab O16 - DPF: axscannerruntime - http://www.pestscan.com/scanner/axscannerruntime.cab O16 - DPF: mscomctl - http://www.pestscan.com/scanner/mscomctl.cab O16 - DPF: msvcp71 - http://download.pestpatrol.com/Down...nts/msvcp71.cab O16 - DPF: msvcr71 - http://download.pestpatrol.com/Down...nts/msvcr71.cab O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://195.225.177.13/sv/online.chm::/on-line.exe O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://virusscanasap.mcafeeasap.com...in/myCioAgt.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - C:\WINDOWS\myCIO\Agent\myRmProt2.8.0.201.dll Looks like some stuff is still there. Next step?
|
|
#4
July 26th, 2004, 09:37 PM
|
|||
|
|||
|
Please download this file to your desktop and extract the file from the zip onto your desktop. Then run the vbs file and post the contents of the notepad that will appear as a response to this message.
It can be downloaded from here: http://www.computercops.biz/modules.php?na...ownload&id=2239
|
|
#5
July 27th, 2004, 07:15 AM
|
|||
|
|||
|
Here you go.... thanks again!!
These are the Current Active Services: ATI HOTKEY POLLER: Ati HotKey Poller C:\WINDOWS\System32\Ati2evxx.exe WINDOWS AUDIO: AudioSrv C:\WINDOWS\System32\svchost.exe -k netsvcs COMPUTER BROWSER: Browser C:\WINDOWS\System32\svchost.exe -k netsvcs CRYPTOGRAPHIC SERVICES: CryptSvc C:\WINDOWS\system32\svchost.exe -k netsvcs DHCP CLIENT: Dhcp C:\WINDOWS\System32\svchost.exe -k netsvcs LOGICAL DISK MANAGER: dmserver C:\WINDOWS\System32\svchost.exe -k netsvcs COM+ EVENT SYSTEM: EventSystem C:\WINDOWS\System32\svchost.exe -k netsvcs HELP AND SUPPORT: helpsvc C:\WINDOWS\System32\svchost.exe -k netsvcs INFRARED MONITOR: Irmon C:\WINDOWS\System32\svchost.exe -k netsvcs SERVER: lanmanserver C:\WINDOWS\System32\svchost.exe -k netsvcs WORKSTATION: lanmanworkstation C:\WINDOWS\System32\svchost.exe -k netsvcs MESSENGER: Messenger C:\WINDOWS\System32\svchost.exe -k netsvcs NETWORK CONNECTIONS: Netman C:\WINDOWS\System32\svchost.exe -k netsvcs NETWORK LOCATION AWARENESS (NLA): Nla C:\WINDOWS\System32\svchost.exe -k netsvcs REMOTE ACCESS AUTO CONNECTION MANAGER: RasAuto C:\WINDOWS\System32\svchost.exe -k netsvcs REMOTE ACCESS CONNECTION MANAGER: RasMan C:\WINDOWS\System32\svchost.exe -k netsvcs TASK SCHEDULER: Schedule C:\WINDOWS\System32\svchost.exe -k netsvcs SECONDARY LOGON: seclogon C:\WINDOWS\System32\svchost.exe -k netsvcs SYSTEM EVENT NOTIFICATION: SENS C:\WINDOWS\system32\svchost.exe -k netsvcs SHELL HARDWARE DETECTION: ShellHWDetection C:\WINDOWS\System32\svchost.exe -k netsvcs SYSTEM RESTORE SERVICE: srservice C:\WINDOWS\System32\svchost.exe -k netsvcs TELEPHONY: TapiSrv C:\WINDOWS\System32\svchost.exe -k netsvcs TERMINAL SERVICES: TermService C:\WINDOWS\System32\svchost.exe -k netsvcs THEMES: Themes C:\WINDOWS\System32\svchost.exe -k netsvcs DISTRIBUTED LINK TRACKING CLIENT: TrkWks C:\WINDOWS\system32\svchost.exe -k netsvcs UPLOAD MANAGER: uploadmgr C:\WINDOWS\System32\svchost.exe -k netsvcs WINDOWS MANAGEMENT INSTRUMENTATION: winmgmt C:\WINDOWS\system32\svchost.exe -k netsvcs WIRELESS ZERO CONFIGURATION: WZCSVC C:\WINDOWS\System32\svchost.exe -k netsvcs C-DILLACDAC11BA: C-DillaCdaC11BA C:\WINDOWS\System32\drivers\CDAC11BA.EXE DNS CLIENT: Dnscache C:\WINDOWS\System32\svchost.exe -k NetworkService EVENT LOG: Eventlog C:\WINDOWS\system32\services.exe PLUG AND PLAY: PlugPlay C:\WINDOWS\system32\services.exe KODAK CAMERA CONNECTION SOFTWARE: KodakCCS C:\WINDOWS\system32\drivers\KodakCCS.exe LEXBCE SERVER: LexBceS C:\WINDOWS\system32\LEXBCES.EXE TCP/IP NETBIOS HELPER: LmHosts C:\WINDOWS\System32\svchost.exe -k LocalService REMOTE REGISTRY: RemoteRegistry C:\WINDOWS\system32\svchost.exe -k LocalService SSDP DISCOVERY SERVICE: SSDPSRV C:\WINDOWS\System32\svchost.exe -k LocalService WEBCLIENT: WebClient C:\WINDOWS\System32\svchost.exe -k LocalService MCSHIELD: McShield C:\WINDOWS\myCIO\VScan\McShield.exe MACHINE DEBUG MANAGER: MDM "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" WINDOWS INSTALLER: MSIServer C:\WINDOWS\System32\msiexec.exe /V MCAFEE AGENT: myAgtSvc C:\WINDOWS\myCIO\Agent\myAgtSvc.exe /ServiceStart IPSEC SERVICES: PolicyAgent C:\WINDOWS\System32\lsass.exe PROTECTED STORAGE: ProtectedStorage C:\WINDOWS\system32\lsass.exe SECURITY ACCOUNTS MANAGER: SamSs C:\WINDOWS\system32\lsass.exe REMOTE PROCEDURE CALL (RPC): RpcSs C:\WINDOWS\system32\svchost -k rpcss SCSIACCESS: ScsiAccess C:\WINDOWS\System32\ScsiAccess.EXE PRINT SPOOLER: Spooler C:\WINDOWS\system32\spoolsv.exe WINDOWS IMAGE ACQUISITION (WIA): stisvc C:\WINDOWS\System32\svchost.exe -k imgsvc NETWORK SECURITY SERVICE (NSS): O.#´ C:\WINDOWS\system32\ienq32.exe /s
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
