Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - agc8319

Pages: [1]
1
Tech Clinic / CWS.svchost32 and CWS.bootconf help!
« on: March 24, 2005, 01:48:26 AM »
Sorry for not catching that!  That must make me look like a fool.  I know it must be irritating to supply people with a link and then have them ask an unnecessary question simply because they are too lazy to read for themselves.  I apologize.  

I greatly appreciate all your help.  I obviously would have been SOL without it!

2
Tech Clinic / CWS.svchost32 and CWS.bootconf help!
« on: March 23, 2005, 04:06:09 AM »
I downloaded the Spyware Blaster.  I don't know if it is still working when I close the box though.  Does it have to be open and running for me to be protected?

3
Tech Clinic / CWS.svchost32 and CWS.bootconf help!
« on: March 22, 2005, 12:01:17 AM »
I removed the entries as you requested.  Here is the HJT log file.  Hope it helps.  If there is anything else I can do to help, just let me know as I will be checking back periodically.  

Logfile of HijackThis v1.99.1
Scan saved at 11:57:19 PM, on 3/21/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\AVG7~1.0\avgamsvr.exe
D:\AVG7~1.0\avgupsvc.exe
C:\WINDOWS\System32\cisvc.exe
D:\Program Files\Daemon & Norton Antivirus\Norton Anti-Virus\Norton GoBack\GBPoll.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
D:\Program Files\Panorama\Panorama.exe
C:\WINDOWS\System32\wuauclt.exe
D:\HJT\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bestbuy.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bestbuy.msn.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_6_0_0.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_6_0_0.dll
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - Startup: Panorama.lnk = D:\Program Files\Panorama\Panorama.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.msn.com
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt2_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093154352655
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2002092...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Email Removed Attachments Control) - http://by14fd.bay14.Email Removed.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} (sonyctl.sonycm) - http://supportcentral.sel.sony.com/sdccomm...oad/sonyctl.CAB
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\AVG7~1.0\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\AVG7~1.0\avgupsvc.exe
O23 - Service: GBPoll - Symantec Corporation - D:\Program Files\Daemon & Norton Antivirus\Norton Anti-Virus\Norton GoBack\GBPoll.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

4
Tech Clinic / CWS.svchost32 and CWS.bootconf help!
« on: March 21, 2005, 08:14:26 PM »
Here is my updated HJT log.  By the way, I went to delete the following entries but they were not available to delete.  I have no idea why.  The other entries were deleted successfully.

O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)

Logfile of HijackThis v1.99.1
Scan saved at 8:09:21 PM, on 3/21/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\AVG7~1.0\avgamsvr.exe
D:\AVG7~1.0\avgupsvc.exe
C:\WINDOWS\System32\cisvc.exe
D:\Program Files\Daemon & Norton Antivirus\Norton Anti-Virus\Norton GoBack\GBPoll.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
D:\Program Files\Panorama\Panorama.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\HJT\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_6_0_0.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_6_0_0.dll
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - Startup: Panorama.lnk = D:\Program Files\Panorama\Panorama.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.msn.com
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt2_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093154352655
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2002092...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Email Removed Attachments Control) - http://by14fd.bay14.Email Removed.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} (sonyctl.sonycm) - http://supportcentral.sel.sony.com/sdccomm...oad/sonyctl.CAB
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\AVG7~1.0\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\AVG7~1.0\avgupsvc.exe
O23 - Service: GBPoll - Symantec Corporation - D:\Program Files\Daemon & Norton Antivirus\Norton Anti-Virus\Norton GoBack\GBPoll.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

5
Tech Clinic / CWS.svchost32 and CWS.bootconf help!
« on: March 21, 2005, 07:59:04 PM »
Sorry about the delay and for not mentioning the Yahoo! toolbar.  I simply downloaded the toolbar again and it is working fine now.  I forgot to check back in since everything seemed to be working fine.  I will perform the changes you suggested and post back ASAP.  Thanks and again sorry for the delay.

6
Tech Clinic / CWS.svchost32 and CWS.bootconf help!
« on: March 20, 2005, 08:08:48 PM »
In case that wasn't what you needed, here is a copy of the StartDreck log.

»Registry
»Files
»System/Drivers
 »NT Services
  *Alerter   Alerter   running   auto
   `binary: C:\WINDOWS\System32\svchost.exe -k LocalService
  *Application Layer Gateway Service   ALG   -   on demand
   `binary: C:\WINDOWS\System32\alg.exe
  *Application Management   AppMgmt   -   on demand
   `binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
  *Windows Audio   AudioSrv   running   auto
   `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
  *AVG7 Alert Manager Server   Avg7Alrt   running   auto
   `binary: D:\AVG7~1.0\avgamsvr.exe
  *AVG7 Update Service   Avg7UpdSvc   running   auto
   `binary: D:\AVG7~1.0\avgupsvc.exe
  *Background Intelligent Transfer Service   BITS   -   on demand
   `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
  *Computer Browser   Browser   running   auto
   `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
  *Indexing Service   cisvc   running   auto
   `binary: C:\WINDOWS\System32\cisvc.exe
  *ClipBook   ClipSrv   -   on demand
   `binary: C:\WINDOWS\system32\clipsrv.exe
  *COM+ System Application   COMSysApp   -   on demand
   `binary: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
  *Cryptographic Services   CryptSvc   running   auto
   `binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
  *DHCP Client   Dhcp   running   auto
   `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
  *Logical Disk Manager Administrative Service   dmadmin   -   on demand
   `binary: C:\WINDOWS\System32\dmadmin.exe /com
  *Logical Disk Manager   dmserver   -   on demand
   `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
  *DNS Client   Dnscache   running   auto
   `binary: C:\WINDOWS\System32\svchost.exe -k NetworkService
  *Error Reporting Service   ERSvc   running   auto
   `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
  *Event Log   Eventlog   running   auto
   `binary: C:\WINDOWS\system32\services.exe
  *COM+ Event System   EventSystem   running   on demand
   `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
  *Fast User Switching Compatibility   FastUserSwitchingCom   running   on demand
   `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
  *GBPoll   GBPoll   running   auto
   `binary: D:\Program Files\Daemon & Norton Antivirus\Norton Anti-Virus\Norton GoBack\GBPoll.exe
  *Help and Support   helpsvc   running   auto
   `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
  *Human Interface Device Access   HidServ   -   disabled
   `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
  *IMAPI CD-Burning COM Service   ImapiService   -   on demand
   `binary: C:\WINDOWS\System32\imapi.exe
  *ISEXEng   ISEXEng   -   auto
   `binary: C:\WINDOWS\System32\angelex.exe
  *Server   lanmanserver   running   auto
   `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
  *Workstation   lanmanworkstation   running   auto
   `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
  *TCP/IP NetBIOS Helper   LmHosts   running   auto
   `binary: C:\WINDOWS\System32\svchost.exe -k LocalService
  *Messenger   Messenger   -   on demand
   `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
  *NetMeeting Remote Desktop Sharing   mnmsrvc   -   on demand
   `binary: C:\WINDOWS\System32\mnmsrvc.exe
  *Distributed Transaction Coordinator   MSDTC   -   on demand
   `binary: C:\WINDOWS\System32\msdtc.exe
  *Windows Installer   MSIServer   -   on demand
   `binary: C:\windows\System32\msiexec.exe /V
  *Network DDE   NetDDE   -   on demand
   `binary: C:\WINDOWS\system32\netdde.exe
  *Network DDE DSDM   NetDDEdsdm   -   on demand
   `binary: C:\WINDOWS\system32\netdde.exe
  *Net Logon   Netlogon   -   on demand
   `binary: C:\WINDOWS\System32\lsass.exe
  *Network Connections   Netman   running   on demand
   `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
  *Network Location Awareness (NLA)   Nla   running   on demand
   `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
  *NT LM Security Support Provider   NtLmSsp   -   on demand
   `binary: C:\WINDOWS\System32\lsass.exe
  *Removable Storage   NtmsSvc   -   on demand
   `binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
  *NVIDIA Driver Helper Service   NVSvc   running   auto
   `binary: C:\WINDOWS\System32\nvsvc32.exe
  *Plug and Play   PlugPlay   running   auto
   `binary: C:\WINDOWS\system32\services.exe
  *IPSEC Services   PolicyAgent   running   auto
   `binary: C:\WINDOWS\System32\lsass.exe
  *Protected Storage   ProtectedStorage   running   auto
   `binary: C:\WINDOWS\system32\lsass.exe
  *Remote Access Auto Connection Manager   RasAuto   -   on demand
   `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
  *Remote Access Connection Manager   RasMan   -   on demand
   `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
  *Remote Desktop Help Session Manager   RDSessMgr   -   on demand
   `binary: C:\WINDOWS\system32\sessmgr.exe
  *Routing and Remote Access   RemoteAccess   -   disabled
   `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
  *Remote Procedure Call (RPC) Locator   RpcLocator   -   on demand
   `binary: C:\WINDOWS\System32\locator.exe
  *Remote Procedure Call (RPC)   RpcSs   running   auto
   `binary: C:\WINDOWS\system32\svchost -k rpcss
  *QoS RSVP   RSVP   -   on demand
   `binary: C:\WINDOWS\System32\rsvp.exe
  *Security Accounts Manager   SamSs   running   auto
   `binary: C:\WINDOWS\system32\lsass.exe
  *Smart Card Helper   SCardDrv   -   on demand
   `binary: C:\WINDOWS\System32\SCardSvr.exe
  *Smart Card   SCardSvr   -   on demand
   `binary: C:\WINDOWS\System32\SCardSvr.exe
  *Task Scheduler   Schedule   running   auto
   `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
  *Secondary Logon   seclogon   running   auto
   `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
  *System Event Notification   SENS   running   auto
   `binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
  *Internet Connection Firewall (ICF) / Internet C   SharedAccess   -   on demand
   `onnection Sharing (ICS)
   `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
  *Shell Hardware Detection   ShellHWDetection   running   auto
   `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
  *Print Spooler   Spooler   running   auto
   `binary: C:\WINDOWS\system32\spoolsv.exe
  *Sony SPTI Service   SPTISRV   -   on demand
   `binary: C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
  *System Restore Service   srservice   -   auto
   `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
  *SSDP Discovery Service   SSDPSRV   running   on demand
   `binary: C:\WINDOWS\System32\svchost.exe -k LocalService
  *Windows Image Acquisition (WIA)   stisvc   -   on demand
   `binary: C:\WINDOWS\System32\svchost.exe -k imgsvc
  *MS Software Shadow Copy Provider   SwPrv   -   on demand
   `binary: C:\WINDOWS\System32\dllhost.exe /Processid:{BA72BC4C-14AC-4B54-B08C-9E23DC869967}
  *Performance Logs and Alerts   SysmonLog   -   on demand
   `binary: C:\WINDOWS\system32\smlogsvc.exe
  *Telephony   TapiSrv   running   on demand
   `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
  *Terminal Services   TermService   running   on demand
   `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
  *Themes   Themes   running   auto
   `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
  *Distributed Link Tracking Client   TrkWks   running   auto
   `binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
  *Windows User Mode Driver Framework   UMWdf   running   auto
   `binary: C:\WINDOWS\System32\wdfmgr.exe
  *Upload Manager   uploadmgr   running   auto
   `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
  *Universal Plug and Play Device Host   upnphost   -   on demand
   `binary: C:\WINDOWS\System32\svchost.exe -k LocalService
  *Uninterruptible Power Supply   UPS   -   on demand
   `binary: C:\WINDOWS\System32\ups.exe
  *Volume Shadow Copy   VSS   -   on demand
   `binary: C:\WINDOWS\System32\vssvc.exe
  *Windows Time   W32Time   running   auto
   `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
  *WebClient   WebClient   running   auto
   `binary: C:\WINDOWS\System32\svchost.exe -k LocalService
  *Windows Management Instrumentation   winmgmt   running   auto
   `binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
  *Portable Media Serial Number Service   WmdmPmSN   -   on demand
   `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
  *WMI Performance Adapter   WmiApSrv   -   on demand
   `binary: C:\WINDOWS\System32\wbem\wmiapsrv.exe
  *Automatic Updates   wuauserv   running   auto
   `binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
  *Wireless Zero Configuration   WZCSVC   running   auto
   `binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
  *ZESOFT   ZESOFT   -   auto
   `binary: C:\WINDOWS\zeta.exe
 »NT Kernel- and FS-drivers
  *Abiosdsk   Abiosdsk   -   disabled
   `binary:
  *abp480n5   abp480n5   -   disabled
   `binary:
  *Microsoft ACPI Driver   ACPI   running   boot
   `binary: \SystemRoot\System32\DRIVERS\ACPI.sys
  *ACPIEC   ACPIEC   -   disabled
   `binary:
  *adpu160m   adpu160m   -   disabled
   `binary:
  *Microsoft Kernel Acoustic Echo Canceller   aec   -   on demand
   `binary: system32\drivers\aec.sys
  *AFD Networking Support Environment   AFD   running   auto
   `binary: \SystemRoot\System32\drivers\afd.sys
  *Intel AGP Bus Filter   agp440   running   boot
   `binary: \SystemRoot\System32\DRIVERS\agp440.sys
  *Aha154x   Aha154x   -   disabled
   `binary:
  *aic78u2   aic78u2   -   disabled
   `binary:
  *aic78xx   aic78xx   -   disabled
   `binary:
  *AliIde   AliIde   -   disabled
   `binary:
  *amsint   amsint   -   disabled
   `binary:
  *1394 ARP Client Protocol   Arp1394   running   on demand
   `binary: System32\DRIVERS\arp1394.sys
  *asc   asc   -   disabled
   `binary:
  *asc3350p   asc3350p   -   disabled
   `binary:
  *asc3550   asc3550   -   disabled
   `binary:
  *Aspi32   Aspi32   running   auto
   `binary:
  *RAS Asynchronous Media Driver   AsyncMac   -   on demand
   `binary: System32\DRIVERS\asyncmac.sys
  *Standard IDE/ESDI Hard Disk Controller   atapi   running   boot
   `binary: \SystemRoot\System32\DRIVERS\atapi.sys
  *Atdisk   Atdisk   -   disabled
   `binary:
  *ATM ARP Client Protocol   Atmarpc   -   on demand
   `binary: System32\DRIVERS\atmarpc.sys
  *Audio Stub Driver   audstub   running   on demand
   `binary: System32\DRIVERS\audstub.sys
  *AVG7 Kernel   Avg7Core   running   system
   `binary: \SystemRoot\System32\Drivers\avg7core.sys
  *AVG7 Wrap Driver   Avg7RsW   running   system
   `binary: \SystemRoot\System32\Drivers\avg7rsw.sys
  *AVG7 Rezident Driver   Avg7RsXP   running   system
   `binary: \SystemRoot\System32\Drivers\avg7rsxp.sys
  *AVG Network Redirector   AvgTdi   running   auto
   `binary: \??\C:\WINDOWS\System32\Drivers\avgtdi.sys
  *Broadcom iLine10(tm) Network Adapter Driver   BCM42XX   -   on demand
   `binary: System32\DRIVERS\bcm42xx5.sys
  *BCM V.90 56K Modem   BCMModem   -   on demand
   `binary: System32\DRIVERS\BCMDM.sys
  *bdasupi   bdasupi   running   auto
   `binary: \??\C:\WINDOWS\System32\drivers\bdasupi.sys
  *Beep   Beep   running   system
   `binary:
  *MAC Bridge   Bridge   -   on demand
   `binary: System32\DRIVERS\bridge.sys
  *MAC Bridge Miniport   BridgeMP   running   on demand
   `binary: System32\DRIVERS\bridge.sys
  *cbidf2k   cbidf2k   -   disabled
   `binary:
  *cd20xrnt   cd20xrnt   -   disabled
   `binary:
  *Cdaudio   Cdaudio   -   system
   `binary:
  *Cdfs   Cdfs   running   disabled
   `binary:
  *CD-ROM Driver   Cdrom   running   system
   `binary: System32\DRIVERS\cdrom.sys
  *Changer   Changer   -   system
   `binary:
  *CmdIde   CmdIde   -   disabled
   `binary:
  *Cpqarray   Cpqarray   -   disabled
   `binary:
  *dac960nt   dac960nt   -   disabled
   `binary:
  *Disk Driver   Disk   running   boot
   `binary: \SystemRoot\System32\DRIVERS\disk.sys
  *dmboot   dmboot   -   disabled
   `binary: System32\drivers\dmboot.sys
  *Sony DMI Call service   DMICall   running   system
   `binary: System32\DRIVERS\DMICall.sys
  *dmio   dmio   -   disabled
   `binary: System32\drivers\dmio.sys
  *dmload   dmload   -   disabled
   `binary: System32\drivers\dmload.sys
  *Microsoft Kernel DLS Syntheiszer   DMusic   -   on demand
   `binary: system32\drivers\DMusic.sys
  *dpti2o   dpti2o   -   disabled
   `binary:
  *Microsoft Kernel DRM Audio Descrambler   drmkaud   -   on demand
   `binary: system32\drivers\drmkaud.sys
  *Fastfat   Fastfat   running   disabled
   `binary:
  *Floppy Disk Controller Driver   Fdc   running   on demand
   `binary: System32\DRIVERS\fdc.sys
  *Fips   Fips   running   system
   `binary:
  *Floppy Disk Driver   Flpydisk   running   on demand
   `binary: System32\DRIVERS\flpydisk.sys
  *Volume Manager Driver   Ftdisk   running   boot
   `binary: \SystemRoot\System32\DRIVERS\ftdisk.sys
  *GBDevice   GBDevice   running   boot
   `binary:
  *GBFSHook   GBFSHook   running   auto
   `binary:
  *GoBack2K   GoBack2K   running   boot
   `binary:
  *Generic Packet Classifier   Gpc   running   on demand
   `binary: System32\DRIVERS\msgpc.sys
  *Microsoft HID Class Driver   HidUsb   -   on demand
   `binary: System32\DRIVERS\hidusb.sys
  *hpn   hpn   -   disabled
   `binary:
  *hpt3xx   hpt3xx   -   disabled
   `binary:
  *i2omgmt   i2omgmt   running   system
   `binary:
  *i2omp   i2omp   -   disabled
   `binary:
  *i8042 Keyboard and PS/2 Mouse Port Driver   i8042prt   running   system
   `binary: System32\DRIVERS\i8042prt.sys
  *Imapi   Imapi   running   system
   `binary:
  *ini910u   ini910u   -   disabled
   `binary:
  *IntelIde   IntelIde   running   boot
   `binary: \SystemRoot\System32\DRIVERS\intelide.sys
  *IP Traffic Filter Driver   IpFilterDriver   -   on demand
   `binary: System32\DRIVERS\ipfltdrv.sys
  *IP in IP Tunnel Driver   IpInIp   -   on demand
   `binary: System32\DRIVERS\ipinip.sys
  *IP Network Address Translator   IpNat   -   on demand
   `binary: System32\DRIVERS\ipnat.sys
  *IPSEC driver   IPSec   running   system
   `binary: System32\DRIVERS\ipsec.sys
  *IR Enumerator Service   IRENUM   -   on demand
   `binary: System32\DRIVERS\irenum.sys
  *PnP ISA/EISA Bus Driver   isapnp   running   boot
   `binary: \SystemRoot\System32\DRIVERS\isapnp.sys
  *Keyboard Class Driver   Kbdclass   running   system
   `binary: System32\DRIVERS\kbdclass.sys
  *Microsoft Kernel Wave Audio Mixer   kmixer   running   on demand
   `binary: system32\drivers\kmixer.sys
  *KSecDD   KSecDD   running   boot
   `binary:
  *lbrtfdc   lbrtfdc   -   system
   `binary:
  *Lucent Modem Driver   ltmodem5   running   on demand
   `binary: System32\DRIVERS\ltmdmnt.sys
  *mnmdd   mnmdd   running   system
   `binary:
  *Modem   Modem   running   on demand
   `binary:
  *Unimodem Streaming Filter Device   MODEMCSA   -   on demand
   `binary: system32\drivers\MODEMCSA.sys
  *Mouse Class Driver   Mouclass   running   system
   `binary: System32\DRIVERS\mouclass.sys
  *Mouse HID Driver   mouhid   -   on demand
   `binary: System32\DRIVERS\mouhid.sys
  *Mount Point Manager   MountMgr   running   boot
   `binary:
  *mraid35x   mraid35x   -   disabled
   `binary:
  *WebDav Client Redirector   MRxDAV   running   on demand
   `binary: System32\DRIVERS\mrxdav.sys
  *MRxSmb   MRxSmb   running   system
   `binary: System32\DRIVERS\mrxsmb.sys
  *Msfs   Msfs   running   system
   `binary:
  *Microsoft Streaming Service Proxy   MSKSSRV   -   on demand
   `binary: system32\drivers\MSKSSRV.sys
  *Microsoft Streaming Clock Proxy   MSPCLOCK   -   on demand
   `binary: system32\drivers\MSPCLOCK.sys
  *Microsoft Streaming Quality Manager Proxy   MSPQM   -   on demand
   `binary: system32\drivers\MSPQM.sys
  *Mup   Mup   running   boot
   `binary:
  *NDIS System Driver   NDIS   running   boot
   `binary:
  *Remote Access NDIS TAPI Driver   NdisTapi   running   on demand
   `binary: System32\DRIVERS\ndistapi.sys
  *NDIS Usermode I/O Protocol   Ndisuio   running   on demand
   `binary: System32\DRIVERS\ndisuio.sys
  *Remote Access NDIS WAN Driver   NdisWan   running   on demand
   `binary: System32\DRIVERS\ndiswan.sys
  *NDIS Proxy   NDProxy   running   on demand
   `binary:
  *NetBIOS Interface   NetBIOS   running   system
   `binary: System32\DRIVERS\netbios.sys
  *NetBT   NetBT   running   system
   `binary: System32\DRIVERS\netbt.sys
  *1394 Net Driver   NIC1394   running   on demand
   `binary: System32\DRIVERS\nic1394.sys
  *Network Monitor Driver   nm   -   on demand
   `binary: System32\DRIVERS\NMnt.sys
  *Npfs   Npfs   running   system
   `binary:
  *Ntfs   Ntfs   running   disabled
   `binary:
  *Null   Null   running   system
   `binary:
  *nv   nv   running   on demand
   `binary: System32\DRIVERS\nv4_mini.sys
  *nv4   nv4   -   on demand
   `binary: System32\DRIVERS\nv4_mini.sys
  *IPX Traffic Filter Driver   NwlnkFlt   -   on demand
   `binary: System32\DRIVERS\nwlnkflt.sys
  *IPX Traffic Forwarder Driver   NwlnkFwd   -   on demand
   `binary: System32\DRIVERS\nwlnkfwd.sys
  *NWLink IPX/SPX/NetBIOS Compatible Transport Pro   NwlnkIpx   running   auto
   `tocol
   `binary: System32\DRIVERS\nwlnkipx.sys
  *NWLink NetBIOS   NwlnkNb   running   auto
   `binary: System32\DRIVERS\nwlnknb.sys
  *NWLink SPX/SPXII Protocol   NwlnkSpx   running   auto
   `binary: System32\DRIVERS\nwlnkspx.sys
  *Texas Instruments OHCI Compliant IEEE 1394 Host   ohci1394   running   boot
   ` Controller
   `binary: \SystemRoot\System32\DRIVERS\ohci1394.sys
  *Parallel port driver   Parport   running   on demand
   `binary: System32\DRIVERS\parport.sys
  *Partition Manager   PartMgr   running   boot
   `binary:
  *ParVdm   ParVdm   running   auto
   `binary:
  *PCI Bus Driver   PCI   running   boot
   `binary: \SystemRoot\System32\DRIVERS\pci.sys
  *PCIDump   PCIDump   -   system
   `binary:
  *PCIIde   PCIIde   -   disabled
   `binary:
  *Pcmcia   Pcmcia   -   disabled
   `binary:
  *PDCOMP   PDCOMP   -   on demand
   `binary:
  *PDFRAME   PDFRAME   -   on demand
   `binary:
  *PDRELI   PDRELI   -   on demand
   `binary:
  *PDRFRAME   PDRFRAME   -   on demand
   `binary:
  *perc2   perc2   -   disabled
   `binary:
  *perc2hib   perc2hib   -   disabled
   `binary:
  *WAN Miniport (PPTP)   PptpMiniport   running   on demand
   `binary: System32\DRIVERS\raspptp.sys
  *Processor Driver   Processor   running   system
   `binary: System32\DRIVERS\processr.sys
  *QoS Packet Scheduler   PSched   running   on demand
   `binary: System32\DRIVERS\psched.sys
  *Direct Parallel Link Driver   Ptilink   running   on demand
   `binary: System32\DRIVERS\ptilink.sys
  *PxHelp20   PxHelp20   running   boot
   `binary: \SystemRoot\System32\DRIVERS\PxHelp20.sys
  *ql1080   ql1080   -   disabled
   `binary:
  *Ql10wnt   Ql10wnt   -   disabled
   `binary:
  *ql12160   ql12160   -   disabled
   `binary:
  *ql1240   ql1240   -   disabled
   `binary:
  *ql1280   ql1280   -   disabled
   `binary:
  *Remote Access Auto Connection Driver   RasAcd   running   system
   `binary: System32\DRIVERS\rasacd.sys
  *WAN Miniport (L2TP)   Rasl2tp   running   on demand
   `binary: System32\DRIVERS\rasl2tp.sys
  *Remote Access PPPOE Driver   RasPppoe   running   on demand
   `binary: System32\DRIVERS\raspppoe.sys
  *Direct Parallel   Raspti   running   on demand
   `binary: System32\DRIVERS\raspti.sys
  *Rdbss   Rdbss   running   system
   `binary: System32\DRIVERS\rdbss.sys
  *RDPCDD   RDPCDD   running   system
   `binary: System32\DRIVERS\RDPCDD.sys
  *RDPWD   RDPWD   -   on demand
   `binary:
  *Digital CD Audio Playback Filter Driver   redbook   running   system
   `binary: System32\DRIVERS\redbook.sys
  *Realtek RTL8139(A/B/C)-based PCI Fast Ethernet    rtl8139   running   on demand
   `Adapter NT Driver
   `binary: System32\DRIVERS\RTL8139.SYS
  *Secdrv   Secdrv   running   auto
   `binary: System32\DRIVERS\secdrv.sys
  *Serenum Filter Driver   serenum   running   on demand
   `binary: System32\DRIVERS\serenum.sys
  *Serial port driver   Serial   running   system
   `binary: System32\DRIVERS\serial.sys
  *Sfloppy   Sfloppy   -   system
   `binary:
  *Simbad   Simbad   -   disabled
   `binary:
  *smwdm   smwdm   running   on demand
   `binary: system32\drivers\smwdm.sys
  *FAN Control Device Service   SonyFanC   running   system
   `binary: System32\Drivers\SonyFanC.sys
  *Sparrow   Sparrow   -   disabled
   `binary:
  *Microsoft Kernel Audio Splitter   splitter   -   on demand
   `binary: system32\drivers\splitter.sys
  *System Restore Filter Driver   sr   -   disabled
   `binary: \SystemRoot\System32\DRIVERS\sr.sys
  *Srv   Srv   running   on demand
   `binary: System32\DRIVERS\srv.sys
  *Software Bus Driver   swenum   running   on demand
   `binary: System32\DRIVERS\swenum.sys
  *Microsoft Kernel GS Wavetable Synthesizer   swmidi   -   on demand
   `binary: system32\drivers\swmidi.sys
  *symc810   symc810   -   disabled
   `binary:
  *symc8xx   symc8xx   -   disabled
   `binary:
  *sym_hi   sym_hi   -   disabled
   `binary:
  *sym_u3   sym_u3   -   disabled
   `binary:
  *Microsoft Kernel System Audio Device   sysaudio   running   on demand
   `binary: system32\drivers\sysaudio.sys
  *TCP/IP Protocol Driver   Tcpip   running   system
   `binary: System32\DRIVERS\tcpip.sys
  *TDPIPE   TDPIPE   -   on demand
   `binary:
  *TDTCP   TDTCP   -   on demand
   `binary:
  *Terminal Device Driver   TermDD   running   system
   `binary: System32\DRIVERS\termdd.sys
  *TosIde   TosIde   -   disabled
   `binary:
  *Udfs   Udfs   -   disabled
   `binary:
  *ultra   ultra   -   disabled
   `binary:
  *Microcode Update Driver   Update   running   on demand
   `binary: System32\DRIVERS\update.sys
  *USB2 Enabled Hub   usbhub   running   on demand
   `binary: System32\DRIVERS\usbhub.sys
  *USB Mass Storage Driver   USBSTOR   -   on demand
   `binary: System32\DRIVERS\USBSTOR.SYS
  *Microsoft USB Universal Host Controller Minipor   usbuhci   running   on demand
   `t Driver
   `binary: System32\DRIVERS\usbuhci.sys
  *V7   V7   running   auto
   `binary:
  *VGA Display Controller.   VgaSave   running   system
   `binary: \SystemRoot\System32\drivers\vga.sys
  *ViaIde   ViaIde   -   disabled
   `binary:
  *VolSnap   VolSnap   running   boot
   `binary:
  *Remote Access IP ARP Driver   Wanarp   running   on demand
   `binary: System32\DRIVERS\wanarp.sys
  *WDICA   WDICA   -   on demand
   `binary:
  *Microsoft WINMM WDM Audio Compatibility Driver   wdmaud   running   on demand
   `binary: system32\drivers\wdmaud.sys
  *Windows Socket 2.0 Non-IFS Service Provider Sup   WS2IFSL   -   on demand
   `port Environment
   `binary: \SystemRoot\System32\drivers\ws2ifsl.sys
»Application specific

7
Tech Clinic / CWS.svchost32 and CWS.bootconf help!
« on: March 20, 2005, 06:36:59 PM »
In report.txt, this is what was written

C:\WINDOWS\SYSTEM32\DRIVERS\BDASUPI.SYS

8
Tech Clinic / CWS.svchost32 and CWS.bootconf help!
« on: March 20, 2005, 05:36:47 PM »
Copying the file from the Repair folder to the System32 folder worked, I think.  I do not get a message preventing me from running locate.bat.  When I click on locate.bat now, it opens a C prompt and then reports file not found, then automatically closes.  Here is the updated HJT log as you requested I do after running locate.bat.  

Logfile of HijackThis v1.99.1
Scan saved at 5:32:33 PM, on 3/20/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\AVG7~1.0\avgamsvr.exe
D:\AVG7~1.0\avgupsvc.exe
C:\WINDOWS\System32\cisvc.exe
D:\Program Files\Daemon & Norton Antivirus\Norton Anti-Virus\Norton GoBack\GBPoll.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Panorama\Panorama.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
D:\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O1 - Hosts: 1159680172 auto.search.msn.com
O4 - Startup: Panorama.lnk = D:\Program Files\Panorama\Panorama.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.msn.com
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt2_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\xxcyfcbo.exe
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://dl.ad-ware.cc/j1ybNsZSTT69WjQ5tt4.chm::/on-line.exe
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://C:\foo.mht!http://t058.com/11cbbd47/x.chm::/open.exe
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...8a29296baabe1d6
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab
O16 - DPF: {3446598E-00E4-4B5E-99A6-87ECCA8324A2} - http://akamai.downloadv3.com/binaries/EGDA...ESS_1056_XP.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/04653b4824d567...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093154352655
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2002092...all/xscan53.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181/chaincast/proxy/CCMP.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} (TestingCtl Control) - http://esb.alcena.com/ESBAdultInstaller.ocx
O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab
O16 - DPF: {D97287B6-4018-4060-948D-54D2122FC5C3} - http://www.fastfind.org/ss/client/52983/vs...03C00/setup.exe
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Email Removed Attachments Control) - http://by14fd.bay14.Email Removed.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} (sonyctl.sonycm) - http://supportcentral.sel.sony.com/sdccomm...oad/sonyctl.CAB
O19 - User stylesheet: C:\WINDOWS\stsheets.dat
O21 - SSODL: Web Event Logger - {7CFEFEF1-ED03-1337-ABCD-526492F5D679} - C:\WINDOWS\System32\Kifibo32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\AVG7~1.0\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\AVG7~1.0\avgupsvc.exe
O23 - Service: GBPoll - Symantec Corporation - D:\Program Files\Daemon & Norton Antivirus\Norton Anti-Virus\Norton GoBack\GBPoll.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)

9
Tech Clinic / CWS.svchost32 and CWS.bootconf help!
« on: March 20, 2005, 05:21:19 PM »
If I choose ignore, the program still closes and if I choose close it obviously closes.

10
Tech Clinic / CWS.svchost32 and CWS.bootconf help!
« on: March 20, 2005, 05:17:54 PM »
I did what you said and created the folder as well as unzipping and running the file locate.bat.  When I double click locate.bat I get a message that reads

C:\WINDOWS\System32\cmd.exe
C:\WINDOWS\SYSTEM32\AUTOEXEC.NT.  The system file is not suitable for running MS-DOS and Microsoft Windows applications.  Choose 'Close' to terminate the application.

Am I doing something wrong?

11
Tech Clinic / CWS.svchost32 and CWS.bootconf help!
« on: March 20, 2005, 04:34:07 PM »
I cannot get rid of these two things.  Every time I run CWShredder it removes them but they come right back.  Here is my HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 4:32:06 PM, on 3/20/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\AVG7~1.0\avgamsvr.exe
D:\AVG7~1.0\avgupsvc.exe
C:\WINDOWS\System32\cisvc.exe
D:\Program Files\Daemon & Norton Antivirus\Norton Anti-Virus\Norton GoBack\GBPoll.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Panorama\Panorama.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O1 - Hosts: 1159680172 auto.search.msn.com
O4 - Startup: Panorama.lnk = D:\Program Files\Panorama\Panorama.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.msn.com
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt2_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\xxcyfcbo.exe
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://dl.ad-ware.cc/j1ybNsZSTT69WjQ5tt4.chm::/on-line.exe
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://C:\foo.mht!http://t058.com/11cbbd47/x.chm::/open.exe
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...8a29296baabe1d6
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab
O16 - DPF: {3446598E-00E4-4B5E-99A6-87ECCA8324A2} - http://akamai.downloadv3.com/binaries/EGDA...ESS_1056_XP.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/04653b4824d567...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093154352655
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2002092...all/xscan53.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181/chaincast/proxy/CCMP.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} (TestingCtl Control) - http://esb.alcena.com/ESBAdultInstaller.ocx
O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab
O16 - DPF: {D97287B6-4018-4060-948D-54D2122FC5C3} - http://www.fastfind.org/ss/client/52983/vs...03C00/setup.exe
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Email Removed Attachments Control) - http://by14fd.bay14.Email Removed.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} (sonyctl.sonycm) - http://supportcentral.sel.sony.com/sdccomm...oad/sonyctl.CAB
O19 - User stylesheet: C:\WINDOWS\stsheets.dat
O21 - SSODL: Web Event Logger - {7CFEFEF1-ED03-1337-ABCD-526492F5D679} - C:\WINDOWS\System32\Kifibo32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\AVG7~1.0\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\AVG7~1.0\avgupsvc.exe
O23 - Service: GBPoll - Symantec Corporation - D:\Program Files\Daemon & Norton Antivirus\Norton Anti-Virus\Norton GoBack\GBPoll.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)

Pages: [1]