• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
arnoldijzermans

c:\program.exe

11 posts in this topic

Hi all,

 

The last two days I'm having trouble with my home computer.

A short history of things here.

 

Last weekend, got myself infected with the PuCe Virus (which is actually win32.hllp.rile.a). took me some time before I got rid of it, but thanks to Kasperski. Anyway. When you think the trouble is over, no way :grrr:

 

After removal of the virus, decided to do an extra check-up on the old spyware thingies. I'm currrently using spybot S&D, Adaware and Spy blaster (better safe then sorry). After this removal, I created a hijack log and removed all things that looked suspicious to me.

Still, my IE6 ran slow after some time, followed by a complete system halt eventually. :wtf:

 

Than came the big surprise. My F-secure firewall informed me about a new connection attempt when downloading a definition update. The application that tried to connect was c:\program.exe. Decided to give it permission (God knows why I decided it. :eek: ) Result. system halt. this piec of s**t seemed to use an awfull lot of memory, as I saw the counter run back till 5 (I have 512 available.)

 

All with all, I decided to run an upgrade install of XP, because my IE got corrupted. After the upgrade install, I downloaded SP 1a and ran it. Just when I decided to download the rest of the programs, the same message popped up again. Of course this time I decided to deny access to the internet, and uptill now, no system halt anymore, allthough the performance is a bit sluggish every now and then. :unsure:

 

The reason for me posting this here is because I'm desparate.

- I checked my machine with: NAV, McAfee, Online Symantec, Houescall, Kasperski but no virus found.

- checked it for spyware with Spybot, Spy blaster, Adaware and have Spyguard resident. No succes.

- of course, can't find the c:\program.exe but worse,can't find anything on the internet about it.

 

Is there anybody who can tell me anything more or can give me advise on what to do next. Right now, I'm thinking about completely reïnstalling my computer when I'm back from holiday.

 

Fyi using a 1,4 ghz computer, 512 RAM, ADSL connected to internet, F-secure firewall.

 

If I don't react quickly on replies I'll be leaving for holiday this friiday.

 

Thanks in advance all!!

Share this post


Link to post
Share on other sites

Would you please run Hijack This again, and post a fresh log so that we might have a look as well?

 

It's hard to advise without the slightest idea of what we're dealing with...

Edited by TonyKlein

Share this post


Link to post
Share on other sites

Here's my hijack file.

 

Fyi. I just started using Mozilla as browser. Seemed wise. Next to that. Really great browser.

 

Cheers

 

Logfile of HijackThis v1.97.7

Scan saved at 15:26:26, on 14-7-2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\Program Files\F-Secure\Common\FSM32.EXE

C:\Program Files\RAM Def XT\ramdef.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\F-Secure\Common\FSMA32.EXE

C:\Program Files\F-Secure\Common\FSMB32.EXE

C:\Program Files\F-Secure\Common\FCH32.EXE

C:\Program Files\F-Secure\Common\FAMEH32.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\MRU-Blaster\scheduler.exe

C:\Program Files\F-Secure\DFW\Program\fsdfwd.exe

C:\Program Files\F-Secure\Common\FNRB32.EXE

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\F-Secure\Common\FIH32.EXE

C:\Program Files\SpywareGuard\sgbhp.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Documents and Settings\Arnold en Grietha\Bureaublad\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 217.104.94.112:80

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.rabobank.nl; *.freeler.nl

;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)

O2 - BHO: (no name) - {EFD84954-6B46-42f4-81F3-94CE9A77052D} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [RAMDef] C:\Program Files\RAM Def XT\ramdef.exe -tray

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe

O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O12 - Plugin for .tga: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin7.dll

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} -

O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} -

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/s...er/PROFILER.CAB

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...l.CAB?38181.435

O16 - DPF: {A27AD582-5BE5-4C2D-82F0-48B24FE02040} -

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {EF86873F-04C2-4A95-A373-5703C08EFC7B} -

Share this post


Link to post
Share on other sites

It's a clean log, although you do want to have these fixed:

 

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)

O2 - BHO: (no name) - {EFD84954-6B46-42f4-81F3-94CE9A77052D} - (no file)

 

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

 

 

No sign of your "C:\Program.exe" file either; It could possibly be F-Secure having trouble to fetch the correct file name and therefore replacing it with "Program.exe"

 

We could have a closer look tho:

 

In Hijack This, press "Config" > "Miscellaneous Tools".

Under the "Generate Startuplist log" button, check the "List also minor sections" box.

 

Now press "Generate Startuplist Log"

This will generate a text file that will list all applications that are loaded from practically every known startup location.

 

Go to Edit > select all, copy it and post its contents here.

Share this post


Link to post
Share on other sites

Here it is.

 

Thanks so far

 

 

 

StartupList report, 14-7-2004, 16:58:12

StartupList version: 1.52

Started from : C:\Documents and Settings\Arnold en Grietha\Bureaublad\HijackThis.EXE

Detected: Windows XP SP1 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)

* Using default options

* Showing rarely important sections

==================================================

 

Running processes:

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\Program Files\F-Secure\Common\FSM32.EXE

C:\Program Files\RAM Def XT\ramdef.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\F-Secure\Common\FSMA32.EXE

C:\Program Files\F-Secure\Common\FSMB32.EXE

C:\Program Files\MRU-Blaster\scheduler.exe

C:\Program Files\F-Secure\Common\FCH32.EXE

C:\Program Files\F-Secure\Common\FAMEH32.EXE

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\Program Files\F-Secure\DFW\Program\fsdfwd.exe

C:\Program Files\F-Secure\Common\FNRB32.EXE

C:\Program Files\F-Secure\Common\FIH32.EXE

C:\Program Files\Wisdom-soft ScreenHunter\ScreenHunter.exe

C:\Program Files\mozilla.org\Mozilla\mozilla.exe

C:\Documents and Settings\Arnold en Grietha\Bureaublad\HijackThis.exe

 

--------------------------------------------------

 

Listing of startup folders:

 

Shell folders Startup:

[C:\Documents and Settings\Arnold en Grietha\Menu Start\Programma's\Opstarten]

MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe

MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe

SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

 

Shell folders Common Startup:

[C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten]

Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe

 

--------------------------------------------------

 

Checking Windows NT UserInit:

 

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

zBrowser Launcher = C:\Program Files\Logitech\iTouch\iTouch.exe

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

F-Secure Manager = "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash

F-Secure TNB = "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL

NeroCheck = C:\WINDOWS\system32\NeroCheck.exe

Logitech Utility = Logi_MwX.Exe

RAMDef = C:\Program Files\RAM Def XT\ramdef.exe -tray

RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

KAVPersonal50 = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

CTFMON.EXE = C:\WINDOWS\System32\ctfmon.exe

SpybotSD TeaTimer = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background

NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

 

--------------------------------------------------

 

Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)

 

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

StubPath = C:\WINDOWS\INF\unregmp2.exe /ShowWMP

 

[>{26923b43-4d38-484f-9b9e-de460746276c}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

 

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *

StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

 

[{306D6C21-C1B6-4629-986C-E59E1875B8AF}]

StubPath = "C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser

 

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

 

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

 

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *

StubPath = regsvr32.exe /s /n /i:U shell32.dll

 

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = %SystemRoot%\system32\ie4uinit.exe

 

--------------------------------------------------

 

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

 

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

 

Shell & screensaver key from Registry:

 

Shell=Explorer.exe

SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr

drivers=*Registry value not found*

 

Policies Shell key:

 

HKCU\..\Policies: Shell=*Registry value not found*

HKLM\..\Policies: Shell=*Registry value not found*

 

--------------------------------------------------

 

Checking for EXPLORER.EXE instances:

 

C:\WINDOWS\Explorer.exe: PRESENT!

 

C:\Explorer.exe: not present

C:\WINDOWS\Explorer\Explorer.exe: not present

C:\WINDOWS\System\Explorer.exe: not present

C:\WINDOWS\System32\Explorer.exe: not present

C:\WINDOWS\Command\Explorer.exe: not present

C:\WINDOWS\Fonts\Explorer.exe: not present

 

--------------------------------------------------

 

Checking for superhidden extensions:

 

.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden

 

--------------------------------------------------

 

Enumerating Browser Helper Objects:

 

(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

SpywareGuard Download Protection - C:\Program Files\SpywareGuard\dlprotect.dll - {4A368E80-174F-4872-96B5-0B27DDD11DB2}

(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

(no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

(no name) - (no file) - {BDF3E430-B101-42AD-A544-FADC6B084872}

(no name) - (no file) - {EFD84954-6B46-42f4-81F3-94CE9A77052D}

 

--------------------------------------------------

 

Enumerating Task Scheduler jobs:

 

Symantec NetDetect.job

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[Microsoft Office Template and Media Control]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL

CODEBASE = http://office.microsoft.com/templates/ieawsdc.cab

 

[QuickTime Object]

InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx

CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

 

[{093F9CF8-0DE1-491C-95D5-5EC257BD4CA3}]

 

[{1663ed61-23eb-11d2-b92f-008048fdd814}]

 

[shockwave ActiveX Control]

InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll

CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab

 

[symantec AntiVirus scanner]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll

CODEBASE = http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

 

[HouseCall Besturing]

InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx

CODEBASE = http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

 

[DmiReader Class]

InProcServer32 = C:\WINDOWS\DOWNLO~1\SYSPRO~1.DLL

CODEBASE = http://support.euro.dell.com/global/apps/s...er/PROFILER.CAB

 

[installShield International Setup Player]

InProcServer32 = c:\windows\DOWNLO~1\isetup.dll

CODEBASE = http://www.installengine.com/engine/isetup.cab

 

[update Class]

InProcServer32 = C:\WINDOWS\System32\iuctl.dll

CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...l.CAB?38181.435

 

[{A27AD582-5BE5-4C2D-82F0-48B24FE02040}]

 

[symantec RuFSI Registry Information Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll

CODEBASE = http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

 

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx

CODEBASE = https://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

[{EF86873F-04C2-4A95-A373-5703C08EFC7B}]

 

--------------------------------------------------

 

Enumerating Windows NT/2000/XP services

 

Omgeving voor AFD-netwerkondersteuning: \SystemRoot\System32\drivers\afd.sys (autostart)

Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)

Creative Service for CDROM Access: C:\WINDOWS\System32\CTsvcCDA.exe (autostart)

Services voor cryptografie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)

Service voor het rapporteren van fouten: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Event Log: %SystemRoot%\system32\services.exe (autostart)

F-Secure File System Filter: \??\C:\Program Files\F-Secure\Common\FSfilter.sys (autostart)

F-Secure Gatekeeper: \??\C:\Program Files\F-Secure\Common\FSgk.sys (autostart)

F-Secure File System Recognizer: \??\C:\Program Files\F-Secure\Common\FSrec.sys (autostart)

F-Secure Authentication Agent: "C:\Program Files\F-Secure\Common\FSAA.EXE" (autostart)

F-Secure Management Agent: "C:\Program Files\F-Secure\Common\FSMA32.EXE" (autostart)

F-Secure Policy Manager: \??\C:\Program Files\F-Secure\Common\FSPM.SYS (autostart)

Help en ondersteuning: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

kavsvc: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe (autostart)

Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)

Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

NVIDIA Display Driver Service: %SystemRoot%\System32\nvsvc32.exe (autostart)

PfModNT: \??\C:\WINDOWS\System32\PfModNT.sys (autostart)

Plug and Play: %SystemRoot%\system32\services.exe (autostart)

IPSEC-services: %SystemRoot%\System32\lsass.exe (autostart)

Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)

Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)

Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)

Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)

System Restore-service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)

SVKP: \??\C:\WINDOWS\System32\SVKP.sys (autostart)

SYMTDI: \??\C:\WINDOWS\System32\Drivers\SYMTDI.SYS (autostart)

Thema's: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Uploadbeheer: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

VMware DHCP Service: %SystemRoot%\System32\vmnetdhcp.exe (autostart)

Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)

Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Automatische updates: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Wireless Zero Configuration-service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

 

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\System32\webcheck.dll

SysTray: C:\WINDOWS\System32\stobject.dll

 

--------------------------------------------------

End of report, 14.072 bytes

Report generated in 0,656 seconds

 

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

 

:wave:

Share this post


Link to post
Share on other sites

It's a squeaky clean log; no sign of any malware.

 

You do have F-Secure, Kaspersky AND Symantec services running; are those all necessary?

 

If F-Secure is your resident antivirus, shut down services belonging to the other 2 applications, if not required.

 

No idea what this C:\Program.exe could be about; are you sure hidden files are set to show?

 

You could also launch a command prompt, and do a dir C:\ Some files only become visible that way.

Share this post


Link to post
Share on other sites

As Balki would have said in Perfect Strangers 'Get out of the city'

 

I assume by the way that it has all to do with my e-mail as it is on port 110 (SSL).

I just noticed.

 

Somehow I'm a bit anxious to allow connection, but going to try.

 

Thanks anyway for your help mate.

 

By the way.

F-secure is my firewall

Kasperski virus

Symantec used to be. Could get rid of those.

Share this post


Link to post
Share on other sites

Right,

 

Seems I've been waisting someone's time here :dumb:

 

All to do with proper housekeeping.

Downloaded a tool Cleanup from this site http://ourworld.compuserve.com/homepages/zeus/cleanup.html

and guess what. Took him 15 minutes to clean up all the temp files.

 

Very odd considered I was using System works to get it done.

Program.exe indeed is the socket 10057 on port 101 for my email.

 

Anyway. Tony thanks for your help mate. I won't be this d*ckheaded again in the future.

 

Zie je nog wel.

Share this post


Link to post
Share on other sites

Don't worry about it, Arnold; it's never a bad idea to doublecheck... :)

 

Tot horens!

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0