markyb0y
2006-03-17, 12:46
I have had a problem with Internet explorer for the last couple of days
whereby when I open the browser the cpu goes to 99% and everything
becomes useless. I have tried a whole raft of things to solve the problem
such as :
- Spyware scans & fixes
- Adaware, Spybot Search, Spyware Nuker
- Virus Scan (Mcafee) with latest virus definitions
- Reinstalled Internet Explorer
- "Fixed" Internet Explorer
- rebooted, rebooted, rebooted .....
This problem is definitely related to IE as firefox works fine (but will not work
with software that I need to do my job so I cannot just switch).
I have trawled experts exchange, various forums but with no solution. Can
anyone please help, my next move is to flatten my machine and start again
but I would like to avoid this at all costs.
The HijackThis log file is as follows :
Logfile of HijackThis v1.99.1
Scan saved at 11:49:29, on 17/03/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\WINNT\SYSTEM32\DNTUS26.EXE
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINNT\System32\vmnat.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\WINNT\System32\vmnetdhcp.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SYSTEM32\DWRCST.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Temp\Rar$EX01.656\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wigan & Leigh College - Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.50.3.10:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = intranet;studentintranet;inferno;estudents.wigan-leigh.ac.uk;eForms.wigan-leigh.ac.uk;ebswebadmin.wigan-leigh.ac.uk;ebsagent.wigan-leigh.ac.uk;ebstimetables.wigan-leigh.ac.uk;ebsreports.wigan-leigh.ac.uk;ebscp.wigan-leigh.ac.uk;<local>
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [VxTaskbarMgr] C:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O15 - Trusted Zone: www.ediplc.com
O15 - Trusted Zone: www.goalplc.co.uk
O15 - Trusted Zone: cisco.netacad.net
O15 - Trusted Zone: www.eal.org.uk
O15 - Trusted Zone: www.eal-vision.org.uk
O15 - Trusted Zone: www.ealadmin.org.uk
O15 - Trusted Zone: ebsreports.wigan-leigh.ac.uk
O15 - Trusted Zone: www.ediplc.com (HKLM)
O15 - Trusted Zone: www.goalplc.co.uk (HKLM)
O15 - Trusted Zone: cisco.netacad.net (HKLM)
O15 - Trusted Zone: www.eal.org.uk (HKLM)
O15 - Trusted Zone: www.eal-vision.org.uk (HKLM)
O15 - Trusted Zone: www.ealadmin.org.uk (HKLM)
O15 - Trusted Zone: ebsreports.wigan-leigh.ac.uk (HKLM)
O16 - DPF: SpreadbetClient - http://195.20.122.71/SpreadbetClient.cab
O16 - DPF: SpreadbetClientSupportClasses - http://195.20.122.71/SpreadbetClientSupportClasses.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {CAFECAFE-0013-0001-0017-ABCDEFABCDEF} (JInitiator 1.3.1.17) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wigan-leigh.ac.uk
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A5D13AE-BE92-47C7-8ABC-9AFBF95E0D77}: Domain = wigan-leigh.ac.uk
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A5D13AE-BE92-47C7-8ABC-9AFBF95E0D77}: NameServer = 10.50.3.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{702B637D-6E61-47C0-B507-9036161427D6}: Domain = wigan-leigh.ac.uk
O17 - HKLM\System\CCS\Services\Tcpip\..\{702B637D-6E61-47C0-B507-9036161427D6}: NameServer = 10.50.3.4
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = wigan-leigh.ac.uk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = wigan-leigh.ac.uk
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare NT Utilities 2.6 (DNTUS26) - DameWare Development LLC - C:\WINNT\SYSTEM32\DNTUS26.EXE
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Give Me Too (Network Sniffer) (Give Me Too) - Unknown owner - C:\Program Files\Give Me Too 2.42\GiveMeToo.exe (file missing)
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: OracleOrantClientCache80 - Unknown owner - C:\oracle\orant\BIN\ONRSD80.EXE
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINNT\System32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINNT\System32\vmnat.exe
Any help much appreciated
;)
whereby when I open the browser the cpu goes to 99% and everything
becomes useless. I have tried a whole raft of things to solve the problem
such as :
- Spyware scans & fixes
- Adaware, Spybot Search, Spyware Nuker
- Virus Scan (Mcafee) with latest virus definitions
- Reinstalled Internet Explorer
- "Fixed" Internet Explorer
- rebooted, rebooted, rebooted .....
This problem is definitely related to IE as firefox works fine (but will not work
with software that I need to do my job so I cannot just switch).
I have trawled experts exchange, various forums but with no solution. Can
anyone please help, my next move is to flatten my machine and start again
but I would like to avoid this at all costs.
The HijackThis log file is as follows :
Logfile of HijackThis v1.99.1
Scan saved at 11:49:29, on 17/03/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\WINNT\SYSTEM32\DNTUS26.EXE
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINNT\System32\vmnat.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\WINNT\System32\vmnetdhcp.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SYSTEM32\DWRCST.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Temp\Rar$EX01.656\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wigan & Leigh College - Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.50.3.10:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = intranet;studentintranet;inferno;estudents.wigan-leigh.ac.uk;eForms.wigan-leigh.ac.uk;ebswebadmin.wigan-leigh.ac.uk;ebsagent.wigan-leigh.ac.uk;ebstimetables.wigan-leigh.ac.uk;ebsreports.wigan-leigh.ac.uk;ebscp.wigan-leigh.ac.uk;<local>
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [VxTaskbarMgr] C:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O15 - Trusted Zone: www.ediplc.com
O15 - Trusted Zone: www.goalplc.co.uk
O15 - Trusted Zone: cisco.netacad.net
O15 - Trusted Zone: www.eal.org.uk
O15 - Trusted Zone: www.eal-vision.org.uk
O15 - Trusted Zone: www.ealadmin.org.uk
O15 - Trusted Zone: ebsreports.wigan-leigh.ac.uk
O15 - Trusted Zone: www.ediplc.com (HKLM)
O15 - Trusted Zone: www.goalplc.co.uk (HKLM)
O15 - Trusted Zone: cisco.netacad.net (HKLM)
O15 - Trusted Zone: www.eal.org.uk (HKLM)
O15 - Trusted Zone: www.eal-vision.org.uk (HKLM)
O15 - Trusted Zone: www.ealadmin.org.uk (HKLM)
O15 - Trusted Zone: ebsreports.wigan-leigh.ac.uk (HKLM)
O16 - DPF: SpreadbetClient - http://195.20.122.71/SpreadbetClient.cab
O16 - DPF: SpreadbetClientSupportClasses - http://195.20.122.71/SpreadbetClientSupportClasses.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {CAFECAFE-0013-0001-0017-ABCDEFABCDEF} (JInitiator 1.3.1.17) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wigan-leigh.ac.uk
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A5D13AE-BE92-47C7-8ABC-9AFBF95E0D77}: Domain = wigan-leigh.ac.uk
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A5D13AE-BE92-47C7-8ABC-9AFBF95E0D77}: NameServer = 10.50.3.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{702B637D-6E61-47C0-B507-9036161427D6}: Domain = wigan-leigh.ac.uk
O17 - HKLM\System\CCS\Services\Tcpip\..\{702B637D-6E61-47C0-B507-9036161427D6}: NameServer = 10.50.3.4
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = wigan-leigh.ac.uk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = wigan-leigh.ac.uk
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare NT Utilities 2.6 (DNTUS26) - DameWare Development LLC - C:\WINNT\SYSTEM32\DNTUS26.EXE
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Give Me Too (Network Sniffer) (Give Me Too) - Unknown owner - C:\Program Files\Give Me Too 2.42\GiveMeToo.exe (file missing)
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: OracleOrantClientCache80 - Unknown owner - C:\oracle\orant\BIN\ONRSD80.EXE
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINNT\System32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINNT\System32\vmnat.exe
Any help much appreciated
;)