lipmanaj
2011-05-11, 18:25
Hello, and thanks for your board.
I am running a Dell Studio XPS 9000 with OS Vista Home Premium SP 2. From Speccy:
Operating System
MS Windows Vista Home Premium 64-bit SP2
CPU
Intel Core i7 920 @ 2.67GHz 61 °C
Bloomfield 45nm Technology
RAM
12.0GB Triple-Channel DDR3 @ 532MHz (7-7-7-20)
Motherboard
DELL Inc. 0X501H (CPU 1)
Graphics
DELL S2409W (1024x768@75Hz)
1024MB ATI Radeon HD 4800 Series (ATI)
Hard Drives
977GB SAMSUNG SAMSUNG HD103UJ (SATA) 36 °C
1465GB Seagate ST31500341AS (SATA) 40 °C
Optical Drives
HL-DT-ST BD-RE BH20N
Audio
High Definition Audio Device
--
The performance has been notably slower of late. Hard drives have plenty of room, as does RAM. I suspect Malware.
Below is the logfile, run today. Interestingly, I ran Hijack This first, but HT would not generate a logfile--just a blank notepad page. iObitSecurity360 was thus used--100% compatible with HT and HT forums:
Running processes:
O2 - BHO: SnagIt Toolbar Loader -
{00C6482D-C502-44C8-8409-
FCE54AD9C208} - C:\Program Files
(x86)\TechSmith\Snagit 10
\SnagitBHO.dll
O2 - BHO: Adobe PDF Link Helper -
{18DF081C-E8AD-4283-A596-
FA578C2EBDC3} - C:\Program Files
(x86)\Common
Files\Adobe\Acrobat\ActiveX\AcroIEH
elperShim.dll
O3 - Toolbar: - {47833539-D0C5-
4125-9FA8-0819E2EAAC93} -
O3 - Toolbar: Snagit - {8FF5E183-
ABDE-46EB-B09E-D2AAB95CABE3} -
C:\Program Files (x86)
\TechSmith\Snagit 10
\SnagitIEAddin.dll
O4 -
HKCU|\Software\Microsoft\Windows\Cu
rrentVersion\Run\: [ehTray.exe]
C:\Windows\ehome\ehTray.exe
O4 -
HKCU|\Software\Microsoft\Windows\Cu
rrentVersion\Run\: [Advanced
SystemCare 4] "C:\Program Files
(x86)\IObit\Advanced SystemCare 4
\ASCTray.exe"
O4 -
HKCU|\Software\Microsoft\Windows\Cu
rrentVersion\Run\: [Google Update]
"C:\Users\user\AppData\Local\Google
\Update\GoogleUpdate.exe" /c
O4 -
HKLM|\Software\Microsoft\Windows\Cu
rrentVersion\Run\: [avgnt]
"C:\Program Files (x86)
\Avira\AntiVir Desktop\avgnt.exe"
/min
O4 -
HKLM|\Software\Microsoft\Windows\Cu
rrentVersion\Run\:
[dellsupportcenter] "C:\Program
Files (x86)\Dell Support
Center\bin\sprtcmd.exe" /P
dellsupportcenter
O4 -
HKLM|\Software\Microsoft\Windows\Cu
rrentVersion\Run\:
[SunJavaUpdateSched] "C:\Program
Files (x86)\Common Files\Java\Java
Update\jusched.exe"
O4 -
HKLM|\Software\Microsoft\Windows\Cu
rrentVersion\Run\: [IObit Security
360] "C:\Program Files (x86)
\IObit\IObit Security 360
\IS360tray.exe" /autostart
O8 - Extra context menu item:
Append Link Target to Existing PDF
- res://C:\Program Files (x86)
\Common
Files\Adobe\Acrobat\ActiveX\AcroIEF
avClient.dll/AcroIEAppendSelLinks.h
tml
O8 - Extra context menu item:
Append to Existing PDF -
res://C:\Program Files (x86)\Common
Files\Adobe\Acrobat\ActiveX\AcroIEF
avClient.dll/AcroIEAppend.html
O8 - Extra context menu item:
Convert Link Target to Adobe PDF -
res://C:\Program Files (x86)\Common
Files\Adobe\Acrobat\ActiveX\AcroIEF
avClient.dll/AcroIECaptureSelLinks.
html
O8 - Extra context menu item:
Convert to Adobe PDF -
res://C:\Program Files (x86)\Common
Files\Adobe\Acrobat\ActiveX\AcroIEF
avClient.dll/AcroIECapture.html
O16 - DPF: {49312E18-AA92-4CC2-
BB97-55DEA7BCADD6}SysPro.WMI.1 -
http://support.dell.com/systemprofi
ler/SysProExe.CAB
O16 - DPF: {8AD9C840-044E-11D1-
B3E9-00805F499D93}Java Plug-in
1.6.0_24 -
http://java.sun.com/update/1.6.0/ji
nstall-1_6_0_24-windows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-
0007-ABCDEFFEDCBA}Java Plug-in
1.6.0_07 -
http://java.sun.com/update/1.6.0/ji
nstall-1_6_0_07-windows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-
0024-ABCDEFFEDCBA}Java Plug-in
1.6.0_24 -
http://java.sun.com/update/1.6.0/ji
nstall-1_6_0_24-windows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-
FFFF-ABCDEFFEDCBA}Java Plug-in
1.6.0_24 -
http://java.sun.com/update/1.6.0/ji
nstall-1_6_0_24-windows-i586.cab
O16 - DPF: {E06E2E99-0AA1-11D4-
ABA6-0060082AA75C}
GpcContainer.GpcContainer.1 -
O23 - Service: Adobe LM Service
(Adobe LM Service) - Adobe Systems
- C:\Program Files (x86)\Common
Files\Adobe Systems
Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File
Monitor V5
(AdobeActiveFileMonitor5.0) -
Unknown - C:\Program Files (x86)
\Adobe\Photoshop Elements 5.0
\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File
Monitor V9
(AdobeActiveFileMonitor9.0) - Adobe
Systems Incorporated - C:\Program
Files (x86)\Adobe\Elements 9
Organizer\PhotoshopElementsFileAgen
t.exe
O23 - Service: Advanced SystemCare
Service (AdvancedSystemCareService)
- IObit - C:\Program Files (x86)
\IObit\Advanced SystemCare 4
\ASCService.exe
O23 - Service: Avira AntiVir
Scheduler (AntiVirSchedulerService)
- Avira GmbH - C:\Program Files
(x86)\Avira\AntiVir
Desktop\sched.exe
O23 - Service: Avira AntiVir Guard
(AntiVirService) - Avira GmbH -
C:\Program Files (x86)
\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Remote Access Media
Server (Apache2.2) - Apache
Software Foundation - C:\Program
Files (x86)\Common
Files\Dell\apache\bin\httpd.exe
O23 - Service: Apple Mobile Device
(Apple Mobile Device) - Apple Inc.
- C:\Program Files (x86)\Common
Files\Apple\Mobile Device
Support\AppleMobileDeviceService.ex
e
O23 - Service: WebEx Service Host
for Support Center (atashost) -
WebEx Communications, Inc. -
C:\Windows\SysWOW64\atashost.exe
O23 - Service: Ati External Event
Utility (Ati External Event
Utility) - ATI Technologies Inc. -
C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service
(Bonjour Service) - Apple Inc. -
C:\Program Files (x86)
\Bonjour\mDNSResponder.exe
O23 - Service: CableAssociation
(CableAssociation) - Wisair Ltd. -
C:\Program Files (x86)\Wireless
USB\Components\Association\CableAss
ociation.exe
O23 - Service: DCOM Server Process
Launcher (DcomLaunch) - Unknown -
O23 - Service: DisplayLinkManager
(DisplayLinkService) - DisplayLink
Corp. - C:\Program
Files\DisplayLink Core
Software\DisplayLinkManager.exe
O23 - Service: Dock Login Service
(DockLoginService) - Stardock
Corporation - C:\Program
Files\Dell\DellDock\DockLogin.exe
O23 - Service: Diagnostic Policy
Service (DPS) - Unknown -
O23 - Service: Dragon Service
(DragonSvc) - Nuance
Communications, Inc. - C:\Program
Files (x86)\Common
Files\Nuance\dgnsvc.exe
O23 - Service: Remote Access DB
(dsl-db) - Unknown - C:\Program
Files (x86)\Common
Files\Dell\MySQL\bin\mysqld.exe
O23 - Service: Remote Access File
Sync Service (dsl-fs-sync) -
SingleClick Systems - C:\Program
Files (x86)\Common
Files\Dell\Remote Access File Sync
Service\dsl_fs_sync.exe
O23 - Service: Windows Media Center
Service Launcher (ehstart) -
Unknown - %windir%\system32
\svchost.exe
O23 - Service: FLEXnet Licensing
Service (FLEXnet Licensing Service)
- Macrovision Europe Ltd. -
C:\Program Files (x86)\Common
Files\Macrovision Shared\FLEXnet
Publisher\FNPLicensingService.exe
O23 - Service: Group Policy Client
(gpsvc) - Unknown -
O23 - Service: Google Update
Service (gupdate) (gupdate) -
Google Inc. - C:\Program Files
(x86)
\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update
Service (gupdatem) (gupdatem) -
Google Inc. - C:\Program Files
(x86)
\Google\Update\GoogleUpdate.exe
O23 - Service: Advanced Networking
Service (hnmsvc) - Dell Inc. -
C:\Program Files (x86)\Common
Files\Dell\Advanced Networking
Service\hnm_svc.exe
O23 - Service: Intel(R) Matrix
Storage Event Monitor (IAANTMON) -
Intel Corporation - C:\Program
Files (x86)\Intel\Intel Matrix
Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table
Manager (IDriverT) - Macrovision
Corporation - C:\Program Files
(x86)\Common
Files\InstallShield\Driver\1050
\Intel 32\IDriverT.exe
O23 - Service: Windows CardSpace
(idsvc) - Unknown - %systemroot%
\Microsoft.NET\Framework64\v3.0
\Windows Communication
Foundation\infocard.exe
O23 - Service: iPod Service (iPod
Service) - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor
(LVPrcS64) - Logitech Inc. -
C:\Program Files\Common
Files\Logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Net.Tcp Port Sharing
Service (NetTcpPortSharing) -
Unknown - %systemroot%
\Microsoft.NET\Framework64\v3.0
\Windows Communication
Foundation\SMSvcHost.exe
O23 - Service: Pure Networks
Platform Service (nmservice) -
Cisco Systems, Inc. - C:\Program
Files (x86)\Common Files\Pure
Networks Shared\Platform\nmsrvc.exe
O23 - Service: PACE License
Services (PaceLicenseDServices) -
PACE Anti-Piracy, Inc. - C:\Program
Files (x86)\Common
Files\PACE\Services\LicenseServices
\LDSvc.exe
O23 - Service: Quality Windows
Audio Video Experience (QWAVE) -
Unknown - %windir%\system32
\svchost.exe
O23 - Service: Remote Packet
Capture Protocol v.0 (experimental)
(rpcapd) - Unknown - %ProgramFiles
(x86)%\WinPcap\rpcapd.exe
O23 - Service: Remote Procedure
Call (RPC) (RpcSs) - Unknown -
O23 - Service: Security Accounts
Manager (SamSs) - Unknown -
O23 - Service: SCM_Service
(SCM_Service) - Unknown -
C:\Windows\SysWOW64\WinService.exe
O23 - Service: Secondary Logon
(seclogon) - Unknown - %windir%
\system32\svchost.exe
O23 - Service: SupportSoft Sprocket
Service (ddoctorv2)
(sprtsvc_ddoctorv2) - SupportSoft,
Inc. - C:\Program Files (x86)
\Comcast\Desktop
Doctor\bin\sprtsvc.exe
O23 - Service: SupportSoft Sprocket
Service (DellSupportCenter)
(sprtsvc_DellSupportCenter) -
SupportSoft, Inc. - C:\Program
Files (x86)\Dell Support
Center\bin\sprtsvc.exe
O23 - Service: Distributed Link
Tracking Client (TrkWks) - Unknown
-
O23 - Service: Windows Modules
Installer (TrustedInstaller) -
Unknown -
O23 - Service: Diagnostic Service
Host (WdiServiceHost) - Unknown -
O23 - Service: Diagnostic System
Host (WdiSystemHost) - Unknown -
O23 - Service: Windows Media Player
Network Sharing Service
(WMPNetworkSvc) - Unknown - %
ProgramFiles%\Windows Media
Player\wmpnetwk.exe
O23 - Service: IS360service
(IS360service) - IObit - C:\Program
Files (x86)\IObit\IObit Security
360\IS360srv.exe
-------------------
Please feel free to contact me at Edit with any questions.
As a first time malware analyzer, I appreciate your help.
Best,
Dr. Alan J. Lipman
I am running a Dell Studio XPS 9000 with OS Vista Home Premium SP 2. From Speccy:
Operating System
MS Windows Vista Home Premium 64-bit SP2
CPU
Intel Core i7 920 @ 2.67GHz 61 °C
Bloomfield 45nm Technology
RAM
12.0GB Triple-Channel DDR3 @ 532MHz (7-7-7-20)
Motherboard
DELL Inc. 0X501H (CPU 1)
Graphics
DELL S2409W (1024x768@75Hz)
1024MB ATI Radeon HD 4800 Series (ATI)
Hard Drives
977GB SAMSUNG SAMSUNG HD103UJ (SATA) 36 °C
1465GB Seagate ST31500341AS (SATA) 40 °C
Optical Drives
HL-DT-ST BD-RE BH20N
Audio
High Definition Audio Device
--
The performance has been notably slower of late. Hard drives have plenty of room, as does RAM. I suspect Malware.
Below is the logfile, run today. Interestingly, I ran Hijack This first, but HT would not generate a logfile--just a blank notepad page. iObitSecurity360 was thus used--100% compatible with HT and HT forums:
Running processes:
O2 - BHO: SnagIt Toolbar Loader -
{00C6482D-C502-44C8-8409-
FCE54AD9C208} - C:\Program Files
(x86)\TechSmith\Snagit 10
\SnagitBHO.dll
O2 - BHO: Adobe PDF Link Helper -
{18DF081C-E8AD-4283-A596-
FA578C2EBDC3} - C:\Program Files
(x86)\Common
Files\Adobe\Acrobat\ActiveX\AcroIEH
elperShim.dll
O3 - Toolbar: - {47833539-D0C5-
4125-9FA8-0819E2EAAC93} -
O3 - Toolbar: Snagit - {8FF5E183-
ABDE-46EB-B09E-D2AAB95CABE3} -
C:\Program Files (x86)
\TechSmith\Snagit 10
\SnagitIEAddin.dll
O4 -
HKCU|\Software\Microsoft\Windows\Cu
rrentVersion\Run\: [ehTray.exe]
C:\Windows\ehome\ehTray.exe
O4 -
HKCU|\Software\Microsoft\Windows\Cu
rrentVersion\Run\: [Advanced
SystemCare 4] "C:\Program Files
(x86)\IObit\Advanced SystemCare 4
\ASCTray.exe"
O4 -
HKCU|\Software\Microsoft\Windows\Cu
rrentVersion\Run\: [Google Update]
"C:\Users\user\AppData\Local\Google
\Update\GoogleUpdate.exe" /c
O4 -
HKLM|\Software\Microsoft\Windows\Cu
rrentVersion\Run\: [avgnt]
"C:\Program Files (x86)
\Avira\AntiVir Desktop\avgnt.exe"
/min
O4 -
HKLM|\Software\Microsoft\Windows\Cu
rrentVersion\Run\:
[dellsupportcenter] "C:\Program
Files (x86)\Dell Support
Center\bin\sprtcmd.exe" /P
dellsupportcenter
O4 -
HKLM|\Software\Microsoft\Windows\Cu
rrentVersion\Run\:
[SunJavaUpdateSched] "C:\Program
Files (x86)\Common Files\Java\Java
Update\jusched.exe"
O4 -
HKLM|\Software\Microsoft\Windows\Cu
rrentVersion\Run\: [IObit Security
360] "C:\Program Files (x86)
\IObit\IObit Security 360
\IS360tray.exe" /autostart
O8 - Extra context menu item:
Append Link Target to Existing PDF
- res://C:\Program Files (x86)
\Common
Files\Adobe\Acrobat\ActiveX\AcroIEF
avClient.dll/AcroIEAppendSelLinks.h
tml
O8 - Extra context menu item:
Append to Existing PDF -
res://C:\Program Files (x86)\Common
Files\Adobe\Acrobat\ActiveX\AcroIEF
avClient.dll/AcroIEAppend.html
O8 - Extra context menu item:
Convert Link Target to Adobe PDF -
res://C:\Program Files (x86)\Common
Files\Adobe\Acrobat\ActiveX\AcroIEF
avClient.dll/AcroIECaptureSelLinks.
html
O8 - Extra context menu item:
Convert to Adobe PDF -
res://C:\Program Files (x86)\Common
Files\Adobe\Acrobat\ActiveX\AcroIEF
avClient.dll/AcroIECapture.html
O16 - DPF: {49312E18-AA92-4CC2-
BB97-55DEA7BCADD6}SysPro.WMI.1 -
http://support.dell.com/systemprofi
ler/SysProExe.CAB
O16 - DPF: {8AD9C840-044E-11D1-
B3E9-00805F499D93}Java Plug-in
1.6.0_24 -
http://java.sun.com/update/1.6.0/ji
nstall-1_6_0_24-windows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-
0007-ABCDEFFEDCBA}Java Plug-in
1.6.0_07 -
http://java.sun.com/update/1.6.0/ji
nstall-1_6_0_07-windows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-
0024-ABCDEFFEDCBA}Java Plug-in
1.6.0_24 -
http://java.sun.com/update/1.6.0/ji
nstall-1_6_0_24-windows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-
FFFF-ABCDEFFEDCBA}Java Plug-in
1.6.0_24 -
http://java.sun.com/update/1.6.0/ji
nstall-1_6_0_24-windows-i586.cab
O16 - DPF: {E06E2E99-0AA1-11D4-
ABA6-0060082AA75C}
GpcContainer.GpcContainer.1 -
O23 - Service: Adobe LM Service
(Adobe LM Service) - Adobe Systems
- C:\Program Files (x86)\Common
Files\Adobe Systems
Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File
Monitor V5
(AdobeActiveFileMonitor5.0) -
Unknown - C:\Program Files (x86)
\Adobe\Photoshop Elements 5.0
\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File
Monitor V9
(AdobeActiveFileMonitor9.0) - Adobe
Systems Incorporated - C:\Program
Files (x86)\Adobe\Elements 9
Organizer\PhotoshopElementsFileAgen
t.exe
O23 - Service: Advanced SystemCare
Service (AdvancedSystemCareService)
- IObit - C:\Program Files (x86)
\IObit\Advanced SystemCare 4
\ASCService.exe
O23 - Service: Avira AntiVir
Scheduler (AntiVirSchedulerService)
- Avira GmbH - C:\Program Files
(x86)\Avira\AntiVir
Desktop\sched.exe
O23 - Service: Avira AntiVir Guard
(AntiVirService) - Avira GmbH -
C:\Program Files (x86)
\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Remote Access Media
Server (Apache2.2) - Apache
Software Foundation - C:\Program
Files (x86)\Common
Files\Dell\apache\bin\httpd.exe
O23 - Service: Apple Mobile Device
(Apple Mobile Device) - Apple Inc.
- C:\Program Files (x86)\Common
Files\Apple\Mobile Device
Support\AppleMobileDeviceService.ex
e
O23 - Service: WebEx Service Host
for Support Center (atashost) -
WebEx Communications, Inc. -
C:\Windows\SysWOW64\atashost.exe
O23 - Service: Ati External Event
Utility (Ati External Event
Utility) - ATI Technologies Inc. -
C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service
(Bonjour Service) - Apple Inc. -
C:\Program Files (x86)
\Bonjour\mDNSResponder.exe
O23 - Service: CableAssociation
(CableAssociation) - Wisair Ltd. -
C:\Program Files (x86)\Wireless
USB\Components\Association\CableAss
ociation.exe
O23 - Service: DCOM Server Process
Launcher (DcomLaunch) - Unknown -
O23 - Service: DisplayLinkManager
(DisplayLinkService) - DisplayLink
Corp. - C:\Program
Files\DisplayLink Core
Software\DisplayLinkManager.exe
O23 - Service: Dock Login Service
(DockLoginService) - Stardock
Corporation - C:\Program
Files\Dell\DellDock\DockLogin.exe
O23 - Service: Diagnostic Policy
Service (DPS) - Unknown -
O23 - Service: Dragon Service
(DragonSvc) - Nuance
Communications, Inc. - C:\Program
Files (x86)\Common
Files\Nuance\dgnsvc.exe
O23 - Service: Remote Access DB
(dsl-db) - Unknown - C:\Program
Files (x86)\Common
Files\Dell\MySQL\bin\mysqld.exe
O23 - Service: Remote Access File
Sync Service (dsl-fs-sync) -
SingleClick Systems - C:\Program
Files (x86)\Common
Files\Dell\Remote Access File Sync
Service\dsl_fs_sync.exe
O23 - Service: Windows Media Center
Service Launcher (ehstart) -
Unknown - %windir%\system32
\svchost.exe
O23 - Service: FLEXnet Licensing
Service (FLEXnet Licensing Service)
- Macrovision Europe Ltd. -
C:\Program Files (x86)\Common
Files\Macrovision Shared\FLEXnet
Publisher\FNPLicensingService.exe
O23 - Service: Group Policy Client
(gpsvc) - Unknown -
O23 - Service: Google Update
Service (gupdate) (gupdate) -
Google Inc. - C:\Program Files
(x86)
\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update
Service (gupdatem) (gupdatem) -
Google Inc. - C:\Program Files
(x86)
\Google\Update\GoogleUpdate.exe
O23 - Service: Advanced Networking
Service (hnmsvc) - Dell Inc. -
C:\Program Files (x86)\Common
Files\Dell\Advanced Networking
Service\hnm_svc.exe
O23 - Service: Intel(R) Matrix
Storage Event Monitor (IAANTMON) -
Intel Corporation - C:\Program
Files (x86)\Intel\Intel Matrix
Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table
Manager (IDriverT) - Macrovision
Corporation - C:\Program Files
(x86)\Common
Files\InstallShield\Driver\1050
\Intel 32\IDriverT.exe
O23 - Service: Windows CardSpace
(idsvc) - Unknown - %systemroot%
\Microsoft.NET\Framework64\v3.0
\Windows Communication
Foundation\infocard.exe
O23 - Service: iPod Service (iPod
Service) - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor
(LVPrcS64) - Logitech Inc. -
C:\Program Files\Common
Files\Logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Net.Tcp Port Sharing
Service (NetTcpPortSharing) -
Unknown - %systemroot%
\Microsoft.NET\Framework64\v3.0
\Windows Communication
Foundation\SMSvcHost.exe
O23 - Service: Pure Networks
Platform Service (nmservice) -
Cisco Systems, Inc. - C:\Program
Files (x86)\Common Files\Pure
Networks Shared\Platform\nmsrvc.exe
O23 - Service: PACE License
Services (PaceLicenseDServices) -
PACE Anti-Piracy, Inc. - C:\Program
Files (x86)\Common
Files\PACE\Services\LicenseServices
\LDSvc.exe
O23 - Service: Quality Windows
Audio Video Experience (QWAVE) -
Unknown - %windir%\system32
\svchost.exe
O23 - Service: Remote Packet
Capture Protocol v.0 (experimental)
(rpcapd) - Unknown - %ProgramFiles
(x86)%\WinPcap\rpcapd.exe
O23 - Service: Remote Procedure
Call (RPC) (RpcSs) - Unknown -
O23 - Service: Security Accounts
Manager (SamSs) - Unknown -
O23 - Service: SCM_Service
(SCM_Service) - Unknown -
C:\Windows\SysWOW64\WinService.exe
O23 - Service: Secondary Logon
(seclogon) - Unknown - %windir%
\system32\svchost.exe
O23 - Service: SupportSoft Sprocket
Service (ddoctorv2)
(sprtsvc_ddoctorv2) - SupportSoft,
Inc. - C:\Program Files (x86)
\Comcast\Desktop
Doctor\bin\sprtsvc.exe
O23 - Service: SupportSoft Sprocket
Service (DellSupportCenter)
(sprtsvc_DellSupportCenter) -
SupportSoft, Inc. - C:\Program
Files (x86)\Dell Support
Center\bin\sprtsvc.exe
O23 - Service: Distributed Link
Tracking Client (TrkWks) - Unknown
-
O23 - Service: Windows Modules
Installer (TrustedInstaller) -
Unknown -
O23 - Service: Diagnostic Service
Host (WdiServiceHost) - Unknown -
O23 - Service: Diagnostic System
Host (WdiSystemHost) - Unknown -
O23 - Service: Windows Media Player
Network Sharing Service
(WMPNetworkSvc) - Unknown - %
ProgramFiles%\Windows Media
Player\wmpnetwk.exe
O23 - Service: IS360service
(IS360service) - IObit - C:\Program
Files (x86)\IObit\IObit Security
360\IS360srv.exe
-------------------
Please feel free to contact me at Edit with any questions.
As a first time malware analyzer, I appreciate your help.
Best,
Dr. Alan J. Lipman