clicking sound when ie not open or open

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 2007-07-25 10:35:07 for strings:
; 'trkwk'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TRKWKS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TRKWKS\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TRKWKS\0000]
"Service"="TrkWks"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanserver\parameters]
; Contents of value:
; COMNAP
; COMNODE
; SQL\QUERY
; SPOOLSS
; EPMAPPER
; LOCATOR
; TrkWks
; TrkSvr
;
"NullSessionPipes"=hex(7):43,00,4f,00,4d,00,4e,00,41,00,50,00,00,00,43,00,4f,\
00,4d,00,4e,00,4f,00,44,00,45,00,00,00,53,00,51,00,4c,00,5c,00,51,00,55,00,\
45,00,52,00,59,00,00,00,53,00,50,00,4f,00,4f,00,4c,00,53,00,53,00,00,00,45,\
00,50,00,4d,00,41,00,50,00,50,00,45,00,52,00,00,00,4c,00,4f,00,43,00,41,00,\
54,00,4f,00,52,00,00,00,54,00,72,00,6b,00,57,00,6b,00,73,00,00,00,54,00,72,\
00,6b,00,53,00,76,00,72,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrkWks]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrkWks\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrkWks\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_DISTRIBUTE_LINK_TRACKING_CLIE\0000]
"DeviceDesc"="Trkwk"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_TRKWKS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_TRKWKS\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_TRKWKS\0000]
"Service"="TrkWks"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_TRKWKS\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_TRKWKS\0000\Control]
"ActiveService"="TrkWks"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Distribute Link Tracking Clie]
"DisplayName"="Trkwk"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\lanmanserver\parameters]
; Contents of value:
; COMNAP
; COMNODE
; SQL\QUERY
; SPOOLSS
; EPMAPPER
; LOCATOR
; TrkWks
; TrkSvr
;
"NullSessionPipes"=hex(7):43,00,4f,00,4d,00,4e,00,41,00,50,00,00,00,43,00,4f,\
00,4d,00,4e,00,4f,00,44,00,45,00,00,00,53,00,51,00,4c,00,5c,00,51,00,55,00,\
45,00,52,00,59,00,00,00,53,00,50,00,4f,00,4f,00,4c,00,53,00,53,00,00,00,45,\
00,50,00,4d,00,41,00,50,00,50,00,45,00,52,00,00,00,4c,00,4f,00,43,00,41,00,\
54,00,4f,00,52,00,00,00,54,00,72,00,6b,00,57,00,6b,00,73,00,00,00,54,00,72,\
00,6b,00,53,00,76,00,72,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TrkWks]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TrkWks\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TrkWks\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TrkWks\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TrkWks\Enum]
"0"="Root\\LEGACY_TRKWKS\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_DISTRIBUTE_LINK_TRACKING_CLIE\0000]
"DeviceDesc"="Trkwk"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_TRKWKS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_TRKWKS\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_TRKWKS\0000]
"Service"="TrkWks"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Distribute Link Tracking Clie]
"DisplayName"="Trkwk"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\lanmanserver\parameters]
; Contents of value:
; COMNAP
; COMNODE
; SQL\QUERY
; SPOOLSS
; EPMAPPER
; LOCATOR
; TrkWks
; TrkSvr
;
"NullSessionPipes"=hex(7):43,00,4f,00,4d,00,4e,00,41,00,50,00,00,00,43,00,4f,\
00,4d,00,4e,00,4f,00,44,00,45,00,00,00,53,00,51,00,4c,00,5c,00,51,00,55,00,\
45,00,52,00,59,00,00,00,53,00,50,00,4f,00,4f,00,4c,00,53,00,53,00,00,00,45,\
00,50,00,4d,00,41,00,50,00,50,00,45,00,52,00,00,00,4c,00,4f,00,43,00,41,00,\
54,00,4f,00,52,00,00,00,54,00,72,00,6b,00,57,00,6b,00,73,00,00,00,54,00,72,\
00,6b,00,53,00,76,00,72,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TrkWks]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TrkWks\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TrkWks\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DISTRIBUTE_LINK_TRACKING_CLIE\0000]
"DeviceDesc"="Trkwk"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TRKWKS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TRKWKS\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TRKWKS\0000]
"Service"="TrkWks"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TRKWKS\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TRKWKS\0000\Control]
"ActiveService"="TrkWks"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Distribute Link Tracking Clie]
"DisplayName"="Trkwk"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]
; Contents of value:
; COMNAP
; COMNODE
; SQL\QUERY
; SPOOLSS
; EPMAPPER
; LOCATOR
; TrkWks
; TrkSvr
;
"NullSessionPipes"=hex(7):43,00,4f,00,4d,00,4e,00,41,00,50,00,00,00,43,00,4f,\
00,4d,00,4e,00,4f,00,44,00,45,00,00,00,53,00,51,00,4c,00,5c,00,51,00,55,00,\
45,00,52,00,59,00,00,00,53,00,50,00,4f,00,4f,00,4c,00,53,00,53,00,00,00,45,\
00,50,00,4d,00,41,00,50,00,50,00,45,00,52,00,00,00,4c,00,4f,00,43,00,41,00,\
54,00,4f,00,52,00,00,00,54,00,72,00,6b,00,57,00,6b,00,73,00,00,00,54,00,72,\
00,6b,00,53,00,76,00,72,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrkWks]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrkWks\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrkWks\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrkWks\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrkWks\Enum]
"0"="Root\\LEGACY_TRKWKS\\0000"

; End Of The Log...
 
Hello :)

Ok this one was one tricky nastie, tried to hide from us...Now we'll nail it!


Start -> Run -> Copy and paste this:

swsc stop TrkWks
Click on "Ok"

Start -> Run -> Copy and paste this:

swsc delete TrkWks
Click on "Ok"

Restart the computer and create a one more startuplist, copy "Enumerating Windows NT/2000/XP services" part to here.
 
Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (autostart)
Service for Realtek AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start)
Alerter: %SystemRoot%\system32\services.exe (manual start)
Application Management: %SystemRoot%\system32\services.exe (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart)
ati2mtag: system32\DRIVERS\ati2mtag.sys (manual start)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (autostart)
AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)
AVG7 Resident Driver NT: \SystemRoot\System32\Drivers\avg7rsnt.sys (system)
AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)
AVG7 Update Service: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (autostart)
AVG7 Clean Driver: \SystemRoot\System32\Drivers\avgclean.sys (system)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k BITSgroup (manual start)
Computer Browser: %SystemRoot%\system32\services.exe (autostart)
catchme: \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys (manual start)
Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: C:\WINNT\system32\cisvc.exe (autostart)
ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)
DCOMLoduoher : C:\WINNT\system32\log2.txt (disabled)
DHCP Client: %SystemRoot%\system32\services.exe (autostart)
Disk Driver: system32\DRIVERS\disk.sys (system)
Diskeeper: "C:\Program Files\Executive Software\DiskeeperLite\DKService.exe" (autostart)
Trkwk: C:\WINNT\scvhsot.exe (disabled)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\services.exe (autostart)
Microsoft DirectMusic SW Synth (WDM): system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\services.exe (disabled)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINNT\system32\svchost.exe -k netsvcs (manual start)
Fax Service: %systemroot%\system32\faxsvc.exe (manual start)
Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)
VIA Rhine-Family Fast Ethernet Adapter Driver Service: system32\DRIVERS\fetnd5bv.sys (manual start)
Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
Microsoft Windws help: C:\Program Files\antiwar.exe (disabled)
HID Input Service: %SystemRoot%\system32\hidserv.exe (disabled)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (autostart)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: system32\DRIVERS\ipsec.sys (manual start)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: system32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\services.exe (autostart)
Workstation: %SystemRoot%\system32\services.exe (autostart)
TCP/IP NetBIOS Helper Service: %SystemRoot%\system32\services.exe (autostart)
NetMeeting Remote Desktop Sharing: C:\WINNT\system32\mnmsrvc.exe (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
Mouse Filter Driver: system32\DRIVERS\moufiltr.sys (manual start)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
BDA MPE Filter: system32\DRIVERS\MPE.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINNT\system32\msdtc.exe (manual start)
Windows Installer: C:\WINNT\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
ATK0110 ACPI UTILITY: system32\DRIVERS\ASACPI.sys (manual start)
NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (manual start)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (manual start)
NetDetect: \SystemRoot\system32\drivers\netdtect.sys (manual start)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NMIndexingService: "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" (disabled)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
Parallel class driver: system32\DRIVERS\parallel.sys (manual start)
Parallel port driver: system32\DRIVERS\parport.sys (system)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Policy Agent: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\services.exe (autostart)
Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
Microsoft Streaming Network Raw Channel Access: system32\drivers\RCA.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Registry Service: %SystemRoot%\system32\regsvc.exe (autostart)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe -s (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card Helper: %SystemRoot%\System32\SCardSvr.exe (manual start)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\system32\MSTask.exe (autostart)
RunAs Service: %SystemRoot%\system32\services.exe (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
Serial port driver: system32\DRIVERS\serial.sys (system)
Internet Connection Sharing: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
Microsoft System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
Telnet: %SystemRoot%\system32\tlntsvr.exe (manual start)
Microsoft USB Universal Host Controller Driver: system32\DRIVERS\uhcd.sys (manual start)
Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
Microsoft USB Standard Hub Driver: system32\DRIVERS\usbhub.sys (manual start)
USB 2.0 Root Hub Support: system32\DRIVERS\usbhub20.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Utility Manager: %SystemRoot%\System32\UtilMan.exe (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
Windows Time: %SystemRoot%\System32\services.exe (manual start)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
Windows Management Instrumentation: %SystemRoot%\System32\WBEM\WinMgmt.exe (autostart)
WMDM PMSP Service: C:\WINNT\system32\mspmspsv.exe (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\system32\Services.exe (manual start)
World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k wugroup (autostart)
Wireless Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
 
Still there :sick:

Ok the manual way next...

Backup your registry:
  • Start
  • Run
  • Type the following to the box and hit Ok: regedit
  • A window opens, click on File
  • Choose Export form the menu
  • Change the save location to C:\
  • Give the filename, RegBackUp
  • Make sure that the filetype is set to Registryfiles (*.reg)
  • Click on Save and Close the window


Now we will remove the Service from the Registry. Maybe all of the following entries wont be present. If you don't find a key, proceed to the next key.

Click Start then Run
Type in regedit
Click Ok.

In left pane of registry editor, Navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrkWks
If TrkWks exists , right click on it and choose Delete from the menu.

Now navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DISTRIBUTE_LINK_TRACKING_CLIE
If LEGACY_DISTRIBUTE_LINK_TRACKING_CLIE exists then right click on it and choose Delete from the menu.

If you have trouble deleting a key, click once on the key name to highlight it and click on the Permission menu option under Edit. Uncheck Allow inheritible permissions and press copy. Click on everyone and put a checkmark in full control, press apply and ok and attempt to delete the key again.

Repeat the above procedure for ControlSet002, 003 although you might not find the service listed in those keys.

Restart the computer.

Run a new search with the registry search tool for Trkwk and post the log to here
 
i found HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TRKWKS should this be here? and can i edit reg in safe mode i could not delete these 2 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_DISTRIBUTE_LINK_TRACKING_CLIE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_DISTRIBUTE_LINK_TRACKING_CLIE
You also did not say what you wanted for a scan posted in your last post please advise
i also cannot find this munu to change permision that you mentioned as i cannot delete the files it says error while deleting
 
Nah we need to use a tool for this, seems that it won't delete manually...

Please download swreg.exe to your computer. Copy the file to the C:\WINNT folder.

Open Notepad and copy the following lines into a new document:
FOR %%R IN (
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TRKWKS"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrkWks"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_DISTRIBUTE_LINK_TRACKING_CLIE"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_TRKWKS"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Distribute Link Tracking Clie"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TrkWks"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_DISTRIBUTE_LINK_TRACKING_CLIE"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_TRKWKS"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Distribute Link Tracking Clie"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TrkWks"
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DISTRIBUTE_LINK_TRACKING_CLIE"
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TRKWKS"
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Distribute Link Tracking Clie"
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrkWks"
) DO (
SWReg ACL %%R /OM
SWReg ACL %%R /GE:F /I ENABLE
SWReg DELETE %%R
)
exit
Click to expand...

Save the document to your desktop as Remove.bat and filetype: All Files
Go to your desktop and run the file Remove.bat and allow to run it if prompted. A window will open and close.

Restart the computer.

Run a new search with the registry search tool for Trkwk and post the log to here

:bigthumb:
 
well i know u have asked for this in the past th swreg.exe that u asked me to down load only flashes on the screen it gives no oppotunity to ask to do a search maybe u have a different program u wish for me to try to do reg search with.


Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (autostart)
Service for Realtek AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start)
Alerter: %SystemRoot%\system32\services.exe (manual start)
Application Management: %SystemRoot%\system32\services.exe (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart)
ati2mtag: system32\DRIVERS\ati2mtag.sys (manual start)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (autostart)
AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)
AVG7 Resident Driver NT: \SystemRoot\System32\Drivers\avg7rsnt.sys (system)
AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)
AVG7 Update Service: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (autostart)
AVG7 Clean Driver: \SystemRoot\System32\Drivers\avgclean.sys (system)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k BITSgroup (manual start)
Computer Browser: %SystemRoot%\system32\services.exe (autostart)
catchme: \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys (manual start)
Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: C:\WINNT\system32\cisvc.exe (autostart)
ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)
DCOMLoduoher : C:\WINNT\system32\log2.txt (disabled)
DHCP Client: %SystemRoot%\system32\services.exe (autostart)
Disk Driver: system32\DRIVERS\disk.sys (system)
Diskeeper: "C:\Program Files\Executive Software\DiskeeperLite\DKService.exe" (autostart)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\services.exe (autostart)
Microsoft DirectMusic SW Synth (WDM): system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\services.exe (disabled)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINNT\system32\svchost.exe -k netsvcs (manual start)
Fax Service: %systemroot%\system32\faxsvc.exe (manual start)
Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)
VIA Rhine-Family Fast Ethernet Adapter Driver Service: system32\DRIVERS\fetnd5bv.sys (manual start)
Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
Microsoft Windws help: C:\Program Files\antiwar.exe (disabled)
HID Input Service: %SystemRoot%\system32\hidserv.exe (disabled)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (autostart)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: system32\DRIVERS\ipsec.sys (manual start)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: system32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\services.exe (autostart)
Workstation: %SystemRoot%\system32\services.exe (autostart)
TCP/IP NetBIOS Helper Service: %SystemRoot%\system32\services.exe (autostart)
NetMeeting Remote Desktop Sharing: C:\WINNT\system32\mnmsrvc.exe (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
Mouse Filter Driver: system32\DRIVERS\moufiltr.sys (manual start)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
BDA MPE Filter: system32\DRIVERS\MPE.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINNT\system32\msdtc.exe (manual start)
Windows Installer: C:\WINNT\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
ATK0110 ACPI UTILITY: system32\DRIVERS\ASACPI.sys (manual start)
NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (manual start)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (manual start)
NetDetect: \SystemRoot\system32\drivers\netdtect.sys (manual start)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NMIndexingService: "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" (disabled)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
Parallel class driver: system32\DRIVERS\parallel.sys (manual start)
Parallel port driver: system32\DRIVERS\parport.sys (system)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Policy Agent: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\services.exe (autostart)
Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
Microsoft Streaming Network Raw Channel Access: system32\drivers\RCA.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Registry Service: %SystemRoot%\system32\regsvc.exe (autostart)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe -s (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card Helper: %SystemRoot%\System32\SCardSvr.exe (manual start)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\system32\MSTask.exe (autostart)
RunAs Service: %SystemRoot%\system32\services.exe (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
Serial port driver: system32\DRIVERS\serial.sys (system)
Internet Connection Sharing: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
Microsoft System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
Telnet: %SystemRoot%\system32\tlntsvr.exe (manual start)
Microsoft USB Universal Host Controller Driver: system32\DRIVERS\uhcd.sys (manual start)
Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
Microsoft USB Standard Hub Driver: system32\DRIVERS\usbhub.sys (manual start)
USB 2.0 Root Hub Support: system32\DRIVERS\usbhub20.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Utility Manager: %SystemRoot%\System32\UtilMan.exe (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
Windows Time: %SystemRoot%\System32\services.exe (manual start)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
Windows Management Instrumentation: %SystemRoot%\System32\WBEM\WinMgmt.exe (autostart)
WMDM PMSP Service: C:\WINNT\system32\mspmspsv.exe (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\system32\Services.exe (manual start)
World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k wugroup (autostart)
Wireless Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
 
Hello :)

Ok seems that this worked but just to be sure...

Do you remember the regsearch tool we used earlier? ;)

Download an unzip Registry Search by Bobbi Flekman
Unzip it to your desktop.
Doubleclick the file regsearch.exe

Type the following to the first white box:
Trkwk

Hit the OK button and the scan begins.

Wait for a textfile to open and paste the contents to here :bigthumb:
 
Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 2007-07-31 17:44:36 for strings:
; 'trkwk'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanserver\parameters]
; Contents of value:
; COMNAP
; COMNODE
; SQL\QUERY
; SPOOLSS
; EPMAPPER
; LOCATOR
; TrkWks
; TrkSvr
;
"NullSessionPipes"=hex(7):43,00,4f,00,4d,00,4e,00,41,00,50,00,00,00,43,00,4f,\
00,4d,00,4e,00,4f,00,44,00,45,00,00,00,53,00,51,00,4c,00,5c,00,51,00,55,00,\
45,00,52,00,59,00,00,00,53,00,50,00,4f,00,4f,00,4c,00,53,00,53,00,00,00,45,\
00,50,00,4d,00,41,00,50,00,50,00,45,00,52,00,00,00,4c,00,4f,00,43,00,41,00,\
54,00,4f,00,52,00,00,00,54,00,72,00,6b,00,57,00,6b,00,73,00,00,00,54,00,72,\
00,6b,00,53,00,76,00,72,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\lanmanserver\parameters]
; Contents of value:
; COMNAP
; COMNODE
; SQL\QUERY
; SPOOLSS
; EPMAPPER
; LOCATOR
; TrkWks
; TrkSvr
;
"NullSessionPipes"=hex(7):43,00,4f,00,4d,00,4e,00,41,00,50,00,00,00,43,00,4f,\
00,4d,00,4e,00,4f,00,44,00,45,00,00,00,53,00,51,00,4c,00,5c,00,51,00,55,00,\
45,00,52,00,59,00,00,00,53,00,50,00,4f,00,4f,00,4c,00,53,00,53,00,00,00,45,\
00,50,00,4d,00,41,00,50,00,50,00,45,00,52,00,00,00,4c,00,4f,00,43,00,41,00,\
54,00,4f,00,52,00,00,00,54,00,72,00,6b,00,57,00,6b,00,73,00,00,00,54,00,72,\
00,6b,00,53,00,76,00,72,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\lanmanserver\parameters]
; Contents of value:
; COMNAP
; COMNODE
; SQL\QUERY
; SPOOLSS
; EPMAPPER
; LOCATOR
; TrkWks
; TrkSvr
;
"NullSessionPipes"=hex(7):43,00,4f,00,4d,00,4e,00,41,00,50,00,00,00,43,00,4f,\
00,4d,00,4e,00,4f,00,44,00,45,00,00,00,53,00,51,00,4c,00,5c,00,51,00,55,00,\
45,00,52,00,59,00,00,00,53,00,50,00,4f,00,4f,00,4c,00,53,00,53,00,00,00,45,\
00,50,00,4d,00,41,00,50,00,50,00,45,00,52,00,00,00,4c,00,4f,00,43,00,41,00,\
54,00,4f,00,52,00,00,00,54,00,72,00,6b,00,57,00,6b,00,73,00,00,00,54,00,72,\
00,6b,00,53,00,76,00,72,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]
; Contents of value:
; COMNAP
; COMNODE
; SQL\QUERY
; SPOOLSS
; EPMAPPER
; LOCATOR
; TrkWks
; TrkSvr
;
"NullSessionPipes"=hex(7):43,00,4f,00,4d,00,4e,00,41,00,50,00,00,00,43,00,4f,\
00,4d,00,4e,00,4f,00,44,00,45,00,00,00,53,00,51,00,4c,00,5c,00,51,00,55,00,\
45,00,52,00,59,00,00,00,53,00,50,00,4f,00,4f,00,4c,00,53,00,53,00,00,00,45,\
00,50,00,4d,00,41,00,50,00,50,00,45,00,52,00,00,00,4c,00,4f,00,43,00,41,00,\
54,00,4f,00,52,00,00,00,54,00,72,00,6b,00,57,00,6b,00,73,00,00,00,54,00,72,\
00,6b,00,53,00,76,00,72,00,00,00,00,00

; End Of The Log...
 
Ok very good :)

A few more leftovers and then we're ready with this :)

Click Start then Run
Type in regedit
Click Ok.

In left pane of registry editor, Navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanserver\parameters

Then doubleclick on "NullSessionPipes" on the rigth pane.
Delete these two lines from the list (just use backspace or delete);

TrkWks
TrkSvr


Click "OK"

Do the same thing for these too:
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\lanmanserver\parameters]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\lanmanserver\parameters]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]

Restart the computer.

Run a one more search for "Trkwk" with registry search tool and post the results to here along with a fresh HjT log. Also let me know how the computer is running :bigthumb:
 
Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 2007-08-01 23:43:21 for strings:
; 'trkwk'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...

Logfile of HijackThis v1.99.1
Scan saved at 23:45, on 2007-08-01
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\cisvc.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\program files\internet explorer\IEXPLORE.EXE
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\calc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\cidaemon.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159897217328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159897265265
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.0/installer.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712....akamai.com/6712/player/install/installer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Smart Crad Service (Smart Crad) - Unknown owner - C:\WINNT\system32\dllcache\CONINE.EXE
O23 - Service: Windows IME Server - Unknown owner - C:\Program Files\winsys.exe

the last 2 entries are new on the HJT log and i don't recognize them what are they do u know?

as far as how the computer is running i will let u know after i have had chance to play with it a bit:red:
 
The last two are bacdoors :sick:
Just when we got rid of the earlier ones...

You don't seem to have a third-party firewall installed. You must install one firewall.

These are good (free) firewalls:
Open Notepad and copy the following lines into a new document:
@echo off
swsc stop "Smart Crad Service"
swsc delete "Smart Crad Service"
swsc delete "Windows IME Server"
swsc stop "Windows IME Server"
Click to expand...

Save the document to your desktop as Remove2.bat and filetype: All Files
Go to your desktop and run the file Remove2.bat and allow to run it if prompted. A window will open and close.

Please download the Killbox.
Unzip it to the desktop

Please run Killbox.

Select "Delete on Reboot".
Select "All Files".

Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINNT\system32\dllcache\CONINE.EXE
C:\Program Files\winsys.exe
Click to expand...
Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

Delete any previous versions of SDFix.

Download SDFix and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

:bigthumb:
 
SDFix: Version 1.95

Run by Administrator on Thu 2007-08-02 at 13:53

Microsoft Windows 2000 [Version 5.00.2195]

Running From: C:\DOCUME~1\ADMINI~1\Desktop\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINNT\regedit.com - Deleted


Folder C:\Recyclers\ - Removed

Removing Temp Files...

ADS Check:

C:\WINNT
No streams found.

C:\WINNT\system32
No streams found.

C:\WINNT\system32\svchost.exe
No streams found.

C:\WINNT\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Remaining Files:
---------------

Backups Folder: - C:\DOCUME~1\ADMINI~1\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\WINNT\system32\winsys16_070732.dll
C:\WINNT\system32\winsys32_070732.dll
C:\WINNT\system32\inf\scrsys16_070732.dll
C:\Program Files\Common Files\Microsoft Shared\MSInfo\_winsys.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\WINNT\system32\AlxRes070732.exe

Finished


Logfile of HijackThis v1.99.1
Scan saved at 14:00, on 2007-08-02
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\cisvc.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159897217328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159897265265
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.0/installer.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712....akamai.com/6712/player/install/installer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Smart Crad Service (Smart Crad) - Unknown owner - C:\WINNT\system32\dllcache\CONINE.EXE (file missing)
O23 - Service: Windows IME Server - Unknown owner - C:\Program Files\winsys.exe (file missing)

as i had asked before can i install a firewall while infected or should i is more the question????
 
Hello :)

Yes install one firewall immediately or new infections find their way to your pc before we have dealt with the old ones...

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Do you remember the regsearch tool we used earlier? ;)

Download an unzip Registry Search by Bobbi Flekman
Unzip it to your desktop.
Doubleclick the file regsearch.exe

Type the following to the first white box:
Smart Crad Service
And this under the first one:
Windows IME Server

Hit the OK button and the scan begins.

Wait for a textfile to open and paste the contents to here :bigthumb:

PS. these backdoors can be real pain in the ### but I'll do my best :D:
 
ComboFix 07-08-04.3 - "Administrator" 2007-08-03 21:27:24.1 [GMT -6:00] - NTFS
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.True


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINNT\mywinsys.ini
C:\WINNT\system32\AlxRes070732.exe
C:\WINNT\system32\mywebhit.ini
C:\WINNT\system32\taskmgr.com
C:\WINNT\system32\winsys16_070732.dll
C:\WINNT\system32\winsys32_070732.dll


((((((((((((((((((((((((( Files Created from 2007-07-04 to 2007-08-04 )))))))))))))))))))))))))))))))


2007-08-03 21:27 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_378.dat
2007-08-03 20:46 75,932 --a------ C:\WINNT\system32\drivers\klick.dat
2007-08-03 20:46 75,248 --a------ C:\WINNT\zllsputility.exe
2007-08-03 20:46 74,396 --a------ C:\WINNT\system32\drivers\klin.dat
2007-08-03 20:46 2,080 --ahs---- C:\WINNT\system32\drivers\fidbox2.dat
2007-08-03 20:46 18,464 --ahs---- C:\WINNT\system32\drivers\fidbox.dat
2007-08-03 20:46 110,360 --a------ C:\WINNT\system32\drivers\kl1.sys
2007-08-03 20:46 11,264 --a------ C:\WINNT\system32\SpOrder.dll
2007-08-03 20:46 1,086,952 --a------ C:\WINNT\system32\zpeng24.dll
2007-08-03 20:46 <DIR> d-------- C:\WINNT\system32\ZoneLabs
2007-08-03 20:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
2007-08-02 13:52 <DIR> d-------- C:\WINNT\ERUNT
2007-08-02 13:41 <DIR> d-------- C:\!KillBox
2007-08-01 23:27 654,571 --a------ C:\aa.exe
2007-08-01 23:27 <DIR> d--hs---- C:\WINNT\system32\inf
2007-07-30 20:21 279,552 --a------ C:\WINNT\swreg.exe
2007-07-29 10:48 29,058,754 --a------ C:\RegBackUp.reg
2007-07-23 22:51 <DIR> d-------- C:\Program Files\CCleaner
2007-07-23 12:30 124,416 --a------ C:\WINNT\swsc.exe
2007-07-19 16:51 <DIR> d-a------ C:\WINNT\zts2.exe
2007-07-19 16:51 <DIR> d-a------ C:\WINNT\system32\vcmgcd32.dll
2007-07-19 16:51 <DIR> d-a------ C:\WINNT\system32\iifgfgf.dll
2007-07-19 16:51 <DIR> d-a------ C:\WINNT\rundll16.exe
2007-07-19 16:51 <DIR> d-a------ C:\WINNT\rundl132.dll
2007-07-19 16:51 <DIR> d-a------ C:\WINNT\logo1_.exe
2007-07-19 16:44 87,312 --a------ C:\WINNT\system32\T.COM
2007-07-19 16:44 73,488 --a------ C:\WINNT\R.COM
2007-07-19 10:53 939,280 --a--c--- C:\WINNT\system32\dllcache\ntdsa.dll
2007-07-19 10:53 939,280 --a------ C:\WINNT\system32\ntdsa.dll
2007-07-19 10:53 6,239,232 --a--c--- C:\WINNT\system32\dllcache\sp3res.dll
2007-07-19 10:53 6,239,232 --a------ C:\WINNT\system32\sp3res.dll
2007-07-16 14:11 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_2e4.dat
2007-07-04 15:13 51,200 --a------ C:\WINNT\nircmd.exe
2007-07-03 16:47 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DoctorWeb


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

07-08-03 20:51 2336 --ahs---- C:\WINNT\system32\drivers\fidbox.idx
07-08-03 20:51 2312 --ahs---- C:\WINNT\system32\drivers\fidbox2.idx
07-08-03 20:49 4212 ---h----- C:\WINNT\system32\zllictbl.dat
07-08-02 14:08 --------- d-------- C:\Program Files\SpywareBlaster
07-08-01 23:38 27 --a------ C:\Program Files\paramstr.txt
07-07-24 20:53 --------- d-------- C:\Program Files\Soulseek
07-07-19 15:26 --------- d-------- C:\Program Files\Online Services
07-07-03 17:26 1 --a------ C:\WINNT\system32\index.dat
07-07-03 16:48 92944 --------- C:\WINNT\system32\services.exe
07-06-14 12:11 --------- d-------- C:\Program Files\Registrar Lite
07-06-13 19:45 2368 --a------ C:\WINNT\system32\SVKP.sys
07-06-13 12:29 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\ieSpell
07-06-11 20:42 --------- d--h----- C:\Program Files\InstallShield Installation Information
07-06-11 07:08 --------- d-------- C:\Program Files\Messenger
07-06-10 03:24 --------- d-------- C:\Program Files\Conquer 2.0
07-06-10 00:25 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\InstallShield
06-10-02 20:01 271 ---h----- C:\Program Files\desktop.ini
06-10-02 20:01 21952 ---h----- C:\Program Files\folder.htt


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-07-04 06:00 C:\WINNT\system32\mobsync.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [07-04-24 01:56 ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [06-11-09 15:07 ]
"ZoneAlarm Client"="D:\Program Files\ZoneAlarm\zlclient.exe" [07-06-21 21:54 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [05-05-31 00:04 ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"StartMenuLogOff"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"StartMenuLogOff"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Smart Crad]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

R1 Avg7RsNT;AVG7 Resident Driver NT;C:\WINNT\system32\Drivers\avg7rsnt.sys
R3 MTsensor;ATK0110 ACPI UTILITY;C:\WINNT\system32\DRIVERS\ASACPI.sys
R3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys
S2 Smart Crad;Smart Crad Service;C:\WINNT\system32\dllcache\CONINE.EXE conine.ini
S2 Windows IME Server;Windows IME Server;C:\Program Files\winsys.exe
S3 moufiltr;Mouse Filter Driver;C:\WINNT\system32\DRIVERS\moufiltr.sys
S3 MPE;BDA MPE Filter;C:\WINNT\system32\DRIVERS\MPE.sys
S3 SmartCradDrv;SmartCradDrv;\??\C:\WINNT\system32\dllcache\SmartCradDrv.html
S4 DDOM DechLunuocCOMD;DCOMLoduoher ;C:\WINNT\system32\log2.txt
S4 help Retrieves;Microsoft Windws help;C:\Program Files\antiwar.exe


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-03 21:28:29
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-08-03 21:29:30
C:\ComboFix-quarantined-files.txt ... 07-08-03 21:28
C:\ComboFix2.txt ... 07-07-04 15:17

--- E O F ---

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 2007-08-03 21:35:10 for strings:
; 'smart crad service'
; 'windows ime server'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SMART_CRAD\0000]
"DeviceDesc"="Smart Crad Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDOWS_IME_SERVER\0000]
"Service"="Windows IME Server"
"DeviceDesc"="Windows IME Server"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Smart Crad]
"DisplayName"="Smart Crad Service"
"Description"="Windows Smart Crad Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Windows IME Server]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Windows IME Server]
"DisplayName"="Windows IME Server"
"Description"="Windows IME Server"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Windows IME Server\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Windows IME Server\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SMART_CRAD\0000]
"DeviceDesc"="Smart Crad Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WINDOWS_IME_SERVER\0000]
"Service"="Windows IME Server"
"DeviceDesc"="Windows IME Server"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Smart Crad]
"DisplayName"="Smart Crad Service"
"Description"="Windows Smart Crad Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Windows IME Server]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Windows IME Server]
"DisplayName"="Windows IME Server"
"Description"="Windows IME Server"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Windows IME Server\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SMART_CRAD\0000]
"DeviceDesc"="Smart Crad Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_IME_SERVER\0000]
"Service"="Windows IME Server"
"DeviceDesc"="Windows IME Server"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Smart Crad]
"DisplayName"="Smart Crad Service"
"Description"="Windows Smart Crad Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows IME Server]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows IME Server]
"DisplayName"="Windows IME Server"
"Description"="Windows IME Server"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows IME Server\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows IME Server\Enum]

; End Of The Log...
 
i don't know if this is anything important but my tea timer disappeared it no longer shows in bottom right corner. why is this? i just installed zonealarm firewall and the poof gone:fear:? if i double click the short cut it stll doesn't come up please advise
 
This thing is really a persistant one...It is propably disabling your firewall too. We'll need to do the removal in offline mode but first I need info about the other services so that we can kill them all at once.

Doubleclick the file regsearch.exe

Type the following to the first white box:
SmartCradDrv
And this under the first one:
DCOMLoduoher
And this under the second one:
Microsoft Windws help

Hit the OK button and the scan begins.

Wait for a textfile to open and paste the contents to here :bigthumb:
 
Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 2007-08-05 15:44:55 for strings:
; 'smartcraddrv'
; 'dcomloduoher'
; 'microsoft windws help'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_DDOM_DECHLUNUOCCOMD\0000]
"DeviceDesc"="DCOMLoduoher "

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_HELP_RETRIEVES\0000]
"DeviceDesc"="Microsoft Windws help"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DDOM DechLunuocCOMD]
"DisplayName"="DCOMLoduoher "

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\help Retrieves]
"DisplayName"="Microsoft Windws help"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SmartCradDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SmartCradDrv]
; Contents of value:
; \??\C:\WINNT\system32\dllcache\SmartCradDrv.html
"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,\
4e,00,54,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,\
00,6c,00,6c,00,63,00,61,00,63,00,68,00,65,00,5c,00,53,00,6d,00,61,00,72,00,\
74,00,43,00,72,00,61,00,64,00,44,00,72,00,76,00,2e,00,68,00,74,00,6d,00,6c,\
00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_DDOM_DECHLUNUOCCOMD\0000]
"DeviceDesc"="DCOMLoduoher "

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_HELP_RETRIEVES\0000]
"DeviceDesc"="Microsoft Windws help"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\DDOM DechLunuocCOMD]
"DisplayName"="DCOMLoduoher "

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\help Retrieves]
"DisplayName"="Microsoft Windws help"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SmartCradDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SmartCradDrv]
; Contents of value:
; \??\C:\WINNT\system32\dllcache\SmartCradDrv.html
"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,\
4e,00,54,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,\
00,6c,00,6c,00,63,00,61,00,63,00,68,00,65,00,5c,00,53,00,6d,00,61,00,72,00,\
74,00,43,00,72,00,61,00,64,00,44,00,72,00,76,00,2e,00,68,00,74,00,6d,00,6c,\
00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DDOM_DECHLUNUOCCOMD\0000]
"DeviceDesc"="DCOMLoduoher "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HELP_RETRIEVES\0000]
"DeviceDesc"="Microsoft Windws help"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DDOM DechLunuocCOMD]
"DisplayName"="DCOMLoduoher "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\help Retrieves]
"DisplayName"="Microsoft Windws help"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SmartCradDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SmartCradDrv]
; Contents of value:
; \??\C:\WINNT\system32\dllcache\SmartCradDrv.html
"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,\
4e,00,54,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,\
00,6c,00,6c,00,63,00,61,00,63,00,68,00,65,00,5c,00,53,00,6d,00,61,00,72,00,\
74,00,43,00,72,00,61,00,64,00,44,00,72,00,76,00,2e,00,68,00,74,00,6d,00,6c,\
00,00,00

; End Of The Log...
 
Ok now it is time for the final strike, please follow carefully.

You should print these instructions or save these to a text file. Follow these instructions carefully.

1. At first, download one of the firewalls below to your desktop. Don't install yet.
:

2. Physically unplug your computer from the internet. (Disconnect the modem cable)

3. Open Notepad and copy the following lines into a new document:
FOR %%R IN (
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SMART_CRAD"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDOWS_IME_SERVER"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Smart Crad"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Windows IME Server"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SMART_CRAD"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WINDOWS_IME_SERVER"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Smart Crad"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Windows IME Server"
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SMART_CRAD"
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_IME_SERVER"
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Smart Crad"
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows IME Server"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_DDOM_DECHLUNUOCCOMD"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_HELP_RETRIEVES"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DDOM DechLunuocCOMD"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\help Retrieves"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SmartCradDrv"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_DDOM_DECHLUNUOCCOMD"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_HELP_RETRIEVES"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\DDOM DechLunuocCOMD"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\help Retrieves"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SmartCradDrv"
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DDOM_DECHLUNUOCCOMD"
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HELP_RETRIEVES"
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DDOM DechLunuocCOMD"
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\help Retrieves"
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SmartCradDrv"
) DO (
SWReg ACL %%R /OM
SWReg ACL %%R /GE:F /I ENABLE
SWReg DELETE %%R
)
exit
Click to expand...

4. Save the document to your desktop as Remove.bat and filetype: All Files
Go to your desktop and run the file Remove.bat and allow to run it if prompted. A window will open and close.

5. Please run Killbox.

Select "Delete on Reboot".
Select "All Files".

Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINNT\system32\dllcache\SmartCradDrv.html
C:\aa.exe
C:\WINNT\zts2.exe
C:\WINNT\system32\vcmgcd32.dll
C:\WINNT\system32\iifgfgf.dll
C:\WINNT\rundll16.exe
C:\WINNT\rundl132.dll
C:\WINNT\logo1_.exe
C:\WINNT\system32\T.COM
C:\WINNT\R.COM
C:\WINNT\system32\dllcache\CONINE.EXE
C:\Program Files\winsys.exe
C:\WINNT\system32\log2.txt
C:\Program Files\antiwar.exe
Click to expand...
Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

6. If your computer does not restart automatically, please restart it manually.

7. Now install the firewall you downloaded earlier.

8. Reconnect to the internet. (put the cable back to the modem/router)

9. Run ComboFix again and post it's log to here along with a fresh HijackThis log.

:bigthumb:
 
ComboFix 07-08-04.3 - "Administrator" 2007-08-06 15:05:46.3 [GMT -6:00] - NTFS
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.True


((((((((((((((((((((((((( Files Created from 2007-07-06 to 2007-08-06 )))))))))))))))))))))))))))))))


2007-08-06 15:05 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_35c.dat
2007-08-06 14:56 75,932 --a------ C:\WINNT\system32\drivers\klick.dat
2007-08-06 14:56 75,248 --a------ C:\WINNT\zllsputility.exe
2007-08-06 14:56 74,396 --a------ C:\WINNT\system32\drivers\klin.dat
2007-08-06 14:56 24,608 --ahs---- C:\WINNT\system32\drivers\fidbox.dat
2007-08-06 14:56 110,360 --a------ C:\WINNT\system32\drivers\kl1.sys
2007-08-06 14:56 1,824 --ahs---- C:\WINNT\system32\drivers\fidbox2.dat
2007-08-06 14:56 1,086,952 --a------ C:\WINNT\system32\zpeng24.dll
2007-08-06 14:56 <DIR> d-------- C:\WINNT\system32\ZoneLabs
2007-08-03 20:46 11,264 --a------ C:\WINNT\system32\SpOrder.dll
2007-08-03 20:46 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
2007-08-02 13:52 <DIR> d-------- C:\WINNT\ERUNT
2007-08-02 13:41 <DIR> d-------- C:\!KillBox
2007-08-01 23:27 <DIR> d--hs---- C:\WINNT\system32\inf
2007-07-30 20:21 279,552 --a------ C:\WINNT\swreg.exe
2007-07-29 10:48 29,058,754 --a------ C:\RegBackUp.reg
2007-07-23 22:51 <DIR> d-------- C:\Program Files\CCleaner
2007-07-23 12:30 124,416 --a------ C:\WINNT\swsc.exe
2007-07-19 10:53 939,280 --a--c--- C:\WINNT\system32\dllcache\ntdsa.dll
2007-07-19 10:53 939,280 --a------ C:\WINNT\system32\ntdsa.dll
2007-07-19 10:53 6,239,232 --a--c--- C:\WINNT\system32\dllcache\sp3res.dll
2007-07-19 10:53 6,239,232 --a------ C:\WINNT\system32\sp3res.dll
2007-07-16 14:11 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_2e4.dat


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

07-08-06 15:00 2408 --ahs---- C:\WINNT\system32\drivers\fidbox.idx
07-08-06 15:00 2288 --ahs---- C:\WINNT\system32\drivers\fidbox2.idx
07-08-06 14:59 4212 ---h----- C:\WINNT\system32\zllictbl.dat
07-08-02 14:08 --------- d-------- C:\Program Files\SpywareBlaster
07-08-01 23:38 27 --a------ C:\Program Files\paramstr.txt
07-07-24 20:53 --------- d-------- C:\Program Files\Soulseek
07-07-19 15:26 --------- d-------- C:\Program Files\Online Services
07-07-03 17:26 1 --a------ C:\WINNT\system32\index.dat
07-07-03 16:48 92944 --------- C:\WINNT\system32\services.exe
07-06-17 00:11 51200 --a------ C:\WINNT\nircmd.exe
07-06-14 12:11 --------- d-------- C:\Program Files\Registrar Lite
07-06-13 19:45 2368 --a------ C:\WINNT\system32\SVKP.sys
07-06-13 12:29 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\ieSpell
07-06-11 20:42 --------- d--h----- C:\Program Files\InstallShield Installation Information
07-06-11 07:08 --------- d-------- C:\Program Files\Messenger
07-06-10 03:24 --------- d-------- C:\Program Files\Conquer 2.0
07-06-10 00:25 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\InstallShield
06-10-02 20:01 271 ---h----- C:\Program Files\desktop.ini
06-10-02 20:01 21952 ---h----- C:\Program Files\folder.htt


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-07-04 06:00 C:\WINNT\system32\mobsync.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [07-04-24 01:56 ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [06-11-09 15:07 ]
"ZoneAlarm Client"="D:\Program Files\ZoneAlarm\zlclient.exe" [07-06-21 21:54 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [05-05-31 00:04 ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"StartMenuLogOff"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"StartMenuLogOff"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Smart Crad]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

R1 Avg7RsNT;AVG7 Resident Driver NT;C:\WINNT\system32\Drivers\avg7rsnt.sys
R3 MTsensor;ATK0110 ACPI UTILITY;C:\WINNT\system32\DRIVERS\ASACPI.sys
R3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys
S3 moufiltr;Mouse Filter Driver;C:\WINNT\system32\DRIVERS\moufiltr.sys
S3 MPE;BDA MPE Filter;C:\WINNT\system32\DRIVERS\MPE.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-06 15:08:21
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-08-06 15:09:30
C:\ComboFix-quarantined-files.txt ... 07-08-06 15:08
C:\ComboFix2.txt ... 07-08-03 21:39
C:\ComboFix3.txt ... 07-08-03 21:29

--- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 15:11, on 2007-08-06
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\cisvc.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
D:\Program Files\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINNT\explorer.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\cidaemon.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159897217328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159897265265
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.0/installer.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712....akamai.com/6712/player/install/installer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
 
You must log in or register to reply here.
Back
Top