Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\user\LOCALS~1\Temp\GLB1A2B.EXE||C:\DOC UME~1\user\LOCALS~1\Temp\GLB1A2B.EXE||C:\DOCUME~1\ user\LOCALS~1\Temp\GLB1A2B.EXE||C:\DOCUME~1\user\L OCALS~1\Temp\_iu14D2N.tmp||C:\DOCUME~1\user\LOCALS ~1\Temp\GLB1A2B.EXE||C:\DOCUME~1\user\LOCALS~1\Tem p\A~NSISu_.exe||C:\DOCUME~1\user\LOCALS~1\Temp\GLB 1A2B.EXE
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
--------------------------------------------------
End of report, 10,450 bytes
Report generated in 1.297 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
[/CODE]
Code:
Current task list information for xxxxx, running WIN_XP, Service Pack 2, build 2600
Details collected on 2005/07/02 02:07:26
PID Process Name File Version Pk Mem Usg. Command line that invoked task
0 System Idle Process 0.0.0.0 0Mb ><
4 System 0.0.0.0 1.96Mb ><
404 smss.exe 5.1.2600.2180 0.82Mb >\SystemRoot\System32\smss.exe<
460 csrss.exe 0.0.0.0 3.22Mb ><
484 winlogon.exe 5.1.2600.2180 12.86Mb >winlogon.exe<
528 SERVICES.EXE 5.1.2600.2180 3.44Mb >C:\WINDOWS\system32\services.exe<
540 LSASS.EXE 5.1.2600.2180 6.69Mb >C:\WINDOWS\system32\lsass.exe<
692 SVCHOST.EXE 5.1.2600.2180 5.09Mb >C:\WINDOWS\system32\svchost -k DcomLaunch<
784 SVCHOST.EXE 0.0.0.0 5.38Mb ><
868 MsMpEng.exe 1.1.1593.0 23.95Mb >"C:\Program Files\Windows Defender\MsMpEng.exe"<
908 SVCHOST.EXE 5.1.2600.2180 21.82Mb >C:\WINDOWS\System32\svchost.exe -k netsvcs<
952 InCDsrv.exe 5.0.0.4 4.27Mb >"C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe"<
1176 SVCHOST.EXE 0.0.0.0 3Mb ><
1260 SVCHOST.EXE 0.0.0.0 3.59Mb ><
1376 spoolsv.exe 5.1.2600.2696 4.64Mb >C:\WINDOWS\system32\spoolsv.exe<
1652 EXPLORER.EXE 6.0.2900.2180 42.11Mb >C:\WINDOWS\Explorer.EXE<
1844 rundll32.exe 5.1.2600.2180 5.9Mb >"C:\WINDOWS\system32\rundll32.exe" C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s<
1852 ctfmon.exe 5.1.2600.2180 3.36Mb >"C:\WINDOWS\system32\ctfmon.exe" <
1864 msmsgs.exe 4.7.0.3001 6.52Mb >"C:\Program Files\Messenger\msmsgs.exe" /background<
1132 avgamsvr.exe 7.5.0.445 3.67Mb >C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe<
1172 avgupsvc.exe 7.5.0.420 2.14Mb >C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe<
648 avgemc.exe 7.5.0.442 7.37Mb >C:\PROGRA~1\Grisoft\AVG7\avgemc.exe<
1340 cmdagent.exe 2.4.0.20 7.52Mb >"C:\Program Files\Comodo\Firewall\cmdagent.exe"<
1556 dvpapi.exe 4.94.0.61018 2.69Mb >"C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe"<
1616 NMSAccess.exe 0.0.0.0 0.84Mb >"C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe"<
1576 wdfmgr.exe 0.0.0.0 1.69Mb ><
3396 alg.exe 0.0.0.0 3.07Mb ><
1700 BearShare.exe 5.2.5.1 15.1Mb >"C:\Program Files\BearShare\BearShare.exe" <
3144 drwtsn32.exe 5.1.2600.0 6.93Mb >C:\WINDOWS\system32\drwtsn32 -p 1700 -e 880 -g<
1504 drwtsn32.exe 5.1.2600.0 2.88Mb >C:\WINDOWS\system32\drwtsn32 -p 3144 -e 1520 -g<
1976 vlc.exe 0.8.5.0 33.88Mb >"C:\Program Files\VideoLAN\Vlc\vlc.exe" --intf wx --wx-embed<
1968 BearDiag.exe 1.99.16.0 13.22Mb >"C:\Documents and Settings\user\Desktop\BearDiag.exe" <
3672 wmiprvse.exe 0.0.0.0 6.83Mb ><
BearShare library folder information for xxxxx, running WIN_XP, Service Pack 2, build 2600
Details collected on 2005/07/02 02:09:10
Volume in drive C has no label.
Volume Serial Number is 356A-1EDB
Directory of C:\Program Files\BearShare Test\db
03/24/2007 07:53 AM <DIR> .
03/24/2007 07:53 AM <DIR> ..
07/01/2005 07:56 AM 3,103 config.bin
07/02/2005 02:06 AM 3,103 config.bin.bak
07/01/2005 04:28 PM 158,460 connect.txt
07/02/2005 02:06 AM 1,249 gwebcache.dat
07/01/2005 04:22 PM 3,768 Hostiles.txt
07/02/2005 02:06 AM 0 Hostiles-Chat.txt
07/01/2005 04:32 PM 169,984 library.2.db
07/01/2005 04:32 PM 169,984 library.2.db.lastgoodload.bak
07/01/2005 04:32 PM 169,984 library.db
07/01/2005 04:32 PM 169,984 library.db.lastgoodload.bak
07/02/2005 02:06 AM 19 searches.ini
11 File(s) 849,638 bytes
2 Dir(s) 11,793,760,256 bytes free Code:
Firewall information for xxxxx, running WIN_XP, Service Pack 2, build 2600
Details collected on 2005/07/02 02:09:20
Default gateway is xxx.xx.xxx.xxx
Valid Firewall exception for program C:\Program Files\BearShare Test\BearShare.exe found
Domain profile configuration:
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Allowed programs configuration for Domain profile:
Mode Name / Program
-------------------------------------------------------------------
Enable Remote Assistance / C:\WINDOWS\system32\sessmgr.exe
Enable Network Diagnostics for Windows XP / C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
Standard profile configuration (current):
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Allowed programs configuration for Standard profile:
Mode Name / Program
-------------------------------------------------------------------
Enable Yahoo! Messenger / C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
Enable Yahoo! FT Server / C:\Program Files\Yahoo!\Messenger\YServer.exe
Enable Kaspersky Anti-Virus Service / C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
Enable Messenger / C:\Program Files\MSN Messenger\msnmsgr.exe
Enable Network Diagnostics for Windows XP / C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
Enable iolo Firewallr / C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe
Enable iolo AntiVirusr / C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe
Enable iolo AntiVirusr Email Protection / C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\iAVEmailScanner.exe
Enable BearShare / C:\Program Files\BearShare\BearShare.exe
Enable LimeWire swarmed installer / C:\StubInstaller.exe
Enable BearFlix / C:\Program Files\BearFlix\bearflix.exe
Enable BearShare / C:\Program Files\BearShare Test\BearShare.exe
Log configuration:
-------------------------------------------------------------------
File location = C:\WINDOWS\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
Local Area Connection firewall configuration:
-------------------------------------------------------------------
Operational mode = Enable
High-Speed Connection Manager firewall configuration:
-------------------------------------------------------------------
Operational mode = Enable
[bg=#ffcc00]Important listing 'hijackthis.log' could not be found - details not available. Please re-run from
C:\Documents and Settings\user\DesktopHijackThis.exe to generate and paste in your reply in the forum.[/bg]