Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Question

Should I have: 1) a windows\servicepak\i-386 dir.? 2) and a

Dec 14, 2012 3:04AM PST

Windows Xp search shows a csrss.exe file located @ c:\windows\servicePak\i-386\csrss.exe, but when I go to dos and enter c:\windows\servicepak I get dir dosen't excist.
Should I have 2 csrss.exe files 1 for windows service pak 3 update and one for windows?

If so why hidden?

Also, when I enter dir / ah in c:\windows I get 50+ hidden dir in the dir. This makes no sense to me.

I believe i am being hacked!

Discussion is locked

- Collapse -
PS. Forget to answer about DMA function.
Dec 17, 2012 1:39AM PST

Your post is still light on detail. Again, since you didn't give the machine's details so I think you are telling me you've done the research and it does not apply. It doesn't apply to all machines but we always check.
Bob

- Collapse -
more details...
Dec 17, 2012 3:25AM PST

Again, since you didn't give the machine's details

Ram is 4 not 8.


Asus Mb bios ver2.5 Amer Megatrends, intel dual core 1866 mhz, 4gigs ram, 500HDD, win XP home S3

- Collapse -
haven't run HIjack ...
Dec 17, 2012 3:17AM PST

....yet was waiting for answer from you if I should. Spybot S&D won't run w/MacAfee. It is recommended to run Spybot prior to Hijack.

- Collapse -
ran Hijack....
Dec 17, 2012 3:48AM PST

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:39:11 AM, on 12/17/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar Lite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Ronald\Application Data\MegaCloudBackup\MegaCloudBackup.exe
C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
C:\Documents and Settings\Ronald\Application Data\MegaCloud\MegaCloud.exe
C:\Program Files\IObit\Advanced SystemCare 6\Asc.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Ronald\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=DownloadX&dpid=DownloadX&co=US&userid=71e46ff8-118b-460b-84ff-8446311fdb6f&searchtype=ds&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=DownloadX&dpid=DownloadX&co=US&userid=71e46ff8-118b-460b-84ff-8446311fdb6f&searchtype=ds&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=DownloadX&dpid=DownloadX&co=US&userid=71e46ff8-118b-460b-84ff-8446311fdb6f&searchtype=ds&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\ADVANC~2\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKCU\..\Run: [Desktop iCalendar Lite.exe] "C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar Lite.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 6] "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
O4 - S-1-5-18 Startup: MegaCloud Backup.lnk = C:\Documents and Settings\Ronald\Application Data\MegaCloudBackup\MegaCloudBackup.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: MegaCloud.lnk = C:\Documents and Settings\Ronald\Application Data\MegaCloud\MegaCloud.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: MegaCloud Backup.lnk = C:\Documents and Settings\Ronald\Application Data\MegaCloudBackup\MegaCloudBackup.exe (User 'Default user')
O4 - .DEFAULT Startup: MegaCloud.lnk = C:\Documents and Settings\Ronald\Application Data\MegaCloud\MegaCloud.exe (User 'Default user')
O4 - Startup: MegaCloud Backup.lnk = C:\Documents and Settings\Ronald\Application Data\MegaCloudBackup\MegaCloudBackup.exe
O4 - Startup: MegaCloud.lnk = C:\Documents and Settings\Ronald\Application Data\MegaCloud\MegaCloud.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WNA3100 Genie.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1352463642328
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: WSWNA3100 - Unknown owner - C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe

--
End of file - 11540 bytes

- Collapse -
That helped a LOT.
Dec 17, 2012 4:31AM PST

I see overlapping security and sadly IOBIT in there.

McAfee does not play well with multiple security software so you have to ask each maker what plays along.

And then after all that the answer changes as each updates.

--> Look at all that runs at startup and it's no surprise that it takes a while to boot as McAfee checks this, another scanner notices that being checked and McAfee notices the check and checks again.

It's something you see a lot now as folk are scared silly of malware and more and install protection after protection. Why can you do for them?

--> I never found what hard drive you have so I can't check into the XP DMA issue. I hope you did that research.

In closing there is another item that slows down boot times and that's the common USB external drive. Such is not on your list so far so that's not a factor as far as I can tell.
Bob

- Collapse -
Answer
Recap. We've covered a lot.
Dec 17, 2012 6:03AM PST

This discussion moved from the original question to why the machine may be taking 5 minutes to boot.

It took a look at the PC with the usual RKILL and the HIJACKTHIS log and it looks like no infections. It's very normal for a PC with overlapping protection to take a long time to boot so the good news is that nothing looks out of line for the 5 minute boot time.

There are a few items that we couldn't see in this forum such as the old XP DMA issue which may not apply or if there are USB drives plugged in. Both can increase boot time.

-> If you are unable to slim down on the protection I think you should try XP's HIBERNATE feature to speed up the boot times.
Bob

- Collapse -
hdd
Dec 17, 2012 7:40AM PST

I never found what hard drive you have so I can't check into the XP DMA issue. I hope you did that research.

Bob, I don't now what DM info your looking for. Sent to , ***/systemtools/system/info/hardware/DMA and all thats there is channel2, channel4?

Are you suggesting McAfee isn't compatible with A.S.C.by 10bit?

Bob, still ORIGINAL PROBLEM WHERES/or IS THERE A VIRUS?

Still same issues with PC. Is there source code that looks like it might be from a third party where it shouldn't be. Still think my X-neighbor Software engineer has programmed his way into my system. All he needs is an IP address.

- Collapse -
Questions, questions.
Dec 17, 2012 7:48AM PST

1 " I don't now what DM info your looking for. Sent to , Ass/systemtools/system/info/hardware/DMA and all thats there is channel2, channel4?"

The make and model of the drive would have been enough. It's widely discussed so without the extra detail I was left with the impression you did the research.

2 " Are you suggesting McAfee isn't compatible with A.S.C.by 10bit?"

I'd take that bet. Ask McAfee as IOBit has been, well. I'm not going there. Not a product I'd use.

3 " ORIGINAL PROBLEM WHERES/or IS THERE A VIRUS? "

Not according to the scans. It looks more like the normal issue of too much protection with protection checking the other protection and slowing it all down.

4 "Still same issues with PC."

Since you haven't changed anything, it should be as slow as when we started. Sadly I get the feeling you are not going to remove anything. At least we did the checks and found good reasons for bad performance.

5 " Is there source code that looks like it might be from a third party where it shouldn't be. Still think my X-neighbor Software engineer has programmed his way into my system. All he needs is an IP address."

I can't help what people think. I can use the usual scans, interpret them and share what I think. Now you have to decide what you want to do next since it's your PC.

Bob

- Collapse -
slowing is/was not the issues
Dec 17, 2012 9:58AM PST

the loss of internet, e-mail acct., audio reverb, hourly da-ding all still happening.

This was my original need.

The slowing started when I started loading all these utiliies!!!

But there is no virus is there someone is hacking my sytem!

- Collapse -
Read your first post again.
Dec 17, 2012 12:12PM PST

This is not in your first post.

If you are on WiFi there are VERY SIMPLE things I can do to knock you out. And it does not require me to know your IP or hack your PC.

Again, the details of your connection are not in your post so I can't determine what can be done. Also, the HDD make and model are still missing so again I think you must be doing your own research which is good to know.

Bob

- Collapse -
yes the csrss files where suspect
Dec 17, 2012 3:38PM PST

for the supposed virus, if it existed. I still say I'm being hacked!

- Collapse -
Then you will be hacked.
Dec 17, 2012 11:54PM PST

Or think you will be hacked.

How do you get support today? I've given you plenty of opportunity to participate in finding an answer to your top post's question. You then revealed it was taking 5 minutes to boot and we can see why that is.

30+ posts later you think you are being hacked and won't answer questions.

This is where folk get support to come in and do the work for you.
Bob

- Collapse -
(NT) your communication skills suk Robert
Dec 18, 2012 1:26AM PST
- Collapse -
I'll try harder if you will.
Dec 18, 2012 1:40AM PST

I've asked questions and don't get answers from you so it appears you need support to come to your location and work directly with you.

That way they either get the answer from you or the system.
Bob

- Collapse -
Wow !
Dec 17, 2012 7:53AM PST

Maybe I'm reading this wrong but, I think Bob is saying you should check out all of the conflicting programs that you have running at start-up. You shouldn't have AVS . Iobit MalwareFighter, Malwarebyter' Anti-malware, and McAfee all starting. Maybe Just McAfee...

- Collapse -
Answer
well now....
Dec 17, 2012 10:01AM PST

if we are certain now there is no virus, then yes most of these utilties can be uninstalled. They where installed just recentl to check for virus/malware.

- Collapse -
(NT) yes
Dec 17, 2012 12:11PM PST
- Collapse -
yes...
Dec 17, 2012 3:32PM PST

if uninstalled most of them. The boot is much faster. Also, I have re-installed the Ethernet drv and am no-lomger WiFi

- Collapse -
uninstalled utilities ran rkill/hijack again...
Dec 17, 2012 11:38PM PST

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/18/2012 07:03:34 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* AppMgmt [Missing ServiceDLL Value]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 12/18/2012 07:04:10 AM
Execution time: 0 hours(s), 0 minute(s), and 35 seconds(s)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:05:29 AM, on 12/18/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar Lite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Ronald\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=DownloadX&dpid=DownloadX&co=US&userid=71e46ff8-118b-460b-84ff-8446311fdb6f&searchtype=ds&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=DownloadX&dpid=DownloadX&co=US&userid=71e46ff8-118b-460b-84ff-8446311fdb6f&searchtype=ds&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=DownloadX&dpid=DownloadX&co=US&userid=71e46ff8-118b-460b-84ff-8446311fdb6f&searchtype=ds&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS02/110
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\ADVANC~2\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [!DPLauncher] "C:\Program Files\Microsoft\DefaultPack\DPLauncher.EXE" partner=p001 comb=1
O4 - HKCU\..\Run: [Desktop iCalendar Lite.exe] "C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar Lite.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 6] "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WNA3100 Genie.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1352463642328
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: WSWNA3100 - Unknown owner - C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe

--
End of file - 9928 bytes

- Collapse -
Why this?
Dec 17, 2012 11:56PM PST
- Collapse -
thought you might be interested...
Dec 18, 2012 1:23AM PST

since I was told to remove them froo the report by an associate of yous. Excuse me.

Like I said before you suggested running all these dump utilties I DON"T HAVE A VIRUS.

- Collapse -
I didn't tell anyone to remove a thing.
Dec 18, 2012 1:26AM PST

You make those decisions.

- Collapse -
hello Robert I said
Dec 18, 2012 4:16AM PST

BY AN ASSOCIATE NOT YOU ! Again, your communication suks

- Collapse -
Do You stil hear bells and whistles?
Dec 18, 2012 6:09AM PST

I still see Iobit ACS also Real Player and McAfee at start up , fix those things..

- Collapse -
and futhermore
Dec 18, 2012 7:04AM PST

any one that reads this whole conversation from beginning to end would think to themselves ," if this guys neighbor "Engineered" this Hacking process , than Grow Some Balls And Confront Him !, I'm No ones associate! I'm just a person reading your post and trying to help out, Digger

- Collapse -
(NT) hey Robert go to.....
Dec 18, 2012 12:36PM PST
- Collapse -
Excuse me
Dec 18, 2012 7:50AM PST

I meant ASC, sorry for my rants also...Digger

- Collapse -
(NT) please no further contact!
Dec 18, 2012 12:39PM PST