Unknown processes

[uzair]

Guys
my system has 256 mb of ram....running win xp.In the task manager i find about 45 processes running consuming too much of cpu time...My system has become very sluggish....

Multiple instances of svchost...I guess thats normal..

But other process4s like ehmsas.exe,alg.exe????? what do these processes do??
can someone tell me the list of unwanted processes that can be terminated.?

Also smss.exe is within a folder called "Tok Cirrhatus"...Is it a sysytem folder??
I fear its a virus merged with my sys process...

Give me a way out of this mess...

 

[akshaykapoor_3]

Hello !
It may be a spyware or a virus activity which usually slows down the performance of a PC.
Well, multiple istances of svchost are normal , generally 5 (1-local service, 2-network service, 2-system).

ehmsas.exe is a process belonging to the Microsoft Windows Media Center and is described as the Windows Media Center State Aggregator Service. This program is important for the stable and secure running of your computer and should not be terminated.

alg.exe is also an important process belonging to Microsoft Windows Operating Systems.

Still you should check them for any infections.


4 must haves for your pc !

1) Lavasoft adaware SE Professional
2) Registry Mechanic
3) Spyware Blaster
4) Avast antivirus

Never faced a problem having installed all of these.

 

[Lucky_star]

There will be 5 instances of svchost.exe running at any time. They are essential ones.
Post a hijack this log of your system.

 

[AshishSharma]

Lets take them one by one :

ehmsas.exe : The process Media Center Media Status Aggregator Service or Media Center Status Module belongs to the software Microsoft® Windows® Operating System or Media Center Status Module

Alg.exe : Application Layer Gateway Service

alg.exe is a process belonging to Microsoft Windows Operating System. It is a core process for Microsoft Windows Internet Connection sharing and Internet connection firewall.

About "Tok Cirrhatus" ur computer might be infected with WORM_RONTOKBR.AC worm Check the following link for removal instructions :

*www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RONTOKBR.AC&VSect=Sn

Most importantly get a good Anti-Virus, update it and scan your computer for Virus Infections.

Second get some good Anti-Spyware " Lavasoft adaware SE Professional " should be a good choice and scan your computer for Malware.

Third get hijackthis run the scan and post the report here ....

 

[anandk]

^ good answer.
but scan in safe mode.
u might wanna scan with 'avg anti-spy' instead.
also run ccleaner.

if problem persists, post ur hjt logfile.

 

[uchiha.sasuke]

As u said that smss.exe is within a folder called "Tok Cirrhatus".......Ur pc is surely infected frm brontok virus......search for this file "AntiBrontokA-en.exe" on google it will help u....

 

[ApoorvKhatreja]

Logfile of HijackThis v1.99.1
Scan saved at 12:49:06 AM, on 2/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\InterVideo\WinDVR\WinRemote.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Documents and Settings\Apoorv Khatreja\Desktop\hijackthis\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [WinRemote] "C:\Program Files\InterVideo\WinDVR\WinRemote.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - *www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E776995-30CE-441F-A723-326C9F08AB0F}: NameServer = 4.2.2.1,4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD2387BB-9520-470C-BE06-A11405B549AC}: NameServer = 59.179.243.70 202.159.217.198
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe




Umm ok, I understand most of this log..I don't spot any kinda malware. You guys see anything?


I'm not sure about this one - C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe

 

[uzair]

I found this Software at this link

*download.bitdefender.com/resources/files/Download/en/AntiBrontokA-en.exe


Is it advisable to run this or is it yet another virus pretending to be an anti virus

???

will it help

 

[Tech Geek]

I found this Software at this link

*download.bitdefender.com/resources/files/Download/en/AntiBrontokA-en.exe


Is it advisable to run this or is it yet another virus pretending to be an anti virus

???

will it help

See buddy
there cant be softwares for less than 300kb
so it should be a virus

 

[sridatta]

I think you can use TuneUp Utilities Process manager to view the description, and reliablity level of each of the running processes..

 

[Kiran.dks]

Logfile of HijackThis v1.99.1
Scan saved at 12:49:06 AM, on 2/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\InterVideo\WinDVR\WinRemote.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Documents and Settings\Apoorv Khatreja\Desktop\hijackthis\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [WinRemote] "C:\Program Files\InterVideo\WinDVR\WinRemote.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - *www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E776995-30CE-441F-A723-326C9F08AB0F}: NameServer = 4.2.2.1,4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD2387BB-9520-470C-BE06-A11405B549AC}: NameServer = 59.179.243.70 202.159.217.198
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

Umm ok, I understand most of this log..I don't spot any kinda malware. You guys see anything?

I'm not sure about this one - C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe

I found no problems in the log report. And SDMCP is a part of Stardock Object Bar. It is a legimate process.

 

[anandk]

a good site to remember; tells the exact nature and purpose of any and every single process known...
*www.processlibrary.com/

 

[AshishSharma]

If you don't have any updated Virus Scanner you may try using the McAfee Command Line Scanner. Follow the these instructions to scan your computer for Virus Infections, no need to install the Anti-Virus just download the latest Virus Definition File and scanner and scan your computer

Here we go :

Download the File named Sdat----.exe from the following location :

ftp://ftp.nai.com/pub/antivirus/superdat/intel/

Create a new folder SCAN on on the root of ur C:\ drive and copy the file to this new folder.

Boot your machine into Safe Mode.
(*www.pchell.com/support/safemode.shtml)

Now open command prompt and go to C:\

Cd Scan

Extract using the command
sdat####.exe /e (replace #### with version number)

Do DIR and make sure u now have a file Scan.exe there, if the file is there now run the following command.

SCAN.EXE /adl /sub /clean /del

adl scans all local drives
/sub will scan all subdirectories
/clean will clean any infected files
/del will delete any files that can't be cleaned

If you need the command parameters listing type scan /?

Omitted or add any commands that you want.


This will clean all infections detected on the machine, I've presonally found this scan very effective and the fact that u initiate it from command Safe Mode allows it to clean thoroughly.

 

[ismart]

try an online scanner to get info about those files. You might try Panda's

*www.pandasoftware.com/actives..._principal.htm

 

[uzair]

Logfile of HijackThis v1.99.1
Scan saved at 7:27:37 PM, on 4/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Intel\Wireless\Bin\EvtEng.exe
E:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
E:\WINDOWS\System32\WLTRYSVC.EXE
E:\WINDOWS\System32\bcmwltry.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\eHome\ehRecvr.exe
E:\WINDOWS\eHome\ehSched.exe
E:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\F-Secure\Common\FSMA32.EXE
E:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
E:\WINDOWS\system32\igfxpers.exe
E:\WINDOWS\system32\hkcmd.exe
E:\Program Files\Network Associates\Common Framework\FrameworkService.exe
E:\WINDOWS\ehome\ehtray.exe
E:\Program Files\F-Secure\Common\FSM32.EXE
E:\Program Files\F-Secure\Common\FSMB32.EXE
E:\WINDOWS\system32\DrvMon.exe
E:\Program Files\F-Secure\Common\FCH32.EXE
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\WINDOWS\system32\PMSveH.exe
E:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\PMHandler.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\F-Secure\Anti-Virus\fsqh.exe
E:\Program Files\F-Secure\Common\FAMEH32.EXE
E:\WINDOWS\eHome\ehmsas.exe
E:\Program Files\F-Secure\FSAUA\program\fsaua.exe
E:\Program Files\F-Secure\Anti-Virus\fssm32.exe
E:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
E:\WINDOWS\system32\dllhost.exe
E:\Program Files\F-Secure\FSAUA\program\fsus.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\F-Secure\Anti-Virus\fsav32.exe
E:\Program Files\F-Secure\FSGUI\fsguidll.exe
E:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
E:\Documents and Settings\LENOVO\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = *www.windowsxlive.net
O1 - Hosts: 127.4.7.4 mcafee.com
O1 - Hosts: 127.4.7.4 www.mcafee.com
O1 - Hosts: 127.4.7.4 mcafeesecurity.com
O1 - Hosts: 127.4.7.4 www.mcafeesecurity.com
O1 - Hosts: 127.4.7.4 mcafeeb2b.com
O1 - Hosts: 127.4.7.4 www.mcafeeb2b.com
O1 - Hosts: 127.4.7.4 nai.com
O1 - Hosts: 127.4.7.4 www.nai.com
O1 - Hosts: 127.4.7.4 vil.nai.com
O1 - Hosts: 127.4.7.4 grisoft.com
O1 - Hosts: 127.4.7.4 www.grisoft.com
O1 - Hosts: 127.4.7.4 kaspersky-labs.com
O1 - Hosts: 127.4.7.4 www.kaspersky-labs.com
O1 - Hosts: 127.4.7.4 kaspersky.com
O1 - Hosts: 127.4.7.4 www.kaspersky.com
O1 - Hosts: 127.4.7.4 downloads1.kaspersky-labs.com
O1 - Hosts: 127.4.7.4 downloads2.kaspersky-labs.com
O1 - Hosts: 127.4.7.4 downloads3.kaspersky-labs.com
O1 - Hosts: 127.4.7.4 downloads4.kaspersky-labs.com
O1 - Hosts: 127.4.7.4 download.mcafee.com
O1 - Hosts: 127.4.7.4 grisoft.cz
O1 - Hosts: 127.4.7.4 www.grisoft.cz
O1 - Hosts: 127.4.7.4 norton.com
O1 - Hosts: 127.4.7.4 www.norton.com
O1 - Hosts: 127.4.7.4 symantec.com
O1 - Hosts: 127.4.7.4 www.symantec.com
O1 - Hosts: 127.4.7.4 liveupdate.symantecliveupdate.com
O1 - Hosts: 127.4.7.4 liveupdate.symantec.com
O1 - Hosts: 127.4.7.4 update.symantec.com
O1 - Hosts: 127.4.7.4 securityresponse.symantec.com
O1 - Hosts: 127.4.7.4 sarc.com
O1 - Hosts: 127.4.7.4 www.sarc.com
O1 - Hosts: 127.4.7.4 norman.com
O1 - Hosts: 127.4.7.4 www.norman.com
O1 - Hosts: 127.4.7.4 trendmicro.com
O1 - Hosts: 127.4.7.4 www.trendmicro.com
O1 - Hosts: 127.4.7.4 trendmicro.co.jp
O1 - Hosts: 127.4.7.4 www.trendmicro.co.jp
O1 - Hosts: 127.4.7.4 trendmicro-europe.com
O1 - Hosts: 127.4.7.4 www.trendmicro-europe.com
O1 - Hosts: 127.4.7.4 ae.trendmicro-europe.com
O1 - Hosts: 127.4.7.4 it.trendmicro-europe.com
O1 - Hosts: 127.4.7.4 secunia.com
O1 - Hosts: 127.4.7.4 www.secunia.com
O1 - Hosts: 127.4.7.4 winantivirus.com
O1 - Hosts: 127.4.7.4 www.winantivirus.com
O1 - Hosts: 127.4.7.4 pandasoftware.com
O1 - Hosts: 127.4.7.4 www.pandasoftware.com
O1 - Hosts: 127.4.7.4 esafe.com
O1 - Hosts: 127.4.7.4 www.esafe.com
O1 - Hosts: 127.4.7.4 f-secure.com
O1 - Hosts: 127.4.7.4 www.f-secure.com
O1 - Hosts: 127.4.7.4 europe.f-secure.com
O1 - Hosts: 127.4.7.4 bhs.com
O1 - Hosts: 127.4.7.4 www.bhs.com
O1 - Hosts: 127.4.7.4 datafellows.com
O1 - Hosts: 127.4.7.4 www.datafellows.com
O1 - Hosts: 127.4.7.4 cheyenne.com
O1 - Hosts: 127.4.7.4 www.cheyenne.com
O1 - Hosts: 127.4.7.4 ontrack.com
O1 - Hosts: 127.4.7.4 www.ontrack.com
O1 - Hosts: 127.4.7.4 sands.com
O1 - Hosts: 127.4.7.4 www.sands.com
O1 - Hosts: 127.4.7.4 sophos.com
O1 - Hosts: 127.4.7.4 www.sophos.com
O1 - Hosts: 127.4.7.4 icubed.com
O1 - Hosts: 127.4.7.4 www.icubed.com
O1 - Hosts: 127.4.7.4 perantivirus.com
O1 - Hosts: 127.4.7.4 www.perantivirus.com
O1 - Hosts: 127.4.7.4 virusalert.nl
O1 - Hosts: 127.4.7.4 www.virusalert.nl
O1 - Hosts: 127.4.7.4 pagina.nl
O1 - Hosts: 127.4.7.4 www.pagina.nl
O1 - Hosts: 127.4.7.4 antivirus.pagina.nl
O1 - Hosts: 127.4.7.4 castlecops.com
O1 - Hosts: 127.4.7.4 www.castlecops.com
O1 - Hosts: 127.4.7.4 virustotal.com
O1 - Hosts: 127.4.7.4 www.virustotal.com
O1 - Hosts: 127.4.7.4 vaksin.com
O1 - Hosts: 127.4.7.4 www.vaksin.com
O1 - Hosts: 127.4.7.4 forum.vaksin.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PMHandler] C:\WINDOWS\SYSTEM32\PMHandler.exe
O4 - HKLM\..\Run: [igfxtray] E:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] E:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] E:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] E:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [F-Secure Manager] "E:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "E:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [DrvMon.exe] E:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Empty.pif
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: e:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: e:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: e:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: e:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: e:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: e:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: e:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: e:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: e:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: e:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: e:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: e:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: e:\program files\f-secure\fsps\program\fslsp.dll
O20 - AppInit_DLLs: E:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - E:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: EvtEng - Intel Corporation - E:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - E:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - E:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - E:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - E:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: GoogleDesktopManager - Google - E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - E:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: PMSveH - Lenovo - E:\WINDOWS\system32\PMSveH.exe
O23 - Service: RegSrvc - Intel Corporation - E:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - E:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - E:\WINDOWS\System32\WLTRYSVC.EXE







Is everything all right???
lemme know

 

[anandk]

boy, i have never seen such a host file hijack !

download a good host file from *www.mvps.org/winhelp2002/hosts.htm
and go to c/windows/system32/drivers/etc/ and replace ur hosts file there with this one. then lock it using winpatrol/spybot/readonly/etc.

c these too *www.thinkdigit.com/forum/showthread.php?t=28418&highlight=lock+hosts+file
*www.thinkdigit.com/forum/showthread.php?t=30153&highlight=lock+hosts+file