------------------------------
Boot mode: Normal
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\WINNT\system32\svchost.exe
D:\Program Files\FSI\F-Prot\fpavupdm.exe
D:\WINNT\Explorer.EXE
D:\Program Files\USB Storage Device\shwicon.exe
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Security-1\HiJack-199\hijackthis-2.02.exe
D:\MOZILLA\FIREFO~1\FIREFOX\FIREFOX.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = D:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = D:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
O1 - Hosts: 255.255.255.255 broadcasthost
O1 - Hosts: ::1 localhost
O1 - Hosts: 66.35.250.150 s # slashdot.org
O1 - Hosts: 216.239.39.99 g # google.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [ShowIcon_The Company_USB Storage Device v1.14e035] "D:\Program Files\USB Storage Device\shwicon.exe" -t"The Company\USB Storage Device v1.14e035"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [FRISK FP-Scheduler] "D:\Program Files\FSI\F-Prot\F-Sched.exe" STARTUP
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINNT\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - D:\Program Files\FSI\F-Prot\fpavupdm.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Network helper Service (MSDisk) - Unknown owner - D:\WINNT\system32\irdvxc.exe (file missing)
--
End of file - 3350 bytes
------------------------------------------------
On my normally "bullet proof for three years" dual boot (98SE & 2000 Pro) system, I recently encountered an intrusion problem wherein I was getting install hits of Redworld and other malware variants (note the irdvxc file deletion - haven't yet figured out how to remove this service).
Among a few other things, I replaced the HOSTS file with a newly released one from Dan Pollock at http://someonewhocares.org/hosts/zero/.
My question is, I'm now seeing Hosts entries in my HiJack log that I haven't seen before. Is this normal? What are these entries telling me?
Thank you ...
