vtststs.dll

[SUSZANNAH]

hi all, a little info required if possible.

Straight away after last virus database update, avast screamed I had this virus.

trojan gen.... in system 32 safely went to chest, when i read the properties, it said that last modfication was 17/4/07 does this mean it was on pc all this time undetected?

Tried to look up vtststs.dll in google but it came back with zilch...seems safe now just curious........

[Lisandro]

Does this mean it was on pc all this time undetected?

Yes, it could be.
No, it could be a false positive detection.

Can you send the samples to virus@avast.com ?
You can zip and password the files... Inform a link to this thread and the password used.
You can send the files to Chest and, from there, resend to Alwil for analysis.
Thanks.

It will be good if you check the file against on-line scanners. Submit the file to:
Virustotal
Jotti
There is also Kaspersky File Scanner (The file should not be larger than 1 MB).

[SUSZANNAH]

Thank you Tech, been a long time how do I get it from the chest to Jotti?   

[Lisandro]

Thank you Tech, been a long time how do I get it from the chest to Jotti?   

You will have to extract the file to a temporary folder (better an USB drive), do NOT double-click the file or run it...
From this temporary folder, submit to VirusTotal (better than Jotti).

[DavidR]

You can't the chest is a protected area, you have to export it (not restore) to a temp location and upload it to VirusTotal, much better results (more scanners) and it uses the windows version of avast.

Once you have uploaded it you will need to delete it from the temp location. You may need to pause the standard shield when you export or try to upload otherwise it might be detected again and stopped (resume standard shield immediately the upload completes).

[SUSZANNAH]

Thanks guys, very interesting results seems it's Conhook again...............

these are virustotal results, hope the info comes in useful


Antivirus   Version   Last Update   Result
AhnLab-V3   2007.8.18.0   2007.08.18   Win-Trojan/Conhook.8399
AntiVir   7.4.1.62   2007.08.19   TR/Dldr.ConHook.AH.18
Authentium   4.93.8   2007.08.17   -
Avast   4.7.1029.0   2007.08.20   Win32:Trojan-gen. {Other}
AVG   7.5.0.484   2007.08.19   Downloader.Generic5.IYP
BitDefender   7.2   2007.08.20   Adware.Winflyer.A
CAT-QuickHeal   9.00   2007.08.18   -
ClamAV   0.91   2007.08.20   -
DrWeb   4.33   2007.08.19   -
eSafe   7.0.15.0   2007.08.16   -
eTrust-Vet   31.1.5069   2007.08.18   -
Ewido   4.0   2007.08.19   -
FileAdvisor   1   2007.08.20   -
Fortinet   2.91.0.0   2007.08.19   W32/ConHook.AH!tr.dldr
F-Prot   4.3.2.48   2007.08.17   -
F-Secure   6.70.13030.0   2007.08.19   Trojan-Downloader.Win32.ConHook.ah
Ikarus   T3.1.1.12   2007.08.19   Trojan-Spy.Win32.Bancos.ha
Kaspersky   4.0.2.24   2007.08.20   Trojan-Downloader.Win32.ConHook.ah
McAfee   5100   2007.08.17   -
Microsoft   1.2803   2007.08.19   -
NOD32v2   2470   2007.08.19   a variant of Win32/TrojanDownloader.Agent.ANM
Norman   5.80.02   2007.08.17   -
Panda   9.0.0.4   2007.08.19   Spyware/DuncanMonitor
Prevx1   V2   2007.08.20   Generic.Malware
Rising   19.36.60.00   2007.08.19   -
Sophos   4.20.0   2007.08.12   -
Sunbelt   2.2.907.0   2007.08.18   VIPRE.Suspicious
Symantec   10   2007.08.20   Trojan.Duntek
TheHacker   6.1.8.170   2007.08.17   -
VBA32   3.12.2.2   2007.08.17   -
VirusBuster   4.3.26:9   2007.08.19   -
Webwasher-Gateway   6.0.1   2007.08.20   Trojan.Dldr.ConHook.AH.18
Additional information
File size: 8425 bytes
MD5: 32360eaaa37d9d5245193116b9ff8318
SHA1: a3cf0547d7cad1a88c99326fefd17748fbf75a4f
packers: UPACK
packers: UPack
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=A5A7E64CE96A0D6A2071004B8253C7001E766C20
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

so now can I just delete temp folder? as avast has already picked it up??

[SUSZANNAH]

http://forum.avast.com/index.php?topic=28035.0

looking at the dates, it seems I never really got rid of it.......................

[DavidR]

Better luck this time, see you are burning the midnight oil me too been manually downloading MS Security updates (after my hard drive image back-up) before installing.

Last one just downloaded and my bed is calling.

[SUSZANNAH]

lol mine is too, last question is is safe to get rid of that temp folder now, see no reason to send it to avast.......unless you can think of one lol

[DavidR]

Yes, but I have the folder that I have excluded from avast scans (creatively named avast-excludes ) for some of my tools and samples, that way if I have a file I want to upload or is suspect it goes in there, makes life easier.

[SUSZANNAH]

lol good thinking the folder stays (may need it soon) lol virus goes.... have a good night I am sure I will be back to haunt you soon   

[mauserme]

In that thread from April we never ran ComboFix which might have identified this.  And Essexboy offered to do a WinPFind analyis which wasn't noticed.  Two good opportunities to get that file were missed   But at least it seems it wasn't active.

If you would like to double check your computer download ComboFix from Here or Here to your Desktop.

Double click combofix.exe and follow the prompts.

When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall.

[SUSZANNAH]

Many thanks Mauserme for pointing that out, must apologise to essex. Will get on with download and get back to you.... again many thanks   

[SUSZANNAH]

Here is Combofix results, working on HJT as we speak......

ComboFix 07-08-17.2 - "HP_Owner" 2007-08-20 22:34:30.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.190 [GMT 1:00]


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


D:\Autorun.inf


(((((((((((((((((((((((((   Files Created from 2007-07-20 to 2007-08-20  )))))))))))))))))))))))))))))))


2007-08-20 22:33   51,200   --a------   C:\WINDOWS\nircmd.exe
2007-08-16 02:11   <DIR>   d--------   C:\Program Files\MSXML 4.0


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-20 16:55   ---------   d--------   C:\Program Files\Spyware Terminator
2007-08-20 11:00   ---------   d--------   C:\DOCUME~1\HP_Owner\APPLIC~1\Spyware Terminator
2007-08-17 22:50   ---------   d--------   C:\Program Files\SpywareBlaster
2007-08-17 14:45   ---------   d--------   C:\Program Files\SUPERAntiSpyware
2007-08-07 22:26   138624   --a------   C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-07-27 23:07   783224   --a------   C:\WINDOWS\system32\aswBoot.exe
2007-07-27 23:02   94416   --a--c---   C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-27 23:02   92848   --a--c---   C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-27 23:00   23152   --a--c---   C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-27 22:59   42912   --a--c---   C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-27 22:58   26624   --a--c---   C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-27 22:57   95608   --a--c---   C:\WINDOWS\system32\AVASTSS.scr
2007-07-24 19:20   ---------   d--------   C:\Program Files\Common Files\MAGIX Shared
2007-07-24 19:19   ---------   d--------   C:\Program Files\MAGIX
2007-07-09 15:48   ---------   d--------   C:\Program Files\Common Files\AOL
2007-06-26 07:08   1104896   --a------   C:\WINDOWS\system32\msxml3.dll
2007-06-19 14:31   282112   --a------   C:\WINDOWS\system32\gdi32.dll
2007-06-13 11:23   1033216   --a------   C:\WINDOWS\explorer.exe
2007-05-26 23:16   130048   --a--c---   C:\WINDOWS\system32\SpoonUninstall.exe
2001-03-28 12:02   122880   --a--c---   C:\WINDOWS\inf\Agfa\message.exe
2005-01-21 19:35:37   0   -csha-w   C:\WINDOWS\SMINST\HPCD.sys


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 23:03]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2003-08-18 19:57]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 C:\WINDOWS\AGRSMMSG.exe]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-08-07 22:00]
"HostManager"="C:\Program Files\Common Files\AOL\1178117888\ee\AOLSoftware.exe" [2006-11-17 14:21]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-04-29 23:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispCPL"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewContextMenu"=0 (0x0)
"NoWinKeys"=0 (0x0)
"NoShellSearchButton"=0 (0x0)
"NoFileAssociate"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoClose"=0 (0x0)
"NoCommonGroups"=0 (0x0)
"NoRecentDocsHistory"=0 (0x0)
"NoSimpleStartMenu"=0 (0x0)
"HideClock"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)
"NoTrayItemsDisplay"=0 (0x0)
"StartMenuLogoff"=0 (0x0)
"NoSMHelp"=0 (0x0)
"NoTrayContextMenu"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\AOL 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
"C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1178117888\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS
S3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS
S3 U81xbus;LGE U8XXX driver (WDM);C:\WINDOWS\system32\DRIVERS\U81xbus.sys
S3 U81xmdfl;LGE U8XXX USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\U81xmdfl.sys
S3 U81xmdm;LGE U8XXX USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\U81xmdm.sys
S3 U81xmgmt;LGE U8XXX USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\U81xmgmt.sys
S3 U81xobex;LGE U8XXX USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\U81xobex.sys
S3 usbsermptxp;Motorola USB Modem Driver for MPT XP;C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\setupSNK.exe


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-20 22:36:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-20 22:37:18
C:\ComboFix-quarantined-files.txt ... 2007-08-20 22:37

   --- E O F ---

[SUSZANNAH]

HJT log done.......

Logfile of HijackThis v1.99.1
Scan saved at 11:00:43, on 20/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Common Files\AOL\1178117888\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\AOL 9.0\waol.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://esampler.tns-global.com/esampler/writeaoltest.html?harvest,AOL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1178117888\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6836D0D-4E7B-4AFE-AFD2-B53B5D144D7B}: NameServer = 205.188.146.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


hope this helps.........