Form1?

By Joey Ravn
in Microsoft (Windows)

 Share

Recommended Posts

Explorer

Joey Ravn

Posted
Posted

Recently, I started noticing that there was an entry named "Form1" in the Alt+Tab box. I can't get a screenshot of the Alt+Tab dialog, but the icon looks like three litte squares (one red, one blue, one yellow) inside a traslucent one. It seems to have no usefulness at all, and I can't find the process associated with it. Can anyone give me a hand?

Thanks in advance.

Link to comment
https://www.neowin.net/forum/topic/703866-form1/
Share on other sites
Explorer

Joey Ravn

Posted
  • Author
Posted
What are the processes that you have running when it comes up in the Alt-Tab box?

procskh0.jpg

w422.png

Its a typical .net form mostly...have u run any sample programs & left it behind? & it crashed or had some JIT error?

I don't think so... not any that I remember, at least. I don't usually run anything new on my computer, just a bunch of every-day apps (Word, PhotoShop, WinAmp, etc.) and games. The thing is, this "form1" thingy appears everytime that I turn on my computer. IIRC, there was this one time when I was able to close it because I could see the typical "not responding" window named "form1" after exiting from a game (Fallout 3, I guess)... but apart from that time, it's been ever-present in my PC for the last few days.

Link to comment
https://www.neowin.net/forum/topic/703866-form1/#findComment-590200840
Share on other sites
Explorer

Joey Ravn

Posted
  • Author
Posted
If you don't check the box at the bottom, you're not seeing everything.

I'm the only user in this computer, obviously. There's no difference between having that box checked or unchecked.

that's NOD32

the only ones that aren't usually there are (besides nod) are: usnsvc, wdfmgr, hpzipm12

is the alt+tab thing there even after restart?

Yep, it's there after restarting. That HPzipm12 is the process related to the printer, I guess, as I have an HP PSC 1510. According to some sources, wdfmgr is a WMP10 process and usnsvc relates to folder syncronizing in Windows Live Messenger.

Link to comment
https://www.neowin.net/forum/topic/703866-form1/#findComment-590202886
Share on other sites
Explorer

Joey Ravn

Posted
  • Author
Posted
Start > Run > msconfig. Select the startup tab, anything suspicious (List them here if you can).
There's one svchost.exe being run under user Joey. Aren't all svchosts normally run by SYSTEM or NETWORK users?

Now that you mention it, I have a "svchost.exe" located at C:\Windows. It's only 22KB, but the real svchost.exe should be located in C:\Windows\system32, shouldn't it?

msconftq3.jpg

w589.png

One way to find out...

@OP,

could you post a hiJackThis log?

Sure thing ^^

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:51:43, on 03/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msconfig.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [svchost] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 4613 bytes

Thanks a bunch for all the help given, guys. This thing is really driving me nuts...

Link to comment
https://www.neowin.net/forum/topic/703866-form1/#findComment-590216644
Share on other sites
  • 2 weeks later...
Neowinian

dsmdylan

Posted
Posted (edited)

it certainly is a rogue svchost. i had the same thing. not sure where i got it but i do quite a bit of 'downloading.' killed that svchost and the form1 was gone. it should be noted that "Form1" is a visual basic thing. visual basic is the preferred language of skript kiddies.

edit: did a search for files modified on the same date and it looks like i probably got it from a 'backup' version of age of empires 3. did you install that too by any chance?

Edited by dsmdylan
Link to comment
https://www.neowin.net/forum/topic/703866-form1/#findComment-590259754
Share on other sites
  • 6 months later...
Neowinian

gijimbo

Posted
Posted

I have run into the same 'form1' problem but there is no svchost running directly under the Windows directory. I also tried to find an svchost.exe there but it was nowhere to be found (other than in sys32 of course). I am on a laptop and have a ton more processes running than Joey (and am a little embarrassed by the length of the list).

I took a screen shot showing all the svchosts currently running, but couldn't fit all the processes in one screen shot. I ran a hijackthis so I don't think there's a need to multi-screenshot the whole list. I have used hijackthis before but am never sure what to look for; here's the list:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:35:04 AM, on 6/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe
C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WLAN Book\BridgeChecker\RunCMD.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ascapacitor.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
O4 - HKLM\..\Run: [LCONTROL] "C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe"
O4 - HKLM\..\Run: [LFKA] "C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe"
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: BridgeChecker.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{56DF6388-873C-4800-8111-A7E963578B17}: NameServer = 192.168.0.1
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo  - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo  - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel? PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: ThinkPad PM Service for SL Series (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Service of LFKA (LFKAS) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel? PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: Intel? PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe

--
End of file - 12314 bytes

post-303126-1246368672_thumb.jpg

Link to comment
https://www.neowin.net/forum/topic/703866-form1/#findComment-591211896
Share on other sites
Grand Master

Comic Book Guy

Posted
Posted
I'm the only user in this computer, obviously. There's no difference between having that box checked or unchecked.

I am the only user on my computer, and there is a difference, take a look at the following images.

Unchecked:

2hmzs5g.png

Checked:

55hzkj.jpg

Link to comment
https://www.neowin.net/forum/topic/703866-form1/#findComment-591211966
Share on other sites
Neowinian

gijimbo

Posted
Posted

I also just ran combofix. It deleted an install.exe file from directly under the c:/ directory but when I rebooted, the form1 still shows up.

The combofix log is located below:

ComboFix 09-06-29.07 - ASC 06/30/2009 13:30.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2013.1198 [GMT -6:00]
Running from: c:\documents and settings\ASC\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe

.
(((((((((((((((((((((((((   Files Created from 2009-05-28 to 2009-06-30  )))))))))))))))))))))))))))))))
.

2009-06-30 13:11 . 2009-06-30 13:11	--------	d-----w-	c:\program files\Trend Micro
2009-06-23 15:05 . 2009-06-23 15:05	--------	d-----w-	c:\windows\SQL9_KB960089_ENU
2009-06-17 13:12 . 2009-06-17 13:12	--------	d-----w-	c:\documents and settings\ASC\Local Settings\Application Data\PCHealth
2009-06-16 13:55 . 2009-06-16 13:55	--------	d-----w-	c:\documents and settings\ASC\Local Settings\Application Data\WLAN_Book
2009-06-16 13:54 . 2009-06-16 13:54	--------	d-----w-	c:\program files\WLAN Book
2009-06-13 16:19 . 2009-06-13 16:19	--------	d-----w-	c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2009-06-13 02:30 . 2009-06-13 02:30	--------	d-sh--w-	c:\documents and settings\NetworkService\IETldCache
2009-06-12 13:05 . 2008-10-16 20:06	268648	------w-	c:\windows\system32\mucltui.dll
2009-06-12 13:05 . 2008-10-16 20:06	208744	------w-	c:\windows\system32\muweb.dll
2009-06-12 01:19 . 2009-06-18 13:32	--------	d-----w-	c:\documents and settings\ASC\Tracing
2009-06-12 01:17 . 2009-06-12 01:17	--------	d-----w-	c:\program files\Microsoft
2009-06-12 01:17 . 2009-06-12 01:17	--------	d-----w-	c:\program files\Windows Live SkyDrive
2009-06-12 01:16 . 2009-06-12 01:18	--------	d-----w-	c:\program files\Windows Live
2009-06-12 01:12 . 2009-06-12 01:12	--------	d-----w-	c:\program files\Common Files\Windows Live
2009-06-11 13:06 . 2009-04-30 21:22	12800	------w-	c:\windows\system32\dllcache\xpshims.dll
2009-06-11 13:06 . 2009-04-30 21:22	246272	------w-	c:\windows\system32\dllcache\ieproxy.dll
2009-06-08 14:33 . 2009-06-08 14:33	2855	------w-	c:\documents and settings\ASC\Application Data\Microsoft\Internet Explorer\Quick Launch\ENG_R34.pif
2009-06-06 15:07 . 2008-04-13 17:39	14592	------w-	c:\windows\system32\drivers\kbdhid.sys
2009-06-06 15:07 . 2008-04-13 17:39	14592	------w-	c:\windows\system32\dllcache\kbdhid.sys
2009-06-05 23:41 . 2009-06-05 23:41	--------	d-----w-	c:\documents and settings\ASC\Application Data\Binary Fortress Software
2009-06-05 23:38 . 2009-06-05 23:38	--------	d-----w-	c:\program files\DisplayFusion
2009-06-02 18:01 . 2009-06-02 18:01	--------	d-----w-	c:\documents and settings\ASC\Application Data\progeSOFT
2009-06-02 18:01 . 2009-06-02 18:01	--------	d-----w-	c:\documents and settings\All Users\progeSOFT
2009-06-02 18:00 . 2009-02-17 00:52	2134016	------w-	c:\windows\system32\cdintf251.dll
2009-06-02 18:00 . 2009-02-17 00:54	89360	------w-	c:\windows\system32\vb5db.dll
2009-06-02 18:00 . 2009-06-02 18:00	--------	d-----w-	c:\program files\progeSOFT
2009-06-02 18:00 . 2009-02-17 00:54	61440	------w-	c:\windows\system32\wintab32.dll
2009-06-02 18:00 . 1998-04-25 06:00	368912	------w-	c:\windows\system32\vbar332.dll
2009-06-02 16:56 . 2009-06-02 17:24	--------	d-----w-	C:\SKETCH21
2009-06-02 16:32 . 2009-06-02 16:32	--------	d-----w-	c:\documents and settings\ASC\WINDOWS
2009-06-01 17:39 . 2009-06-01 17:39	--------	d-----w-	c:\documents and settings\ASC\Application Data\Downloaded Installations

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-23 15:05 . 2008-09-20 16:10	--------	d-----w-	c:\program files\Microsoft SQL Server
2009-06-13 03:03 . 2008-09-20 16:05	--------	d-----w-	c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-12 01:18 . 2009-02-12 11:26	--------	d-----w-	c:\program files\Windows Live Toolbar
2009-06-11 13:39 . 2009-02-12 14:50	--------	d-----w-	c:\program files\Windows Desktop Search
2009-06-01 19:50 . 2008-09-20 15:54	--------	d-----w-	c:\program files\InterVideo
2009-06-01 17:39 . 2008-09-20 15:53	--------	d-----w-	c:\documents and settings\All Users\Application Data\Lenovo
2009-06-01 17:39 . 2008-09-20 15:48	--------	d-----w-	c:\program files\Common Files\Lenovo
2009-06-01 17:39 . 2008-09-20 15:38	--------	d-----w-	c:\program files\Lenovo
2009-05-25 06:24 . 2008-05-27 06:18	350208	------w-	c:\windows\system32\mssph.dll
2009-05-22 21:41 . 2009-02-11 23:38	--------	d-----w-	c:\documents and settings\ASC\Application Data\VariCAD
2009-05-22 21:39 . 2009-02-11 23:38	--------	d-----w-	c:\documents and settings\All Users\Application Data\VariCAD
2009-05-13 05:15 . 2006-04-30 06:56	915456	------w-	c:\windows\system32\wininet.dll
2009-05-12 21:12 . 2006-04-30 07:28	26144	------w-	c:\windows\system32\spupdsvc.exe
2009-05-11 13:04 . 2009-02-11 23:41	--------	d-----w-	c:\documents and settings\ASC\Application Data\Winamp
2009-05-07 15:32 . 2006-04-30 06:55	345600	------w-	c:\windows\system32\localspl.dll
2009-05-03 18:03 . 2009-04-03 16:00	--------	d-----w-	c:\program files\Microsoft Silverlight
2009-04-21 04:12 . 2007-06-20 00:08	149768	----a-w-	c:\windows\system32\drivers\WpsHelper.sys
2009-04-17 12:26 . 2006-04-30 06:55	1847168	------w-	c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2006-04-30 06:55	585216	------w-	c:\windows\system32\rpcrt4.dll
2009-04-03 16:00 . 2009-04-03 16:00	112640	------w-	c:\documents and settings\All Users\Application Data\Microsoft\VCExpress\9.0\1033\ResourceCache.dll
2009-04-03 15:59 . 2009-04-03 15:59	416	------w-	c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-04-10 122880]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-10 524288]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-30 60192]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\LVOSDSVC.exe" [2008-03-24 64368]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-04 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-04 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-04 141848]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-14 487424]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-04-25 244208]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2008-06-08 165208]
"LCONTROL"="c:\program files\Lenovo\ATK Hotkey\LCONTROL.exe" [2008-03-20 77824]
"LFKA"="c:\program files\Lenovo\ATK Hotkey\LFKA.exe" [2008-04-16 315392]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-07-28 331776]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-07-28 208896]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2008-07-31 143360]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-14 3073336]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-10 37888]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-01 115560]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2008-06-07 181536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BridgeChecker.lnk - c:\windows\Installer\{E0DDCE5A-63CB-4D05-89D6-8CAB6FE104E1}\_D0CFD15AEA71DAC5E15E94.exe [2009-6-16 13430]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2008-06-25 00:31	95496	------w-	c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37	34344	------w-	c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-03-17 07:02	34080	------w-	c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2008-07-31 02:18	32768	------w-	c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli psqlpwd ACGina

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)
"helpsvc"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"ERSvc"=2 (0x2)
"IviRegMgr"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [5/14/2008 5:21 PM 114728]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [5/14/2008 5:21 PM 19496]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [9/20/2008 9:58 AM 4442]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [5/9/2008 6:50 AM 46144]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [1/11/2008 6:50 PM 30312]
R2 LFKAS;Service of LFKA;c:\program files\Lenovo\ATK Hotkey\LFKAS.exe [9/20/2008 9:54 AM 208896]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [9/20/2008 9:58 AM 94208]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [6/24/2008 6:07 PM 12560]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [5/14/2008 5:25 PM 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 6:50 AM 253952]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/5/2009 11:31 AM 101936]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [9/20/2008 9:43 AM 108032]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [4/25/2008 9:18 AM 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [4/25/2008 9:16 AM 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [4/25/2008 9:15 AM 166384]
S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/29/2007 2:55 PM 23888]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [12/18/2008 4:25 AM 29181272]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [4/25/2008 9:18 AM 313840]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 9:15 AM 1120752]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-30 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-09-20 16:43]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-Symantec Antvirus


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ascapacitor.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
TCP: {56DF6388-873C-4800-8111-A7E963578B17} = 192.168.0.1
FF - ProfilePath - c:\documents and settings\ASC\Application Data\Mozilla\Firefox\Profiles\24qmpgyp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ascapacitor.com/
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-30 13:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1128)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\qlbase.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\program files\ThinkVantage Fingerprint Software\pscssint.dll
c:\program files\ThinkVantage Fingerprint Software\vti.dll

- - - - - - - > 'lsass.exe'(1184)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
c:\program files\ThinkPad\ConnectUtilities\ACGina.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACON.dll
c:\windows\system32\WININET.dll
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
.
Completion time: 2009-06-30 13:35
ComboFix-quarantined-files.txt  2009-06-30 19:35

Pre-Run: 121,416,445,952 bytes free
Post-Run: 121,819,045,888 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

234	--- E O F ---	2009-06-29 22:04

Link to comment
https://www.neowin.net/forum/topic/703866-form1/#findComment-591213662
Share on other sites
Neowinian

gijimbo

Posted
Posted (edited)

I found the problem.

There is an app located at:

www.wlanbook.com/disable-wireless-connected-lan-xp-vista

It disables your wireless internet while you are on a direct lan connection, then when you disconnect it re-enables the wlan.

I thought it was a pretty good program but I don't really trust this 'Form1' thing that shows up in the alt-tab dialog while it's running. I can't say for sure if it does the same rapidshare thing as the other one, but I like to keep things on the safe side.

On that note, if anybody knows of another program that does the same thing, you should totally hook me up. I hate being told ALL THE TIME by windows that there is no wireless lan connection available. I'm pretty sure I could find that out myself if I wanted to. I also hate the extra icon that shows up in the taskbar. I switch back and forth between wlan and lan so much that it drives me nuts having to go back and disable it and re-enable it manually each time.

edit: for anyone wondering, the msconfig name is 'BridgeChecker' and when it's running, the process is 'RunCMD.exe'

Edited by gijimbo
Link to comment
https://www.neowin.net/forum/topic/703866-form1/#findComment-591213892
Share on other sites
Grand Master

Eric Veteran

Posted
  • Veteran
Posted (edited)

That App is a .NET application. The author probably didn't know how to create a taskbar application with no main window so he/she created a blank "Form1" and attached the toolicon component to it then hid the form. I'll look at the app in Reflector and see if it's doing anything naughty.

EDIT: Looks fine. RunCMD.exe has a "Form1" form in it that hosts the NotifyIcon. The application monitors the shell Network folder and does its thing when Explorer tells it the network "file" status has changed. He should have labeled the form "BridgeChecker" or "RunCMD" at least. :)

Edited by GreyWolfSC
Link to comment
https://www.neowin.net/forum/topic/703866-form1/#findComment-591213956
Share on other sites
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • EA launches in-game advertising platform for brands to "connect with audiences"

      By Big John Studd · Posted

      Yeah, this is absolutely nothing new and EA have done it before. Burnout Paradise, released in 2008, had dynamic advertising billboards that were updated via the internet and targeted people based on location and what EA knew about them from their profile. It was particularly notable for the fact that the Obama presidential campaign ran ads in the game, in an attempt to reach a younger audience who didn't watch broadcast TV any more. It was by no means the first though. Battlefield 2142 from 2006 had the same thing. In fact, Neowin wrote a story about it back then. https://www.neowin.net/news/ba...-in-game-ads-clarification/
    • Apple MacBook Neo is a blessing for Windows users, here's why

      By Kravex · Posted

      This is obviously aimed at the education where Apple has lost so much ground to Chromebooks in the last few years, but unless they come up with a comparable management system for education why would anyone switch back?
    • Samsung is shutting down yet another app used by millions

      By David Uzondu · Posted

      Here's how we arrived at that claim: Note that this is just Play Store downloads. The app is also available on the Galaxy App Store
    • Samsung is shutting down yet another app used by millions

      By +Edouard · Posted

      Google Play states the app had more than 50 million downloads. What other metric do you suggest should be used?
    • what other retro software do yall use

      By +InsaneNutter · Posted

      MSN defined our generation in some ways, kind of like Snapchat and TikTok have done for future generations. I have great memories of the MSN era in the late 90s / early 2000s. In the UK everyone seemed to come home from School and go on MSN for the evening. We didn't really have mobile phones then, so other than going and knocking on your friends door it was a totally new way of interacting with people. I also loved how I could talk to people I’d met playing online games from around the world. Inviting people to NetMeeting and messing about with the shared white board and webcams was pretty fun, even if webcams only ran at a couple of fps over dial-up. All the random things you could do with MsgPlus! were really fun - I suspect that made a few people jump with /shello randomly blasting Mr Hankey out their speakers! Maybe I’m just nostalgic, however I do feel the internet and computers were more fun back then.

  • Recent Achievements

    • One Year In
      Console General earned a badge
      One Year In
    • One Year In
      Twozo Technologies earned a badge
      One Year In
    • One Month Later
      Twozo Technologies earned a badge
      One Month Later
    • Week One Done
      Twozo Technologies earned a badge
      Week One Done
    • Veteran
      branfont went up a rank
      Veteran

  • Popular Contributors

    1. 1
      +primortal
      532
    2. 2
      +Edouard
      206
    3. 3
      PsYcHoKiLLa
      132
    4. 4
      Steven P.
      90
    5. 5
      neufuse
      75
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!