IE Redirect

Microsoft / Internet explorer 7
February 28, 2010 at 19:52:33
Specs: Windows XP, AMD Turion 64 X2 1.6 Ghz, 1.9 GB RAM
Hey all,

Having some problems with IE and redirecting. Every time I try to go a website through Google, it redirects somewhere else. When I go back in history and then go again, it goes fine. I think there's some malware in my system but cannot find it. Not only that but I cannot install Norton AV at all. It says "Error 1920. Service Symantec AntiVirus Definition Watcher (DefWatch) failed to start. Verify that you have sufficient privileges to start system services". I get this message even though I am the admin. I think the malware is affecting my admin rights as well. I can't seem to get My Computer in the dcomcnfg program either under Component Services, as the program closes on its own once I try to open My Computer.

Any help would be greatly appreciated. Thanks.


See More: IE Redirect

Report •

#1
February 28, 2010 at 20:00:08
Please save this file to your desktop.

Win32kDiag.exe

Please double click on the Win32kDiag file and post the log it produces. This log might be quite lengthy and may take more than one post to get all of it posted.

Download DDS and save it to your desktop.
DDS.scr


Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt

Save both reports to your desktop then post them please.


Report •

#2
February 28, 2010 at 20:13:22
Here is the log for Win32kdiag.txt:

Running from: C:\Documents and Settings\Francisco\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Francisco\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Finished!


Problem is, I am running XP and I AM an administrator (not logged AS administrator though). I cannot seem to be able to reset the admin password, it says "internal error occurred".

Here's the DDS.txt file:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Francisco at 23:08:50.62 on Sun 02/28/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1242 [GMT -5:00]

AV: My Security Wall *On-access scanning enabled* (Updated) {D2A65273-0C93-4D6D-8D14-DFA5741CC9F1}
FW: My Security Wall *enabled* {47B22F17-753F-47AA-9857-E456A3ABC14C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Francisco\Desktop\SAV\Setup.exe
C:\WINDOWS\system32\MSIEXEC.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Francisco\Desktop\Win32kDiag.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Francisco\Desktop\dds.scr

============== Pseudo HJT Report ===============

uLocal Page = \blank.htm
uSearch Bar =
uStart Page = hxxp://www.google.com/
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton systemworks\norton antivirus\NavShExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [!ewido] "c:\program files\ewido anti-spyware 4.0\ewido.exe" /minimized
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [InetChk] c:\windows\temp\ms1242151158.exe work
dRun: [SYS32DLL] SYS32DLL
dRun: [autochk] rundll32.exe c:\docume~1\locals~1\protect.dll,_IWMPEvents@16
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: E&xport to Microsoft Excel - d:\progra~1\micros~1\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173042398772
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219371025968
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - c:\progra~1\quests~1\toadfo~1\RNetPin.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\ewido anti-spyware 4.0\shellexecutehook.dll
IFEO: image file execution options - svchost.exe
IFEO: a.exe - svchost.exe
IFEO: aAvgApi.exe - svchost.exe
IFEO: AAWTray.exe - svchost.exe
IFEO: About.exe - svchost.exe

Note: multiple IFEO entries found. Please refer to Attach.txt
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\franci~1\applic~1\mozilla\firefox\profiles\sqm9hg2r.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - search
FF - prefs.js: browser.startup.homepage - hxxp://www.toggle.com/index.php?rvs=hompag
FF - component: c:\progra~1\mozill~1\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XUL Cache: No Registry Reference - c:\program files\mozilla firefox\extensions\{4F68F995-AB8B-4949-B067-4201CD9D0FF3}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-2-28 64288]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-1-2 54752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1229232]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 QDFSDRV;QDFSDRV;\??\c:\windows\system32\drivers\qdfsdrv.sys --> c:\windows\system32\drivers\qdfsdrv.sys [?]
S3 TPP200;USB Storage Adapter V2 (TPP);c:\windows\system32\drivers\TPP200.SYS [2001-10-5 35541]
S4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-3-24 192160]
S4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-3-24 169632]
S4 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S4 GOUJPBIRYFJZPUT;GOUJPBIRYFJZPUT;c:\docume~1\franci~1\locals~1\temp\goujpbiryfjzput.exe --> c:\docume~1\franci~1\locals~1\temp\GOUJPBIRYFJZPUT.exe [?]
S4 IR;IR;c:\docume~1\franci~1\locals~1\temp\ir.exe --> c:\docume~1\franci~1\locals~1\temp\IR.exe [?]
S4 ISVAWVC;ISVAWVC;c:\docume~1\franci~1\locals~1\temp\isvawvc.exe --> c:\docume~1\franci~1\locals~1\temp\ISVAWVC.exe [?]
S4 OracleOracleDB9iTNSListener;OracleOracleDB9iTNSListener;c:\docume~1\franci~1\locals~1\temp\ora9i\product\bin\tnslsnr --> c:\docume~1\franci~1\locals~1\temp\ora9i\product\bin\TNSLSNR [?]
S4 OracleOraDb8_homePagingServer;OracleOraDb8_homePagingServer;c:\oracle8/bin/pagntsrv.exe --> c:\oracle8/bin/pagntsrv.exe [?]
S4 OracleOraDb9i_home1TNSListener;OracleOraDb9i_home1TNSListener;c:\oracle9i\bin\tnslsnr --> c:\oracle9i\bin\TNSLSNR [?]
S4 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-6-15 1805552]

=============== Created Last 30 ================

2010-03-01 02:50:43 0 d-----w- c:\program files\ewido anti-spyware 4.0
2010-03-01 02:11:02 0 d-----w- c:\program files\CCleaner
2010-03-01 01:54:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-02-28 20:53:39 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-28 20:53:36 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-28 20:52:33 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-15 16:06:38 0 d-----w- c:\program files\ESET
2010-02-14 23:54:25 0 d-sh--w- c:\docume~1\franci~1\applic~1\My Security Wall
2010-02-14 23:54:22 0 d-sh--w- c:\docume~1\alluse~1\applic~1\MSBVW
2010-02-12 03:16:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-02-12 03:16:24 411368 ----a-w- c:\windows\system32\deploytk.dll

==================== Find3M ====================

2010-01-05 10:00:29 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00:20 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-06-23 03:02:27 32 --sha-w- c:\windows\{09A48615-0B82-4EF9-A858-63B875A25943}.dat
2009-06-23 03:02:27 32 --sha-w- c:\windows\{3F2C9E53-DAC4-48D9-A711-70B9FB73C275}.dat
2009-06-23 03:01:41 32 --sha-w- c:\windows\{4BA12246-2AC2-4B1A-8AAA-0CC7D8EBADF3}.dat
2009-06-23 03:02:27 32 --sha-w- c:\windows\{C1AD1A05-C5E8-4332-A0E4-28C8D0F2CBC9}.dat
2009-06-23 03:02:27 32 --sha-w- c:\windows\system32\{36C18C42-4C14-4E80-9DDF-3F6B9059D969}.dat
2009-06-23 03:02:27 32 --sha-w- c:\windows\system32\{64E0D4E4-B649-4D18-8361-615962163C81}.dat
2009-06-23 03:02:27 32 --sha-w- c:\windows\system32\{9E4D3BAA-D6AB-4528-85C0-FCE3A0967E72}.dat
2009-06-23 03:01:41 32 --sha-w- c:\windows\system32\{F859E35E-1A1C-45B4-A7E0-F04D3FD5C696}.dat
2009-05-17 19:48:07 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2009-04-27 22:34:35 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009042720090428\index.dat
2009-05-17 19:48:07 49152 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009051720090518\index.dat

============= FINISH: 23:09:05.20 ===============

I'll post the Attach file in another post.


Report •

#3
February 28, 2010 at 20:23:55
Here's the Attach.txt file:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/7/2007 12:25:05 AM
System Uptime: 2/28/2010 8:52:00 PM (3 hours ago)

Motherboard: Dell Inc. | | 0UW744
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-50 | Socket M2/S1G1 | 1595/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 30 GiB total, 8.467 GiB free.
D: is FIXED (NTFS) - 41 GiB total, 0.265 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Microsoft Loopback Adapter
Device ID: ROOT\NET\0001
Manufacturer: Microsoft
Name: Microsoft Loopback Adapter
PNP Device ID: ROOT\NET\0001
Service: msloop

==== System Restore Points ===================

RP1: 2/28/2010 9:30:39 PM - System Checkpoint
RP2: 2/28/2010 9:31:57 PM - Pre CCleaner

==== Image File Execution Options =============

IFEO: image file execution options - svchost.exe
IFEO: a.exe - svchost.exe
IFEO: aAvgApi.exe - svchost.exe
IFEO: AAWTray.exe - svchost.exe
IFEO: About.exe - svchost.exe
IFEO: ackwin32.exe - svchost.exe
IFEO: Ad-Aware.exe - svchost.exe
IFEO: adaware.exe - svchost.exe
IFEO: advxdwin.exe - svchost.exe
IFEO: AdwarePrj.exe - svchost.exe
IFEO: agent.exe - svchost.exe
IFEO: agentsvr.exe - svchost.exe
IFEO: agentw.exe - svchost.exe
IFEO: alertsvc.exe - svchost.exe
IFEO: alevir.exe - svchost.exe
IFEO: alogserv.exe - svchost.exe
IFEO: AlphaAV - svchost.exe
IFEO: AlphaAV.exe - svchost.exe
IFEO: AluSchedulerSvc.exe - svchost.exe
IFEO: amon9x.exe - svchost.exe
IFEO: anti-trojan.exe - svchost.exe
IFEO: Anti-Virus Professional.exe - svchost.exe
IFEO: AntispywarXP2009.exe - svchost.exe
IFEO: antivirus.exe - svchost.exe
IFEO: AntivirusPlus - svchost.exe
IFEO: AntivirusPlus.exe - svchost.exe
IFEO: AntivirusPro_2010.exe - svchost.exe
IFEO: AntivirusXP - svchost.exe
IFEO: AntivirusXP.exe - svchost.exe
IFEO: antivirusxppro2009.exe - svchost.exe
IFEO: AntiVirus_Pro.exe - svchost.exe
IFEO: ants.exe - svchost.exe
IFEO: apimonitor.exe - svchost.exe
IFEO: aplica32.exe - svchost.exe
IFEO: apvxdwin.exe - svchost.exe
IFEO: arr.exe - svchost.exe
IFEO: Arrakis3.exe - svchost.exe
IFEO: ashAvast.exe - svchost.exe
IFEO: ashBug.exe - svchost.exe
IFEO: ashChest.exe - svchost.exe
IFEO: ashCnsnt.exe - svchost.exe
IFEO: ashDisp.exe - svchost.exe
IFEO: ashLogV.exe - svchost.exe
IFEO: ashMaiSv.exe - svchost.exe
IFEO: ashPopWz.exe - svchost.exe
IFEO: ashQuick.exe - svchost.exe
IFEO: ashServ.exe - svchost.exe
IFEO: ashSimp2.exe - svchost.exe
IFEO: ashSimpl.exe - svchost.exe
IFEO: ashSkPcc.exe - svchost.exe
IFEO: ashSkPck.exe - svchost.exe
IFEO: ashUpd.exe - svchost.exe
IFEO: ashWebSv.exe - svchost.exe
IFEO: aswChLic.exe - svchost.exe
IFEO: aswRegSvr.exe - svchost.exe
IFEO: aswRunDll.exe - svchost.exe
IFEO: aswUpdSv.exe - svchost.exe
IFEO: atcon.exe - svchost.exe
IFEO: atguard.exe - svchost.exe
IFEO: atro55en.exe - svchost.exe
IFEO: atupdater.exe - svchost.exe
IFEO: atwatch.exe - svchost.exe
IFEO: au.exe - svchost.exe
IFEO: aupdate.exe - svchost.exe
IFEO: auto-protect.nav80try.exe - svchost.exe
IFEO: autodown.exe - svchost.exe
IFEO: autotrace.exe - svchost.exe
IFEO: autoupdate.exe - svchost.exe
IFEO: av360.exe - svchost.exe
IFEO: avadmin.exe - svchost.exe
IFEO: AVCare.exe - svchost.exe
IFEO: avcenter.exe - svchost.exe
IFEO: avciman.exe - svchost.exe
IFEO: avconfig.exe - svchost.exe
IFEO: avconsol.exe - svchost.exe
IFEO: ave32.exe - svchost.exe
IFEO: AVENGINE.EXE - svchost.exe
IFEO: avgcc32.exe - svchost.exe
IFEO: avgchk.exe - svchost.exe
IFEO: avgcmgr.exe - svchost.exe
IFEO: avgcsrvx.exe - svchost.exe
IFEO: avgctrl.exe - svchost.exe
IFEO: avgdumpx.exe - svchost.exe
IFEO: avgemc.exe - svchost.exe
IFEO: avgiproxy.exe - svchost.exe
IFEO: avgnsx.exe - svchost.exe
IFEO: avgnt.exe - svchost.exe
IFEO: avgrsx.exe - svchost.exe
IFEO: avgscanx.exe - svchost.exe
IFEO: avgserv.exe - svchost.exe
IFEO: avgserv9.exe - svchost.exe
IFEO: avgsrmax.exe - svchost.exe
IFEO: avgtray.exe - svchost.exe
IFEO: avgui.exe - svchost.exe
IFEO: avgupd.exe - svchost.exe
IFEO: avgw.exe - svchost.exe
IFEO: avgwdsvc.exe - svchost.exe
IFEO: avkpop.exe - svchost.exe
IFEO: avkserv.exe - svchost.exe
IFEO: avkservice.exe - svchost.exe
IFEO: avkwctl9.exe - svchost.exe
IFEO: avltmain.exe - svchost.exe
IFEO: avmailc.exe - svchost.exe
IFEO: avmcdlg.exe - svchost.exe
IFEO: avnotify.exe - svchost.exe
IFEO: avnt.exe - svchost.exe
IFEO: avp32.exe - svchost.exe
IFEO: avpcc.exe - svchost.exe
IFEO: avpdos32.exe - svchost.exe
IFEO: avpm.exe - svchost.exe
IFEO: avptc32.exe - svchost.exe
IFEO: avpupd.exe - svchost.exe
IFEO: avsched32.exe - svchost.exe
IFEO: avsynmgr.exe - svchost.exe
IFEO: avupgsvc.exe - svchost.exe
IFEO: AVWEBGRD.EXE - svchost.exe
IFEO: avwin.exe - svchost.exe
IFEO: avwin95.exe - svchost.exe
IFEO: avwinnt.exe - svchost.exe
IFEO: avwsc.exe - svchost.exe
IFEO: avwupd.exe - svchost.exe
IFEO: avwupd32.exe - svchost.exe
IFEO: avwupsrv.exe - svchost.exe
IFEO: avxmonitor9x.exe - svchost.exe
IFEO: avxmonitornt.exe - svchost.exe
IFEO: avxquar.exe - svchost.exe
IFEO: b.exe - svchost.exe
IFEO: backweb.exe - svchost.exe
IFEO: bargains.exe - svchost.exe
IFEO: bdagent.exe - svchost.exe
IFEO: bdfvcl.exe - svchost.exe
IFEO: bdfvwiz.exe - svchost.exe
IFEO: BDInProcPatch.exe - svchost.exe
IFEO: bdmcon.exe - svchost.exe
IFEO: BDMsnScan.exe - svchost.exe
IFEO: bdreinit.exe - svchost.exe
IFEO: bdsubwiz.exe - svchost.exe
IFEO: BDSurvey.exe - svchost.exe
IFEO: bdtkexec.exe - svchost.exe
IFEO: bdwizreg.exe - svchost.exe
IFEO: bd_professional.exe - svchost.exe
IFEO: beagle.exe - svchost.exe
IFEO: belt.exe - svchost.exe
IFEO: bidef.exe - svchost.exe
IFEO: bidserver.exe - svchost.exe
IFEO: bipcp.exe - svchost.exe
IFEO: bipcpevalsetup.exe - svchost.exe
IFEO: bisp.exe - svchost.exe
IFEO: blackd.exe - svchost.exe
IFEO: blackice.exe - svchost.exe
IFEO: blink.exe - svchost.exe
IFEO: blss.exe - svchost.exe
IFEO: bootconf.exe - svchost.exe
IFEO: bootwarn.exe - svchost.exe
IFEO: borg2.exe - svchost.exe
IFEO: bpc.exe - svchost.exe
IFEO: brasil.exe - svchost.exe
IFEO: brastk.exe - svchost.exe
IFEO: brw.exe - svchost.exe
IFEO: bs120.exe - svchost.exe
IFEO: bspatch.exe - svchost.exe
IFEO: bundle.exe - svchost.exe
IFEO: bvt.exe - svchost.exe
IFEO: c.exe - svchost.exe
IFEO: cavscan.exe - svchost.exe
IFEO: ccapp.exe - svchost.exe
IFEO: ccevtmgr.exe - svchost.exe
IFEO: ccpxysvc.exe - svchost.exe
IFEO: ccSvcHst.exe - svchost.exe
IFEO: cdp.exe - svchost.exe
IFEO: cfd.exe - svchost.exe
IFEO: cfgwiz.exe - svchost.exe
IFEO: cfiadmin.exe - svchost.exe
IFEO: cfiaudit.exe - svchost.exe
IFEO: cfinet.exe - svchost.exe
IFEO: cfinet32.exe - svchost.exe
IFEO: cfp.exe - svchost.exe
IFEO: cfpconfg.exe - svchost.exe
IFEO: cfplogvw.exe - svchost.exe
IFEO: cfpupdat.exe - svchost.exe
IFEO: Cl.exe - svchost.exe
IFEO: claw95.exe - svchost.exe
IFEO: claw95cf.exe - svchost.exe
IFEO: clean.exe - svchost.exe
IFEO: cleaner.exe - svchost.exe
IFEO: cleaner3.exe - svchost.exe
IFEO: cleanIELow.exe - svchost.exe
IFEO: cleanpc.exe - svchost.exe
IFEO: click.exe - svchost.exe
IFEO: cmd32.exe - svchost.exe
IFEO: cmdagent.exe - svchost.exe
IFEO: cmesys.exe - svchost.exe
IFEO: cmgrdian.exe - svchost.exe
IFEO: cmon016.exe - svchost.exe
IFEO: connectionmonitor.exe - svchost.exe
IFEO: control - svchost.exe
IFEO: cpd.exe - svchost.exe
IFEO: cpf9x206.exe - svchost.exe
IFEO: cpfnt206.exe - svchost.exe
IFEO: crashrep.exe - svchost.exe
IFEO: csc.exe - svchost.exe
IFEO: cssconfg.exe - svchost.exe
IFEO: cssupdat.exe - svchost.exe
IFEO: cssurf.exe - svchost.exe
IFEO: ctrl.exe - svchost.exe
IFEO: cv.exe - svchost.exe
IFEO: cwnb181.exe - svchost.exe
IFEO: cwntdwmo.exe - svchost.exe
IFEO: d.exe - svchost.exe
IFEO: datemanager.exe - svchost.exe
IFEO: dcomx.exe - svchost.exe
IFEO: defalert.exe - svchost.exe
IFEO: defscangui.exe - svchost.exe
IFEO: defwatch.exe - svchost.exe
IFEO: deloeminfs.exe - svchost.exe
IFEO: deputy.exe - svchost.exe
IFEO: divx.exe - svchost.exe
IFEO: dllcache.exe - svchost.exe
IFEO: dllreg.exe - svchost.exe
IFEO: doors.exe - svchost.exe
IFEO: dop.exe - svchost.exe
IFEO: dpf.exe - svchost.exe
IFEO: dpfsetup.exe - svchost.exe
IFEO: dpps2.exe - svchost.exe
IFEO: driverctrl.exe - svchost.exe
IFEO: drwatson.exe - svchost.exe
IFEO: drweb32.exe - svchost.exe
IFEO: drwebupw.exe - svchost.exe
IFEO: dssagent.exe - svchost.exe
IFEO: dvp95.exe - svchost.exe
IFEO: dvp95_0.exe - svchost.exe
IFEO: ecengine.exe - svchost.exe
IFEO: efpeadm.exe - svchost.exe
IFEO: egui.exe - svchost.exe
IFEO: ekrn.exe - svchost.exe
IFEO: emsw.exe - svchost.exe
IFEO: ent.exe - svchost.exe
IFEO: esafe.exe - svchost.exe
IFEO: escanhnt.exe - svchost.exe
IFEO: escanv95.exe - svchost.exe
IFEO: espwatch.exe - svchost.exe
IFEO: ethereal.exe - svchost.exe
IFEO: etrustcipe.exe - svchost.exe
IFEO: evpn.exe - svchost.exe
IFEO: exantivirus-cnet.exe - svchost.exe
IFEO: exe.avxw.exe - svchost.exe
IFEO: expert.exe - svchost.exe
IFEO: explore.exe - svchost.exe
IFEO: f-agnt95.exe - svchost.exe
IFEO: f-prot.exe - svchost.exe
IFEO: f-prot95.exe - svchost.exe
IFEO: f-stopw.exe - svchost.exe
IFEO: fact.exe - svchost.exe
IFEO: fameh32.exe - svchost.exe
IFEO: fast.exe - svchost.exe
IFEO: fch32.exe - svchost.exe
IFEO: fih32.exe - svchost.exe
IFEO: findviru.exe - svchost.exe
IFEO: firewall.exe - svchost.exe
IFEO: fixcfg.exe - svchost.exe
IFEO: fixfp.exe - svchost.exe
IFEO: fnrb32.exe - svchost.exe
IFEO: fp-win.exe - svchost.exe
IFEO: fp-win_trial.exe - svchost.exe
IFEO: fprot.exe - svchost.exe
IFEO: frmwrk32.exe - svchost.exe
IFEO: frw.exe - svchost.exe
IFEO: fsaa.exe - svchost.exe
IFEO: fsav.exe - svchost.exe
IFEO: fsav32.exe - svchost.exe
IFEO: fsav530stbyb.exe - svchost.exe
IFEO: fsav530wtbyb.exe - svchost.exe
IFEO: fsav95.exe - svchost.exe
IFEO: fsgk32.exe - svchost.exe
IFEO: fsm32.exe - svchost.exe
IFEO: fsma32.exe - svchost.exe
IFEO: fsmb32.exe - svchost.exe
IFEO: gator.exe - svchost.exe
IFEO: gav.exe - svchost.exe
IFEO: gbmenu.exe - svchost.exe
IFEO: gbn976rl.exe - svchost.exe
IFEO: gbpoll.exe - svchost.exe
IFEO: generics.exe - svchost.exe
IFEO: gmt.exe - svchost.exe
IFEO: guard.exe - svchost.exe
IFEO: guarddog.exe - svchost.exe
IFEO: guardgui.exe - svchost.exe
IFEO: hacktracersetup.exe - svchost.exe
IFEO: hbinst.exe - svchost.exe
IFEO: hbsrv.exe - svchost.exe
IFEO: History.exe - svchost.exe
IFEO: homeav2010.exe - svchost.exe
IFEO: hotactio.exe - svchost.exe
IFEO: hotpatch.exe - svchost.exe
IFEO: htlog.exe - svchost.exe
IFEO: htpatch.exe - svchost.exe
IFEO: hwpe.exe - svchost.exe
IFEO: hxdl.exe - svchost.exe
IFEO: hxiul.exe - svchost.exe
IFEO: iamapp.exe - svchost.exe
IFEO: iamserv.exe - svchost.exe
IFEO: iamstats.exe - svchost.exe
IFEO: ibmasn.exe - svchost.exe
IFEO: ibmavsp.exe - svchost.exe
IFEO: icload95.exe - svchost.exe
IFEO: icloadnt.exe - svchost.exe
IFEO: icmon.exe - svchost.exe
IFEO: icsupp95.exe - svchost.exe
IFEO: icsuppnt.exe - svchost.exe
IFEO: Identity.exe - svchost.exe
IFEO: idle.exe - svchost.exe
IFEO: iedll.exe - svchost.exe
IFEO: iedriver.exe - svchost.exe
IFEO: IEShow.exe - svchost.exe
IFEO: iface.exe - svchost.exe
IFEO: ifw2000.exe - svchost.exe
IFEO: inetlnfo.exe - svchost.exe
IFEO: infus.exe - svchost.exe
IFEO: infwin.exe - svchost.exe
IFEO: init.exe - svchost.exe
IFEO: init32.exe - svchost.exe
IFEO: install.exe - svchost.exe
IFEO: install[1].exe - svchost.exe
IFEO: install[2].exe - svchost.exe
IFEO: install[3].exe - svchost.exe
IFEO: install[4].exe - svchost.exe
IFEO: install[5].exe - svchost.exe
IFEO: intdel.exe - svchost.exe
IFEO: intren.exe - svchost.exe
IFEO: iomon98.exe - svchost.exe
IFEO: istsvc.exe - svchost.exe
IFEO: jammer.exe - svchost.exe
IFEO: jdbgmrg.exe - svchost.exe
IFEO: jedi.exe - svchost.exe
IFEO: JsRcGen.exe - svchost.exe
IFEO: kavlite40eng.exe - svchost.exe
IFEO: kavpers40eng.exe - svchost.exe
IFEO: kavpf.exe - svchost.exe
IFEO: kazza.exe - svchost.exe
IFEO: keenvalue.exe - svchost.exe
IFEO: kerio-pf-213-en-win.exe - svchost.exe
IFEO: kerio-wrl-421-en-win.exe - svchost.exe
IFEO: kerio-wrp-421-en-win.exe - svchost.exe
IFEO: killprocesssetup161.exe - svchost.exe
IFEO: launcher.exe - svchost.exe
IFEO: ldnetmon.exe - svchost.exe
IFEO: ldpro.exe - svchost.exe
IFEO: ldpromenu.exe - svchost.exe
IFEO: ldscan.exe - svchost.exe
IFEO: licmgr.exe - svchost.exe
IFEO: livesrv.exe - svchost.exe
IFEO: lnetinfo.exe - svchost.exe
IFEO: loader.exe - svchost.exe
IFEO: localnet.exe - svchost.exe
IFEO: lockdown.exe - svchost.exe
IFEO: lockdown2000.exe - svchost.exe
IFEO: lookout.exe - svchost.exe
IFEO: lordpe.exe - svchost.exe
IFEO: lsetup.exe - svchost.exe
IFEO: luall.exe - svchost.exe
IFEO: luau.exe - svchost.exe
IFEO: lucomserver.exe - svchost.exe
IFEO: luinit.exe - svchost.exe
IFEO: luspt.exe - svchost.exe
IFEO: MalwareRemoval.exe - svchost.exe
IFEO: mapisvc32.exe - svchost.exe
IFEO: mcagent.exe - svchost.exe
IFEO: mcmnhdlr.exe - svchost.exe
IFEO: mcmscsvc.exe - svchost.exe
IFEO: mcnasvc.exe - svchost.exe
IFEO: mcproxy.exe - svchost.exe
IFEO: McSACore.exe - svchost.exe
IFEO: mcshell.exe - svchost.exe
IFEO: mcshield.exe - svchost.exe
IFEO: mcsysmon.exe - svchost.exe
IFEO: mctool.exe - svchost.exe
IFEO: mcupdate.exe - svchost.exe
IFEO: mcvsrte.exe - svchost.exe
IFEO: mcvsshld.exe - svchost.exe
IFEO: md.exe - svchost.exe
IFEO: mfin32.exe - svchost.exe
IFEO: mfw2en.exe - svchost.exe
IFEO: mfweng3.02d30.exe - svchost.exe
IFEO: mgavrtcl.exe - svchost.exe
IFEO: mgavrte.exe - svchost.exe
IFEO: mghtml.exe - svchost.exe
IFEO: mgui.exe - svchost.exe
IFEO: minilog.exe - svchost.exe
IFEO: mmod.exe - svchost.exe
IFEO: monitor.exe - svchost.exe
IFEO: moolive.exe - svchost.exe
IFEO: mostat.exe - svchost.exe
IFEO: mpfagent.exe - svchost.exe
IFEO: mpfservice.exe - svchost.exe
IFEO: MPFSrv.exe - svchost.exe
IFEO: mpftray.exe - svchost.exe
IFEO: mrflux.exe - svchost.exe
IFEO: msa.exe - svchost.exe
IFEO: msapp.exe - svchost.exe
IFEO: MSASCui.exe - svchost.exe
IFEO: msbb.exe - svchost.exe
IFEO: msblast.exe - svchost.exe
IFEO: mscache.exe - svchost.exe
IFEO: msccn32.exe - svchost.exe
IFEO: mscman.exe - svchost.exe
IFEO: msconfig - svchost.exe
IFEO: msdm.exe - svchost.exe
IFEO: msdos.exe - svchost.exe
IFEO: msfwsvc.exe - svchost.exe
IFEO: msiexec16.exe - svchost.exe
IFEO: mslaugh.exe - svchost.exe
IFEO: msmgt.exe - svchost.exe
IFEO: MsMpEng.exe - svchost.exe
IFEO: msmsgri32.exe - svchost.exe
IFEO: mssmmc32.exe - svchost.exe
IFEO: mssys.exe - svchost.exe
IFEO: msvxd.exe - svchost.exe
IFEO: mu0311ad.exe - svchost.exe
IFEO: mwatch.exe - svchost.exe
IFEO: n32scanw.exe - svchost.exe
IFEO: nav.exe - svchost.exe
IFEO: navap.navapsvc.exe - svchost.exe
IFEO: navapsvc.exe - svchost.exe
IFEO: navapw32.exe - svchost.exe
IFEO: navdx.exe - svchost.exe
IFEO: navlu32.exe - svchost.exe
IFEO: navnt.exe - svchost.exe
IFEO: navstub.exe - svchost.exe
IFEO: navw32.exe - svchost.exe
IFEO: navwnt.exe - svchost.exe
IFEO: nc2000.exe - svchost.exe
IFEO: ncinst4.exe - svchost.exe
IFEO: ndd32.exe - svchost.exe
IFEO: neomonitor.exe - svchost.exe
IFEO: neowatchlog.exe - svchost.exe
IFEO: netarmor.exe - svchost.exe
IFEO: netd32.exe - svchost.exe
IFEO: netinfo.exe - svchost.exe
IFEO: netmon.exe - svchost.exe
IFEO: netscanpro.exe - svchost.exe
IFEO: netspyhunter-1.2.exe - svchost.exe
IFEO: netutils.exe - svchost.exe
IFEO: nisserv.exe - svchost.exe
IFEO: nisum.exe - svchost.exe
IFEO: nmain.exe - svchost.exe
IFEO: nod32.exe - svchost.exe
IFEO: normist.exe - svchost.exe
IFEO: norton_internet_secu_3.0_407.exe - svchost.exe
IFEO: notstart.exe - svchost.exe
IFEO: npf40_tw_98_nt_me_2k.exe - svchost.exe
IFEO: npfmessenger.exe - svchost.exe
IFEO: nprotect.exe - svchost.exe
IFEO: npscheck.exe - svchost.exe
IFEO: npssvc.exe - svchost.exe
IFEO: nsched32.exe - svchost.exe
IFEO: nssys32.exe - svchost.exe
IFEO: nstask32.exe - svchost.exe
IFEO: nsupdate.exe - svchost.exe
IFEO: nt.exe - svchost.exe
IFEO: ntrtscan.exe - svchost.exe
IFEO: ntvdm.exe - svchost.exe
IFEO: ntxconfig.exe - svchost.exe
IFEO: nui.exe - svchost.exe
IFEO: nupgrade.exe - svchost.exe
IFEO: nvarch16.exe - svchost.exe
IFEO: nvc95.exe - svchost.exe
IFEO: nvsvc32.exe - svchost.exe
IFEO: nwinst4.exe - svchost.exe
IFEO: nwservice.exe - svchost.exe
IFEO: nwtool16.exe - svchost.exe
IFEO: OAcat.exe - svchost.exe
IFEO: OAhlp.exe - svchost.exe
IFEO: OAReg.exe - svchost.exe
IFEO: oasrv.exe - svchost.exe
IFEO: oaui.exe - svchost.exe
IFEO: oaview.exe - svchost.exe
IFEO: OcHealthMon.exe - svchost.exe
IFEO: ODSW.exe - svchost.exe
IFEO: ollydbg.exe - svchost.exe
IFEO: onsrvr.exe - svchost.exe
IFEO: optimize.exe - svchost.exe
IFEO: ostronet.exe - svchost.exe
IFEO: otfix.exe - svchost.exe
IFEO: outpost.exe - svchost.exe
IFEO: outpostinstall.exe - svchost.exe
IFEO: outpostproinstall.exe - svchost.exe
IFEO: ozn695m5.exe - svchost.exe
IFEO: padmin.exe - svchost.exe
IFEO: panixk.exe - svchost.exe
IFEO: patch.exe - svchost.exe
IFEO: pav.exe - svchost.exe
IFEO: pavcl.exe - svchost.exe
IFEO: PavFnSvr.exe - svchost.exe
IFEO: pavproxy.exe - svchost.exe
IFEO: pavprsrv.exe - svchost.exe
IFEO: pavsched.exe - svchost.exe
IFEO: pavsrv51.exe - svchost.exe
IFEO: pavw.exe - svchost.exe
IFEO: pc.exe - svchost.exe
IFEO: pccwin98.exe - svchost.exe
IFEO: pcfwallicon.exe - svchost.exe
IFEO: pcip10117_0.exe - svchost.exe
IFEO: pcscan.exe - svchost.exe
IFEO: pctsAuxs.exe - svchost.exe
IFEO: pctsGui.exe - svchost.exe
IFEO: pctsSvc.exe - svchost.exe
IFEO: pctsTray.exe - svchost.exe
IFEO: PC_Antispyware2010.exe - svchost.exe
IFEO: pdfndr.exe - svchost.exe
IFEO: pdsetup.exe - svchost.exe
IFEO: PerAvir.exe - svchost.exe
IFEO: periscope.exe - svchost.exe
IFEO: persfw.exe - svchost.exe
IFEO: personalguard - svchost.exe
IFEO: personalguard.exe - svchost.exe
IFEO: perswf.exe - svchost.exe
IFEO: pf2.exe - svchost.exe
IFEO: pfwadmin.exe - svchost.exe
IFEO: pgmonitr.exe - svchost.exe
IFEO: pingscan.exe - svchost.exe
IFEO: platin.exe - svchost.exe
IFEO: pop3trap.exe - svchost.exe
IFEO: poproxy.exe - svchost.exe
IFEO: popscan.exe - svchost.exe
IFEO: portdetective.exe - svchost.exe
IFEO: portmonitor.exe - svchost.exe
IFEO: powerscan.exe - svchost.exe
IFEO: ppinupdt.exe - svchost.exe
IFEO: pptbc.exe - svchost.exe
IFEO: ppvstop.exe - svchost.exe
IFEO: prizesurfer.exe - svchost.exe
IFEO: prmt.exe - svchost.exe
IFEO: prmvr.exe - svchost.exe
IFEO: procdump.exe - svchost.exe
IFEO: processmonitor.exe - svchost.exe
IFEO: procexplorerv1.0.exe - svchost.exe
IFEO: programauditor.exe - svchost.exe
IFEO: proport.exe - svchost.exe
IFEO: protector.exe - svchost.exe
IFEO: protectx.exe - svchost.exe
IFEO: PSANCU.exe - svchost.exe
IFEO: PSANHost.exe - svchost.exe
IFEO: PSANToManager.exe - svchost.exe
IFEO: PsCtrls.exe - svchost.exe
IFEO: PsImSvc.exe - svchost.exe
IFEO: PskSvc.exe - svchost.exe
IFEO: pspf.exe - svchost.exe
IFEO: PSUNMain.exe - svchost.exe
IFEO: purge.exe - svchost.exe
IFEO: qconsole.exe - svchost.exe
IFEO: qh.exe - svchost.exe
IFEO: qserver.exe - svchost.exe
IFEO: Quick Heal.exe - svchost.exe
IFEO: QuickHealCleaner.exe - svchost.exe
IFEO: rapapp.exe - svchost.exe
IFEO: rav7.exe - svchost.exe
IFEO: rav7win.exe - svchost.exe
IFEO: rav8win32eng.exe - svchost.exe
IFEO: ray.exe - svchost.exe
IFEO: rb32.exe - svchost.exe
IFEO: rcsync.exe - svchost.exe
IFEO: realmon.exe - svchost.exe
IFEO: reged.exe - svchost.exe
IFEO: regedt32.exe - svchost.exe
IFEO: rescue.exe - svchost.exe
IFEO: rescue32.exe - svchost.exe
IFEO: rrguard.exe - svchost.exe
IFEO: rscdwld.exe - svchost.exe
IFEO: rshell.exe - svchost.exe
IFEO: rtvscan.exe - svchost.exe
IFEO: rtvscn95.exe - svchost.exe
IFEO: rulaunch.exe - svchost.exe
IFEO: rwg - svchost.exe
IFEO: rwg.exe - svchost.exe
IFEO: SafetyKeeper.exe - svchost.exe
IFEO: safeweb.exe - svchost.exe
IFEO: sahagent.exe - svchost.exe
IFEO: Save.exe - svchost.exe
IFEO: SaveArmor.exe - svchost.exe
IFEO: SaveDefense.exe - svchost.exe
IFEO: SaveKeep.exe - svchost.exe
IFEO: savenow.exe - svchost.exe
IFEO: sbserv.exe - svchost.exe
IFEO: sc.exe - svchost.exe
IFEO: scam32.exe - svchost.exe
IFEO: scan32.exe - svchost.exe
IFEO: scan95.exe - svchost.exe
IFEO: scanpm.exe - svchost.exe
IFEO: scrscan.exe - svchost.exe
IFEO: seccenter.exe - svchost.exe
IFEO: Secure Veteran.exe - svchost.exe
IFEO: secureveteran.exe - svchost.exe
IFEO: Security Center.exe - svchost.exe
IFEO: SecurityFighter.exe - svchost.exe
IFEO: securitysoldier.exe - svchost.exe
IFEO: serv95.exe - svchost.exe
IFEO: setloadorder.exe - svchost.exe
IFEO: setupvameeval.exe - svchost.exe
IFEO: setup_flowprotector_us.exe - svchost.exe
IFEO: sgssfw32.exe - svchost.exe
IFEO: sh.exe - svchost.exe
IFEO: shellspyinstall.exe - svchost.exe
IFEO: shield.exe - svchost.exe
IFEO: shn.exe - svchost.exe
IFEO: showbehind.exe - svchost.exe
IFEO: signcheck.exe - svchost.exe
IFEO: smart.exe - svchost.exe
IFEO: smartprotector.exe - svchost.exe
IFEO: smc.exe - svchost.exe
IFEO: smrtdefp.exe - svchost.exe
IFEO: sms.exe - svchost.exe
IFEO: smss32.exe - svchost.exe
IFEO: snetcfg.exe - svchost.exe
IFEO: soap.exe - svchost.exe
IFEO: sofi.exe - svchost.exe
IFEO: SoftSafeness.exe - svchost.exe
IFEO: sperm.exe - svchost.exe
IFEO: spf.exe - svchost.exe
IFEO: sphinx.exe - svchost.exe
IFEO: spoler.exe - svchost.exe
IFEO: spoolcv.exe - svchost.exe
IFEO: spoolsv32.exe - svchost.exe
IFEO: spywarexpguard.exe - svchost.exe
IFEO: spyxx.exe - svchost.exe
IFEO: srexe.exe - svchost.exe
IFEO: srng.exe - svchost.exe
IFEO: ss3edit.exe - svchost.exe
IFEO: ssgrate.exe - svchost.exe
IFEO: ssg_4104.exe - svchost.exe
IFEO: st2.exe - svchost.exe
IFEO: start.exe - svchost.exe
IFEO: stcloader.exe - svchost.exe
IFEO: supftrl.exe - svchost.exe
IFEO: support.exe - svchost.exe
IFEO: supporter5.exe - svchost.exe
IFEO: svc.exe - svchost.exe
IFEO: svchostc.exe - svchost.exe
IFEO: svchosts.exe - svchost.exe
IFEO: svshost.exe - svchost.exe
IFEO: sweep95.exe - svchost.exe
IFEO: sweepnet.sweepsrv.sys.swnetsup.exe - svchost.exe
IFEO: symlcsvc.exe - svchost.exe
IFEO: symproxysvc.exe - svchost.exe
IFEO: symtray.exe - svchost.exe
IFEO: system.exe - svchost.exe
IFEO: system32.exe - svchost.exe
IFEO: sysupd.exe - svchost.exe
IFEO: tapinstall.exe - svchost.exe
IFEO: taskmgr.exe - svchost.exe
IFEO: taumon.exe - svchost.exe
IFEO: tbscan.exe - svchost.exe
IFEO: tc.exe - svchost.exe
IFEO: tca.exe - svchost.exe
IFEO: tcm.exe - svchost.exe
IFEO: tds-3.exe - svchost.exe
IFEO: tds2-98.exe - svchost.exe
IFEO: tds2-nt.exe - svchost.exe
IFEO: teekids.exe - svchost.exe
IFEO: tfak.exe - svchost.exe
IFEO: tfak5.exe - svchost.exe
IFEO: tgbob.exe - svchost.exe
IFEO: titanin.exe - svchost.exe
IFEO: titaninxp.exe - svchost.exe
IFEO: TPSrv.exe - svchost.exe
IFEO: trickler.exe - svchost.exe
IFEO: trjscan.exe - svchost.exe
IFEO: trjsetup.exe - svchost.exe
IFEO: trojantrap3.exe - svchost.exe
IFEO: TrustWarrior.exe - svchost.exe
IFEO: tsadbot.exe - svchost.exe
IFEO: tsc.exe - svchost.exe
IFEO: tvmd.exe - svchost.exe
IFEO: tvtmd.exe - svchost.exe
IFEO: uiscan.exe - svchost.exe
IFEO: undoboot.exe - svchost.exe
IFEO: updat.exe - svchost.exe
IFEO: upgrad.exe - svchost.exe
IFEO: upgrepl.exe - svchost.exe
IFEO: utpost.exe - svchost.exe
IFEO: vbcmserv.exe - svchost.exe
IFEO: vbcons.exe - svchost.exe
IFEO: vbust.exe - svchost.exe
IFEO: vbwin9x.exe - svchost.exe
IFEO: vbwinntw.exe - svchost.exe
IFEO: vcsetup.exe - svchost.exe
IFEO: vet32.exe - svchost.exe
IFEO: vet95.exe - svchost.exe
IFEO: vettray.exe - svchost.exe
IFEO: vfsetup.exe - svchost.exe
IFEO: vir-help.exe - svchost.exe
IFEO: virusmdpersonalfirewall.exe - svchost.exe
IFEO: VisthAux.exe - svchost.exe
IFEO: VisthLic.exe - svchost.exe
IFEO: VisthUpd.exe - svchost.exe
IFEO: vnlan300.exe - svchost.exe
IFEO: vnpc3000.exe - svchost.exe
IFEO: vpc32.exe - svchost.exe
IFEO: vpc42.exe - svchost.exe
IFEO: vpfw30s.exe - svchost.exe
IFEO: vptray.exe - svchost.exe
IFEO: vscan40.exe - svchost.exe
IFEO: vscenu6.02d30.exe - svchost.exe
IFEO: vsched.exe - svchost.exe
IFEO: vsecomr.exe - svchost.exe
IFEO: vshwin32.exe - svchost.exe
IFEO: vsisetup.exe - svchost.exe
IFEO: vsmain.exe - svchost.exe
IFEO: vsmon.exe - svchost.exe
IFEO: vsserv.exe - svchost.exe
IFEO: vsstat.exe - svchost.exe
IFEO: vswin9xe.exe - svchost.exe
IFEO: vswinntse.exe - svchost.exe
IFEO: vswinperse.exe - svchost.exe
IFEO: w32dsm89.exe - svchost.exe
IFEO: W3asbas.exe - svchost.exe
IFEO: w9x.exe - svchost.exe
IFEO: watchdog.exe - svchost.exe
IFEO: webdav.exe - svchost.exe
IFEO: WebProxy.exe - svchost.exe
IFEO: webscanx.exe - svchost.exe
IFEO: webtrap.exe - svchost.exe
IFEO: wfindv32.exe - svchost.exe
IFEO: whoswatchingme.exe - svchost.exe
IFEO: wimmun32.exe - svchost.exe
IFEO: win-bugsfix.exe - svchost.exe
IFEO: win32.exe - svchost.exe
IFEO: win32us.exe - svchost.exe
IFEO: winactive.exe - svchost.exe
IFEO: winav.exe - svchost.exe
IFEO: windll32.exe - svchost.exe
IFEO: window.exe - svchost.exe
IFEO: windows Police Pro.exe - svchost.exe
IFEO: windows.exe - svchost.exe
IFEO: wininetd.exe - svchost.exe
IFEO: wininitx.exe - svchost.exe
IFEO: winlogin.exe - svchost.exe
IFEO: winmain.exe - svchost.exe
IFEO: winppr32.exe - svchost.exe
IFEO: winrecon.exe - svchost.exe
IFEO: winservn.exe - svchost.exe
IFEO: winss.exe - svchost.exe
IFEO: winssk32.exe - svchost.exe
IFEO: winssnotify.exe - svchost.exe
IFEO: WinSSUI.exe - svchost.exe
IFEO: winstart.exe - svchost.exe
IFEO: winstart001.exe - svchost.exe
IFEO: wintsk32.exe - svchost.exe
IFEO: winupdate.exe - svchost.exe
IFEO: wkufind.exe - svchost.exe
IFEO: wnad.exe - svchost.exe
IFEO: wnt.exe - svchost.exe
IFEO: wradmin.exe - svchost.exe
IFEO: wrctrl.exe - svchost.exe
IFEO: wsbgate.exe - svchost.exe
IFEO: wscfxas.exe - svchost.exe
IFEO: wscfxav.exe - svchost.exe
IFEO: wscfxfw.exe - svchost.exe
IFEO: wsctool.exe - svchost.exe
IFEO: wupdater.exe - svchost.exe
IFEO: wupdt.exe - svchost.exe
IFEO: wyvernworksfirewall.exe - svchost.exe
IFEO: xpdeluxe.exe - svchost.exe
IFEO: xpf202en.exe - svchost.exe
IFEO: xp_antispyware.exe - svchost.exe
IFEO: zapro.exe - svchost.exe
IFEO: zapsetup3001.exe - svchost.exe
IFEO: zatutor.exe - svchost.exe
IFEO: zonalm2601.exe - svchost.exe
IFEO: zonealarm.exe - svchost.exe
IFEO: _avp32.exe - svchost.exe
IFEO: _avpcc.exe - svchost.exe
IFEO: _avpm.exe - svchost.exe
IFEO: ~1.exe - svchost.exe
IFEO: ~2.exe - svchost.exe


Report •

Related Solutions

#4
February 28, 2010 at 20:24:43
Attach file cont'd:

==== Hosts File Hijack ======================

Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
Hosts: 74.125.45.100 secure-plus-payments.com
Hosts: 74.125.45.100 www.getantivirusplusnow.com
Hosts: 74.125.45.100 www.secure-plus-payments.com
Hosts: 74.125.45.100 www.getavplusnow.com
Hosts: 74.125.45.100 safebrowsing-cache.google.com
Hosts: 74.125.45.100 urs.microsoft.com
Hosts: 74.125.45.100 www.securesoftwarebill.com
Hosts: 74.125.45.100 secure.paysecuresystem.com
Hosts: 74.125.45.100 paysoftbillsolution.com
Hosts: 74.125.45.100 protected.maxisoftwaremart.com
Hosts: 78.46.249.72 www.google.com
Hosts: 78.46.249.72 google.com
Hosts: 78.46.249.72 google.com.au
Hosts: 78.46.249.72 www.google.com.au
Hosts: 78.46.249.72 google.be
Hosts: 78.46.249.72 www.google.be
Hosts: 78.46.249.72 google.com.br
Hosts: 78.46.249.72 www.google.com.br
Hosts: 78.46.249.72 google.ca
Hosts: 78.46.249.72 www.google.ca
Hosts: 78.46.249.72 google.ch
Hosts: 78.46.249.72 www.google.ch
Hosts: 78.46.249.72 google.de
Hosts: 78.46.249.72 www.google.de
Hosts: 78.46.249.72 google.dk
Hosts: 78.46.249.72 www.google.dk
Hosts: 78.46.249.72 google.fr
Hosts: 78.46.249.72 www.google.fr
Hosts: 78.46.249.72 google.ie
Hosts: 78.46.249.72 www.google.ie
Hosts: 78.46.249.72 google.it
Hosts: 78.46.249.72 www.google.it
Hosts: 78.46.249.72 google.co.jp
Hosts: 78.46.249.72 www.google.co.jp
Hosts: 78.46.249.72 google.nl
Hosts: 78.46.249.72 www.google.nl
Hosts: 78.46.249.72 google.no
Hosts: 78.46.249.72 www.google.no
Hosts: 78.46.249.72 google.co.nz
Hosts: 78.46.249.72 www.google.co.nz
Hosts: 78.46.249.72 google.pl
Hosts: 78.46.249.72 www.google.pl
Hosts: 78.46.249.72 google.se
Hosts: 78.46.249.72 www.google.se
Hosts: 78.46.249.72 google.co.uk
Hosts: 78.46.249.72 www.google.co.uk
Hosts: 78.46.249.72 google.co.za
Hosts: 78.46.249.72 www.google.co.za
Hosts: 78.46.249.72 www.google-analytics.com
Hosts: 78.46.249.72 www.bing.com
Hosts: 78.46.249.72 search.yahoo.com
Hosts: 78.46.249.72 www.search.yahoo.com
Hosts: 78.46.249.72 uk.search.yahoo.com
Hosts: 78.46.249.72 ca.search.yahoo.com
Hosts: 78.46.249.72 de.search.yahoo.com
Hosts: 78.46.249.72 fr.search.yahoo.com
Hosts: 78.46.249.72 au.search.yahoo.com

==== Installed Programs ======================

Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.1.1
Adobe Stock Photos 1.0
AMD Processor Driver
AOLIcon
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
ATI Display Driver
Broadcom Management Programs
CCleaner
Conexant HDA D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Resource CD
Dell Support 3.2.1
Dell System Restore
Dell Wireless WLAN Card
Digital Content Portal
Digital Line Detect
DivX Content Uploader
DivX Web Player
Easy CD & DVD Creator 6
ewido anti-spyware 4.0
HijackThis 2.0.2
Hotfix 2050 for SQL Server 2000 ENU (KB948110)
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 16
Junk Mail filter update
Knowledge Xpert for PLSQL V9.0
LimeWire 5.4.6
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook 2003 with Business Contact Manager Update
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.20)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
NetWaiting
OGA Notifier 2.0.0048.0
PowerDVD 5.7
Quest Software Toad for Oracle Version 9.0
Quest SQL Tuning for Oracle
QuickTime
RealPlayer Basic
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
Synaptics Pointing Device Driver
UltraISO Premium V8.61
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB Storage Adapter V2 (TPP)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver

==== Event Viewer Messages From Past Week ========

2/28/2010 3:26:26 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}
2/28/2010 3:23:49 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
2/28/2010 3:22:42 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
2/28/2010 3:09:01 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 15 time(s).
2/28/2010 3:09:01 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 14 time(s).
2/28/2010 3:08:52 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 13 time(s).
2/28/2010 3:08:45 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 12 time(s).
2/28/2010 3:08:44 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 11 time(s).
2/28/2010 3:08:25 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 10 time(s).
2/28/2010 3:08:24 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 9 time(s).
2/28/2010 3:08:18 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 8 time(s).
2/28/2010 3:08:18 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 7 time(s).
2/28/2010 3:08:03 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 6 time(s).
2/28/2010 3:08:03 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 5 time(s).
2/28/2010 3:07:58 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 4 time(s).
2/28/2010 3:07:53 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 3 time(s).
2/28/2010 3:07:52 PM, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
2/28/2010 3:07:52 PM, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
2/28/2010 2:47:54 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Symantec AntiVirus Definition Watcher service to connect.
2/28/2010 2:41:47 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/28/2010 2:38:47 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
2/28/2010 2:38:13 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
2/28/2010 2:36:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 eeCtrl Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SYMTDI Tcpip
2/28/2010 2:36:38 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
2/28/2010 2:36:38 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/28/2010 2:36:38 PM, error: Service Control Manager [7001] - The fssfltr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/28/2010 2:36:38 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/28/2010 2:36:38 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
2/28/2010 2:27:37 PM, error: Service Control Manager [7034] - The Workstation service terminated unexpectedly. It has done this 1 time(s).
2/28/2010 2:27:37 PM, error: Service Control Manager [7034] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s).
2/28/2010 2:27:37 PM, error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 1 time(s).
2/28/2010 2:27:37 PM, error: Service Control Manager [7034] - The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 1 time(s).
2/28/2010 2:27:37 PM, error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 1 time(s).
2/28/2010 2:27:37 PM, error: Service Control Manager [7034] - The Logical Disk Manager service terminated unexpectedly. It has done this 1 time(s).
2/28/2010 2:27:37 PM, error: Service Control Manager [7034] - The HID Input Service service terminated unexpectedly. It has done this 1 time(s).
2/28/2010 2:27:37 PM, error: Service Control Manager [7034] - The Fast User Switching Compatibility service terminated unexpectedly. It has done this 1 time(s).
2/28/2010 2:27:37 PM, error: Service Control Manager [7034] - The Error Reporting Service service terminated unexpectedly. It has done this 1 time(s).
2/28/2010 2:27:37 PM, error: Service Control Manager [7034] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s).
2/28/2010 2:27:37 PM, error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s).
2/28/2010 2:27:37 PM, error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s).
2/28/2010 2:27:37 PM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s).
2/28/2010 2:27:37 PM, error: Service Control Manager [7034] - The Application Management service terminated unexpectedly. It has done this 1 time(s).
2/28/2010 2:27:37 PM, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
2/28/2010 2:27:37 PM, error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/28/2010 2:22:57 PM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).
2/28/2010 2:21:20 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SeaPort with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
2/28/2010 12:26:08 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ScriptBlocking Service service to connect.
2/28/2010 12:26:08 PM, error: Service Control Manager [7000] - The ScriptBlocking Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/28/2010 12:26:08 PM, error: Service Control Manager [7000] - The Automatic LiveUpdate Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/28/2010 12:26:07 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Automatic LiveUpdate Scheduler service to connect.
2/28/2010 10:52:43 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
2/28/2010 1:07:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 eeCtrl Fips IPSec MRxSmb NetBIOS NetBT nod32drv RasAcd Rdbss SYMTDI Tcpip WS2IFSL
2/28/2010 1:07:00 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

==== End Of File ===========================


Report •

#5
March 1, 2010 at 15:33:40
Could anybody help with this issue? Any help would be appreciated. Thanks,

Report •

#6
March 1, 2010 at 19:04:11
Please download OTL from following site:

OTL by OldTimer

1. Save it to your desktop
2. Double click the OTL icon on your desktop to run otl.
3. Under the Custom Scans/Fixes box at the bottom paste everything between the X's.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
:commands
[resethosts]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

4. Then click the Run Fix button at the top
5. Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
6. Please post that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Report •

#7
March 2, 2010 at 07:08:05
Here's the log from OTL.


========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.1.32.0 log created on 03022010_100730


Report •

#8
March 2, 2010 at 16:50:00
You should uninstall LimeWire and Viewpoint Media Player as they are known to harbor spyware.

Go to start> control panel> click the Java icon> update tab> update now and allow Java to update. If you are prompted for any add-ons uncheck the box and continue. The newest Java is version 6 update 18.

Please download Combofix from internet explorer instead of another browser if possible.Remember..your Nortons antivirus, Ewido, and Ad-Aware must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.

Please download ComboFix to the desktop from one of the following links:

ComboFix

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#9
March 2, 2010 at 19:34:44
K, running Combo-Fix now.

Report •

#10
March 2, 2010 at 19:59:58
ComboFix 10-03-02.02 - Francisco 03/02/2010 22:41:52.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1402 [GMT -5:00]
Running from: c:\documents and settings\Francisco\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Francisco\Desktop\Download programs.url
c:\documents and settings\Francisco\Desktop\Games.url
c:\documents and settings\Francisco\Desktop\Translator.url
c:\documents and settings\Francisco\Desktop\Videos.url
c:\documents and settings\Francisco\Favorites\Download programs.url
c:\documents and settings\Francisco\Favorites\Games.url
c:\documents and settings\Francisco\Favorites\Translator.url
c:\documents and settings\Francisco\Favorites\Videos.url
c:\documents and settings\Francisco\My Documents\reg_backup_2_28_10.reg
c:\documents and settings\Francisco\Start Menu\Programs\Download programs.url
c:\documents and settings\Francisco\Start Menu\Programs\Games.url
c:\documents and settings\Francisco\Start Menu\Programs\Translator.url
c:\documents and settings\Francisco\Start Menu\Programs\Videos.url
c:\program files\Mozilla Firefox\extensions\{4F68F995-AB8B-4949-B067-4201CD9D0FF3}
c:\program files\Mozilla Firefox\extensions\{4F68F995-AB8B-4949-B067-4201CD9D0FF3}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{4F68F995-AB8B-4949-B067-4201CD9D0FF3}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{4F68F995-AB8B-4949-B067-4201CD9D0FF3}\install.rdf
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\windows\autorun.inf
c:\windows\system\oeminfo.ini
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\mssfc.dll
C:\xcrashdump.dat
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASHEVTSVC
-------\Legacy_ovfsthxaqoqkuoy
-------\Legacy_SFC
-------\Service_ovfsthxaqoqkuoy
-------\Service_sfc


((((((((((((((((((((((((( Files Created from 2010-02-03 to 2010-03-03 )))))))))))))))))))))))))))))))
.

2010-03-03 02:32 . 2010-03-03 02:32 152576 ----a-w- c:\documents and settings\Francisco\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-03 02:32 . 2010-03-03 02:32 79488 ----a-w- c:\documents and settings\Francisco\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-02 15:07 . 2010-03-02 15:07 -------- d-----w- C:\_OTL
2010-03-02 00:10 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-02 00:09 . 2010-03-02 00:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-02 00:09 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-01 02:11 . 2010-03-01 02:11 -------- d-----w- c:\program files\CCleaner
2010-03-01 01:54 . 2010-03-01 04:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-02-28 20:52 . 2010-02-28 20:52 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-28 20:52 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-28 15:52 . 2010-02-28 15:52 -------- d-----w- c:\program files\Apple Software Update
2010-02-15 20:34 . 2010-02-15 20:34 -------- d-----w- c:\documents and settings\Francisco\Local Settings\Application Data\Threat Expert
2010-02-15 18:58 . 2010-02-15 22:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-15 16:06 . 2010-02-28 18:24 -------- d-----w- c:\program files\ESET
2010-02-14 23:54 . 2010-02-14 23:54 -------- d-sh--w- c:\documents and settings\All Users\Application Data\MSBVW
2010-02-12 03:16 . 2009-10-11 09:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-12 03:15 . 2010-02-12 03:15 152576 ----a-w- c:\documents and settings\Francisco\Application Data\Sun\Java\jre1.6.0_16\lzma.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-03 02:34 . 2006-12-29 00:55 -------- d-----w- c:\program files\Java
2010-03-02 14:22 . 2007-07-07 17:01 -------- d-----w- c:\program files\Symantec AntiVirus
2010-03-01 04:08 . 2006-12-29 01:07 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-01 04:08 . 2006-12-29 01:07 -------- d-----w- c:\program files\Symantec
2010-02-28 20:52 . 2007-07-07 19:29 -------- d-----w- c:\program files\Lavasoft
2010-02-28 19:40 . 2009-06-23 03:01 -------- d-----w- c:\program files\Norton SystemWorks
2010-02-28 18:14 . 2006-12-29 00:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-28 18:12 . 2007-04-14 05:23 -------- d-----w- c:\program files\InterActual
2010-02-15 23:07 . 2007-07-07 19:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-02-07 22:07 . 2007-02-20 20:20 73168 ----a-w- c:\documents and settings\Francisco\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-07 20:48 . 2008-06-05 23:15 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-04 15:53 . 2010-02-28 20:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-07 04:22 . 2010-01-07 04:22 -------- d-----w- c:\program files\MSBuild
2010-01-07 04:22 . 2010-01-07 04:22 -------- d-----w- c:\program files\Reference Assemblies
2010-01-06 13:33 . 2010-01-06 13:33 -------- d-----w- c:\documents and settings\Francisco\Application Data\dvdcss
2010-01-05 10:00 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-01-04 23:27 . 2010-01-04 23:14 -------- d-----w- c:\program files\Common Files\Nero
2010-01-04 23:15 . 2010-01-04 23:15 -------- d-----w- c:\documents and settings\Francisco\Application Data\Nero
2010-01-04 22:50 . 2007-05-07 02:06 -------- d-----w- c:\documents and settings\Francisco\Application Data\Roxio
2010-01-03 02:00 . 2010-01-03 02:00 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2010-01-03 01:59 . 2008-05-26 20:25 -------- d-----w- c:\program files\Windows Live
2010-01-03 01:55 . 2010-01-03 01:55 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-01-03 01:54 . 2010-01-03 01:54 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-01-03 01:52 . 2010-01-03 01:52 -------- d-----w- c:\program files\Microsoft
2010-01-03 01:52 . 2010-01-03 01:52 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-01-03 01:46 . 2010-01-03 01:46 -------- d-----w- c:\program files\Common Files\Windows Live
2010-01-02 22:00 . 2010-01-02 22:00 -------- d-----w- c:\program files\VideoLAN
2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-16 18:43 . 2004-08-10 19:01 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-04 18:22 . 2004-08-04 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-05-13 00:04 . 2007-09-23 20:24 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-05-13 00:04 . 2007-09-23 20:24 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-05-13 00:04 . 2007-09-23 20:24 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-05-13 00:04 . 2007-09-23 20:24 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-05-13 00:04 . 2007-09-23 20:24 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-06-23 03:02 . 2009-06-23 03:02 32 --sha-w- c:\windows\{09A48615-0B82-4EF9-A858-63B875A25943}.dat
2009-06-23 03:02 . 2009-06-23 03:02 32 --sha-w- c:\windows\{3F2C9E53-DAC4-48D9-A711-70B9FB73C275}.dat
2009-06-23 03:01 . 2009-06-23 03:01 32 --sha-w- c:\windows\{4BA12246-2AC2-4B1A-8AAA-0CC7D8EBADF3}.dat
2009-06-23 03:02 . 2009-06-23 03:02 32 --sha-w- c:\windows\{C1AD1A05-C5E8-4332-A0E4-28C8D0F2CBC9}.dat
2009-06-23 03:02 . 2009-06-23 03:02 32 --sha-w- c:\windows\system32\{36C18C42-4C14-4E80-9DDF-3F6B9059D969}.dat
2009-06-23 03:02 . 2009-06-23 03:02 32 --sha-w- c:\windows\system32\{64E0D4E4-B649-4D18-8361-615962163C81}.dat
2009-06-23 03:02 . 2009-06-23 03:02 32 --sha-w- c:\windows\system32\{9E4D3BAA-D6AB-4528-85C0-FCE3A0967E72}.dat
2009-06-23 03:01 . 2009-06-23 03:01 32 --sha-w- c:\windows\system32\{F859E35E-1A1C-45B4-A7E0-F04D3FD5C696}.dat
.

------- Sigcheck -------

[7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[7] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

c:\windows\System32\sfcfiles.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CleanSweep Smart Sweep-Internet Sweep.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CleanSweep Smart Sweep-Internet Sweep.lnk
backup=c:\windows\pss\CleanSweep Smart Sweep-Internet Sweep.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Francisco^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Francisco\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-10 23:51 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\Reader_SL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2009-07-09 23:19 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-05-10 17:12 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2005-12-19 21:08 1347584 ----a-w- c:\windows\system32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2006-08-29 03:57 395776 ----a-w- c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 02:29 49152 ----a-w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2007-02-26 06:01 437160 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-01-15 09:22 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 08:24 20480 ----a-w- c:\program files\NetWaiting\netwaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-01-10 21:27 385024 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-12-29 01:07 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
2003-01-09 13:21 253952 ----a-w- c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2003-01-13 14:19 757760 ----a-w- c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
2003-01-13 18:05 69632 ----a-w- c:\program files\Common Files\Roxio Shared\System\EngUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-09-22 17:06 282624 ----a-w- c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-09-22 17:47 761947 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPP Auto Loader]
2001-10-05 17:54 118784 ----a-w- c:\windows\TPPALDR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"GoogleDesktopManager"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"AOL ACS"=2 (0x2)
"SQLAgent$MICROSOFTSMLBIZ"=3 (0x3)
"NICCONFIGSVC"=2 (0x2)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"MDM"=2 (0x2)
"Macromedia Licensing Service"=3 (0x3)
"iPod Service"=3 (0x3)
"AshEvtSvc"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"Symantec Core LC"=3 (0x3)
"SNDSrvc"=3 (0x3)
"navapsvc"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"GOUJPBIRYFJZPUT"=3 (0x3)
"wltrysvc"=2 (0x2)
"SymWSC"=2 (0x2)
"SeaPort"=2 (0x2)
"NOD32krn"=2 (0x2)
"LiveUpdate"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"fsssvc"=3 (0x3)
"aawservice"=2 (0x2)
"ISVAWVC"=3 (0x3)
"IR"=3 (0x3)
"SBService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/28/2010 3:53 PM 64288]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [1/2/2010 8:59 PM 54752]
S3 QDFSDRV;QDFSDRV;\??\c:\windows\system32\drivers\qdfsdrv.sys --> c:\windows\system32\drivers\qdfsdrv.sys [?]
S3 TPP200;USB Storage Adapter V2 (TPP);c:\windows\system32\drivers\TPP200.SYS [10/5/2001 12:54 PM 35541]
S4 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48 PM 704864]
S4 GOUJPBIRYFJZPUT;GOUJPBIRYFJZPUT;c:\docume~1\FRANCI~1\LOCALS~1\Temp\GOUJPBIRYFJZPUT.exe --> c:\docume~1\FRANCI~1\LOCALS~1\Temp\GOUJPBIRYFJZPUT.exe [?]
S4 IR;IR;c:\docume~1\FRANCI~1\LOCALS~1\Temp\IR.exe --> c:\docume~1\FRANCI~1\LOCALS~1\Temp\IR.exe [?]
S4 ISVAWVC;ISVAWVC;c:\docume~1\FRANCI~1\LOCALS~1\Temp\ISVAWVC.exe --> c:\docume~1\FRANCI~1\LOCALS~1\Temp\ISVAWVC.exe [?]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1229232]
S4 OracleOracleDB9iTNSListener;OracleOracleDB9iTNSListener;c:\docume~1\FRANCI~1\LOCALS~1\Temp\Ora9i\Product\BIN\TNSLSNR --> c:\docume~1\FRANCI~1\LOCALS~1\Temp\Ora9i\Product\BIN\TNSLSNR [?]
S4 OracleOraDb8_homePagingServer;OracleOraDb8_homePagingServer;c:\oracle8/bin/pagntsrv.exe --> c:\oracle8/bin/pagntsrv.exe [?]
S4 OracleOraDb9i_home1TNSListener;OracleOraDb9i_home1TNSListener;c:\oracle9i\BIN\TNSLSNR --> c:\oracle9i\BIN\TNSLSNR [?]
.
Contents of the 'Scheduled Tasks' folder

2010-03-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 20:53]

2010-02-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Francisco\Application Data\Mozilla\Firefox\Profiles\sqm9hg2r.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.toggle.com/index.php?rvs=hompag
FF - component: c:\progra~1\MOZILL~1\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-autochk - c:\docume~1\LOCALS~1\protect.dll
Notify-NavLogon - (no file)
MSConfigStartUp-Antivirus2008y - c:\program files\Antivirus2008y\antvrs.exe
MSConfigStartUp-ares - c:\program files\Ares\Ares.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-ccRegVfy - c:\program files\Common Files\Symantec Shared\ccRegVfy.exe
MSConfigStartUp-Dell QuickSet - c:\program files\Dell\QuickSet\quickset.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-Load - c:\windows\svchost.exe
MSConfigStartUp-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes Anti-Malware\mbam.exe
MSConfigStartUp-My Security Wall - c:\documents and settings\All Users\Application Data\2864c90\MS2864.exe
MSConfigStartUp-nod32kui - c:\program files\Eset\nod32kui.exe
MSConfigStartUp-QD FastAndSafe - c:\program files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe
MSConfigStartUp-SeekmoOE - c:\program files\Seekmo\bin\10.0.341.0\OEAddOn.exe
MSConfigStartUp-SeekmoSA - c:\program files\Seekmo\bin\10.0.341.0\SeekmoSA.exe
MSConfigStartUp-SoundMam - c:\windows\system32\SVOHOST.exe
MSConfigStartUp-Symantec NetDriver Monitor - c:\progra~1\SYMNET~1\SNDMon.exe
MSConfigStartUp-system tool - c:\windows\sysguard.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
MSConfigStartUp-vptray - c:\program files\Symantec AntiVirus\Vptray.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-02 22:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOracleDB9iTNSListener]
"ImagePath"="c:\docume~1\FRANCI~1\LOCALS~1\Temp\Ora9i\Product\BIN\TNSLSNR "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraDb8_homePagingServer]
"ImagePath"="C:\oracle8/bin/pagntsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraDb9i_home1TNSListener]
"ImagePath"="c:\oracle9i\BIN\TNSLSNR "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2876)
c:\windows\system32\WININET.dll
c:\windows\system32\IEFRAME.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\windows\system32\mshtml.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-03-02 22:55:32 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-03 03:55

Pre-Run: 8,855,965,696 bytes free
Post-Run: 9,271,812,096 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 0A6753646C096206B61A9ACAC11AA221


Report •

#11
March 3, 2010 at 10:19:50
Hey all,

Thanks a lot for all your assistance, all these suggestiong helped tremendously and fixed the admin issue with running services AND the IE Redirect issue. You guys are the best. Im a techie, but I have been humbled today, gotta give it to you guys, you know your stuff.

Thanks again,


Report •

Ask Question