1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Internet Antivirus 2011

Discussion in 'Virus & Other Malware Removal' started by Pratap, Dec 9, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. Pratap

    Pratap Thread Starter

    Joined:
    Dec 8, 2010
    Messages:
    3
    Hello,

    1. Application 'Internet Antivirus 2011' has appeared on my PC. I can't unistall it as 'Add/Remove' programs list does not show an entry for it. An icon has appeared in the desktop task bar. An icon has also appeared on the desktop. The desktop icon re-appears after I delete it. The application displays messages with files names and paths of viruses/trojans and directs me to remove them. When I attempt to remove them, it directs me to it's web page to pay a subscription. I would like to get rid of this application but do not know how.

    2. A message window has opened saying 'cmd.exe-Application error. The application has failed to initialize properly (0xc0000142). Click on OK to terminate the application.' This window does not close.

    3. I have 'avast!' free version of antivirus installed. A full scan does not detect any infected files.

    4. I also have Tweaknow Regcleaner installed. I have run it to clean the registry.

    Please help.

    Thank you.
    Pratap.

    Log files are copied below:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:01:28 PM, on 12/8/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    C:\Program Files\tbh\base\bin\tbhSystray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
    c:\Program Files\tbh\base\bin\tbhDaemon.exe
    C:\Documents and Settings\All Users\Application Data\43077d\IA430_287.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\ping.exe
    C:\WINDOWS\system32\ping.exe
    C:\WINDOWS\system32\ping.exe
    C:\WINDOWS\system32\ping.exe
    C:\WINDOWS\system32\ping.exe
    C:\WINDOWS\system32\ping.exe
    C:\WINDOWS\system32\ping.exe
    C:\WINDOWS\system32\ping.exe
    C:\WINDOWS\system32\ping.exe
    C:\WINDOWS\system32\ping.exe
    C:\WINDOWS\system32\ping.exe
    C:\WINDOWS\system32\ping.exe
    C:\WINDOWS\system32\ping.exe
    C:\WINDOWS\system32\ping.exe
    C:\WINDOWS\system32\ping.exe
    C:\WINDOWS\system32\ping.exe
    C:\WINDOWS\system32\ping.exe
    C:\WINDOWS\system32\ping.exe
    C:\WINDOWS\system32\ping.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    C:\Documents and Settings\Admin\Desktop\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2856459
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25577
    R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
    O1 - Hosts: 74.125.45.100 4-open-davinci.com
    O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
    O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
    O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
    O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
    O1 - Hosts: 74.125.45.100 secure-plus-payments.com
    O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
    O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
    O1 - Hosts: 74.125.45.100 www.getavplusnow.com
    O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
    O1 - Hosts: 74.125.45.100 urs.microsoft.com
    O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
    O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
    O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
    O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
    O1 - Hosts: 96.44.181.243 www.google.com
    O1 - Hosts: 96.44.181.243 google.com
    O1 - Hosts: 96.44.181.243 google.com.au
    O1 - Hosts: 96.44.181.243 www.google.com.au
    O1 - Hosts: 96.44.181.243 google.be
    O1 - Hosts: 96.44.181.243 www.google.be
    O1 - Hosts: 96.44.181.243 google.com.br
    O1 - Hosts: 96.44.181.243 www.google.com.br
    O1 - Hosts: 96.44.181.243 google.ca
    O1 - Hosts: 96.44.181.243 www.google.ca
    O1 - Hosts: 96.44.181.243 google.ch
    O1 - Hosts: 96.44.181.243 www.google.ch
    O1 - Hosts: 96.44.181.243 google.de
    O1 - Hosts: 96.44.181.243 www.google.de
    O1 - Hosts: 96.44.181.243 google.dk
    O1 - Hosts: 96.44.181.243 www.google.dk
    O1 - Hosts: 96.44.181.243 google.fr
    O1 - Hosts: 96.44.181.243 www.google.fr
    O1 - Hosts: 96.44.181.243 google.ie
    O1 - Hosts: 96.44.181.243 www.google.ie
    O1 - Hosts: 96.44.181.243 google.it
    O1 - Hosts: 96.44.181.243 www.google.it
    O1 - Hosts: 96.44.181.243 google.co.jp
    O1 - Hosts: 96.44.181.243 www.google.co.jp
    O1 - Hosts: 96.44.181.243 google.nl
    O1 - Hosts: 96.44.181.243 www.google.nl
    O1 - Hosts: 96.44.181.243 google.no
    O1 - Hosts: 96.44.181.243 www.google.no
    O1 - Hosts: 96.44.181.243 google.co.nz
    O1 - Hosts: 96.44.181.243 www.google.co.nz
    O1 - Hosts: 96.44.181.243 google.pl
    O1 - Hosts: 96.44.181.243 www.google.pl
    O1 - Hosts: 96.44.181.243 google.se
    O1 - Hosts: 96.44.181.243 www.google.se
    O1 - Hosts: 96.44.181.243 google.co.uk
    O1 - Hosts: 96.44.181.243 www.google.co.uk
    O1 - Hosts: 96.44.181.243 google.co.za
    O1 - Hosts: 96.44.181.243 www.google.co.za
    O1 - Hosts: 96.44.181.243 www.google-analytics.com
    O1 - Hosts: 96.44.181.243 www.bing.com
    O1 - Hosts: 96.44.181.243 search.yahoo.com
    O1 - Hosts: 96.44.181.243 www.search.yahoo.com
    O1 - Hosts: 96.44.181.243 uk.search.yahoo.com
    O1 - Hosts: 96.44.181.243 ca.search.yahoo.com
    O1 - Hosts: 96.44.181.243 de.search.yahoo.com
    O1 - Hosts: 96.44.181.243 fr.search.yahoo.com
    O1 - Hosts: 96.44.181.243 au.search.yahoo.com
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Merriam-Webster Online BHO - {5ADA9CAC-04F9-4DD2-ABFD-74D673BE8624} - C:\WINDOWS\_MWOLTB.DLL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Documents and Settings\Admin\Desktop\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Merriam-Webster Online - {B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} - C:\WINDOWS\_MWOLTB.DLL
    O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
    O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [tbhSystray] C:\Program Files\tbh\base\bin\tbhSystray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Internet Antivirus 2011] "C:\Documents and Settings\All Users\Application Data\43077d\IA430_287.exe" /s /d
    O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm574YYCA
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    O8 - Extra context menu item: MWOL &Dictionary - res://C:\WINDOWS\_MWOLTB.DLL/23/219
    O8 - Extra context menu item: MWOL &Thesaurus - res://C:\WINDOWS\_MWOLTB.DLL/23/220
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Documents and Settings\Admin\Desktop\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Documents and Settings\Admin\Desktop\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/MyFunCardsInitialSetup1.0.1.1.cab
    O16 - DPF: {3CF32649-D1C0-4F42-AB44-ED284748920B} (Merriam-Webster Online Toolbar) - http://www.merriam-webster.com/downloads/toolbar/webinstall.cab
    O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1225458963440
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Documents and Settings\Admin\Desktop\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Google Update Service (gupdate1ca39ac38d41824) (gupdate1ca39ac38d41824) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
    O23 - Service: The Browser Highlighter Monitor (tbhMonitor.exe) - Unknown owner - C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
    --
    End of file - 18010 bytes

    DDS (Ver_10-12-05.01) - NTFSx86
    Run by Admin at 22:06:33.39 on Wed 12/08/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.495.133 [GMT -5:00]
    AV: Internet Antivirus 2011 *On-access scanning enabled* (Updated) {F61BEBE8-E56D-4A0F-A887-E11A662E3F3F}
    AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: Internet Antivirus 2011 *enabled* {5EE03F63-5994-42D0-A814-06CC89E3723E}
    ============== Running Processes ===============
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\igfxpers.exe
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    C:\Program Files\tbh\base\bin\tbhSystray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
    c:\Program Files\tbh\base\bin\tbhDaemon.exe
    C:\Documents and Settings\All Users\Application Data\43077d\IA430_287.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\ping.exe
    C:\WINDOWS\system32\ping.exe
    C:\WINDOWS\system32\ping.exe
    C:\WINDOWS\system32\ping.exe
    C:\WINDOWS\system32\ping.exe
    C:\WINDOWS\system32\ping.exe
    C:\WINDOWS\system32\ping.exe
    C:\WINDOWS\system32\ping.exe
    C:\WINDOWS\system32\ping.exe
    C:\WINDOWS\system32\ping.exe
    C:\WINDOWS\system32\ping.exe
    C:\WINDOWS\system32\ping.exe
    C:\WINDOWS\system32\ping.exe
    C:\WINDOWS\system32\ping.exe
    C:\WINDOWS\system32\ping.exe
    C:\WINDOWS\system32\ping.exe
    C:\WINDOWS\system32\ping.exe
    C:\WINDOWS\system32\ping.exe
    C:\WINDOWS\system32\ping.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Documents and Settings\Admin\Desktop\dds.scr
    ============== Pseudo HJT Report ===============
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2856459
    uSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
    mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
    uInternet Settings,ProxyServer = http=127.0.0.1:25577
    uURLSearchHooks: H - No File
    uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL
    BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL
    BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Merriam-Webster Online BHO: {5ada9cac-04f9-4dd2-abfd-74d673be8624} - c:\windows\_MWOLTB.DLL
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\documents and settings\admin\desktop\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Merriam-Webster Online: {b7b76dd6-b6f0-4443-af81-6a3ecf12a57d} - c:\windows\_MWOLTB.DLL
    TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Internet Antivirus 2011] "c:\documents and settings\all users\application data\43077d\IA430_287.exe" /s /d
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [MyWebSearch Plugin] rundll32 c:\progra~1\mywebs~1\bar\1.bin\M3PLUGIN.DLL,UPF
    mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
    mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
    mRun: [tbhSystray] c:\program files\tbh\base\bin\tbhSystray.exe
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    dRunOnce: [IETI] c:\program files\skype\phone\ieplugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    uPolicies-explorer: DisallowRun = 1 (0x1)
    uPolicies-disallowrun: 0 = msseces.exe
    uPolicies-disallowrun: 1 = MSASCui.exe
    uPolicies-disallowrun: 2 = ekrn.exe
    uPolicies-disallowrun: 3 = egui.exe
    uPolicies-disallowrun: 4 = avgnt.exe
    uPolicies-disallowrun: 5 = avcenter.exe
    uPolicies-disallowrun: 6 = avscan.exe
    uPolicies-disallowrun: 7 = avgfrw.exe
    uPolicies-disallowrun: 8 = avgui.exe
    uPolicies-disallowrun: 9 = avgtray.exe
    uPolicies-disallowrun: 10 = avgscanx.exe
    uPolicies-disallowrun: 11 = avgcfgex.exe
    uPolicies-disallowrun: 12 = avgemc.exe
    uPolicies-disallowrun: 13 = avgchsvx.exe
    uPolicies-disallowrun: 14 = avgcmgr.exe
    uPolicies-disallowrun: 15 = avgwdsvc.exe
    IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm574YYCA
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: MWOL &Dictionary - c:\windows\_MWOLTB.DLL/23/219
    IE: MWOL &Thesaurus - c:\windows\_MWOLTB.DLL/23/220
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\documents and settings\admin\desktop\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    Trusted Zone: microsoft.com\www.update
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/MyFunCardsInitialSetup1.0.1.1.cab
    DPF: {3CF32649-D1C0-4F42-AB44-ED284748920B} - hxxp://www.merriam-webster.com/downloads/toolbar/webinstall.cab
    DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225458963440
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\documents and settings\admin\desktop\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    IFEO: image file execution options - svchost.exe
    IFEO: a.exe - svchost.exe
    IFEO: aAvgApi.exe - svchost.exe
    IFEO: AAWTray.exe - svchost.exe
    IFEO: About.exe - svchost.exe
    Note: multiple IFEO entries found. Please refer to Attach.txt
    Hosts: 74.125.45.100 4-open-davinci.com
    Hosts: 74.125.45.100 securitysoftwarepayments.com
    Hosts: 74.125.45.100 privatesecuredpayments.com
    Hosts: 74.125.45.100 secure.privatesecuredpayments.com
    Hosts: 74.125.45.100 getantivirusplusnow.com
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    ================= FIREFOX ===================
    FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\vxj0dtem.default\
    FF - prefs.js: browser.search.selectedEngine - search
    FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=16148&l=dis
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cb89950&v=6.010.006.004&i=23&tp=ab&iy=&ychte=ca&lng=en-US&q=
    FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils2.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\[email protected]\components\xpavgtbapi.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPMyWebS.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Extension: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Extension: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\vxj0dtem.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    ---- FIREFOX POLICIES ----
    FF - user.js: browser.cache.memory.capacity - 16000
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: content.max.tokenizing.time - 2250000
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 750000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 750000
    FF - user.js: dom.disable_window_status_change - true
    FF - user.js: network.http.max-connections - 32
    FF - user.js: network.http.max-connections-per-server - 8
    FF - user.js: network.http.max-persistent-connections-per-proxy - 8
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.firstrequest - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 750
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    ============= SERVICES / DRIVERS ===============
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-2 165584]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-2 17744]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-2 40384]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-11-7 54752]
    R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [2009-10-22 70952]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-2 40384]
    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-2 40384]
    S2 gupdate1ca39ac38d41824;Google Update Service (gupdate1ca39ac38d41824);c:\program files\google\update\GoogleUpdate.exe [2009-9-19 133104]
    S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [2009-5-21 28762]
    S3 cpuz134;cpuz134;\??\c:\docume~1\admin\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\admin\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
    =============== Created Last 30 ================
    2010-12-08 23:33:51 -------- d-sh--w- c:\docume~1\admin\applic~1\Internet Antivirus 2011
    2010-12-08 23:33:47 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\IAEDCOFHZV
    2010-12-08 23:32:53 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\43077d
    2010-12-08 22:23:02 -------- d-----w- c:\docume~1\admin\applic~1\PriceGong
    2010-12-08 22:22:29 -------- d-----w- c:\docume~1\admin\locals~1\applic~1\Conduit
    2010-12-04 21:03:51 -------- d-----w- c:\program files\MSECache
    2010-12-02 20:00:14 38848 ----a-w- c:\windows\avastSS.scr
    2010-12-02 19:59:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
    2010-12-02 02:41:07 -------- d-----w- c:\program files\TweakNow RegCleaner
    2010-12-02 02:41:07 -------- d-----w- c:\docume~1\admin\applic~1\TweakNow RegCleaner
    2010-12-02 01:22:49 -------- d-----w- c:\program files\IObit
    2010-12-02 01:22:49 -------- d-----w- c:\docume~1\admin\applic~1\IObit
    2010-12-02 01:05:24 -------- d-----w- c:\docume~1\admin\applic~1\Uniblue
    2010-12-02 01:04:44 -------- d-----w- c:\program files\Uniblue
    2010-12-02 01:04:18 -------- d-----w- c:\docume~1\admin\locals~1\applic~1\PackageAware
    2010-12-02 00:40:46 -------- d-----w- c:\windows\system32\Registry Patrol
    2010-12-02 00:39:25 -------- d-----w- c:\program files\Registry Patrol
    ==================== Find3M ====================
    2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-15 08:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-15 06:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    =================== ROOTKIT ====================
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600
    CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
    device: opened successfully
    user: error reading MBR
    Disk trace:
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    user != kernel MBR !!!
    ============= FINISH: 22:07:32.35 ===============

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    DDS (Ver_10-12-05.01)
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/31/2008 5:45:53 AM
    System Uptime: 12/8/2010 8:07:11 PM (2 hours ago)
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Socket 478 | 2992/200mhz
    ==== Disk Partitions =========================
    A: is Removable
    C: is FIXED (NTFS) - 233 GiB total, 196.921 GiB free.
    E: is CDROM ()
    ==== Disabled Device Manager Items =============
    ==== System Restore Points ===================
    RP723: 9/10/2010 3:00:27 AM - Software Distribution Service 3.0
    RP724: 9/11/2010 3:00:23 AM - Software Distribution Service 3.0
    RP725: 9/12/2010 3:00:22 AM - Software Distribution Service 3.0
    RP726: 9/13/2010 3:00:20 AM - Software Distribution Service 3.0
    RP727: 9/13/2010 11:53:40 AM - Unsigned printer driver HP DeskJet 840C/841C/842C/84 installed.
    RP728: 9/14/2010 3:00:36 AM - Software Distribution Service 3.0
    RP729: 9/15/2010 3:00:37 AM - Software Distribution Service 3.0
    RP730: 9/16/2010 3:00:32 AM - Software Distribution Service 3.0
    RP731: 9/17/2010 3:00:35 AM - Software Distribution Service 3.0
    RP732: 9/18/2010 3:00:22 AM - Software Distribution Service 3.0
    RP733: 9/19/2010 3:00:25 AM - Software Distribution Service 3.0
    RP734: 9/19/2010 6:30:41 PM - Software Distribution Service 3.0
    RP735: 9/20/2010 3:00:28 AM - Software Distribution Service 3.0
    RP736: 9/21/2010 3:00:20 AM - Software Distribution Service 3.0
    RP737: 9/22/2010 3:00:17 AM - Software Distribution Service 3.0
    RP738: 9/22/2010 11:14:04 AM - Software Distribution Service 3.0
    RP739: 9/23/2010 3:00:26 AM - Software Distribution Service 3.0
    RP740: 9/23/2010 8:30:48 AM - Avg Update
    RP741: 9/23/2010 8:33:32 AM - Avg Update
    RP742: 9/23/2010 12:21:58 PM - Software Distribution Service 3.0
    RP743: 9/23/2010 3:17:54 PM - Installed RegWork.
    RP744: 9/23/2010 3:31:25 PM - Removed RegWork.
    RP745: 9/24/2010 3:00:18 AM - Software Distribution Service 3.0
    RP746: 9/25/2010 3:00:36 AM - Software Distribution Service 3.0
    RP747: 9/26/2010 3:00:22 AM - Software Distribution Service 3.0
    RP748: 9/27/2010 3:00:17 AM - Software Distribution Service 3.0
    RP749: 9/27/2010 2:08:05 PM - Software Distribution Service 3.0
    RP750: 9/27/2010 3:59:41 PM - Software Distribution Service 3.0
    RP751: 9/27/2010 4:52:23 PM - Removed Ask Toolbar.
    RP752: 9/28/2010 3:00:18 AM - Software Distribution Service 3.0
    RP753: 9/29/2010 8:34:00 AM - Software Distribution Service 3.0
    RP754: 9/30/2010 3:00:26 AM - Software Distribution Service 3.0
    RP755: 10/1/2010 10:55:06 AM - Software Distribution Service 3.0
    RP756: 10/2/2010 1:17:25 PM - Software Distribution Service 3.0
    RP757: 10/3/2010 3:00:19 AM - Software Distribution Service 3.0
    RP758: 10/4/2010 10:17:36 AM - Software Distribution Service 3.0
    RP759: 10/5/2010 3:00:25 AM - Software Distribution Service 3.0
    RP760: 10/6/2010 10:37:11 AM - Software Distribution Service 3.0
    RP761: 10/7/2010 3:00:31 AM - Software Distribution Service 3.0
    RP762: 10/8/2010 3:00:41 AM - Software Distribution Service 3.0
    RP763: 10/9/2010 3:01:01 AM - Software Distribution Service 3.0
    RP764: 10/10/2010 3:00:29 AM - Software Distribution Service 3.0
    RP765: 10/11/2010 10:27:52 AM - Software Distribution Service 3.0
    RP766: 10/12/2010 3:00:33 AM - Software Distribution Service 3.0
    RP767: 10/13/2010 7:39:30 AM - Software Distribution Service 3.0
    RP768: 10/14/2010 3:00:54 AM - Software Distribution Service 3.0
    RP769: 10/15/2010 3:00:25 AM - Software Distribution Service 3.0
    RP770: 10/15/2010 12:45:45 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    RP771: 10/15/2010 12:45:58 PM - Installed AVG 2011
    RP772: 10/15/2010 12:47:41 PM - Removed AVG Free 9.0
    RP773: 10/15/2010 12:56:58 PM - Installed AVG 2011
    RP774: 10/15/2010 12:57:11 PM - Removed AVG 2011
    RP775: 10/15/2010 1:38:24 PM - Installed AVG 2011
    RP776: 10/15/2010 1:40:43 PM - Installed AVG 2011
    RP777: 10/16/2010 3:06:29 AM - Software Distribution Service 3.0
    RP778: 10/16/2010 1:10:56 PM - Software Distribution Service 3.0
    RP779: 10/16/2010 1:36:26 PM - Software Distribution Service 3.0
    RP780: 10/17/2010 3:00:17 AM - Software Distribution Service 3.0
    RP781: 10/17/2010 12:07:13 PM - Software Distribution Service 3.0
    RP782: 10/18/2010 3:02:36 AM - Software Distribution Service 3.0
    RP783: 10/18/2010 6:04:04 PM - Removed Microsoft Office Click-to-Run 2010
    RP784: 10/18/2010 6:12:26 PM - Software Distribution Service 3.0
    RP785: 10/19/2010 1:19:40 AM - Software Distribution Service 3.0
    RP786: 10/19/2010 3:00:16 AM - Software Distribution Service 3.0
    RP787: 10/19/2010 12:03:34 PM - Software Distribution Service 3.0
    RP788: 10/20/2010 2:36:08 PM - System Checkpoint
    RP789: 10/21/2010 7:30:06 PM - System Checkpoint
    RP790: 10/22/2010 7:55:32 PM - System Checkpoint
    RP791: 10/23/2010 8:13:30 PM - System Checkpoint
    RP792: 10/24/2010 8:31:25 PM - System Checkpoint
    RP793: 10/25/2010 8:56:58 PM - System Checkpoint
    RP794: 10/26/2010 11:36:05 PM - System Checkpoint
    RP795: 10/28/2010 1:31:10 AM - System Checkpoint
    RP796: 10/29/2010 2:07:21 AM - System Checkpoint
    RP797: 10/30/2010 7:22:59 PM - System Checkpoint
    RP798: 10/31/2010 7:41:22 PM - System Checkpoint
    RP799: 11/1/2010 8:43:30 PM - System Checkpoint
    RP800: 11/2/2010 9:22:12 PM - System Checkpoint
    RP801: 11/3/2010 10:31:53 PM - System Checkpoint
    RP802: 11/4/2010 11:22:52 PM - System Checkpoint
    RP803: 11/5/2010 12:47:27 PM - Installed Java(TM) 6 Update 22
    RP804: 11/6/2010 3:31:10 PM - System Checkpoint
    RP805: 11/7/2010 2:50:41 PM - System Checkpoint
    RP806: 11/8/2010 5:42:27 PM - System Checkpoint
    RP807: 11/9/2010 5:51:48 PM - System Checkpoint
    RP808: 11/10/2010 12:48:31 PM - Software Distribution Service 3.0
    RP809: 11/11/2010 3:01:40 PM - System Checkpoint
    RP810: 11/12/2010 3:03:31 PM - System Checkpoint
    RP811: 11/13/2010 3:15:31 PM - System Checkpoint
    RP812: 11/15/2010 4:05:23 PM - System Checkpoint
    RP813: 11/16/2010 4:52:30 PM - System Checkpoint
    RP814: 11/17/2010 5:53:34 PM - System Checkpoint
    RP815: 11/18/2010 6:06:49 PM - System Checkpoint
    RP816: 11/19/2010 6:54:49 PM - System Checkpoint
    RP817: 11/20/2010 7:32:21 PM - System Checkpoint
    RP818: 11/21/2010 7:59:08 PM - System Checkpoint
    RP819: 11/22/2010 9:54:14 PM - System Checkpoint
    RP820: 11/23/2010 10:17:47 PM - System Checkpoint
    RP821: 11/24/2010 10:59:25 PM - System Checkpoint
    RP822: 11/25/2010 11:51:09 PM - System Checkpoint
    RP823: 11/27/2010 12:26:12 AM - System Checkpoint
    RP824: 11/28/2010 1:03:43 AM - System Checkpoint
    RP825: 11/29/2010 1:37:42 AM - System Checkpoint
    RP826: 11/30/2010 3:33:42 AM - System Checkpoint
    RP827: 12/1/2010 3:42:13 PM - System Checkpoint
    RP828: 12/2/2010 2:59:12 PM - avast! Free Antivirus Setup
    RP829: 12/2/2010 4:32:00 PM - Removed AVG 2011
    RP830: 12/2/2010 4:34:59 PM - Removed AVG 2011
    RP831: 12/2/2010 4:37:09 PM - Removed AVG 2011
    RP832: 12/3/2010 4:52:16 PM - System Checkpoint
    RP833: 12/4/2010 4:04:12 PM - Installed Compatibility Pack for the 2007 Office system
    RP834: 12/5/2010 3:00:29 AM - Software Distribution Service 3.0
    RP835: 12/6/2010 1:02:44 AM - Software Distribution Service 3.0
    RP836: 12/7/2010 1:22:26 AM - System Checkpoint
    RP837: 12/7/2010 3:00:16 AM - Software Distribution Service 3.0
    RP838: 12/8/2010 3:00:21 AM - Software Distribution Service 3.0
    RP839: 12/8/2010 7:47:46 PM - Software Distribution Service 3.0
    RP840: 12/8/2010 7:51:00 PM - Software Distribution Service 3.0
    ==== Image File Execution Options =============
    IFEO: image file execution options - svchost.exe
    IFEO: a.exe - svchost.exe
    IFEO: aAvgApi.exe - svchost.exe
    IFEO: AAWTray.exe - svchost.exe
    IFEO: About.exe - svchost.exe
    IFEO: ackwin32.exe - svchost.exe
    IFEO: Ad-Aware.exe - svchost.exe
    IFEO: adaware.exe - svchost.exe
    IFEO: advxdwin.exe - svchost.exe
    IFEO: AdwarePrj.exe - svchost.exe
    IFEO: agent.exe - svchost.exe
    IFEO: agentsvr.exe - svchost.exe
    IFEO: agentw.exe - svchost.exe
    IFEO: alertsvc.exe - svchost.exe
    IFEO: alevir.exe - svchost.exe
    IFEO: alogserv.exe - svchost.exe
    IFEO: AlphaAV - svchost.exe
    IFEO: AlphaAV.exe - svchost.exe
    IFEO: AluSchedulerSvc.exe - svchost.exe
    IFEO: amon9x.exe - svchost.exe
    IFEO: anti-trojan.exe - svchost.exe
    IFEO: Anti-Virus Professional.exe - svchost.exe
    IFEO: AntispywarXP2009.exe - svchost.exe
    IFEO: antivirus.exe - svchost.exe
    IFEO: AntivirusPlus - svchost.exe
    IFEO: AntivirusPlus.exe - svchost.exe
    IFEO: AntivirusPro_2010.exe - svchost.exe
    IFEO: AntivirusXP - svchost.exe
    IFEO: AntivirusXP.exe - svchost.exe
    IFEO: antivirusxppro2009.exe - svchost.exe
    IFEO: AntiVirus_Pro.exe - svchost.exe
    IFEO: ants.exe - svchost.exe
    IFEO: apimonitor.exe - svchost.exe
    IFEO: aplica32.exe - svchost.exe
    IFEO: apvxdwin.exe - svchost.exe
    IFEO: arr.exe - svchost.exe
    IFEO: Arrakis3.exe - svchost.exe
    IFEO: ashAvast.exe - svchost.exe
    IFEO: ashBug.exe - svchost.exe
    IFEO: ashChest.exe - svchost.exe
    IFEO: ashCnsnt.exe - svchost.exe
    IFEO: ashDisp.exe - svchost.exe
    IFEO: ashLogV.exe - svchost.exe
    IFEO: ashMaiSv.exe - svchost.exe
    IFEO: ashPopWz.exe - svchost.exe
    IFEO: ashQuick.exe - svchost.exe
    IFEO: ashServ.exe - svchost.exe
    IFEO: ashSimp2.exe - svchost.exe
    IFEO: ashSimpl.exe - svchost.exe
    IFEO: ashSkPcc.exe - svchost.exe
    IFEO: ashSkPck.exe - svchost.exe
    IFEO: ashUpd.exe - svchost.exe
    IFEO: ashWebSv.exe - svchost.exe
    IFEO: aswChLic.exe - svchost.exe
    IFEO: aswRegSvr.exe - svchost.exe
    IFEO: aswRunDll.exe - svchost.exe
    IFEO: aswUpdSv.exe - svchost.exe
    IFEO: atcon.exe - svchost.exe
    IFEO: atguard.exe - svchost.exe
    IFEO: atro55en.exe - svchost.exe
    IFEO: atupdater.exe - svchost.exe
    IFEO: atwatch.exe - svchost.exe
    IFEO: au.exe - svchost.exe
    IFEO: aupdate.exe - svchost.exe
    IFEO: auto-protect.nav80try.exe - svchost.exe
    IFEO: autodown.exe - svchost.exe
    IFEO: autotrace.exe - svchost.exe
    IFEO: autoupdate.exe - svchost.exe
    IFEO: av360.exe - svchost.exe
    IFEO: avadmin.exe - svchost.exe
    IFEO: AVCare.exe - svchost.exe
    IFEO: avcenter.exe - svchost.exe
    IFEO: avciman.exe - svchost.exe
    IFEO: avconfig.exe - svchost.exe
    IFEO: avconsol.exe - svchost.exe
    IFEO: ave32.exe - svchost.exe
    IFEO: AVENGINE.EXE - svchost.exe
    IFEO: avgcc32.exe - svchost.exe
    IFEO: avgchk.exe - svchost.exe
    IFEO: avgcmgr.exe - svchost.exe
    IFEO: avgcsrvx.exe - svchost.exe
    IFEO: avgctrl.exe - svchost.exe
    IFEO: avgdumpx.exe - svchost.exe
    IFEO: avgemc.exe - svchost.exe
    IFEO: avgiproxy.exe - svchost.exe
    IFEO: avgnsx.exe - svchost.exe
    IFEO: avgnt.exe - svchost.exe
    IFEO: avgrsx.exe - svchost.exe
    IFEO: avgscanx.exe - svchost.exe
    IFEO: avgserv.exe - svchost.exe
    IFEO: avgserv9.exe - svchost.exe
    IFEO: avgsrmax.exe - svchost.exe
    IFEO: avgtray.exe - svchost.exe
    IFEO: avgui.exe - svchost.exe
    IFEO: avgupd.exe - svchost.exe
    IFEO: avgw.exe - svchost.exe
    IFEO: avgwdsvc.exe - svchost.exe
    IFEO: avkpop.exe - svchost.exe
    IFEO: avkserv.exe - svchost.exe
    IFEO: avkservice.exe - svchost.exe
    IFEO: avkwctl9.exe - svchost.exe
    IFEO: avltmain.exe - svchost.exe
    IFEO: avmailc.exe - svchost.exe
    IFEO: avmcdlg.exe - svchost.exe
    IFEO: avnotify.exe - svchost.exe
    IFEO: avnt.exe - svchost.exe
    IFEO: avp32.exe - svchost.exe
    IFEO: avpcc.exe - svchost.exe
    IFEO: avpdos32.exe - svchost.exe
    IFEO: avpm.exe - svchost.exe
    IFEO: avptc32.exe - svchost.exe
    IFEO: avpupd.exe - svchost.exe
    IFEO: avsched32.exe - svchost.exe
    IFEO: avsynmgr.exe - svchost.exe
    IFEO: avupgsvc.exe - svchost.exe
    IFEO: AVWEBGRD.EXE - svchost.exe
    IFEO: avwin.exe - svchost.exe
    IFEO: avwin95.exe - svchost.exe
    IFEO: avwinnt.exe - svchost.exe
    IFEO: avwsc.exe - svchost.exe
    IFEO: avwupd.exe - svchost.exe
    IFEO: avwupd32.exe - svchost.exe
    IFEO: avwupsrv.exe - svchost.exe
    IFEO: avxmonitor9x.exe - svchost.exe
    IFEO: avxmonitornt.exe - svchost.exe
    IFEO: avxquar.exe - svchost.exe
    IFEO: b.exe - svchost.exe
    IFEO: backweb.exe - svchost.exe
    IFEO: bargains.exe - svchost.exe
    IFEO: bdagent.exe - svchost.exe
    IFEO: bdfvcl.exe - svchost.exe
    IFEO: bdfvwiz.exe - svchost.exe
    IFEO: BDInProcPatch.exe - svchost.exe
    IFEO: bdmcon.exe - svchost.exe
    IFEO: BDMsnScan.exe - svchost.exe
    IFEO: bdreinit.exe - svchost.exe
    IFEO: bdsubwiz.exe - svchost.exe
    IFEO: BDSurvey.exe - svchost.exe
    IFEO: bdtkexec.exe - svchost.exe
    IFEO: bdwizreg.exe - svchost.exe
    IFEO: bd_professional.exe - svchost.exe
    IFEO: beagle.exe - svchost.exe
    IFEO: belt.exe - svchost.exe
    IFEO: bidef.exe - svchost.exe
    IFEO: bidserver.exe - svchost.exe
    IFEO: bipcp.exe - svchost.exe
    IFEO: bipcpevalsetup.exe - svchost.exe
    IFEO: bisp.exe - svchost.exe
    IFEO: blackd.exe - svchost.exe
    IFEO: blackice.exe - svchost.exe
    IFEO: blink.exe - svchost.exe
    IFEO: blss.exe - svchost.exe
    IFEO: bootconf.exe - svchost.exe
    IFEO: bootwarn.exe - svchost.exe
    IFEO: borg2.exe - svchost.exe
    IFEO: bpc.exe - svchost.exe
    IFEO: brasil.exe - svchost.exe
    IFEO: brastk.exe - svchost.exe
    IFEO: brw.exe - svchost.exe
    IFEO: bs120.exe - svchost.exe
    IFEO: bspatch.exe - svchost.exe
    IFEO: bundle.exe - svchost.exe
    IFEO: bvt.exe - svchost.exe
    IFEO: c.exe - svchost.exe
    IFEO: cavscan.exe - svchost.exe
    IFEO: ccapp.exe - svchost.exe
    IFEO: ccevtmgr.exe - svchost.exe
    IFEO: ccpxysvc.exe - svchost.exe
    IFEO: ccSvcHst.exe - svchost.exe
    IFEO: cdp.exe - svchost.exe
    IFEO: cfd.exe - svchost.exe
    IFEO: cfgwiz.exe - svchost.exe
    IFEO: cfiadmin.exe - svchost.exe
    IFEO: cfiaudit.exe - svchost.exe
    IFEO: cfinet.exe - svchost.exe
    IFEO: cfinet32.exe - svchost.exe
    IFEO: cfp.exe - svchost.exe
    IFEO: cfpconfg.exe - svchost.exe
    IFEO: cfplogvw.exe - svchost.exe
    IFEO: cfpupdat.exe - svchost.exe
    IFEO: Cl.exe - svchost.exe
    IFEO: claw95.exe - svchost.exe
    IFEO: claw95cf.exe - svchost.exe
    IFEO: clean.exe - svchost.exe
    IFEO: cleaner.exe - svchost.exe
    IFEO: cleaner3.exe - svchost.exe
    IFEO: cleanIELow.exe - svchost.exe
    IFEO: cleanpc.exe - svchost.exe
    IFEO: click.exe - svchost.exe
    IFEO: cmd32.exe - svchost.exe
    IFEO: cmdagent.exe - svchost.exe
    IFEO: cmesys.exe - svchost.exe
    IFEO: cmgrdian.exe - svchost.exe
    IFEO: cmon016.exe - svchost.exe
    IFEO: connectionmonitor.exe - svchost.exe
    IFEO: control - svchost.exe
    IFEO: cpd.exe - svchost.exe
    IFEO: cpf9x206.exe - svchost.exe
    IFEO: cpfnt206.exe - svchost.exe
    IFEO: crashrep.exe - svchost.exe
    IFEO: csc.exe - svchost.exe
    IFEO: cssconfg.exe - svchost.exe
    IFEO: cssupdat.exe - svchost.exe
    IFEO: cssurf.exe - svchost.exe
    IFEO: ctrl.exe - svchost.exe
    IFEO: cv.exe - svchost.exe
    IFEO: cwnb181.exe - svchost.exe
    IFEO: cwntdwmo.exe - svchost.exe
    IFEO: d.exe - svchost.exe
    IFEO: datemanager.exe - svchost.exe
    IFEO: dcomx.exe - svchost.exe
    IFEO: defalert.exe - svchost.exe
    IFEO: defscangui.exe - svchost.exe
    IFEO: defwatch.exe - svchost.exe
    IFEO: deloeminfs.exe - svchost.exe
    IFEO: deputy.exe - svchost.exe
    IFEO: divx.exe - svchost.exe
    IFEO: dllcache.exe - svchost.exe
    IFEO: dllreg.exe - svchost.exe
    IFEO: doors.exe - svchost.exe
    IFEO: dop.exe - svchost.exe
    IFEO: dpf.exe - svchost.exe
    IFEO: dpfsetup.exe - svchost.exe
    IFEO: dpps2.exe - svchost.exe
    IFEO: driverctrl.exe - svchost.exe
    IFEO: drwatson.exe - svchost.exe
    IFEO: drweb32.exe - svchost.exe
    IFEO: drwebupw.exe - svchost.exe
    IFEO: dssagent.exe - svchost.exe
    IFEO: dvp95.exe - svchost.exe
    IFEO: dvp95_0.exe - svchost.exe
    IFEO: ecengine.exe - svchost.exe
    IFEO: efpeadm.exe - svchost.exe
    IFEO: egui.exe - svchost.exe
    IFEO: ekrn.exe - svchost.exe
    IFEO: emsw.exe - svchost.exe
    IFEO: ent.exe - svchost.exe
    IFEO: esafe.exe - svchost.exe
    IFEO: escanhnt.exe - svchost.exe
    IFEO: escanv95.exe - svchost.exe
    IFEO: espwatch.exe - svchost.exe
    IFEO: ethereal.exe - svchost.exe
    IFEO: etrustcipe.exe - svchost.exe
    IFEO: evpn.exe - svchost.exe
    IFEO: exantivirus-cnet.exe - svchost.exe
    IFEO: exe.avxw.exe - svchost.exe
    IFEO: expert.exe - svchost.exe
    IFEO: explore.exe - svchost.exe
    IFEO: f-agnt95.exe - svchost.exe
    IFEO: f-prot.exe - svchost.exe
    IFEO: f-prot95.exe - svchost.exe
    IFEO: f-stopw.exe - svchost.exe
    IFEO: fact.exe - svchost.exe
    IFEO: fameh32.exe - svchost.exe
    IFEO: fast.exe - svchost.exe
    IFEO: fch32.exe - svchost.exe
    IFEO: fih32.exe - svchost.exe
    IFEO: findviru.exe - svchost.exe
    IFEO: firewall.exe - svchost.exe
    IFEO: fixcfg.exe - svchost.exe
    IFEO: fixfp.exe - svchost.exe
    IFEO: fnrb32.exe - svchost.exe
    IFEO: fp-win.exe - svchost.exe
    IFEO: fp-win_trial.exe - svchost.exe
    IFEO: fprot.exe - svchost.exe
    IFEO: frmwrk32.exe - svchost.exe
    IFEO: frw.exe - svchost.exe
    IFEO: fsaa.exe - svchost.exe
    IFEO: fsav.exe - svchost.exe
    IFEO: fsav32.exe - svchost.exe
    IFEO: fsav530stbyb.exe - svchost.exe
    IFEO: fsav530wtbyb.exe - svchost.exe
    IFEO: fsav95.exe - svchost.exe
    IFEO: fsgk32.exe - svchost.exe
    IFEO: fsm32.exe - svchost.exe
    IFEO: fsma32.exe - svchost.exe
    IFEO: fsmb32.exe - svchost.exe
    IFEO: gator.exe - svchost.exe
    IFEO: gav.exe - svchost.exe
    IFEO: gbmenu.exe - svchost.exe
    IFEO: gbn976rl.exe - svchost.exe
    IFEO: gbpoll.exe - svchost.exe
    IFEO: generics.exe - svchost.exe
    IFEO: gmt.exe - svchost.exe
    IFEO: guard.exe - svchost.exe
    IFEO: guarddog.exe - svchost.exe
    IFEO: guardgui.exe - svchost.exe
    IFEO: hacktracersetup.exe - svchost.exe
    IFEO: hbinst.exe - svchost.exe
    IFEO: hbsrv.exe - svchost.exe
    IFEO: History.exe - svchost.exe
    IFEO: homeav2010.exe - svchost.exe
    IFEO: hotactio.exe - svchost.exe
    IFEO: hotpatch.exe - svchost.exe
    IFEO: htlog.exe - svchost.exe
    IFEO: htpatch.exe - svchost.exe
    IFEO: hwpe.exe - svchost.exe
    IFEO: hxdl.exe - svchost.exe
    IFEO: hxiul.exe - svchost.exe
    IFEO: iamapp.exe - svchost.exe
    IFEO: iamserv.exe - svchost.exe
    IFEO: iamstats.exe - svchost.exe
    IFEO: ibmasn.exe - svchost.exe
    IFEO: ibmavsp.exe - svchost.exe
    IFEO: icload95.exe - svchost.exe
    IFEO: icloadnt.exe - svchost.exe
    IFEO: icmon.exe - svchost.exe
    IFEO: icsupp95.exe - svchost.exe
    IFEO: icsuppnt.exe - svchost.exe
    IFEO: Identity.exe - svchost.exe
    IFEO: idle.exe - svchost.exe
    IFEO: iedll.exe - svchost.exe
    IFEO: iedriver.exe - svchost.exe
    IFEO: IEShow.exe - svchost.exe
    IFEO: iface.exe - svchost.exe
    IFEO: ifw2000.exe - svchost.exe
    IFEO: inetlnfo.exe - svchost.exe
    IFEO: infus.exe - svchost.exe
    IFEO: infwin.exe - svchost.exe
    IFEO: init.exe - svchost.exe
    IFEO: init32.exe - svchost.exe
    IFEO: install.exe - svchost.exe
    IFEO: install[1].exe - svchost.exe
    IFEO: install[2].exe - svchost.exe
    IFEO: install[3].exe - svchost.exe
    IFEO: install[4].exe - svchost.exe
    IFEO: install[5].exe - svchost.exe
    IFEO: intdel.exe - svchost.exe
    IFEO: intren.exe - svchost.exe
    IFEO: iomon98.exe - svchost.exe
    IFEO: istsvc.exe - svchost.exe
    IFEO: jammer.exe - svchost.exe
    IFEO: jdbgmrg.exe - svchost.exe
    IFEO: jedi.exe - svchost.exe
    IFEO: JsRcGen.exe - svchost.exe
    IFEO: kavlite40eng.exe - svchost.exe
    IFEO: kavpers40eng.exe - svchost.exe
    IFEO: kavpf.exe - svchost.exe
    IFEO: kazza.exe - svchost.exe
    IFEO: keenvalue.exe - svchost.exe
    IFEO: kerio-pf-213-en-win.exe - svchost.exe
    IFEO: kerio-wrl-421-en-win.exe - svchost.exe
    IFEO: kerio-wrp-421-en-win.exe - svchost.exe
    IFEO: killprocesssetup161.exe - svchost.exe
    IFEO: ldnetmon.exe - svchost.exe
    IFEO: ldpro.exe - svchost.exe
    IFEO: ldpromenu.exe - svchost.exe
    IFEO: ldscan.exe - svchost.exe
    IFEO: licmgr.exe - svchost.exe
    IFEO: livesrv.exe - svchost.exe
    IFEO: lnetinfo.exe - svchost.exe
    IFEO: loader.exe - svchost.exe
    IFEO: localnet.exe - svchost.exe
    IFEO: lockdown.exe - svchost.exe
    IFEO: lockdown2000.exe - svchost.exe
    IFEO: lookout.exe - svchost.exe
    IFEO: lordpe.exe - svchost.exe
    IFEO: lsetup.exe - svchost.exe
    IFEO: luall.exe - svchost.exe
    IFEO: luau.exe - svchost.exe
    IFEO: lucomserver.exe - svchost.exe
    IFEO: luinit.exe - svchost.exe
    IFEO: luspt.exe - svchost.exe
    IFEO: MalwareRemoval.exe - svchost.exe
    IFEO: mapisvc32.exe - svchost.exe
    IFEO: mcagent.exe - svchost.exe
    IFEO: mcmnhdlr.exe - svchost.exe
    IFEO: mcmscsvc.exe - svchost.exe
    IFEO: mcnasvc.exe - svchost.exe
    IFEO: mcproxy.exe - svchost.exe
    IFEO: McSACore.exe - svchost.exe
    IFEO: mcshell.exe - svchost.exe
    IFEO: mcshield.exe - svchost.exe
    IFEO: mcsysmon.exe - svchost.exe
    IFEO: mctool.exe - svchost.exe
    IFEO: mcupdate.exe - svchost.exe
    IFEO: mcvsrte.exe - svchost.exe
    IFEO: mcvsshld.exe - svchost.exe
    IFEO: md.exe - svchost.exe
    IFEO: mfin32.exe - svchost.exe
    IFEO: mfw2en.exe - svchost.exe
    IFEO: mfweng3.02d30.exe - svchost.exe
    IFEO: mgavrtcl.exe - svchost.exe
    IFEO: mgavrte.exe - svchost.exe
    IFEO: mghtml.exe - svchost.exe
    IFEO: mgui.exe - svchost.exe
    IFEO: minilog.exe - svchost.exe
    IFEO: mmod.exe - svchost.exe
    IFEO: monitor.exe - svchost.exe
    IFEO: moolive.exe - svchost.exe
    IFEO: mostat.exe - svchost.exe
    IFEO: mpfagent.exe - svchost.exe
    IFEO: mpfservice.exe - svchost.exe
    IFEO: MPFSrv.exe - svchost.exe
    IFEO: mpftray.exe - svchost.exe
    IFEO: mrflux.exe - svchost.exe
    IFEO: mrt.exe - svchost.exe
    IFEO: msa.exe - svchost.exe
    IFEO: msapp.exe - svchost.exe
    IFEO: MSASCui.exe - svchost.exe
    IFEO: msbb.exe - svchost.exe
    IFEO: msblast.exe - svchost.exe
    IFEO: mscache.exe - svchost.exe
    IFEO: msccn32.exe - svchost.exe
    IFEO: mscman.exe - svchost.exe
    IFEO: msconfig - svchost.exe
    IFEO: msdm.exe - svchost.exe
    IFEO: msdos.exe - svchost.exe
    IFEO: msfwsvc.exe - svchost.exe
    IFEO: msiexec16.exe - svchost.exe
    IFEO: mslaugh.exe - svchost.exe
    IFEO: msmgt.exe - svchost.exe
    IFEO: MsMpEng.exe - svchost.exe
    IFEO: msmsgri32.exe - svchost.exe
    IFEO: msseces.exe - svchost.exe
    IFEO: mssmmc32.exe - svchost.exe
    IFEO: mssys.exe - svchost.exe
    IFEO: msvxd.exe - svchost.exe
    IFEO: mu0311ad.exe - svchost.exe
    IFEO: mwatch.exe - svchost.exe
    IFEO: n32scanw.exe - svchost.exe
    IFEO: nav.exe - svchost.exe
    IFEO: navap.navapsvc.exe - svchost.exe
    IFEO: navapsvc.exe - svchost.exe
    IFEO: navapw32.exe - svchost.exe
    IFEO: navdx.exe - svchost.exe
    IFEO: navlu32.exe - svchost.exe
    IFEO: navnt.exe - svchost.exe
    IFEO: navstub.exe - svchost.exe
    IFEO: navw32.exe - svchost.exe
    IFEO: navwnt.exe - svchost.exe
    IFEO: nc2000.exe - svchost.exe
    IFEO: ncinst4.exe - svchost.exe
    IFEO: ndd32.exe - svchost.exe
    IFEO: neomonitor.exe - svchost.exe
    IFEO: neowatchlog.exe - svchost.exe
    IFEO: netarmor.exe - svchost.exe
    IFEO: netd32.exe - svchost.exe
    IFEO: netinfo.exe - svchost.exe
    IFEO: netmon.exe - svchost.exe
    IFEO: netscanpro.exe - svchost.exe
    IFEO: netspyhunter-1.2.exe - svchost.exe
    IFEO: netutils.exe - svchost.exe
    IFEO: nisserv.exe - svchost.exe
    IFEO: nisum.exe - svchost.exe
    IFEO: nmain.exe - svchost.exe
    IFEO: nod32.exe - svchost.exe
    IFEO: normist.exe - svchost.exe
    IFEO: norton_internet_secu_3.0_407.exe - svchost.exe
    IFEO: notstart.exe - svchost.exe
    IFEO: npf40_tw_98_nt_me_2k.exe - svchost.exe
    IFEO: npfmessenger.exe - svchost.exe
    IFEO: nprotect.exe - svchost.exe
    IFEO: npscheck.exe - svchost.exe
    IFEO: npssvc.exe - svchost.exe
    IFEO: nsched32.exe - svchost.exe
    IFEO: nssys32.exe - svchost.exe
    IFEO: nstask32.exe - svchost.exe
    IFEO: nsupdate.exe - svchost.exe
    IFEO: nt.exe - svchost.exe
    IFEO: ntrtscan.exe - svchost.exe
    IFEO: ntvdm.exe - svchost.exe
    IFEO: ntxconfig.exe - svchost.exe
    IFEO: nui.exe - svchost.exe
    IFEO: nupgrade.exe - svchost.exe
    IFEO: nvarch16.exe - svchost.exe
    IFEO: nvc95.exe - svchost.exe
    IFEO: nvsvc32.exe - svchost.exe
    IFEO: nwinst4.exe - svchost.exe
    IFEO: nwservice.exe - svchost.exe
    IFEO: nwtool16.exe - svchost.exe
    IFEO: OAcat.exe - svchost.exe
    IFEO: OAhlp.exe - svchost.exe
    IFEO: OAReg.exe - svchost.exe
    IFEO: oasrv.exe - svchost.exe
    IFEO: oaui.exe - svchost.exe
    IFEO: oaview.exe - svchost.exe
    IFEO: OcHealthMon.exe - svchost.exe
    IFEO: ODSW.exe - svchost.exe
    IFEO: ollydbg.exe - svchost.exe
    IFEO: onsrvr.exe - svchost.exe
    IFEO: optimize.exe - svchost.exe
    IFEO: ostronet.exe - svchost.exe
    IFEO: otfix.exe - svchost.exe
    IFEO: outpost.exe - svchost.exe
    IFEO: outpostinstall.exe - svchost.exe
    IFEO: outpostproinstall.exe - svchost.exe
    IFEO: ozn695m5.exe - svchost.exe
    IFEO: padmin.exe - svchost.exe
    IFEO: panixk.exe - svchost.exe
    IFEO: patch.exe - svchost.exe
    IFEO: pav.exe - svchost.exe
    IFEO: pavcl.exe - svchost.exe
    IFEO: PavFnSvr.exe - svchost.exe
    IFEO: pavproxy.exe - svchost.exe
    IFEO: pavprsrv.exe - svchost.exe
    IFEO: pavsched.exe - svchost.exe
    IFEO: pavsrv51.exe - svchost.exe
    IFEO: pavw.exe - svchost.exe
    IFEO: pc.exe - svchost.exe
    IFEO: pccwin98.exe - svchost.exe
    IFEO: pcfwallicon.exe - svchost.exe
    IFEO: pcip10117_0.exe - svchost.exe
    IFEO: pcscan.exe - svchost.exe
    IFEO: pctsAuxs.exe - svchost.exe
    IFEO: pctsGui.exe - svchost.exe
    IFEO: pctsSvc.exe - svchost.exe
    IFEO: pctsTray.exe - svchost.exe
    IFEO: PC_Antispyware2010.exe - svchost.exe
    IFEO: pdfndr.exe - svchost.exe
    IFEO: pdsetup.exe - svchost.exe
    IFEO: PerAvir.exe - svchost.exe
    IFEO: periscope.exe - svchost.exe
    IFEO: persfw.exe - svchost.exe
    IFEO: personalguard - svchost.exe
    IFEO: personalguard.exe - svchost.exe
    IFEO: perswf.exe - svchost.exe
    IFEO: pf2.exe - svchost.exe
    IFEO: pfwadmin.exe - svchost.exe
    IFEO: pgmonitr.exe - svchost.exe
    IFEO: pingscan.exe - svchost.exe
    IFEO: platin.exe - svchost.exe
    IFEO: pop3trap.exe - svchost.exe
    IFEO: poproxy.exe - svchost.exe
    IFEO: popscan.exe - svchost.exe
    IFEO: portdetective.exe - svchost.exe
    IFEO: portmonitor.exe - svchost.exe
    IFEO: powerscan.exe - svchost.exe
    IFEO: ppinupdt.exe - svchost.exe
    IFEO: pptbc.exe - svchost.exe
    IFEO: ppvstop.exe - svchost.exe
    IFEO: prizesurfer.exe - svchost.exe
    IFEO: prmt.exe - svchost.exe
    IFEO: prmvr.exe - svchost.exe
    IFEO: procdump.exe - svchost.exe
    IFEO: processmonitor.exe - svchost.exe
    IFEO: procexplorerv1.0.exe - svchost.exe
    IFEO: programauditor.exe - svchost.exe
    IFEO: proport.exe - svchost.exe
    IFEO: protector.exe - svchost.exe
    IFEO: protectx.exe - svchost.exe
    IFEO: PSANCU.exe - svchost.exe
    IFEO: PSANHost.exe - svchost.exe
    IFEO: PSANToManager.exe - svchost.exe
    IFEO: PsCtrls.exe - svchost.exe
    IFEO: PsImSvc.exe - svchost.exe
    IFEO: PskSvc.exe - svchost.exe
    IFEO: pspf.exe - svchost.exe
    IFEO: PSUNMain.exe - svchost.exe
    IFEO: purge.exe - svchost.exe
    IFEO: qconsole.exe - svchost.exe
    IFEO: qh.exe - svchost.exe
    IFEO: qserver.exe - svchost.exe
    IFEO: Quick Heal.exe - svchost.exe
    IFEO: QuickHealCleaner.exe - svchost.exe
    IFEO: rapapp.exe - svchost.exe
    IFEO: rav7.exe - svchost.exe
    IFEO: rav7win.exe - svchost.exe
    IFEO: rav8win32eng.exe - svchost.exe
    IFEO: ray.exe - svchost.exe
    IFEO: rb32.exe - svchost.exe
    IFEO: rcsync.exe - svchost.exe
    IFEO: realmon.exe - svchost.exe
    IFEO: reged.exe - svchost.exe
    IFEO: regedt32.exe - svchost.exe
    IFEO: rescue.exe - svchost.exe
    IFEO: rescue32.exe - svchost.exe
    IFEO: rrguard.exe - svchost.exe
    IFEO: rscdwld.exe - svchost.exe
    IFEO: rshell.exe - svchost.exe
    IFEO: rtvscan.exe - svchost.exe
    IFEO: rtvscn95.exe - svchost.exe
    IFEO: rulaunch.exe - svchost.exe
    IFEO: rwg - svchost.exe
    IFEO: rwg.exe - svchost.exe
    IFEO: SafetyKeeper.exe - svchost.exe
    IFEO: safeweb.exe - svchost.exe
    IFEO: sahagent.exe - svchost.exe
    IFEO: Save.exe - svchost.exe
    IFEO: SaveArmor.exe - svchost.exe
    IFEO: SaveDefense.exe - svchost.exe
    IFEO: SaveKeep.exe - svchost.exe
    IFEO: savenow.exe - svchost.exe
    IFEO: sbserv.exe - svchost.exe
    IFEO: sc.exe - svchost.exe
    IFEO: scam32.exe - svchost.exe
    IFEO: scan32.exe - svchost.exe
    IFEO: scan95.exe - svchost.exe
    IFEO: scanpm.exe - svchost.exe
    IFEO: scrscan.exe - svchost.exe
    IFEO: seccenter.exe - svchost.exe
    IFEO: Secure Veteran.exe - svchost.exe
    IFEO: secureveteran.exe - svchost.exe
    IFEO: Security Center.exe - svchost.exe
    IFEO: SecurityFighter.exe - svchost.exe
    IFEO: securitysoldier.exe - svchost.exe
    IFEO: serv95.exe - svchost.exe
    IFEO: setloadorder.exe - svchost.exe
    IFEO: setupvameeval.exe - svchost.exe
    IFEO: setup_flowprotector_us.exe - svchost.exe
    IFEO: sgssfw32.exe - svchost.exe
    IFEO: sh.exe - svchost.exe
    IFEO: shellspyinstall.exe - svchost.exe
    IFEO: shield.exe - svchost.exe
    IFEO: shn.exe - svchost.exe
    IFEO: showbehind.exe - svchost.exe
    IFEO: signcheck.exe - svchost.exe
    IFEO: smart.exe - svchost.exe
    IFEO: smartprotector.exe - svchost.exe
    IFEO: smc.exe - svchost.exe
    IFEO: smrtdefp.exe - svchost.exe
    IFEO: sms.exe - svchost.exe
    IFEO: smss32.exe - svchost.exe
    IFEO: snetcfg.exe - svchost.exe
    IFEO: soap.exe - svchost.exe
    IFEO: sofi.exe - svchost.exe
    IFEO: SoftSafeness.exe - svchost.exe
    IFEO: sperm.exe - svchost.exe
    IFEO: spf.exe - svchost.exe
    IFEO: sphinx.exe - svchost.exe
    IFEO: spoler.exe - svchost.exe
    IFEO: spoolcv.exe - svchost.exe
    IFEO: spoolsv32.exe - svchost.exe
    IFEO: spywarexpguard.exe - svchost.exe
    IFEO: spyxx.exe - svchost.exe
    IFEO: srexe.exe - svchost.exe
    IFEO: srng.exe - svchost.exe
    IFEO: ss3edit.exe - svchost.exe
    IFEO: ssgrate.exe - svchost.exe
    IFEO: ssg_4104.exe - svchost.exe
    IFEO: st2.exe - svchost.exe
    IFEO: start.exe - svchost.exe
    IFEO: stcloader.exe - svchost.exe
    IFEO: supftrl.exe - svchost.exe
    IFEO: support.exe - svchost.exe
    IFEO: supporter5.exe - svchost.exe
    IFEO: svc.exe - svchost.exe
    IFEO: svchostc.exe - svchost.exe
    IFEO: svchosts.exe - svchost.exe
    IFEO: svshost.exe - svchost.exe
    IFEO: sweep95.exe - svchost.exe
    IFEO: sweepnet.sweepsrv.sys.swnetsup.exe - svchost.exe
    IFEO: symlcsvc.exe - svchost.exe
    IFEO: symproxysvc.exe - svchost.exe
    IFEO: symtray.exe - svchost.exe
    IFEO: system.exe - svchost.exe
    IFEO: system32.exe - svchost.exe
    IFEO: sysupd.exe - svchost.exe
    IFEO: tapinstall.exe - svchost.exe
    IFEO: taskmgr.exe - svchost.exe
    IFEO: taumon.exe - svchost.exe
    IFEO: tbscan.exe - svchost.exe
    IFEO: tc.exe - svchost.exe
    IFEO: tca.exe - svchost.exe
    IFEO: tcm.exe - svchost.exe
    IFEO: tds-3.exe - svchost.exe
    IFEO: tds2-98.exe - svchost.exe
    IFEO: tds2-nt.exe - svchost.exe
    IFEO: teekids.exe - svchost.exe
    IFEO: tfak.exe - svchost.exe
    IFEO: tfak5.exe - svchost.exe
    IFEO: tgbob.exe - svchost.exe
    IFEO: titanin.exe - svchost.exe
    IFEO: titaninxp.exe - svchost.exe
    IFEO: TPSrv.exe - svchost.exe
    IFEO: trickler.exe - svchost.exe
    IFEO: trjscan.exe - svchost.exe
    IFEO: trjsetup.exe - svchost.exe
    IFEO: trojantrap3.exe - svchost.exe
    IFEO: TrustWarrior.exe - svchost.exe
    IFEO: tsadbot.exe - svchost.exe
    IFEO: tsc.exe - svchost.exe
    IFEO: tvmd.exe - svchost.exe
    IFEO: tvtmd.exe - svchost.exe
    IFEO: uiscan.exe - svchost.exe
    IFEO: undoboot.exe - svchost.exe
    IFEO: updat.exe - svchost.exe
    IFEO: upgrad.exe - svchost.exe
    IFEO: upgrepl.exe - svchost.exe
    IFEO: utpost.exe - svchost.exe
    IFEO: vbcmserv.exe - svchost.exe
    IFEO: vbcons.exe - svchost.exe
    IFEO: vbust.exe - svchost.exe
    IFEO: vbwin9x.exe - svchost.exe
    IFEO: vbwinntw.exe - svchost.exe
    IFEO: vcsetup.exe - svchost.exe
    IFEO: vet32.exe - svchost.exe
    IFEO: vet95.exe - svchost.exe
    IFEO: vettray.exe - svchost.exe
    IFEO: vfsetup.exe - svchost.exe
    IFEO: vir-help.exe - svchost.exe
    IFEO: virusmdpersonalfirewall.exe - svchost.exe
    IFEO: VisthAux.exe - svchost.exe
    IFEO: VisthLic.exe - svchost.exe
    IFEO: VisthUpd.exe - svchost.exe
    IFEO: vnlan300.exe - svchost.exe
    IFEO: vnpc3000.exe - svchost.exe
    IFEO: vpc32.exe - svchost.exe
    IFEO: vpc42.exe - svchost.exe
    IFEO: vpfw30s.exe - svchost.exe
    IFEO: vptray.exe - svchost.exe
    IFEO: vscan40.exe - svchost.exe
    IFEO: vscenu6.02d30.exe - svchost.exe
    IFEO: vsched.exe - svchost.exe
    IFEO: vsecomr.exe - svchost.exe
    IFEO: vshwin32.exe - svchost.exe
    IFEO: vsisetup.exe - svchost.exe
    IFEO: vsmain.exe - svchost.exe
    IFEO: vsmon.exe - svchost.exe
    IFEO: vsserv.exe - svchost.exe
    IFEO: vsstat.exe - svchost.exe
    IFEO: vswin9xe.exe - svchost.exe
    IFEO: vswinntse.exe - svchost.exe
    IFEO: vswinperse.exe - svchost.exe
    IFEO: w32dsm89.exe - svchost.exe
    IFEO: W3asbas.exe - svchost.exe
    IFEO: w9x.exe - svchost.exe
    IFEO: watchdog.exe - svchost.exe
    IFEO: webdav.exe - svchost.exe
    IFEO: WebProxy.exe - svchost.exe
    IFEO: webscanx.exe - svchost.exe
    IFEO: webtrap.exe - svchost.exe
    IFEO: wfindv32.exe - svchost.exe
    IFEO: whoswatchingme.exe - svchost.exe
    IFEO: wimmun32.exe - svchost.exe
    IFEO: win-bugsfix.exe - svchost.exe
    IFEO: win32.exe - svchost.exe
    IFEO: win32us.exe - svchost.exe
    IFEO: winactive.exe - svchost.exe
    IFEO: winav.exe - svchost.exe
    IFEO: windll32.exe - svchost.exe
    IFEO: window.exe - svchost.exe
    IFEO: windows Police Pro.exe - svchost.exe
    IFEO: windows.exe - svchost.exe
    IFEO: wininetd.exe - svchost.exe
    IFEO: wininitx.exe - svchost.exe
    IFEO: winlogin.exe - svchost.exe
    IFEO: winmain.exe - svchost.exe
    IFEO: winppr32.exe - svchost.exe
    IFEO: winrecon.exe - svchost.exe
    IFEO: winservn.exe - svchost.exe
    IFEO: winss.exe - svchost.exe
    IFEO: winssk32.exe - svchost.exe
    IFEO: winssnotify.exe - svchost.exe
    IFEO: WinSSUI.exe - svchost.exe
    IFEO: winstart.exe - svchost.exe
    IFEO: winstart001.exe - svchost.exe
    IFEO: wintsk32.exe - svchost.exe
    IFEO: winupdate.exe - svchost.exe
    IFEO: wkufind.exe - svchost.exe
    IFEO: wnad.exe - svchost.exe
    IFEO: wnt.exe - svchost.exe
    IFEO: wradmin.exe - svchost.exe
    IFEO: wrctrl.exe - svchost.exe
    IFEO: wsbgate.exe - svchost.exe
    IFEO: wscfxas.exe - svchost.exe
    IFEO: wscfxav.exe - svchost.exe
    IFEO: wscfxfw.exe - svchost.exe
    IFEO: wsctool.exe - svchost.exe
    IFEO: wupdater.exe - svchost.exe
    IFEO: wupdt.exe - svchost.exe
    IFEO: wyvernworksfirewall.exe - svchost.exe
    IFEO: xpdeluxe.exe - svchost.exe
    IFEO: xpf202en.exe - svchost.exe
    IFEO: xp_antispyware.exe - svchost.exe
    IFEO: zapro.exe - svchost.exe
    IFEO: zapsetup3001.exe - svchost.exe
    IFEO: zatutor.exe - svchost.exe
    IFEO: zonalm2601.exe - svchost.exe
    IFEO: zonealarm.exe - svchost.exe
    IFEO: _avp32.exe - svchost.exe
    IFEO: _avpcc.exe - svchost.exe
    IFEO: _avpm.exe - svchost.exe
    IFEO: ~1.exe - svchost.exe
    IFEO: ~2.exe - svchost.exe
    ==== Hosts File Hijack ======================
    Hosts: 74.125.45.100 4-open-davinci.com
    Hosts: 74.125.45.100 securitysoftwarepayments.com
    Hosts: 74.125.45.100 privatesecuredpayments.com
    Hosts: 74.125.45.100 secure.privatesecuredpayments.com
    Hosts: 74.125.45.100 getantivirusplusnow.com
    Hosts: 74.125.45.100 secure-plus-payments.com
    Hosts: 74.125.45.100 www.getantivirusplusnow.com
    Hosts: 74.125.45.100 www.secure-plus-payments.com
    Hosts: 74.125.45.100 www.getavplusnow.com
    Hosts: 74.125.45.100 safebrowsing-cache.google.com
    Hosts: 74.125.45.100 urs.microsoft.com
    Hosts: 74.125.45.100 www.securesoftwarebill.com
    Hosts: 74.125.45.100 secure.paysecuresystem.com
    Hosts: 74.125.45.100 paysoftbillsolution.com
    Hosts: 74.125.45.100 protected.maxisoftwaremart.com
    Hosts: 96.44.181.243 www.google.com
    Hosts: 96.44.181.243 google.com
    Hosts: 96.44.181.243 google.com.au
    Hosts: 96.44.181.243 www.google.com.au
    Hosts: 96.44.181.243 google.be
    Hosts: 96.44.181.243 www.google.be
    Hosts: 96.44.181.243 google.com.br
    Hosts: 96.44.181.243 www.google.com.br
    Hosts: 96.44.181.243 google.ca
    Hosts: 96.44.181.243 www.google.ca
    Hosts: 96.44.181.243 google.ch
    Hosts: 96.44.181.243 www.google.ch
    Hosts: 96.44.181.243 google.de
    Hosts: 96.44.181.243 www.google.de
    Hosts: 96.44.181.243 google.dk
    Hosts: 96.44.181.243 www.google.dk
    Hosts: 96.44.181.243 google.fr
    Hosts: 96.44.181.243 www.google.fr
    Hosts: 96.44.181.243 google.ie
    Hosts: 96.44.181.243 www.google.ie
    Hosts: 96.44.181.243 google.it
    Hosts: 96.44.181.243 www.google.it
    Hosts: 96.44.181.243 google.co.jp
    Hosts: 96.44.181.243 www.google.co.jp
    Hosts: 96.44.181.243 google.nl
    Hosts: 96.44.181.243 www.google.nl
    Hosts: 96.44.181.243 google.no
    Hosts: 96.44.181.243 www.google.no
    Hosts: 96.44.181.243 google.co.nz
    Hosts: 96.44.181.243 www.google.co.nz
    Hosts: 96.44.181.243 google.pl
    Hosts: 96.44.181.243 www.google.pl
    Hosts: 96.44.181.243 google.se
    Hosts: 96.44.181.243 www.google.se
    Hosts: 96.44.181.243 google.co.uk
    Hosts: 96.44.181.243 www.google.co.uk
    Hosts: 96.44.181.243 google.co.za
    Hosts: 96.44.181.243 www.google.co.za
    Hosts: 96.44.181.243 www.google-analytics.com
    Hosts: 96.44.181.243 www.bing.com
    Hosts: 96.44.181.243 search.yahoo.com
    Hosts: 96.44.181.243 www.search.yahoo.com
    Hosts: 96.44.181.243 uk.search.yahoo.com
    Hosts: 96.44.181.243 ca.search.yahoo.com
    Hosts: 96.44.181.243 de.search.yahoo.com
    Hosts: 96.44.181.243 fr.search.yahoo.com
    Hosts: 96.44.181.243 au.search.yahoo.com
    ==== Installed Programs ======================
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.1
    avast! Free Antivirus
    Browser Highlighter - Firefox
    Compatibility Pack for the 2007 Office system
    Critical Update for Windows Media Player 11 (KB959772)
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel(R) Extreme Graphics 2 Driver
    Japanese Fonts Support For Adobe Reader 9
    Java Auto Updater
    Java(TM) 6 Update 22
    Junk Mail filter update
    Merriam-Webster Online Toolbar
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office FrontPage 2003
    Microsoft Office Live Add-in 1.3
    Microsoft Office Outlook Connector
    Microsoft Office Professional Edition 2003
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox (3.6.11)
    MSN
    MSVCRT
    MSXML 4.0
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    My Web Search (My Fun Cards)
    QuickBooks Premier Edition 2006
    RealPlayer
    Realtek AC'97 Audio
    RealUpgrade 1.0
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    Skype 3.1
    Skype Plugin Manager
    Skype Toolbars
    Skype¬ô 4.2
    System Requirements Lab
    TweakNow RegCleaner
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB971180)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Visual C++ 8.0 CRT (x86) WinSXS MSM
    WebFldrs XP
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Search 4.0
    Windows XP Service Pack 3
    ==== Event Viewer Messages From Past Week ========
    12/5/2010 3:28:44 AM, error: Dhcp [1002] - The IP address lease 99.229.195.197 for the Network Card with network address 0001805F5194 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    12/2/2010 4:31:08 PM, warning: Windows File Protection [64008] - The protected system file c:\windows\system32\dbghelp.dll could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.
    ==== End Of File ===========================

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-12-08 23:47:09
    Windows 5.1.2600 Service Pack 3
    Running: g5ws8wei.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\kwriiaob.sys

    ---- System - GMER 1.0.15 ----
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xEE445CF0]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xEE445BAC]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xEE446160]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xEE44608A]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xEE445782]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xEE445C86]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xEE4456C2]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xEE445726]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xEE445DA6]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xEE44622E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xEE445D66]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xEE445EE6]
    INT 0x01 \??\C:\DOCUME~1\Admin\LOCALS~1\Temp\mbr.sys F78E1C42
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xEE452BAE]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xEE4529D2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xEE452B0C]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
    ---- Kernel code sections - GMER 1.0.15 ----
    PAGE ntoskrnl.exe!ObInsertObject 8056DA64 5 Bytes JMP EE44FFFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntoskrnl.exe!NtCreateSection 8056DB66 7 Bytes JMP EE4529D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntoskrnl.exe!ZwCreateProcessEx 8059056D 7 Bytes JMP EE452BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntoskrnl.exe!ZwLoadDriver 805AEDE2 7 Bytes JMP EE452B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntoskrnl.exe!ObMakeTemporaryObject 805E74E6 5 Bytes JMP EE44E5D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xF67AB900]
    ? C:\DOCUME~1\Admin\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
    ---- User code sections - GMER 1.0.15 ----
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1320] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\WINDOWS\system32\SearchIndexer.exe[2164] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9ACD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254656 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E538F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 46CB3704 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 46CB41DF C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] ws2_32.dll!socket 71AB4211 5 Bytes JMP 46CB354C C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 46CB35DC C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] ws2_32.dll!send 71AB4C27 5 Bytes JMP 46CB3B92 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] ws2_32.dll!recv 71AB676F 5 Bytes JMP 46CB4549 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[7616] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[7616] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[7616] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[7616] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[7616] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[7616] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[7616] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[7616] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[7616] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    ---- Devices - GMER 1.0.15 ----
    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    ---- EOF - GMER 1.0.15 ----



    4.
     
  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hello Pratap and welcome to TSG,

    I'm kevinf80 and I will be helping with any malware issues you may have with your system.
    • Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
    • Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
    • Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
    • Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin.
    • If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
    • If you have any P2P applications installed such as BitTorrent, uTorrent, Limewire etc etc, please uninstall them before we begin.
    • If you are using Cracked or Illegal software your thread will be locked and all help will cease.

    Please proceed as follows :-

    Step 1

    Please re-open HiJackThis and scan only.**Check the boxes next to all the entries listed below.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25577
    R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
    O1 - Hosts: 74.125.45.100 4-open-davinci.com
    O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
    O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
    O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
    O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
    O1 - Hosts: 74.125.45.100 secure-plus-payments.com
    O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
    O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
    O1 - Hosts: 74.125.45.100 www.getavplusnow.com
    O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
    O1 - Hosts: 74.125.45.100 urs.microsoft.com
    O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
    O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
    O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
    O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
    O1 - Hosts: 96.44.181.243 www.google.com
    O1 - Hosts: 96.44.181.243 google.com
    O1 - Hosts: 96.44.181.243 google.com.au
    O1 - Hosts: 96.44.181.243 www.google.com.au
    O1 - Hosts: 96.44.181.243 google.be
    O1 - Hosts: 96.44.181.243 www.google.be
    O1 - Hosts: 96.44.181.243 google.com.br
    O1 - Hosts: 96.44.181.243 www.google.com.br
    O1 - Hosts: 96.44.181.243 google.ca
    O1 - Hosts: 96.44.181.243 www.google.ca
    O1 - Hosts: 96.44.181.243 google.ch
    O1 - Hosts: 96.44.181.243 www.google.ch
    O1 - Hosts: 96.44.181.243 google.de
    O1 - Hosts: 96.44.181.243 www.google.de
    O1 - Hosts: 96.44.181.243 google.dk
    O1 - Hosts: 96.44.181.243 www.google.dk
    O1 - Hosts: 96.44.181.243 google.fr
    O1 - Hosts: 96.44.181.243 www.google.fr
    O1 - Hosts: 96.44.181.243 google.ie
    O1 - Hosts: 96.44.181.243 www.google.ie
    O1 - Hosts: 96.44.181.243 google.it
    O1 - Hosts: 96.44.181.243 www.google.it
    O1 - Hosts: 96.44.181.243 google.co.jp
    O1 - Hosts: 96.44.181.243 www.google.co.jp
    O1 - Hosts: 96.44.181.243 google.nl
    O1 - Hosts: 96.44.181.243 www.google.nl
    O1 - Hosts: 96.44.181.243 google.no
    O1 - Hosts: 96.44.181.243 www.google.no
    O1 - Hosts: 96.44.181.243 google.co.nz
    O1 - Hosts: 96.44.181.243 www.google.co.nz
    O1 - Hosts: 96.44.181.243 google.pl
    O1 - Hosts: 96.44.181.243 www.google.pl
    O1 - Hosts: 96.44.181.243 google.se
    O1 - Hosts: 96.44.181.243 www.google.se
    O1 - Hosts: 96.44.181.243 google.co.uk
    O1 - Hosts: 96.44.181.243 www.google.co.uk
    O1 - Hosts: 96.44.181.243 google.co.za
    O1 - Hosts: 96.44.181.243 www.google.co.za
    O1 - Hosts: 96.44.181.243 www.google-analytics.com
    O1 - Hosts: 96.44.181.243 www.bing.com
    O1 - Hosts: 96.44.181.243 search.yahoo.com
    O1 - Hosts: 96.44.181.243 www.search.yahoo.com
    O1 - Hosts: 96.44.181.243 uk.search.yahoo.com
    O1 - Hosts: 96.44.181.243 ca.search.yahoo.com
    O1 - Hosts: 96.44.181.243 de.search.yahoo.com
    O1 - Hosts: 96.44.181.243 fr.search.yahoo.com
    O1 - Hosts: 96.44.181.243 au.search.yahoo.com
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
    O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [Internet Antivirus 2011] "C:\Documents and Settings\All Users\Application Data\43077d\IA430_287.exe" /s /d
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZUxdm574YYCA
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...tup1.0.1.1.cab
    O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe


    Now close all windows other than HiJackThis, then click Fix Checked.**Close HiJackThis.**Reboot

    Step 2

    [​IMG] Please download Malwarebytes Anti-Malware and save it to your desktop.
    Alernative D/L mirror
    Alternative D/L mirror

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Step 3

    Download Security Check by screen317 from HERE or HERE.
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    What i`d like in your reply :-

    • Log from Malwarebytes
    • Log from Security Checks
    • Fresh HJT log
    • System update, improvements? issues?

    Kevin
     
  3. Pratap

    Pratap Thread Starter

    Joined:
    Dec 8, 2010
    Messages:
    3
    Hi Kevin,

    Thank you so much for your response.

    I think I've managed to resolve the problem.

    I'll wait and watch the system for a while to determine if it's working as it should be.

    Thanks again for your kind offer to assist me.

    Pratap.:)
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya Pratap,

    Post back if you need any help.

    Thanks,

    Kevin
     
  5. Pratap

    Pratap Thread Starter

    Joined:
    Dec 8, 2010
    Messages:
    3
    Thank you Kevin.
    Wish you happy holidays.
    Pratap.
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/967354

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice