« previous next »
Pages: [1]

Author Topic: cant start none of my windows services because...........??  (Read 1951 times)

Offline cpl

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
cant start none of my windows services because...........??
« on: January 03, 2008, 01:57:12 PM »
I recently cleaned out a computer effected with ucleaner spyware by using the following programs and some of the instructions , not all stated in a previous post"  slow running computer and pop ups  " The computer I had didnt seem infected as much as this guys in the previous post.

Everything is cleaned fine but for some reason while in normal boot mode all of the windows directory services and/or PC thinks its in safe mode and a lot of my necessary services are stopped because of this. Does anybody know whats going on here or how can I fix this?  thanks
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
cant start none of my windows services because...........??
« Reply #1 on: January 03, 2008, 02:18:38 PM »
Download Hijackthis Installer from [color=\"#FF0000\"]HERE[/color]
For an alternate download location, you can try HERE
SAVE it to your desktop
Double click on HJTInstall.exe to run it
Choose Install

Hijackthis v2.0.2 will open

Under Main Menu, Select
Do a system scan and save a Log file
A log will open in Notepad
Copy and Paste the Whole log back here to the forum----It is all important!
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline cpl

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
cant start none of my windows services because...........??
« Reply #2 on: January 03, 2008, 02:43:10 PM »
[quote name=\'guestolo\' post=\'417680\' date=\'Jan 3 2008, 01:18 PM\']Download Hijackthis Installer from [color=\"#ff0000\"]HERE[/color]
For an alternate download location, you can try HERE
SAVE it to your desktop
Double click on HJTInstall.exe to run it
Choose Install

Hijackthis v2.0.2 will open

Under Main Menu, Select
Do a system scan and save a Log file
A log will open in Notepad
Copy and Paste the Whole log back here to the forum----It is all important![/quote]



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:42, on 2008-01-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\TIREMOTE\TIServiceMonitor.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Symantec\Ghost\ngtray.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 222.222.222.1:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Autodesk DWF - {F03966D3-8EA0-47b4-BBE0-85BFE6CBC8AC} - C:\Program Files\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Track-It! Workstation Manager Service Monitor] C:\WINDOWS\TIREMOTE\TIServiceMonitor.exe
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [Client Access PC5250 Sound] "C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe"
O4 - HKLM\..\Run: [NGTray] "C:\Program Files\Symantec\Ghost\ngtray.exe"
O4 - HKLM\..\Run: [DLPSP] "C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198877157375
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198877134390
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = reaganpower.com
O17 - HKLM\Software\..\Telephony: DomainName = reaganpower.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = reaganpower.com
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Symantec Ghost Client Agent (NGCLIENT) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngctw32.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: Track-It! Remoting Helper (TIRemotingHelper) - Unknown owner - C:\WINDOWS\TIRHService.exe
O23 - Service: Track-It! Remote Control (TIRmtCtl) - Intuit Track-It! - C:\WINDOWS\TIREMOTE\wuser32.exe
O23 - Service: Track-It! Workstation Manager (TIRmtSvc) - Numara Software, Inc. - C:\WINDOWS\TIREMOTE\TIRemoteService.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9295 bytes
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
cant start none of my windows services because...........??
« Reply #3 on: January 03, 2008, 03:08:25 PM »
What steps did you actually do from the link to the other users log?
I don't want you redoing any
I just want to know what you have done already
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline cpl

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
cant start none of my windows services because...........??
« Reply #4 on: January 03, 2008, 03:18:12 PM »
[quote name=\'guestolo\' post=\'417687\' date=\'Jan 3 2008, 02:08 PM\']What steps did you actually do from the link to the other users log?
I don't want you redoing any
I just want to know what you have done already[/quote]


I have done everything except this......




We still have a bit more cleaning to do

==Open notepad and copy/paste the text in the quotebox below into it:
Don't use anything else than notepad or the script will not work

Quote
File::
C:\sqmdata05.sqm
C:\sqmnoopt05.sqm
C:\sqmdata04.sqm
C:\sqmnoopt04.sqm
C:\sqmdata03.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt02.sqm
C:\sqmdata02.sqm
C:\sqmdata01.sqm
C:\sqmdata00.sqm
C:\sqmnoopt00.sqm
C:\WINDOWS\lbbho.dll
Folder::
C:\Program Files\XP Antivirus
C:\Program Files\MediaSupplyCodec
C:\Documents and Settings\All Users\Application Data\Meal Memo Free View
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
cant start none of my windows services because...........??
« Reply #5 on: January 03, 2008, 03:25:41 PM »
Can you post the Whole contents of both of these logs

C:\Combofix.txt
C:\Rapport.txt
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline cpl

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
cant start none of my windows services because...........??
« Reply #6 on: January 03, 2008, 03:36:50 PM »
QUOTE (guestolo @ Jan 3 2008, 02:25 PM) <{POST_SNAPBACK}>
Can you post the Whole contents of both of these logsC:\Combofix.txtC:\Rapport.txt
   SmitFraudFix v2.274Scan done at  9:58:09.87, Thu 01/03/2008Run from C:\Documents and Settings\administrator.DOMAIN1\Desktop\SmitfraudFixOS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe mode»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix!!!Attention, following keys are not inevitably infected!!!SrchSTS.exe by S!RiSearch SharedTaskScheduler's .dll»»»»»»»»»»»»»»»»»»»»»»»» Killing process»»»»»»»»»»»»»»»»»»»»»»»» hosts127.0.0.1       localhost127.0.0.1 007guard.com127.0.0.1 www.007guard.com127.0.0.1 008i.com127.0.0.1 008k.com127.0.0.1 www.008k.com127.0.0.1 00hq.com127.0.0.1 www.00hq.com127.0.0.1 010402.com127.0.0.1 032439.com127.0.0.1 www.032439.com127.0.0.1 1001-search.info127.0.0.1 www.1001-search.info127.0.0.1 100888290cs.com127.0.0.1 www.100888290cs.com127.0.0.1 100sexlinks.com127.0.0.1 www.100sexlinks.com127.0.0.1 10sek.com127.0.0.1 www.10sek.com127.0.0.1 123topsearch.com127.0.0.1 www.123topsearch.com127.0.0.1 132.com127.0.0.1 www.132.com127.0.0.1 136136.net127.0.0.1 www.136136.net127.0.0.1 139mm.com127.0.0.1 www.139mm.com127.0.0.1 163ns.com127.0.0.1 www.163ns.com127.0.0.1 171203.com127.0.0.1 17-plus.com127.0.0.1 1800searchonline.com127.0.0.1 www.1800searchonline.com127.0.0.1 180searchassistant.com127.0.0.1 www.180searchassistant.com127.0.0.1 180solutions.com127.0.0.1 www.180solutions.com127.0.0.1 181.365soft.info127.0.0.1 www.181.365soft.info127.0.0.1 1987324.com127.0.0.1 www.1987324.com127.0.0.1 1-domains-registrations.com127.0.0.1 www.1-domains-registrations.com127.0.0.1 1-extreme.biz127.0.0.1 www.1-extreme.biz127.0.0.1 1sexparty.com127.0.0.1 www.1sexparty.com127.0.0.1 1stantivirus.com127.0.0.1 www.1stantivirus.com127.0.0.1 1stpagehere.com127.0.0.1 www.1stpagehere.com127.0.0.1 1stsearchportal.com127.0.0.1 www.1stsearchportal.com127.0.0.1 2.82211.net127.0.0.1 www.2006ooo.com127.0.0.1 2007-download.com127.0.0.1 www.2007-download.com127.0.0.1 2020search.com127.0.0.1 www.2020search.com127.0.0.1 20x2p.com127.0.0.1 24.365soft.info127.0.0.1 www.24.365soft.info127.0.0.1 24-7pharmacy.info127.0.0.1 www.24-7pharmacy.info127.0.0.1 24-7searching-and-more.com127.0.0.1 www.24-7searching-and-more.com127.0.0.1 24teen.com127.0.0.1 www.24teen.com127.0.0.1 2every.net127.0.0.1 www.2every.net127.0.0.1 2ndpower.com127.0.0.1 2search.com127.0.0.1 www.2search.com127.0.0.1 2search.org127.0.0.1 www.2search.org127.0.0.1 2squared.com127.0.0.1 www.2squared.com127.0.0.1 3322.org127.0.0.1 www.3322.org127.0.0.1 365soft.info127.0.0.1 36site.com127.0.0.1 www.36site.com127.0.0.1 3721.com127.0.0.1 39-93.com127.0.0.1 3abetterinternet.com127.0.0.1 www.3abetterinternet.com127.0.0.1 3bay.it127.0.0.1 www.3bay.it127.0.0.1 3ebay.it127.0.0.1 www.3ebay.it127.0.0.1 404dns.com127.0.0.1 www.404dns.com127.0.0.1 4199.com127.0.0.1 www.4199.com127.0.0.1 4corn.net127.0.0.1 www.4corn.net127.0.0.1 4ebay.it127.0.0.1 www.4ebay.it127.0.0.1 4klm.com127.0.0.1 4repubblica.it127.0.0.1 www.4repubblica.it127.0.0.1 4softget.com127.0.0.1 www.4softget.com127.0.0.1 5iscali.it127.0.0.1 www.5iscali.it127.0.0.1 5repubblica.it127.0.0.1 www.5repubblica.it127.0.0.1 5starvideos.com127.0.0.1 www.5starvideos.com127.0.0.1 5tiscali.it127.0.0.1 www.5tiscali.it127.0.0.1 5zgmu7o20kt5d8yq.com127.0.0.1 www.5zgmu7o20kt5d8yq.com127.0.0.1 6iscali.it127.0.0.1 www.6iscali.it127.0.0.1 6sek.com127.0.0.1 www.6sek.com127.0.0.1 6tiscali.it127.0.0.1 www.6tiscali.it127.0.0.1 7322.com127.0.0.1 www.7322.com127.0.0.1 75tz.com127.0.0.1 777search.com127.0.0.1 www.777search.com127.0.0.1 777top.com127.0.0.1 www.777top.com127.0.0.1 7939.com127.0.0.1 www.7939.com127.0.0.1 7search.com127.0.0.1 www.7search.com127.0.0.1 80gw6ry3i3x3qbrkwhxhw.032439.com127.0.0.1 82211.net127.0.0.1 8866.org127.0.0.1 888.com127.0.0.1 www.888.com127.0.0.1 8ad.com127.0.0.1 www.8ad.com127.0.0.1 9505.com127.0.0.1 www.9505.com127.0.0.1 971searchbox.com127.0.0.1 www.971searchbox.com127.0.0.1 a.bestmanage.org127.0.0.1 aaasexypics.com127.0.0.1 aaawebfinder.com127.0.0.1 www.aaawebfinder.com127.0.0.1 aavc.com127.0.0.1 abc-find.info127.0.0.1 www.abc-find.info127.0.0.1 abetterinternet.com127.0.0.1 www.abetterinternet.com127.0.0.1 abnetsoft.info127.0.0.1 www.abnetsoft.info127.0.0.1 aboutclicker.com127.0.0.1 www.aboutclicker.com127.0.0.1 abrp.net127.0.0.1 www.abrp.net127.0.0.1 absolutee.com127.0.0.1 www.absolutee.com127.0.0.1 abyssmedia.com127.0.0.1 www.abyssmedia.com127.0.0.1 ac66.cn127.0.0.1 www.ac66.cn127.0.0.1 access.Navinetwork.com127.0.0.1 access.rapid-pass.net127.0.0.1 accessactivexvideo.com127.0.0.1 www.accessactivexvideo.com127.0.0.1 accessclips.com127.0.0.1 www.accessclips.com127.0.0.1 access-dvd.com127.0.0.1 www.access-dvd.com127.0.0.1 accesskeygenerator.com127.0.0.1 www.accesskeygenerator.com127.0.0.1 accessorygeeks.com127.0.0.1 www.accessorygeeks.com127.0.0.1 accessthefuture.net127.0.0.1 www.accessthefuture.net127.0.0.1 accessvid.net127.0.0.1 www.accessvid.net127.0.0.1 acemedic.com127.0.0.1 www.acemedic.com127.0.0.1 ace-webmaster.com127.0.0.1 www.ace-webmaster.com127.0.0.1 acjp.com127.0.0.1 acrobat-2007.com127.0.0.1 www.acrobat-2007.com127.0.0.1 acrobat-8.com127.0.0.1 www.acrobat-8.com127.0.0.1 acrobat-center.com127.0.0.1 www.acrobat-center.com127.0.0.1 acrobat-hq.com127.0.0.1 www.acrobat-hq.com127.0.0.1 acrobatreader-8.com127.0.0.1 www.acrobatreader-8.com127.0.0.1 acrobat-reader-8.de127.0.0.1 www.acrobat-reader-8.de127.0.0.1 acrobat-stop.com127.0.0.1 www.acrobat-stop.com127.0.0.1 actionbreastcancer.org127.0.0.1 www.actionbreastcancer.org127.0.0.1 activesearcher.info127.0.0.1 www.activesearcher.info127.0.0.1 activexaccessobject.com127.0.0.1 www.activexaccessobject.com127.0.0.1 activexaccessvideo.com127.0.0.1 www.activexaccessvideo.com127.0.0.1 activexemedia.com127.0.0.1 www.activexemedia.com127.0.0.1 activexmediaobject.com127.0.0.1 www.activexmediaobject.com127.0.0.1 activexmediapro.com127.0.0.1 www.activexmediapro.com127.0.0.1 activexmediasite.com127.0.0.1 www.activexmediasite.com127.0.0.1 activexmediasoftware.com127.0.0.1 www.activexmediasoftware.com127.0.0.1 activexmediasource.com127.0.0.1 www.activexmediasource.com127.0.0.1 activexmediatool.com127.0.0.1 www.activexmediatool.com127.0.0.1 activexmediatour.com127.0.0.1 www.activexmediatour.com127.0.0.1 activexsoftwares.com127.0.0.1 www.activexsoftwares.com127.0.0.1 activexsource.com127.0.0.1 www.activexsource.com127.0.0.1 activexupdate.com127.0.0.1 www.activexupdate.com127.0.0.1 activexvideo.com127.0.0.1 www.activexvideo.com127.0.0.1 activexvideotool.com127.0.0.1 www.activexvideotool.com127.0.0.1 ad.marketingsector.com127.0.0.1 www.ad.marketingsector.com127.0.0.1 ad.mokead.com127.0.0.1 www.ad.mokead.com127.0.0.1 ad.yieldmanager.com127.0.0.1 www.ad.yieldmanager.com127.0.0.1 ad25.com127.0.0.1 ad45.com127.0.0.1 ad77.com127.0.0.1 ad86.com127.0.0.1 adamsupportgroup.org127.0.0.1 www.adamsupportgroup.org127.0.0.1 adarmor.com127.0.0.1 www.adarmor.com127.0.0.1 adasearch.com127.0.0.1 www.adasearch.com127.0.0.1 adaware.cc127.0.0.1 adawarenow.com127.0.0.1 www.adawarenow.com127.0.0.1 addictivetechnologies.com127.0.0.1 www.addictivetechnologies.com127.0.0.1 addictivetechnologies.net127.0.0.1 www.addictivetechnologies.net127.0.0.1 add-manager.com127.0.0.1 www.add-manager.com127.0.0.1 adgate.info127.0.0.1 www.adgate.info127.0.0.1 adipics.com127.0.0.1 www.adipics.com127.0.0.1 admin2cash.biz127.0.0.1 www.admin2cash.biz127.0.0.1 adnet-plus.com127.0.0.1 adobe-download-now.com127.0.0.1 adobe-downloads.com127.0.0.1 www.adobe-downloads.com127.0.0.1 adobe-reader-8.fr127.0.0.1 www.adobe-reader-8.fr127.0.0.1 adprotect.com127.0.0.1 www.adprotect.com127.0.0.1 ads.centralmedia.ws127.0.0.1 ads.k8l.info127.0.0.1 ads.kmpads.com127.0.0.1 ads.marketingsector.com127.0.0.1 ads.searchingbooth.com127.0.0.1 ads.z-quest.com127.0.0.1 ads183.com127.0.0.1 www.ads183.com127.0.0.1 adscontex.com127.0.0.1 www.adscontex.com127.0.0.1 adservices1.enhance.com127.0.0.1 www.adservices1.enhance.com127.0.0.1 adservs.com127.0.0.1 adsextend.net127.0.0.1 www.adsextend.net127.0.0.1 adshttp.com127.0.0.1 www.adshttp.com127.0.0.1 adsonwww.com127.0.0.1 www.adsonwww.com127.0.0.1 adspics.com127.0.0.1 www.adspics.com127.0.0.1 adtrak.net127.0.0.1 www.adtrak.net127.0.0.1 adtrgt.com127.0.0.1 adult777search.info127.0.0.1 www.adult777search.info127.0.0.1 adultan.com127.0.0.1 www.adultan.com127.0.0.1 adult-engine-search.com127.0.0.1 www.adult-engine-search.com127.0.0.1 adult-erotic-guide.net127.0.0.1 www.adult-erotic-guide.net127.0.0.1 adultfilmsite.com127.0.0.1 www.adultfilmsite.com127.0.0.1 adult-friends-finder.net127.0.0.1 www.adult-friends-finder.net127.0.0.1 adultgambling.org127.0.0.1 adult-host.org127.0.0.1 adulthyperlinks.com127.0.0.1 www.adulthyperlinks.com127.0.0.1 adultmovieplus.com127.0.0.1 www.adultmovieplus.com127.0.0.1 adult-personal.us127.0.0.1 adultsgames.net127.0.0.1 adultsper.com127.0.0.1 www.adultsper.com127.0.0.1 adulttds.com127.0.0.1 www.adulttds.com127.0.0.1 adultzoneworld.com127.0.0.1 www.adultzoneworld.com127.0.0.1 advcash.biz127.0.0.1 www.advcash.biz127.0.0.1 advert.exaccess.ru127.0.0.1 advertisemoney.info127.0.0.1 www.advertisemoney.info127.0.0.1 advertising.paltalk.com127.0.0.1 advertising-money.info127.0.0.1 www.advertising-money.info127.0.0.1 ad-ware.cc127.0.0.1 ad-w-a-r-e.com127.0.0.1 www.ad-w-a-r-e.com127.0.0.1 a-d-w-a-r-e.com127.0.0.1 www.a-d-w-a-r-e.com127.0.0.1 adwarebazooka.com127.0.0.1 www.adwarebazooka.com127.0.0.1 adwarefinder.com127.0.0.1 www.adwarefinder.com127.0.0.1 adwareprotectionsite.com127.0.0.1 www.adwareprotectionsite.com127.0.0.1 adwarepunisher.com127.0.0.1 www.adwarepunisher.com127.0.0.1 aflgate.com127.0.0.1 www.aflgate.com127.0.0.1 africaspromise.org127.0.0.1 agava.com127.0.0.1 agava.ru127.0.0.1 agentstudio.com127.0.0.1 aginegialle.it127.0.0.1 www.aginegialle.it127.0.0.1 www.aifind.info127.0.0.1 aifind.info127.0.0.1 airtleworld.com127.0.0.1 www.airtleworld.com127.0.0.1 aitalia.it127.0.0.1 www.aitalia.it127.0.0.1 akamai.downloadv3.com127.0.0.1 aklitalia.it127.0.0.1 www.aklitalia.it127.0.0.1 akril.com127.0.0.1 alcatel.ws127.0.0.1 alfacleaner.com127.0.0.1 www.alfacleaner.com127.0.0.1 alfa-search.com127.0.0.1 alialia.it127.0.0.1 www.alialia.it127.0.0.1 aliotalia.it127.0.0.1 www.aliotalia.it127.0.0.1 alirtalia.it127.0.0.1 www.alirtalia.it127.0.0.1 alitaia.it127.0.0.1 www.alitaia.it127.0.0.1 alitaklia.it127.0.0.1 www.alitaklia.it127.0.0.1 alitala.it127.0.0.1 www.alitala.it127.0.0.1 alitali.it127.0.0.1 www.alitali.it127.0.0.1 alitaliaq.it127.0.0.1 www.alitaliaq.it127.0.0.1 alitalias.it127.0.0.1 www.alitalias.it127.0.0.1 alitaliaz.it127.0.0.1 www.alitaliaz.it127.0.0.1 alitalioa.it127.0.0.1 www.alitalioa.it127.0.0.1 alitalisa.it127.0.0.1 www.alitalisa.it127.0.0.1 alitaliua.it127.0.0.1 www.alitaliua.it127.0.0.1 alitalkia.it127.0.0.1 www.alitalkia.it127.0.0.1 alitaloia.it127.0.0.1 www.alitaloia.it127.0.0.1 alitaluia.it127.0.0.1 www.alitaluia.it127.0.0.1 alitaslia.it127.0.0.1 www.alitaslia.it127.0.0.1 alitlia.it127.0.0.1 www.alitlia.it127.0.0.1 alitralia.it127.0.0.1 www.alitralia.it127.0.0.1 alitsalia.it127.0.0.1 www.alitsalia.it127.0.0.1 aliutalia.it127.0.0.1 www.aliutalia.it127.0.0.1 ALL1COUNT.NET127.0.0.1 www.ALL1COUNT.NET127.0.0.1 all4internet.com127.0.0.1 www.all4internet.com127.0.0.1 allabtcars.com127.0.0.1 allabtjeeps.com127.0.0.1 all-bittorrent.com127.0.0.1 www.all-bittorrent.com127.0.0.1 www.allcybersearch.com127.0.0.1 allcybersearch.com127.0.0.1 alldnserrors.com127.0.0.1 www.alldnserrors.com127.0.0.1 all-downloads-now.com127.0.0.1 www.all-downloads-now.com127.0.0.1 all-edonkey.com127.0.0.1 www.all-edonkey.com127.0.0.1 allforadult.com127.0.0.1 allhyperlinks.com127.0.0.1 alliesecurity.com127.0.0.1 www.alliesecurity.com127.0.0.1 all-inet.com127.0.0.1 allinternetbusiness.com127.0.0.1 all-limewire.com127.0.0.1 www.all-limewire.com127.0.0.1 allmegabucks.com127.0.0.1 www.allmegabucks.com127.0.0.1 allprotections.com127.0.0.1 www.allprotections.com127.0.0.1 allresultz.net127.0.0.1 www.allresultz.net127.0.0.1 allsecuritynotes.com127.0.0.1 www.allsecuritynotes.com127.0.0.1 allsecuritysite.com127.0.0.1 www.allsecuritysite.com127.0.0.1 allstarsvideos.net127.0.0.1 www.allstarsvideos.net127.0.0.1 alltruesoftware.com127.0.0.1 www.alltruesoftware.com127.0.0.1 allvideoactivex.com127.0.0.1 www.allvideoactivex.com127.0.0.1 almanah.biz127.0.0.1 www.almanah.biz127.0.0.1 almarvideos.com127.0.0.1 aloitalia.it127.0.0.1 www.aloitalia.it127.0.0.1 aluitalia.it127.0.0.1 www.aluitalia.it127.0.0.1 amaena.com127.0.0.1 www.amaena.com127.0.0.1 amandamountains.com127.0.0.1 amateurliveshow.com127.0.0.1 www.amateurliveshow.com127.0.0.1 amediasoftware.com127.0.0.1 www.amediasoftware.com127.0.0.1 amediasource.com127.0.0.1 www.amediasource.com127.0.0.1 americancarbargains.com127.0.0.1 www.americancarbargains.com127.0.0.1 american-teens.net127.0.0.1 amigeek.com127.0.0.1 amisbusiness.com127.0.0.1 ampmsearch.com127.0.0.1 www.ampmsearch.com127.0.0.1 analcord.com127.0.0.1 www.analcord.com127.0.0.1 analmovi.com127.0.0.1 anarchylolita.com127.0.0.1 www.anarchylolita.com127.0.0.1 anarchyporn.com127.0.0.1 andromedical.com127.0.0.1 www.andromedical.com127.0.0.1 animepornmag.com127.0.0.1 www.animepornmag.com127.0.0.1 anin.org127.0.0.1 anjpn-avxiz.biz127.0.0.1 www.anjpn-avxiz.biz127.0.0.1 anjpnzqav.biz127.0.0.1 www.anjpnzqav.biz127.0.0.1 anjpn-zqav.biz127.0.0.1 www.anjpn-zqav.biz127.0.0.1 annaromeo.com127.0.0.1 antiddos.us127.0.0.1 www.antiddos.us127.0.0.1 Antiespiadorado.com127.0.0.1 www.Antiespiadorado.com127.0.0.1 Antiespionspack.com127.0.0.1 www.Antiespionspack.com127.0.0.1 Antigusanos2008.com127.0.0.1 www.Antigusanos2008.com127.0.0.1 Antispionage.com127.0.0.1 www.Antispionage.com127.0.0.1 Antispionagepro.com127.0.0.1 www.Antispionagepro.com127.0.0.1 antispydns.biz127.0.0.1 www.antispydns.biz127.0.0.1 antispylab.com127.0.0.1 www.antispylab.com127.0.0.1 antispysolutions.com127.0.0.1 www.antispysolutions.com127.0.0.1 antispyware.com127.0.0.1 www.antispyware.com127.0.0.1 antispywarebot.com127.0.0.1 www.antispywarebot.com127.0.0.1 antispywarebox.com127.0.0.1 www.antispywarebox.com127.0.0.1 antispywaredownloads.com127.0.0.1 www.antispywaredownloads.com127.0.0.1 Antispywaresuite.com127.0.0.1 www.Antispywaresuite.com127.0.0.1 Antispyweb.net127.0.0.1 www.Antispyweb.net127.0.0.1 Antiver2008.com127.0.0.1 www.Antiver2008.com127.0.0.1 antivermins.com127.0.0.1 www.antivermins.com127.0.0.1 anti-vermins.com127.0.0.1 www.anti-vermins.com127.0.0.1 antivir2007.com127.0.0.1 www.antivir2007.com127.0.0.1 antivirgear.com127.0.0.1 www.antivirgear.com127.0.0.1 antivirus.fastfreedownload.com127.0.0.1 www.antivirus.fastfreedownload.com127.0.0.1 antivirusgolden.com127.0.0.1 www.antivirusgolden.com127.0.0.1 antivirus-hq.net127.0.0.1 www.antivirus-hq.net127.0.0.1 anti-virus-pro.com127.0.0.1 www.anti-virus-pro.com127.0.0.1 antivirusprotector.com127.0.0.1 www.antivirusprotector.com127.0.0.1 antivirussecuritypro.com127.0.0.1 www.antivirussecuritypro.com127.0.0.1 antivirus-stop.com127.0.0.1 www.antivirus-stop.com127.0.0.1 Antiworm2008.com127.0.0.1 www.Antiworm2008.com127.0.0.1 Antiwurm2008.com127.0.0.1 www.Antiwurm2008.com127.0.0.1 antrocity.com127.0.0.1 anyofus.com127.0.0.1 www.anyofus.com127.0.0.1 anysn.seproger.com127.0.0.1 www.anysn.seproger.com127.0.0.1 anything4health.com127.0.0.1 apicpreview.com127.0.0.1 www.apicpreview.com127.0.0.1 appealcircuit.com127.0.0.1 www.appealcircuit.com127.0.0.1 approvedlinks.com127.0.0.1 www.approvedlinks.com127.0.0.1 apps.deskwizz.com127.0.0.1 apps.webservicehost.com127.0.0.1 aprotectedpage.com127.0.0.1 www.aprotectedpage.com127.0.0.1 apsua.com127.0.0.1 archiviosex.net127.0.0.1 www.archiviosex.net127.0.0.1 aregay.com127.0.0.1 ares-freebie.com127.0.0.1 www.ares-freebie.com127.0.0.1 arespro2007.com127.0.0.1 www.arespro2007.com127.0.0.1 aresultra.com127.0.0.1 www.aresultra.com127.0.0.1 ares-usa.com127.0.0.1 www.ares-usa.com127.0.0.1 arheo.com127.0.0.1 arizonaweb.org127.0.0.1 armitageinn.com127.0.0.1 arquivojpgs.smtp.ru127.0.0.1 www.arquivojpgs.smtp.ru127.0.0.1 artachnid.com127.0.0.1 art-func.com127.0.0.1 art-xxx.com127.0.0.1 asafebrowser.com127.0.0.1 www.asafebrowser.com127.0.0.1 asafetynotice.com127.0.0.1 www.asafetynotice.com127.0.0.1 asafetypage.com127.0.0.1 www.asafetypage.com127.0.0.1 asdbiz.biz127.0.0.1 www.asdbiz.biz127.0.0.1 asdeykuddq.com127.0.0.1 www.asdeykuddq.com127.0.0.1 asecurebar.com127.0.0.1 www.asecurebar.com127.0.0.1 asecureboard.com127.0.0.1 www.asecureboard.com127.0.0.1 asecurevalue.com127.0.0.1 www.asecurevalue.com127.0.0.1 asecurityissue.com127.0.0.1 www.asecurityissue.com127.0.0.1 asecuritynotice.com127.0.0.1 www.asecuritynotice.com127.0.0.1 asecuritypaper.com127.0.0.1 www.asecuritypaper.com127.0.0.1 asecuritystuff.com127.0.0.1 www.asecuritystuff.com127.0.0.1 asiankingkong.com127.0.0.1 asianpornmag.com127.0.0.1 www.asianpornmag.com127.0.0.1 asiantoolbar.com127.0.0.1 www.asiantoolbar.com127.0.0.1 asidseiupc.com127.0.0.1 www.asidseiupc.com127.0.0.1 aslitalia.it127.0.0.1 www.aslitalia.it127.0.0.1 ass-gals.com127.0.0.1 assureprotection.com127.0.0.1 www.assureprotection.com127.0.0.1 asta-killer.com127.0.0.1 asupereva.it127.0.0.1 www.asupereva.it127.0.0.1 athenrye.com127.0.0.1 atotalsafety.com127.0.0.1 www.atotalsafety.com127.0.0.1 atrueprotection.com127.0.0.1 www.atrueprotection.com127.0.0.1 atruesecurity.com127.0.0.1 www.atruesecurity.com127.0.0.1 attackware.com127.0.0.1 www.attackware.com127.0.0.1 attrezzi.biz127.0.0.1 www.attrezzi.biz127.0.0.1 aulde.net127.0.0.1 www.aulde.net127.0.0.1 aupereva.it127.0.0.1 www.aupereva.it127.0.0.1 autocontext.begun.ru127.0.0.1 www.autocontext.begun.ru127.0.0.1 autoescrowpay.com127.0.0.1 avast.free-software-center.com127.0.0.1 www.avast.free-software-center.com127.0.0.1 avast-2007.com127.0.0.1 www.avast-2007.com127.0.0.1 avast-downloads.com127.0.0.1 www.avast-downloads.com127.0.0.1 avast-hq.com127.0.0.1 www.avast-hq.com127.0.0.1 avforce.com127.0.0.1 www.avforce.com127.0.0.1 avg.grab-it-today.net127.0.0.1 www.avg.grab-it-today.net127.0.0.1 avg.softwarecenterz.com127.0.0.1 www.avg.softwarecenterz.com127.0.0.1 avg-secure.com127.0.0.1 www.avg-secure.com127.0.0.1 avian-ads.com127.0.0.1 avideoaxaccess.com127.0.0.1 www.avideoaxaccess.com127.0.0.1 avideosurfer.com127.0.0.1 www.avideosurfer.com127.0.0.1 aviewersoft.com127.0.0.1 www.aviewersoft.com127.0.0.1 avpcheckupdate.com127.0.0.1 www.avpcheckupdate.com127.0.0.1 avxizaaqada.biz127.0.0.1 www.avxizaaqada.biz127.0.0.1 avxiz-anjpn.biz127.0.0.1 www.avxiz-anjpn.biz127.0.0.1 avxizueorn.biz127.0.0.1 www.avxizueorn.biz127.0.0.1 avxiz-ueorn.biz127.0.0.1 www.avxiz-ueorn.biz127.0.0.1 avxiz-vtvcp.biz127.0.0.1 www.avxiz-vtvcp.biz127.0.0.1 avxiz-ygco.biz127.0.0.1 www.avxiz-ygco.biz127.0.0.1 avxiz-zqav.biz127.0.0.1 www.avxiz-zqav.biz127.0.0.1 awarninglist.com127.0.0.1 www.awarninglist.com127.0.0.1 awbeta.net-nucleus.com127.0.0.1 awesomehomepage.com127.0.0.1 www.awesomehomepage.com127.0.0.1 awmcash.biz127.0.0.1 awmdabest.com127.0.0.1 axemediasoftware.com127.0.0.1 www.axemediasoftware.com127.0.0.1 aximageobject.com127.0.0.1 www.aximageobject.com127.0.0.1 axmediaproject.com127.0.0.1 www.axmediaproject.com127.0.0.1 axmediasoftware.com127.0.0.1 www.axmediasoftware.com127.0.0.1 axmediasolutions.com127.0.0.1 www.axmediasolutions.com127.0.0.1 axobjectpage.com127.0.0.1 www.axobjectpage.com127.0.0.1 axobjectsource.com127.0.0.1 www.axobjectsource.com127.0.0.1 axsoftwaretool.com127.0.0.1 www.axsoftwaretool.com127.0.0.1 axvideoproject.com127.0.0.1 www.axvideoproject.com127.0.0.1 axvideosetup.com127.0.0.1 www.axvideosetup.com127.0.0.1 ayakawamura.com127.0.0.1 ayb.dns-look-up.com127.0.0.1 ayb.netbios-wait.com127.0.0.1 ayumitaniguchi.com127.0.0.1 azebar.com127.0.0.1 azureusclub.com127.0.0.1 www.azureusclub.com127.0.0.1 azureus-freebie.com127.0.0.1 www.azureus-freebie.com127.0.0.1 azzetta.it127.0.0.1 www.azzetta.it127.0.0.1 b.casalemedia.com127.0.0.1 babe.k-lined.com127.0.0.1 www.babe.k-lined.com127.0.0.1 babe.the-killer.bz127.0.0.1 www.babe.the-killer.bz127.0.0.1 babenet.com127.0.0.1 www.babenet.com127.0.0.1 babespornmag.com127.0.0.1 www.babespornmag.com127.0.0.1 babeweb.de127.0.0.1 www.babeweb.de127.0.0.1 baccarat-other.info127.0.0.1 www.baccarat-other.info127.0.0.1 Backstripgirls.com127.0.0.1 www.Backstripgirls.com127.0.0.1 backup.mabou.org127.0.0.1 balotierra.com127.0.0.1 www.balotierra.com127.0.0.1 bannedhost.net127.0.0.1 barbudafarms.com127.0.0.1 bardownload.com127.0.0.1 www.bardownload.com127.0.0.1 barnandfence.com127.0.0.1 batsearch.com127.0.0.1 baygraphicsllc.com127.0.0.1 bbbsearch.com127.0.0.1 bb-search.com127.0.0.1 bdsmlibrary.net127.0.0.1 bdsmpornmag.com127.0.0.1 www.bdsmpornmag.com127.0.0.1 bearshare.download-me.info127.0.0.1 www.bearshare.download-me.info127.0.0.1 bearshare.mp3-muzic.com127.0.0.1 www.bearshare.mp3-muzic.com127.0.0.1 bearshare-download.org127.0.0.1 www.bearshare-download.org127.0.0.1 bearshare-downloads.net127.0.0.1 www.bearshare-downloads.net127.0.0.1 bearsharelive.co.uk127.0.0.1 www.bearsharelive.co.uk127.0.0.1 bearshare-music-downloads.com127.0.0.1 www.bearshare-music-downloads.com127.0.0.1 bearsharepro2007.com127.0.0.1 www.bearsharepro2007.com127.0.0.1 bearshare-usa.com127.0.0.1 www.bearshare-usa.com127.0.0.1 bedhome.com127.0.0.1 bediadance.com127.0.0.1 beebappyy.biz127.0.0.1 www.beebappyy.biz127.0.0.1 begin2search.com127.0.0.1 www.begin2search.com127.0.0.1 bellabasketsfl.com127.0.0.1 bernaolatwin.com127.0.0.1 best-counter.com127.0.0.1 bestcrawler.com127.0.0.1 bestfor.ru127.0.0.1 best-hardpics.com127.0.0.1 bestmanage.org127.0.0.1 www.bestmanage.org127.0.0.1 bestmanage0.org127.0.0.1 www.bestmanage0.org127.0.0.1 bestmanage1.org127.0.0.1 www.bestmanage1.org127.0.0.1 bestmanage2.org127.0.0.1 www.bestmanage2.org127.0.0.1 bestmanage3.org127.0.0.1 www.bestmanage3.org127.0.0.1 bestmanage4.org127.0.0.1 www.bestmanage4.org127.0.0.1 bestmanage5.org127.0.0.1 www.bestmanage5.org127.0.0.1 bestmanage6.org127.0.0.1 www.bestmanage6.org127.0.0.1 bestmanage7.org127.0.0.1 www.bestmanage7.org127.0.0.1 bestmanage8.org127.0.0.1 www.bestmanage8.org127.0.0.1 bestmanage9.org127.0.0.1 www.bestmanage9.org127.0.0.1 bestporngate.com127.0.0.1 bestsafetyguide.net127.0.0.1 www.bestsafetyguide.net127.0.0.1 best-spyware.info127.0.0.1 www.best-spyware.info127.0.0.1 best-targeted-traffic.com127.0.0.1 www.best-targeted-traffic.com127.0.0.1 best-voyeur.info127.0.0.1 www.best-voyeur.info127.0.0.1 bestweblinks.com127.0.0.1 best-winning-casino.com127.0.0.1 bestworldgirls-for-u.net127.0.0.1 www.bestworldgirls-for-u.net127.0.0.1 bestxporno.com127.0.0.1 bettersearch.biz127.0.0.1 www.bettersearch.biz127.0.0.1 bgazzetta.it127.0.0.1 www.bgazzetta.it127.0.0.1 bgoogle.it127.0.0.1 www.bgoogle.it127.0.0.1 bigtrafficnetwork.com127.0.0.1 www.bigtrafficnetwork.com127.0.0.1 bigwww.com127.0.0.1 www.bigwww.com127.0.0.1 bin.errorprotector.com127.0.0.1 bins.media-motor.net127.0.0.1 bins2.media-motor.net127.0.0.1 bis.180solutions.com127.0.0.1 bitchesonline.net127.0.0.1 bitcomet-freebie.com127.0.0.1 www.bitcomet-freebie.com127.0.0.1 biz.biz127.0.0.1 blackblues00.com127.0.0.1 www.blackblues00.com127.0.0.1 blackhats.tc127.0.0.1 www.blackhats.tc127.0.0.1 blackhawksoftware.com127.0.0.1 www.blackhawksoftware.com127.0.0.1 blackjack-free.net127.0.0.1 blazefind.com127.0.0.1 blender.xu.pl127.0.0.1 blondetgp.com127.0.0.1 blue-elefant.com127.0.0.1 www.blue-elefant.com127.0.0.1 bm.theaimonline.com127.0.0.1 www.bm.theaimonline.com127.0.0.1 bnmgate.com127.0.0.1 www.bnmgate.com127.0.0.1 bodaciousbabette.com127.0.0.1 bonzi.com127.0.0.1 www.bonzi.com127.0.0.1 boobdoll.com127.0.0.1 boobsandtits.com127.0.0.1 boobsclub.com127.0.0.1 bookedspace.com127.0.0.1 www.bookedspace.com127.0.0.1 boom.com.vn127.0.0.1 www.boom.com.vn127.0.0.1 boredlife.com127.0.0.1 bowlofogumbo.com127.0.0.1 bpfq02.com127.0.0.1 www.bpfq02.com127.0.0.1 bqgate.com127.0.0.1 www.bqgate.com127.0.0.1 br.errorsafe.com127.0.0.1 br.winantivirus.com127.0.0.1 br.winfixer.com127.0.0.1 bradcoem.org127.0.0.1 braincodec.com127.0.0.1 www.braincodec.com127.0.0.1 brandiyoung.com127.0.0.1 bravesentry.com127.0.0.1 www.bravesentry.com127.0.0.1 breenten.biz127.0.0.1 www.breenten.biz127.0.0.1 brodbfm.net127.0.0.1 www.brodbfm.net127.0.0.1 brookeburn.com127.0.0.1 browserwise.com127.0.0.1 www.browserwise.com127.0.0.1 bucps.com127.0.0.1 buhartes.info127.0.0.1 buldog-stats.com127.0.0.1 bullseye-network.com127.0.0.1 www.bullseye-network.com127.0.0.1 burgerkingbigscreen.com127.0.0.1 burnsrecyclinginc.com127.0.0.1 www.burnsrecyclinginc.com127.0.0.1 buscards.net127.0.0.1 bustyrussell.com127.0.0.1 busysearch.net127.0.0.1 www.busysearch.net127.0.0.1 buttejazz.org127.0.0.1 buy-find.info127.0.0.1 www.buy-find.info127.0.0.1 buyselldomain.net127.0.0.1 buytraff.biz127.0.0.1 www.buytraff.biz127.0.0.1 buz.ru127.0.0.1 bvirgilio.it127.0.0.1 www.bvirgilio.it127.0.0.1 c.centralmedia.ws127.0.0.1 c.enhance.com127.0.0.1 www.c.enhance.com127.0.0.1 c.goclick.com127.0.0.1 c4tdownload.com127.0.0.1 www.c4tdownload.com127.0.0.1 c5.www4free.info127.0.0.1 www.c5.www4free.info127.0.0.1 cache.surfaccuracy.com127.0.0.1 www.cache.surfaccuracy.com127.0.0.1 cache.ysbweb.com127.0.0.1 calcioturris.com127.0.0.1 calendaralerts.net127.0.0.1 www.calendaralerts.net127.0.0.1 cameouk.co.uk127.0.0.1 www.cameouk.co.uk127.0.0.1 cameup.com127.0.0.1 camouflageclothingonline.net127.0.0.1 www.camouflageclothingonline.net127.0.0.1 camup.net127.0.0.1 canberracricketcoaching.com127.0.0.1 candycantaloupes.com127.0.0.1 canidetect.org127.0.0.1 www.canidetect.org127.0.0.1 cantfind.com127.0.0.1 www.cantfind.com127.0.0.1 careers.dulcineasystems.net127.0.0.1 carsands.com127.0.0.1 carsrentals.net127.0.0.1 cartoes.uol.com.br127.0.0.1 casalemedia.com127.0.0.1 www.casalemedia.com127.0.0.1 cashdeluxe.net127.0.0.1 www.cashdeluxe.net127.0.0.1 cashengines.com127.0.0.1 www.cashengines.com127.0.0.1 cashsearch.biz127.0.0.1 cashsurfers.com127.0.0.1 www.cashsurfers.com127.0.0.1 CashUnlim.com127.0.0.1 www.CashUnlim.com127.0.0.1 casino.com.free.game.pogo.gratisdownloads.nl127.0.0.1 casino2win.net127.0.0.1 casino-gambling-1.net127.0.0.1 casino-gambling-2.net127.0.0.1 casinomidas.net127.0.0.1 casinonline.net127.0.0.1 casino-onlines.net127.0.0.1 castingsamateur.com127.0.0.1 www.castingsamateur.com127.0.0.1 catallogue.com127.0.0.1 catch-dc.info127.0.0.1 www.catch-dc.info127.0.0.1 categories.mygeek.com127.0.0.1 catsss.da.ru127.0.0.1 caxa.ru127.0.0.1 cc.panet.org127.0.0.1 ccecaedbebfcaf.com127.0.0.1 www.ccecaedbebfcaf.com127.0.0.1 cclebali.org127.0.0.1 ccorriere.it127.0.0.1 www.ccorriere.it127.0.0.1 cdegate.com127.0.0.1 www.cdegate.com127.0.0.1 cdn.drivecleaner.com127.0.0.1 cdn.errorsafe.com127.0.0.1 cdn.movies-etc.com127.0.0.1 cdn.winsoftware.com127.0.0.1 cdn2.movies-etc.com127.0.0.1 cdorriere.it127.0.0.1 www.cdorriere.it127.0.0.1 ceewawires.org127.0.0.1 centralmedia.ws127.0.0.1 certumgroup.com127.0.0.1 cforriere.it127.0.0.1 www.cforriere.it127.0.0.1 check.jupitersatellites.biz127.0.0.1 www.check.jupitersatellites.biz127.0.0.1 checkin100.com127.0.0.1 www.checkin100.com127.0.0.1 checkssecurity.com127.0.0.1 www.checkssecurity.com127.0.0.1 chelancatering.com127.0.0.1 chenshijituan.com127.0.0.1 www.chenshijituan.com127.0.0.1 childrenvilla.com127.0.0.1 chips-4-free.com127.0.0.1 chrisswasey.com127.0.0.1 chriswallace.net127.0.0.1 cia-trjn.myvnc.com127.0.0.1 www.cia-trjn.myvnc.com127.0.0.1 ciorriere.it127.0.0.1 www.ciorriere.it127.0.0.1 cirriere.it127.0.0.1 www.cirriere.it127.0.0.1 ckick4thumbs.com127.0.0.1 cl55.biz127.0.0.1 clackamasliteraryreview.com127.0.0.1 cleansoftwares.com127.0.0.1 www.cleansoftwares.com127.0.0.1 clearsearch.cc127.0.0.1 clearsearch.net127.0.0.1 clickaire.com127.0.0.1 click-codec.com127.0.0.1 www.click-codec.com127.0.0.1 clickhere4search.com127.0.0.1 www.clickhere4search.com127.0.0.1 click-now.net127.0.0.1 clickspring.net127.0.0.1 www.clickspring.net127.0.0.1 click-to-download.com127.0.0.1 www.click-to-download.com127.0.0.1 clicktomakeasearch.com127.0.0.1 www.clicktomakeasearch.com127.0.0.1 clickyestoenter.net127.0.0.1 client.exeupdate.com127.0.0.1 client.myadultexplorer.com127.0.0.1 cliks.org127.0.0.1 www.cliks.org127.0.0.1 clorriere.it127.0.0.1 www.clorriere.it127.0.0.1 clrsch.com127.0.0.1 clubxxxvideo.com127.0.0.1 www.clubxxxvideo.com127.0.0.1 clusif.free.fr127.0.0.1 cmtapestry.com127.0.0.1 cnetadd.com127.0.0.1 www.cnetadd.com127.0.0.1 cnzz.com127.0.0.1 www.cnzz.com127.0.0.1 code.ignphrases.com127.0.0.1 codec.ninoa.com127.0.0.1 codecdvd.net127.0.0.1 www.codecdvd.net127.0.0.1 codec-fun.com127.0.0.1 www.codec-fun.com127.0.0.1 codecsoft.net127.0.0.1 www.codecsoft.net127.0.0.1 codrriere.it127.0.0.1 www.codrriere.it127.0.0.1 coeriere.it127.0.0.1 www.coeriere.it127.0.0.1 coerriere.it127.0.0.1 www.coerriere.it127.0.0.1 cofrriere.it127.0.0.1 www.cofrriere.it127.0.0.1 cogrriere.it127.0.0.1 www.cogrriere.it127.0.0.1 coirriere.it127.0.0.1 www.coirriere.it127.0.0.1 command.adservs.com127.0.0.1 www.commonname.com127.0.0.1 computerpcgames.net127.0.0.1 www.computerpcgames.net127.0.0.1 computerrecover.com127.0.0.1 www.computerrecover.com127.0.0.1 config.180solutions.com127.0.0.1 content.dollarrevenue.com127.0.0.1 www.content.dollarrevenue.com127.0.0.1 content.ireit.com127.0.0.1 www.content.ireit.com127.0.0.1 content.onerateld.com127.0.0.1 contentmatch.net127.0.0.1 www.contentmatch.net127.0.0.1 contra-virus.com127.0.0.1 www.contra-virus.com127.0.0.1 controlmeh.com127.0.0.1 www.controlmeh.com127.0.0.1 cooldeskalert.com127.0.0.1 www.cooldeskalert.com127.0.0.1 coolfetishsite.com127.0.0.1 coolfreehost.com127.0.0.1 coolfreepage.com127.0.0.1 coolfreepages.com127.0.0.1 cool-homepage.co127.0.0.1 cool-homepage.com127.0.0.1 coolmoneysearch.com127.0.0.1 coolpornsearch.com127.0.0.1 cool-search.net127.0.0.1 cool-search.netfartpost.com127.0.0.1 coolsearcher.info127.0.0.1 coolservecorp.net127.0.0.1 www.coolservecorp.net127.0.0.1 coolwebsearch.com127.0.0.1 www.coolwebsearch.com127.0.0.1 cool-web-search.com127.0.0.1 coolwebsearsh.com127.0.0.1 coolwwwsearch.com127.0.0.1 www.coolwwwsearch.com127.0.0.1 cool-xxx.net127.0.0.1 coorriere.it127.0.0.1 www.coorriere.it127.0.0.1 copmtraine.com127.0.0.1 coprriere.it127.0.0.1 www.coprriere.it127.0.0.1 core.psyche-evolution.com127.0.0.1 www.core.psyche-evolution.com127.0.0.1 coreiere.it127.0.0.1 www.coreiere.it127.0.0.1 coreriere.it127.0.0.1 www.coreriere.it127.0.0.1 corrdiere.it127.0.0.1 www.corrdiere.it127.0.0.1 correiere.it127.0.0.1 www.correiere.it127.0.0.1 corrfiere.it127.0.0.1
Logged

Offline cpl

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
cant start none of my windows services because...........??
« Reply #7 on: January 03, 2008, 03:38:21 PM »
ComboFix 08-01-03.4 - 2008-01-03 10:24:39.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1635 [GMT -6:00]
Running from: C:\Documents and SettingDesktop\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\alxvdvm.dll
C:\WINDOWS\dat.txt
C:\WINDOWS\fvkwdrt.exe
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt

.
(((((((((((((((((((((((((   Files Created from 2007-12-03 to 2008-01-03  )))))))))))))))))))))))))))))))
.

2008-01-03 10:23 . 2000-08-31 08:00   51,200   --a------   C:\WINDOWS\NirCmd.exe
2008-01-03 09:58 . 2007-09-05 23:22   289,144   --a------   C:\WINDOWS\system32\VCCLSID.exe
2008-01-03 09:58 . 2006-04-27 16:49   288,417   --a------   C:\WINDOWS\system32\SrchSTS.exe
2008-01-03 09:58 . 2007-12-20 23:11   81,920   --a------   C:\WINDOWS\system32\IEDFix.exe
2008-01-03 09:58 . 2003-06-05 20:13   53,248   --a------   C:\WINDOWS\system32\Process.exe
2008-01-03 09:58 . 2004-07-31 17:50   51,200   --a------   C:\WINDOWS\system32\dumphive.exe
2008-01-03 09:58 . 2007-10-03 23:36   25,600   --a------   C:\WINDOWS\system32\WS2Fix.exe
2008-01-03 09:39 . 2008-01-03 09:58   5,034   --a------   C:\WINDOWS\system32\tmp.reg
2008-01-03 08:38 . 2008-01-03 08:38   <DIR>   d--------   C:\Program Files\MSBuild
2008-01-03 08:36 . 2008-01-03 08:36   <DIR>   d--------   C:\WINDOWS\system32\XPSViewer
2008-01-03 08:35 . 2008-01-03 08:35   <DIR>   d--------   C:\Program Files\Reference Assemblies
2008-01-03 08:34 . 2006-06-29 13:07   14,048   ---------   C:\WINDOWS\system32\spmsg2.dll
2008-01-03 08:33 . 2008-01-03 08:33   <DIR>   d--------   C:\Program Files\Windows Media Connect 2
2008-01-03 08:33 . 2008-01-03 08:33   <DIR>   d--------   C:\Program Files\MSXML 6.0
2008-01-03 08:33 . 2006-10-04 08:06   1,197,294   ---------   C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-01-03 08:33 . 2006-10-04 08:06   764,868   ---------   C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-01-03 08:33 . 2006-10-04 08:06   217,118   ---------   C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-01-03 08:31 . 2008-01-03 08:31   <DIR>   d--------   C:\WINDOWS\system32\LogFiles
2008-01-03 08:31 . 2008-01-03 08:32   <DIR>   d--------   C:\WINDOWS\system32\drivers\UMDF
2008-01-03 08:22 . 2006-11-13 00:02   288,768   ---------   C:\WINDOWS\system32\rhttpaa.dll
2008-01-03 08:22 . 2006-11-13 00:02   116,736   ---------   C:\WINDOWS\system32\aaclient.dll
2008-01-03 08:22 . 2006-11-13 00:02   36,352   ---------   C:\WINDOWS\system32\tsgqec.dll
2008-01-02 17:18 . 2008-01-02 17:18   <DIR>   d--------   C:\Program Files\TweakNow RegCleaner Pro
2008-01-02 16:49 . 2008-01-02 16:49   <DIR>   d--------   C:\Program Files\Trend Micro
2008-01-02 16:03 . 2008-01-02 16:03   <DIR>   d--------   C:\Program Files\Lavasoft
2008-01-02 15:55 . 2008-01-02 17:10   <DIR>   d--------   C:\Program Files\Spyware Terminator
2007-12-28 16:47 . 2007-12-28 16:47   0   --a------   C:\WINDOWS\nsreg.dat
2007-12-28 15:39 . 2007-12-28 15:39   <DIR>   d--------   C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-28 15:26 . 2007-07-30 19:19   25,944   --a------   C:\WINDOWS\system32\wuapi.dll.mui
2007-12-28 14:24 . 2007-12-28 16:24   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-28 14:19 . 2007-12-28 14:19   <DIR>   d--------   C:\Program Files\Enigma Software Group
2007-12-28 14:11 . 2007-12-28 14:11   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-28 14:08 . 2007-12-28 14:18   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2007-12-26 11:18 . 2007-12-26 11:18   <DIR>   d--------   C:\Program Files\MediaSupplyCodec
2007-12-12 08:26 . 2007-10-29 16:43   1,287,680   ---------   C:\WINDOWS\system32\dllcache\quartz.dll
2007-12-12 08:26 . 2007-07-06 06:46   660,992   ---------   C:\WINDOWS\system32\dllcache\mqqm.dll
2007-12-12 08:26 . 2007-07-06 06:46   471,552   ---------   C:\WINDOWS\system32\dllcache\mqutil.dll
2007-12-12 08:26 . 2007-07-06 06:46   177,152   ---------   C:\WINDOWS\system32\dllcache\mqrt.dll
2007-12-12 08:26 . 2007-07-06 06:46   138,240   ---------   C:\WINDOWS\system32\dllcache\mqad.dll
2007-12-12 08:26 . 2007-07-06 06:46   95,744   ---------   C:\WINDOWS\system32\dllcache\mqsec.dll
2007-12-12 08:26 . 2007-07-06 04:05   72,960   ---------   C:\WINDOWS\system32\dllcache\mqac.sys
2007-12-12 08:26 . 2007-07-06 06:46   48,640   ---------   C:\WINDOWS\system32\dllcache\mqupgrd.dll
2007-12-12 08:26 . 2007-07-06 06:46   47,104   ---------   C:\WINDOWS\system32\dllcache\mqdscli.dll
2007-12-12 08:26 . 2007-07-06 06:46   16,896   ---------   C:\WINDOWS\system32\dllcache\mqise.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-13 10:25   20,480   ----a-w   C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-31 11:12   3,590,656   ----a-w   C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43   1,287,680   ----a-w   C:\WINDOWS\system32\quartz.dll
2007-10-26 03:34   8,460,288   ----a-w   C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-24 07:47   96,760   ----a-w   C:\WINDOWS\system32\dfshim.dll
2007-10-24 07:47   84,480   ----a-w   C:\WINDOWS\system32\mscories.dll
2007-10-24 07:47   282,112   ----a-w   C:\WINDOWS\system32\mscoree.dll
2007-10-24 07:47   158,720   ----a-w   C:\WINDOWS\system32\mscorier.dll
2007-10-10 23:56   824,832   ----a-w   C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:56   232,960   ------w   C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:56   1,159,680   ----a-w   C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:55   671,232   ----a-w   C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:55   63,488   ------w   C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:55   6,065,664   ------w   C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:55   52,224   ------w   C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:55   478,208   ----a-w   C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:55   459,264   ------w   C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:55   44,544   ------w   C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:55   384,512   ------w   C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:55   383,488   ------w   C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:55   27,648   ----a-w   C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:55   267,776   ------w   C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:55   230,400   ------w   C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:55   214,528   ----a-w   C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:55   193,024   ----a-w   C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:55   153,088   ------w   C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:55   132,608   ----a-w   C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:55   124,928   ------w   C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:55   105,984   ------w   C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:55   102,400   ------w   C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 10:59   70,656   ------w   C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59   625,152   ------w   C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59   13,824   ------w   C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46   161,792   ------w   C:\WINDOWS\system32\dllcache\ieakui.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56 602182]
"Track-It! Workstation Manager Service Monitor"="C:\WINDOWS\TIREMOTE\TIServiceMonitor.exe" [2006-08-18 14:23 414720]
"dlbxmon.exe"="C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe" [ ]
"DLBXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [2004-12-07 16:43 69632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16:30 282624 C:\WINDOWS\stsystra.exe]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 16:44 98304]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 16:45 118784]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 16:41 77824]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 20:29 49152]
"Document Manager"="C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-05-16 12:35 102400]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20 122940]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-06-29 12:13 1032192]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 12:13 176128]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328]
"Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe" [2005-06-08 04:30 20530]
"Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe" [2005-06-08 04:30 24626]
"Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe" [2005-06-08 04:30 45106]
"Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe" [2005-06-08 04:30 20480]
"Client Access PC5250 Sound"="C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe" [2005-06-08 04:30 40960]
"NGTray"="C:\Program Files\Symantec\Ghost\ngtray.exe" [2006-12-04 14:32 222856]
"DLPSP"="C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2006-02-22 23:00 192512]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2007-01-11 08:53:40]
EMBASSY Trust Suite Secure Update.lnk - C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-01-30 17:11:48]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wxvault.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages   REG_MULTI_SZ      msv1_0 wvauth

R0 PBADRV;PBADRV;C:\WINDOWS\system32\drivers\pbadrv.sys [2005-12-09 15:35]
R3 guardian2;guardian2;C:\WINDOWS\system32\Drivers\oz776.sys [2007-01-31 01:37]
R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;C:\WINDOWS\system32\DRIVERS\nwdelmdm.sys [2006-08-13 17:31]
R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;C:\WINDOWS\system32\DRIVERS\nwdelser.sys [2006-08-13 17:31]
S2 DLSDB;Dell Printer Status Database;C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [2005-08-25 16:53]
S2 NGCLIENT;Symantec Ghost Client Agent;"C:\Program Files\Symantec\Ghost\ngctw32.exe" [2006-12-04 14:32]
S2 TIRmtCtl;Track-It! Remote Control;C:\WINDOWS\TIREMOTE\wuser32.exe [2006-08-18 14:08]
S2 TIRmtSvc;Track-It! Workstation Manager;C:\WINDOWS\TIREMOTE\TIRemoteService.exe [2006-08-18 14:23]
S3 FileObjInfo;STFileDriver;C:\Documents and Settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys []
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2006-08-02 15:54]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-03 10:29:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\detoured.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\detoured.dll

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\detoured.dll
.
Completion time: 2008-01-03 10:30:08 - machine was rebooted
ComboFix-quarantined-files.txt  2008-01-03 16:30:05
.
2007-12-13 18:02:04   --- E O F ---
Logged

Offline cpl

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
cant start none of my windows services because...........??
« Reply #8 on: January 03, 2008, 03:47:11 PM »
thanks for be so helpful but I am reinstalling windows
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
cant start none of my windows services because...........??
« Reply #9 on: January 03, 2008, 04:06:38 PM »
It's your option to reinstall

Do you have time to look for this file on your machine

C:\WINDOWS\system32\detoured.dll <-this file

Ensure it's in the System32 folder and has the Exact name of detoured.dll
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline cpl

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
cant start none of my windows services because...........??
« Reply #10 on: January 03, 2008, 04:28:21 PM »
I already started the install.thanks
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
cant start none of my windows services because...........??
« Reply #11 on: January 03, 2008, 04:36:55 PM »
[quote name=\'cpl\' post=\'417698\' date=\'Jan 3 2008, 02:28 PM\']I already started the install.thanks[/quote]

Oh well, I tried
Thanks for getting back to me  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
I'll lock this topic
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »