fv858
asked on
HiJackThis Won't Launch
Hello all,
I noticed yesterday if I did a Google search any of the links that came up from the search would forward me to a searchweb site. So I tried to load HiJackThis to see if I could remove the Spyware however after I install the program won't launch. I have tried to run in Safe Mode with the same result. I was able to load and run AdAware but would like to run HijackThis to review the log. Has anyone seen this behavior before? Any ideas? Thanks
I noticed yesterday if I did a Google search any of the links that came up from the search would forward me to a searchweb site. So I tried to load HiJackThis to see if I could remove the Spyware however after I install the program won't launch. I have tried to run in Safe Mode with the same result. I was able to load and run AdAware but would like to run HijackThis to review the log. Has anyone seen this behavior before? Any ideas? Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
It sounds like the Hosts file is modified by a virus. You can edit it by going here:
C:\WINDOWS\SYSTEM32\DRIVER S\etc
This is a typical hosts file (initial settings)
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
For now, remove everything but the above.
C:\WINDOWS\SYSTEM32\DRIVER
This is a typical hosts file (initial settings)
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
For now, remove everything but the above.
almost forgot, use Notepad to open the hosts file for editing.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok that worked....I finally got the log. I will post a new thread for the log.
ASKER
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:24:03 AM, on 5/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\system32\spools v.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev iceService .exe
C:\PROGRA~1\AVG\AVG8\avgwd svc.exe
C:\Program Files\Bonjour\mDNSResponde r.exe
C:\WINDOWS\system32\cisvc. exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.ex e
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NI CCONFIGSVC .exe
C:\WINDOWS\system32\HPZipm 12.exe
C:\PROGRA~1\AVG\AVG8\avgrs x.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QB CFMonitorS ervice.exe
C:\WINDOWS\system32\svchos t.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWa tch9.exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuaucl t.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\cidaem on.exe
C:\WINDOWS\system32\cidaem on.exe
C:\Program Files\Trend Micro\HijackThis\dog.exe
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Sear ch_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\In ternet Explorer\SearchURL,(Defaul t) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Wi ndows\Curr entVersion \Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Wi ndows\Curr entVersion \Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7 695ECA0567 0} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIE Helper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4 E65E497C8C 0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0 BBC1D38A37 E} - C:\Program Files\Microsoft Office\Office12\GrooveShel lExtension s.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D 4DAF1D92D4 3} - C:\Program Files\Java\jre6\bin\ssv.dl l
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-B A8D5E23E04 5} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C F10577473F 7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0 445EE16191 0} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClien t.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-C E66B5AD205 D} - C:\Program Files\Google\GoogleToolbar Notifier\5 .1.1309.35 72\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-7 6C02E2E7C4 E} - C:\Program Files\Google\Google Toolbar\Component\fastsear ch_A8904FB 862BD9564. dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A 07C3DB8F77 7} - c:\Program Files\GoogleAFE\GoogleAE.d ll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9 C25C1C588A 9} - C:\Program Files\Java\jre6\bin\jp2ssv .dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-9 0002030B8E E} - C:\PROGRA~1\FlashFXP\IEFla sh.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-E ABFE594F69 C} - C:\Program Files\Java\jre6\lib\deploy \jqs\ie\jq s_plugin.d ll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0 819E2EAAC9 3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClien t.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-0 09027A5CD4 F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4 \Office12\ EXCEL.EXE/ 3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5 663EE0C6C4 9} - C:\PROGRA~1\MICROS~4\Offic e12\ONBttn IE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5 663EE0C6C4 9} - C:\PROGRA~1\MICROS~4\Offic e12\ONBttn IE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3 C9C571A826 3} - C:\PROGRA~1\MICROS~4\Offic e12\REFIEB AR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0 0C0F0318AF E} - C:\WINDOWS\system32\Shdocv w.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f 2ba3849658 3} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f 2ba3849658 3} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://internal.forwardventures.com
O16 - DPF: {4871A87A-BFDD-4106-8153-F FDE2BAC296 7} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D 8356294013 4} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-F CFDF33E833 C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141786487921
O16 - DPF: {6E32070A-766D-4EE6-879C-D C1FA91D2FC 3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141788471718
O16 - DPF: {FA91DF8D-53AB-455D-AB20-F 2F023E498D 3} (RSClientPrint Class) - http://fvsddb1.forwardventures.com/ReportServer/Reserved.ReportViewerWebControl.axd?ExecutionID=4eea1t45kmdhwq454iilv2vn&ControlID=bb443161-da4f-474f-9b43-337109b358eb&Culture=1033&UICulture=9&ReportStack=1&OpType=PrintCab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B 5AE0DC75AC 9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\T cpip\..\{6 E0B9AEC-77 53-419F-81 70-E65BD96 C5474}: NameServer = 68.105.28.12,68.105.29.12
O17 - HKLM\System\CS3\Services\T cpip\Param eters: Domain = forwardventures.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3 CB6248B04C D} - C:\Program Files\Microsoft Office\Office12\GrooveSyst emServices .dll
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-0 43BA1B54AE 3} - C:\Program Files\Intuit\QuickBooks Pro\HelpAsyncPluggableProt ocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-F BDDE494F8D 1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-5 3150405FD5 7} - mscoree.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1 830C7DD7F5 D} - C:\PROGRA~1\COMMON~1\Skype \SKYPE4~1. DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B 719FE26E37 7} - C:\Program Files\Google\Google Toolbar\Component\fastsear ch_A8904FB 862BD9564. dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrss tx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc. exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev iceService .exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwd svc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponde r.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Fortinet Service Scheduler (FA_Scheduler) - Fortinet Inc. - C:\Program Files\Fortinet\FortiClient \scheduler .exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterServi ce.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver \11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService .exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.ex e
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AA WService.e xe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NI CCONFIGSVC .exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm 12.exe
O23 - Service: IPSEC Services PolicyAgentodserv (PolicyAgentodserv) - Unknown owner - C:\WINDOWS\system32\1028p. exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QB CFMonitorS ervice.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FC S\Intuit.Q uickBooks. FCS.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLi veShare9.e xe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMe diaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWa tch9.exe
--
End of file - 10710 bytes
Scan saved at 8:24:03 AM, on 5/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\spools
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev
C:\PROGRA~1\AVG\AVG8\avgwd
C:\Program Files\Bonjour\mDNSResponde
C:\WINDOWS\system32\cisvc.
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.ex
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NI
C:\WINDOWS\system32\HPZipm
C:\PROGRA~1\AVG\AVG8\avgrs
C:\Program Files\Common Files\Intuit\QuickBooks\QB
C:\WINDOWS\system32\svchos
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWa
C:\WINDOWS\system32\svchos
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuaucl
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\cidaem
C:\WINDOWS\system32\cidaem
C:\Program Files\Trend Micro\HijackThis\dog.exe
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
R1 - HKCU\Software\Microsoft\Wi
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-B
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-C
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-7
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-9
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-E
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O14 - IERESET.INF: START_PAGE_URL=http://internal.forwardventures.com
O16 - DPF: {4871A87A-BFDD-4106-8153-F
O16 - DPF: {48DD0448-9209-4F81-9F6D-D
O16 - DPF: {6414512B-B978-451D-A0D8-F
O16 - DPF: {6E32070A-766D-4EE6-879C-D
O16 - DPF: {FA91DF8D-53AB-455D-AB20-F
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CS3\Services\T
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-0
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-F
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrss
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwd
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponde
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Fortinet Service Scheduler (FA_Scheduler) - Fortinet Inc. - C:\Program Files\Fortinet\FortiClient
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.ex
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AA
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NI
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm
O23 - Service: IPSEC Services PolicyAgentodserv (PolicyAgentodserv) - Unknown owner - C:\WINDOWS\system32\1028p.
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QB
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FC
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLi
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWa
--
End of file - 10710 bytes
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Have you tried running a malware scan.
You can download a free version here.
www.malwarebytes.org/