Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible Continued Contamination

Started by usp97 , Jan 20 2007 01:31 PM

  • Please log in to reply

#1
usp97
Posted 20 January 2007 - 01:31 PM

usp97

    Member

  • Member
  • PipPip
  • 42 posts
Here are the saved logs from the scans listed in the instructions for what to do prior to posting. They are in the order of the instructions. Thank you in advance for any help given.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:18:09 PM 1/19/2007

+ Scan result:



HKLM\SOFTWARE\Classes\CLSID\{A8BD6820-6ED7-423E-9558-2D1486B0FEEA} -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKLM\SOFTWARE\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKLM\SOFTWARE\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1957994488-1212140291-1003\Software\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1957994488-1212140291-1003\Software\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_48.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-21-1275210071-1957994488-1212140291-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Download Plugin\DlPlugin-Moz\npdlplug.dll -> Adware.PluginDL : Cleaned with backup (quarantined).
C:\Program Files\Download Plugin\DlPlugin-Moz\setup2.exe -> Adware.PluginDL : Cleaned with backup (quarantined).
C:\Program Files\Mozilla Firefox\plugins\npdlplug.dll -> Adware.PluginDL : Cleaned with backup (quarantined).
C:\WINDOWS\srvmbdyfwt.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\qvxga7met4.exe -> Downloader.Agent.bcv : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kernels88.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\WINDOWS\system32\qvx5gamet2.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vxg4am1et2.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drvkuz.dll -> Not-A-Virus.Hoax.Win32.Renos.gi : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nn.dll -> Proxy.Agent.df : Cleaned with backup (quarantined).
[216] C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll -> Proxy.Xorpix : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wincom32.sys -> Rootkit.Agent.dh : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ahwkog32.dll -> Trojan.Agent.ncm : Cleaned with backup (quarantined).
C:\WINDOWS\system32\hshn32.dll -> Trojan.Agent.ncm : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ctjtr.sys -> Trojan.EmailSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ksthn.sys -> Trojan.EmailSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\comdlg77.dll -> Worm.Locksky.aq : Cleaned with backup (quarantined).


::Report end

------------------------------------------------------------------------- SUPERAntiSpyware Scan Log
Generated 01/19/2007 at 08:50 PM

Application Version : 3.5.1016

Core Rules Database Version : 3167
Trace Rules Database Version: 1178

Scan type : Complete Scan
Total Scan Time : 02:00:44

Memory items scanned : 427
Memory threats detected : 3
Registry items scanned : 4632
Registry threats detected : 49
File items scanned : 17872
File threats detected : 34

Trojan.Downloader-Gen
C:\WINDOWS\SYSTEM32\ADIRSS.EXE
C:\WINDOWS\SYSTEM32\ADIRSS.EXE
[sysinter] C:\WINDOWS\SYSTEM32\ADIRSS.EXE
C:\WINDOWS\SYSTEM32\GRBQCDL.DLL

Trojan.ClbBt
C:\WINDOWS\SYSTEM32\CLCBT.EXE
C:\WINDOWS\SYSTEM32\CLCBT.EXE
[clcbt.exe] C:\WINDOWS\SYSTEM32\CLCBT.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{584ABDC3-D2C7-4D6D-B776-1A999B91702D}\RP415\A0026795.DLL

Trojan.Downloader-SVCHost/Fake
C:\PROGRAM FILES\COMMON FILES\SVCHOST.EXE
C:\PROGRAM FILES\COMMON FILES\SVCHOST.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{584ABDC3-D2C7-4D6D-B776-1A999B91702D}\RP415\A0026770.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{584ABDC3-D2C7-4D6D-B776-1A999B91702D}\RP415\A0026781.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{584ABDC3-D2C7-4D6D-B776-1A999B91702D}\RP415\A0026819.EXE
C:\WINDOWS\SVCHOST.EXE

Adware.WebNexus
HKLM\Software\qstat
HKLM\Software\qstat#double
HKLM\Software\qstat#brr
HKLM\Software\qstat#unq
HKLM\Software\qstat#lid
HKLM\Software\qstat#stat

Trojan.Unknown Origin
HKLM\SOFTWARE\Microsoft\MSSMGR
HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd
HKLM\SOFTWARE\Microsoft\MSSMGR#BSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#SSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#SCLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#SSLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#PSTV
C:\WINDOWS\SYSTEM32\VX.TLL
C:\WINDOWS\UNIST1.HTM

Trojan.WinBo32/Enhance
HKLM\Software\System\sysold
HKLM\Software\System\sysold#sys101689151325
HKLM\Software\System\sysold#sys101689151325.exe
HKU\S-1-5-21-1275210071-1957994488-1212140291-1003\Software\System\sysuid

Adware.FullContext
HKU\S-1-5-21-1275210071-1957994488-1212140291-1003\Software\PSCloner

Adware.DeluxeCommunications
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks#{A8BD6820-6ED7-423E-9558-2D1486B0FEEA}
C:\DOCUMENTS AND SETTINGS\JANET_FRED\APPLICATION DATA\DXCKNWRD.DLL

Trojan.Downloader-WS2F
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\winsys2freg
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\winsys2freg#DllName
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\winsys2freg#Startup
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\winsys2freg#Impersonate
HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\winsys2freg#Asynchronous

Trojan.BHOPlugin/Terp
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TCP_AND_UDP_SUPP0RT
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TCP_AND_UDP_SUPP0RT#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TCP_AND_UDP_SUPP0RT\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TCP_AND_UDP_SUPP0RT\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TCP_AND_UDP_SUPP0RT\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TCP_AND_UDP_SUPP0RT\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TCP_AND_UDP_SUPP0RT\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TCP_AND_UDP_SUPP0RT\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TCP_AND_UDP_SUPP0RT\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Services\TCP and UDP Supp0rt
HKLM\SYSTEM\CurrentControlSet\Services\TCP and UDP Supp0rt#Type
HKLM\SYSTEM\CurrentControlSet\Services\TCP and UDP Supp0rt#Start
HKLM\SYSTEM\CurrentControlSet\Services\TCP and UDP Supp0rt#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\TCP and UDP Supp0rt#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\TCP and UDP Supp0rt#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\TCP and UDP Supp0rt#ObjectName
HKLM\SYSTEM\CurrentControlSet\Services\TCP and UDP Supp0rt#Description
HKLM\SYSTEM\CurrentControlSet\Services\TCP and UDP Supp0rt\Security
HKLM\SYSTEM\CurrentControlSet\Services\TCP and UDP Supp0rt\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\TCP and UDP Supp0rt\Enum
HKLM\SYSTEM\CurrentControlSet\Services\TCP and UDP Supp0rt\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\TCP and UDP Supp0rt\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\TCP and UDP Supp0rt\Enum#NextInstance

Adware.MSUpdate
C:\DOCUMENTS AND SETTINGS\JANET_FRED\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\21.COM.LNK
C:\DOCUMENTS AND SETTINGS\JANET_FRED\FAVORITES\21.COM.LNK

Adware.Lop-Gen
C:\PROGRAM FILES\DOWNLOAD PLUGIN\DLPLUGIN-MOZ\BUDDY.EXE

Adware.k8l
C:\PROGRAM FILES\ONLINE SERVICES\RTEQEPRAPRE.HTML

Trojan.Tarakan/Rootkit
C:\SYSTEM VOLUME INFORMATION\_RESTORE{584ABDC3-D2C7-4D6D-B776-1A999B91702D}\RP415\A0026796.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{584ABDC3-D2C7-4D6D-B776-1A999B91702D}\RP415\A0026797.SYS

Trojan.Downloader-QwertyBot
C:\SYSTEM VOLUME INFORMATION\_RESTORE{584ABDC3-D2C7-4D6D-B776-1A999B91702D}\RP415\A0026799.EXE

Trojan.ZQuest
C:\SYSTEM VOLUME INFORMATION\_RESTORE{584ABDC3-D2C7-4D6D-B776-1A999B91702D}\RP415\A0026801.DLL

Trojan.Downloader-WinCom32/Rootkit
C:\SYSTEM VOLUME INFORMATION\_RESTORE{584ABDC3-D2C7-4D6D-B776-1A999B91702D}\RP415\A0026803.SYS
C:\WINDOWS\SYSTEM32\GAME5.EXE

Trojan.NewDotNet
C:\SYSTEM VOLUME INFORMATION\_RESTORE{584ABDC3-D2C7-4D6D-B776-1A999B91702D}\RP415\A0026804.EXE

Unclassified.Unknown Origin/System
C:\SYSTEM VOLUME INFORMATION\_RESTORE{584ABDC3-D2C7-4D6D-B776-1A999B91702D}\RP415\A0026808.EXE
C:\WINDOWS\UNINST2.HTM

Trojan.Downloader-DRVSAM
C:\SYSTEM VOLUME INFORMATION\_RESTORE{584ABDC3-D2C7-4D6D-B776-1A999B91702D}\RP415\A0026809.DLL

Trojan.Downloader-Gen/Win
C:\WINDOWS\SYSTEM32\GAME0.EXE.EXE
C:\WINDOWS\SYSTEM32\GAME5.EXE.EXE

Trojan.VXGame-Gen
C:\WINDOWS\SYSTEM32\GAME1.EXE
C:\WINDOWS\SYSTEM32\GAME2.EXE
C:\WINDOWS\SYSTEM32\GAME4.EXE

Trojan.Downloader-RS1/Bundles
C:\WINDOWS\SYSTEM32\QOX424D12C.DLL
C:\WINDOWS\SYSTEM32\W0320156.DLL

Trojan.TaskDir
C:\WINDOWS\SYSTEM32\ZLBW.DLL

-----------------------------------------------------------------------
Panda

Incident Status Location

Adware:adware/adsmart Not disinfected c:\windows\system32\maxd641.exe
Virus:trj/torpig.a Disinfected Operating system
Adware:adware/cws Not disinfected C:\Documents and Settings\JANET_FRED\Favorites\Fun & Games
Adware:adware/sqwire Not disinfected Windows Registry
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\JANET_FRED\Cookies\janet_fred@atdmt[1].txt

---------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 2:22:39 PM, on 1/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\SiteAdvisor\6009\SiteAdv.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\SiteAdvisor\6009\SAService.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\JANET_FRED\Desktop\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6009\SiteAdv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6009\SiteAdv.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6009\SiteAdv.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [rcmaabxs] C:\bmqkkfss.bat
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6009\SiteAdv.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: ewido security suite control - Unknown owner - C:\Program Files\ewido anti-malware\ewidoctrl.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6009\SAService.exe

---------------------------------------------------

uninstall list

Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.8
Adobe® Photoshop® Album Starter Edition 3.0
AVG Anti-Spyware 7.5
Comcast High-Speed Internet Install Wizard
Download Plugin for Mozilla, Opera, Netscape
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Java 2 Runtime Environment Standard Edition v1.3.1_04
Lexmark Photo Center
Lexmark Z700-P700 Series
McAfee SecurityCenter
Microsoft Interactive Training
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Professional
Mozilla Firefox (2.0.0.1)
Nero 6 Enterprise Edition
Panda ActiveScan
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB929969)
Snood for Windows version 3.52-W
SUPERAntiSpyware Free Edition
Tweakui Powertoy for Windows XP
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver

----------------------------------------------

Thank you again for any help.

Matthew
  • 0

Advertisements

#2
Bobbi Flekman
Posted 15 February 2007 - 07:31 AM

Bobbi Flekman

    The Computer Whisperer

  • Expert
  • 3,761 posts
  • MVP
Hi Matthew,

If you still need help, can you please post a fresh log from HijackThis?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP