Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

DealHelper removal

Started by pfd , Feb 18 2007 07:54 PM

  • Please log in to reply

#1
pfd
Posted 18 February 2007 - 07:54 PM

pfd

    Member

  • Member
  • PipPip
  • 11 posts
DelHelper is taking up better than 3 gig of my hard-drive, please help!

Here is my HiJackThis log

Logfile of HijackThis v1.99.1
Scan saved at 8:39:53 PM, on 2/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\kernel32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 63.70.62.16: 80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MSkernel32] C:\WINDOWS\system32\kernel32.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Kremlin Sentry.lnk = C:\Program Files\Mach5 Software\Kremlin\Kremlin Sentry.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...84/mcinsctl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Network Security Service (__NS_Service_3) - Unknown owner - C:\WINDOWS\sdkbj32.exe (file missing)
  • 0

Advertisements

#2
don77
Posted 18 February 2007 - 09:32 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi there, and welcome to the GeekstoGo!
    • Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      O4 - HKLM\..\Run: [MSkernel32] C:\WINDOWS\system32\kernel32.exe
      O23 - Service: Network Security Service (__NS_Service_3) - Unknown owner - C:\WINDOWS\sdkbj32.exe (file missing)

      Click on Fix Checked when finished and exit HijackThis.


      Download AVG Anti-Spyware from HERE and save that file to your desktop.
      This is a 30 day trial of the program
    • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
    • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
    • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware

Using Windows Explorer, locate the following files/folders, and delete them:

C:\WINDOWS\system32\kernel32.exe
Exit Explorer,
[/list]Reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan

Post back a fresh HijackThis log for me please.

Please post an uninstall list for me as well
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • You can click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into this topic please,

  • 0

#3
pfd
Posted 19 February 2007 - 05:40 PM

pfd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Did what you suggested. Logs are posted below. Couldn't find kernel32.exe, DealHelper still shows on Remove Programs page @ 3.484 gigs and the pc is quite sluggish now.

Logfile of HijackThis v1.99.1
Scan saved at 6:10:33 PM, on 2/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 63.70.62.16: 80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Kremlin Sentry.lnk = C:\Program Files\Mach5 Software\Kremlin\Kremlin Sentry.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...84/mcinsctl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Network Security Service (__NS_Service_3) - Unknown owner - C:\WINDOWS\sdkbj32.exe (file missing)

45s by BFD
7-Zip 3.13
Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0
Auction 45s
AVG Anti-Spyware 7.5
Badongo
BitTorrent 4.4.1
CAMEO
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Citrix Web Client
Conexant SmartHSFi V.9x 56K DF PCI Modem
DealHelper
Dell Digital Jukebox Driver
Dell Solution Center
Dell Support 5.0.0 (766)
Digital Line Detect
DivX
DivX Player
DS21Patch
DVDSentry
FirePrograms for Windows Version 8.22
FirePrograms for Windows Version 8.25
FirePrograms for Windows Version 9.18
FirePrograms for Windows Version 9.3
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet
Internet Explorer Default Page
Java 2 Runtime Environment, SE v1.4.2
KGB Archiver 1.2.0.23 fixed
Kremlin
LandView 5
Learn2 Player (Uninstall Only)
LiveUpdate BVRP Software
MARPLOT 3.3
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Expedia Streets & Trips 2000
Microsoft Home Publishing 2000
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft Picture It! Express 2000
Microsoft SQL Server Desktop Engine
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Word 2000
Microsoft Works 2000
Microsoft Works 2000 Setup Launcher
mobile PhoneTools
Modem Helper
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
NetWaiting
Pop-Up Stopper Free Edition
PowerDVD
QuickTime
RealPlayer
Report Writer for the WJ III
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Shockwave
Sonic DLA
Sonic RecordNow!
Sound Blaster Live!
Spybot - Search & Destroy 1.3
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB931836)
Verizon Online Support Center
VideoLAN VLC media player 0.8.6
WinAce Archiver
Windows Defender
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
WinZip
Word in Works Suite add-in
WordPerfect Office 11
  • 0

#4
don77
Posted 19 February 2007 - 05:58 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Pleaase be sure and reply to this topic


Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

DealHelper



reboot back to normal mode and let me know how you made out please
  • 0

#5
pfd
Posted 20 February 2007 - 08:20 PM

pfd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Don77,

Rebooted in safe mode. When I tried to uninstall DealHelper, got a pop-up with the header Ghost Installer with the message "Installation log not found!"

Please help!
  • 0

#6
don77
Posted 21 February 2007 - 06:06 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
did you run AVG AntiSpyware ?
I would like to see the log from it please
  • 0

#7
pfd
Posted 22 February 2007 - 07:40 PM

pfd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here is a current AVG log.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:32:08 PM 2/22/2007

+ Scan result:



C:\Documents and Settings\Vinni\Local Settings\Temp\~1BC.exe -> Backdoor.Complod.a : No action taken.
C:\Documents and Settings\Vinni\Local Settings\Temp\~1BE.exe -> Backdoor.Complod.a : No action taken.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1121\A0089998.exe -> Backdoor.Complod.a : No action taken.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1195\A0095912.exe -> Backdoor.Complod.a : No action taken.
C:\WINDOWS\SYSTEM32\kernel32.exe -> Backdoor.Complod.a : No action taken.
C:\Documents and Settings\Vinni\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Vinni\Cookies\vinni@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Vinni\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Vinni\Cookies\[email protected][1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Vinni\Cookies\[email protected][1].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\Vinni\Cookies\vinni@sextracker[2].txt -> TrackingCookie.Sextracker : No action taken.
C:\Documents and Settings\Vinni\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Vinni\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Util\Temp\vids-access1104.exe -> Trojan.DNSChanger.hk : No action taken.


::Report end
  • 0

#8
don77
Posted 22 February 2007 - 08:03 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Need to have you run another scan,

C:\Documents and Settings\Vinni\Local Settings\Temp\~1BC.exe -> Backdoor.Complod.a : No action taken.


Next run make sure you use quarantine as the applied actions, post back the new report and a fresh HJT log please
  • 0

#9
pfd
Posted 24 February 2007 - 02:41 PM

pfd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Don77
Here are the new logs:

Logfile of HijackThis v1.99.1
Scan saved at 1:39:46 PM, on 2/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 63.70.62.16: 80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Kremlin Sentry.lnk = C:\Program Files\Mach5 Software\Kremlin\Kremlin Sentry.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...84/mcinsctl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Network Security Service (__NS_Service_3) - Unknown owner - C:\WINDOWS\sdkbj32.exe (file missing)

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:30:09 PM 2/24/2007

+ Scan result:



C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1199\A0096006.exe -> Backdoor.Complod.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1199\A0096007.exe -> Trojan.DNSChanger.hk : Cleaned with backup (quarantined).


::Report end
  • 0

#10
don77
Posted 24 February 2007 - 08:35 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Go to Start > Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the below services:

Network Security Service (__NS_Service_3)

When you find it, double-click on it. In the next window that opens, under the General tab click the Stop button, then click the drop-down box to change the Startup Type to Disabled. Now hit Apply and then Ok.

Open HiJackThis, click on "None of the above, just start the program". Now, click on the "Config" button (bottom right), then click on "Misc Tools", then click on "Delete an NT Service" a window will pop up. Enter the below item into that field (make sure there are NO spaces before or after the name):

__NS_Service_3

Click OK.

It should pull up information about the service, then ask if you want to reboot. Click YES.

Post a new HiJackThis log after it reboots and let me know if you received any error messages.


also
Download ComboScan to your Desktop.
  • Close all applications and windows.
  • Double-click on comboscan.exe to run it, and follow the prompts.
  • The scan may take a minute. When the scan is complete, a text file will open - ComboScan.txt
Extra Note: When running Comboscan, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags Comboscan as suspicious. Please allow the Comboscan to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

Post the Comboscan.txt from the Comboscan into your next reply
  • 0

Advertisements

#11
pfd
Posted 25 February 2007 - 09:51 AM

pfd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
There were no error messages.

Logfile of HijackThis v1.99.1
Scan saved at 10:46:47 AM, on 2/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\Documents and Settings\Vinni\Local Settings\Temporary Internet Files\Content.IE5\JQ08UWDE\comboscan[1].exe
C:\Program Files\Hijackthis\Vinni.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 63.70.62.16: 80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Kremlin Sentry.lnk = C:\Program Files\Mach5 Software\Kremlin\Kremlin Sentry.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...84/mcinsctl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe



ComboScan v20070221.16 run by Vinni on 2007-02-25 at 10:46:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis (run as Vinni.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:46:47 AM, on 2/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\Documents and Settings\Vinni\Local Settings\Temporary Internet Files\Content.IE5\JQ08UWDE\comboscan[1].exe
C:\Program Files\Hijackthis\Vinni.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 63.70.62.16: 80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Kremlin Sentry.lnk = C:\Program Files\Mach5 Software\Kremlin\Kremlin Sentry.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...84/mcinsctl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe


-- HijackThis Fixed Entries (C:\Program Files\Hijackthis\backups\) --------------

backup-20070219-161956-652 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
backup-20070219-161956-684 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
backup-20070219-161956-757 O23 - Service: Network Security Service (__NS_Service_3) - Unknown owner - C:\WINDOWS\sdkbj32.exe (file missing)
backup-20070219-161956-831 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
backup-20070219-161956-862 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
backup-20070219-161956-873 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
backup-20070219-161956-889 O4 - HKLM\..\Run: [MSkernel32] C:\WINDOWS\system32\kernel32.exe

-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

4S agpCPQ (Compaq AGP Bus Filter) - C:\WINDOWS\SYSTEM32\DRIVERS\agpcpq.sys
4S alim1541 (ALI AGP Bus Filter) - C:\WINDOWS\SYSTEM32\DRIVERS\alim1541.sys
4S amdagp (AMD AGP Bus Filter Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\amdagp.sys
3S ati2mtag - C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys
1R AVG Anti-Spyware Driver - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1R AvgAsCln (AVG Anti-Spyware Clean Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
3S bvrp_pci - C:\WINDOWS\SYSTEM32\DRIVERS\bvrp_pci.sys
4S cbidf - C:\WINDOWS\SYSTEM32\DRIVERS\CBIDF2K.SYS
4S dac2w2k - C:\WINDOWS\SYSTEM32\DRIVERS\DAC2W2K.SYS
0R drvmcdb - C:\WINDOWS\SYSTEM32\DRIVERS\drvmcdb.sys
2R drvnddm - C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys
3R E100B (Intel® PRO Adapter Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\e100b325.sys
3S EL90X (3Com EtherLink XL 90X Adapter Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\EL90XND5.SYS
3S EL90XBC (3Com EtherLink XL 90XB/C Adapter Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS
3R HSFHWBS2 - C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys
3R HSF_DP - C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys
3S i81x - C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys
3S iAimFP0 - C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys
3S iAimFP1 - C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys
3S iAimFP2 - C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys
3S iAimFP3 - C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys
3S iAimFP4 - C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys
3S iAimTV0 - C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys
3S iAimTV1 - C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys
3S iAimTV2 - C:\WINDOWS\system32\DRIVERS\wATV03nt.sys (not found)
3S iAimTV3 - C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys
3S iAimTV4 - C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys
3R ialm - C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys
1R intelppm (Intel Processor Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\intelppm.sys
2R mdmxsdk - C:\WINDOWS\SYSTEM32\DRIVERS\mdmxsdk.sys
3R mfeavfk (McAfee Inc.) - C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
3R mfebopk (McAfee Inc.) - C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
3R mfehidk (McAfee Inc.) - C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
3S mferkdk (McAfee Inc.) - C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
3R mfesmfk (McAfee Inc.) - C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
1R MPFP - C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
3S nv - C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys
1R omci (OMCI WDM Device Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys
3R P16X (Creative SB Live! Series (WDM)) - C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys
1S P3 (Intel PentiumIII Processor Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\p3.sys
2R PfModNT - C:\WINDOWS\SYSTEM32\PFMODNT.SYS
0R PxHelp20 - C:\WINDOWS\SYSTEM32\DRIVERS\pxhelp20.sys
4S sisagp (SIS AGP Bus Filter) - C:\WINDOWS\SYSTEM32\DRIVERS\sisagp.sys
1R sscdbhk5 - C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys
1R ssrtln - C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys
2R tfsnboio - C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys
2R tfsncofs - C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys
2R tfsndrct - C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys
2R tfsndres - C:\WINDOWS\SYSTEM32\dla\tfsndres.sys
2R tfsnifs - C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys
2R tfsnopio - C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys
2R tfsnpool - C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys
2R tfsnudf - C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys
2R tfsnudfa - C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\usbehci.sys
3S usbscan (USB Scanner Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\usbscan.sys
3S usbser (Motorola USB Modem Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\usbser.sys
3S usbsermpt (Motorola USB Modem Driver for MPT) - C:\WINDOWS\SYSTEM32\DRIVERS\usbsermpt.sys
3S USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\USBSTOR.SYS
3R USB_RNDIS_XP (Westell WireSpeed Dual Connect Modem) - C:\WINDOWS\SYSTEM32\DRIVERS\usb8023.sys
4S viaagp (VIA AGP Bus Filter) - C:\WINDOWS\SYSTEM32\DRIVERS\viaagp.sys
3S wanatw (WAN Miniport (ATW)) - C:\WINDOWS\system32\DRIVERS\wanatw4.sys (not found)
3R winachsf - C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys
4S WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS
3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\WudfPf.sys
3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\SYSTEM32\DRIVERS\WudfRd.sys
3S {6080A529-897E-4629-A488-ABA0C29B635E} (Intel® Graphics Platform (SoftBIOS) Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\ialmsbw.sys
3S {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (Intel® Graphics Chipset (KCH) Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\ialmkchw.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

4S Alerter - C:\WINDOWS\System32\svchost.exe -k LocalService
3R ALG (Application Layer Gateway Service) - C:\WINDOWS\System32\alg.exe
3S AppMgmt (Application Management) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2R AudioSrv (Windows Audio) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
3S BITS (Background Intelligent Transfer Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2S Browser (Computer Browser) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R CCALib8 (Canon Camera Access Library 8) - C:\Program Files\Canon\CAL\CALMAIN.exe
3S CiSvc (Indexing Service) - C:\WINDOWS\system32\cisvc.exe
4S ClipSrv (ClipBook) - C:\WINDOWS\system32\clipsrv.exe
3S COMSysApp (COM+ System Application) - C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
2R Creative Service for CDROM Access - C:\WINDOWS\System32\CTsvcCDA.exe
2R CryptSvc (Cryptographic Services) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R DcomLaunch (DCOM Server Process Launcher) - C:\WINDOWS\system32\svchost -k DcomLaunch
2R Dhcp (DHCP Client) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S dmadmin (Logical Disk Manager Administrative Service) - C:\WINDOWS\System32\dmadmin.exe /com
2R dmserver (Logical Disk Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Dnscache (DNS Client) - C:\WINDOWS\System32\svchost.exe -k NetworkService
3R Emproxy (McAfee E-mail Proxy) - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
2R ERSvc (Error Reporting Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Eventlog (Event Log) - C:\WINDOWS\system32\services.exe
3R EventSystem (COM+ Event System) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R FastUserSwitchingCompatibility (Fast User Switching Compatibility) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2S Fax - C:\WINDOWS\system32\fxssvc.exe
2R helpsvc (Help and Support) - C:\WINDOWS\System32\svchost.exe -k netsvcs
4S HidServ (Human Interface Device Access) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S HTTPFilter (HTTP SSL) - C:\WINDOWS\System32\svchost.exe -k HTTPFilter
3S ImapiService (IMAPI CD-Burning COM Service) - C:\WINDOWS\System32\imapi.exe
2R lanmanserver (Server) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R lanmanworkstation (Workstation) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R LmHosts (TCP/IP NetBIOS Helper) - C:\WINDOWS\System32\svchost.exe -k LocalService
2R McAfee HackerWatch Service - "C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe"
3S mcmispupdmgr (McAfee Update Manager) - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
2R mcmscsvc (McAfee Services) - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
2R McNASvc (McAfee Network Agent) - "c:\program files\common files\mcafee\mna\mcnasvc.exe"
2R McODS (McAfee Scanner) - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
2R mcpromgr (McAfee Protection Manager) - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
2R McRedirector (McAfee Redirector Service) - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
2R McShield (McAfee Real-time Scanner) - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
2R McSysmon (McAfee SystemGuards) - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
4S Messenger - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S mnmsrvc (NetMeeting Remote Desktop Sharing) - C:\WINDOWS\System32\mnmsrvc.exe
2R MpfService (McAfee Personal Firewall Service) - "C:\Program Files\McAfee\MPF\MPFSrv.exe"
3S MSDTC (Distributed Transaction Coordinator) - C:\WINDOWS\System32\msdtc.exe
3S MSIServer (Windows Installer) - C:\WINDOWS\system32\msiexec.exe /V
2R MSSQLSERVER - C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -sMSSQLSERVER
3S MSSQLServerADHelper - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
4S NetDDE (Network DDE) - C:\WINDOWS\system32\netdde.exe
4S NetDDEdsdm (Network DDE DSDM) - C:\WINDOWS\system32\netdde.exe
3S Netlogon (Net Logon) - C:\WINDOWS\System32\lsass.exe
3R Netman (Network Connections) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S NetSvc (Intel NCS NetService) - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
3R Nla (Network Location Awareness (NLA)) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S NtLmSsp (NT LM Security Support Provider) - C:\WINDOWS\System32\lsass.exe
3S NtmsSvc (Removable Storage) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R PlugPlay (Plug and Play) - C:\WINDOWS\system32\services.exe
2R PolicyAgent (IPSEC Services) - C:\WINDOWS\System32\lsass.exe
2R ProtectedStorage (Protected Storage) - C:\WINDOWS\system32\lsass.exe
3S RasAuto (Remote Access Auto Connection Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R RasMan (Remote Access Connection Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S RDSessMgr (Remote Desktop Help Session Manager) - C:\WINDOWS\system32\sessmgr.exe
4S RemoteAccess (Routing and Remote Access) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R RemoteRegistry (Remote Registry) - C:\WINDOWS\system32\svchost.exe -k LocalService
3S RpcLocator (Remote Procedure Call (RPC) Locator) - C:\WINDOWS\System32\locator.exe
2R RpcSs (Remote Procedure Call (RPC)) - C:\WINDOWS\system32\svchost -k rpcss
3S RSVP (QoS RSVP) - C:\WINDOWS\System32\rsvp.exe
2R SamSs (Security Accounts Manager) - C:\WINDOWS\system32\lsass.exe
3S SCardSvr (Smart Card) - C:\WINDOWS\System32\SCardSvr.exe
2R Schedule (Task Scheduler) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R seclogon (Secondary Logon) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R SENS (System Event Notification) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R SharedAccess (Windows Firewall/Internet Connection Sharing (ICS)) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R ShellHWDetection (Shell Hardware Detection) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Spooler (Print Spooler) - C:\WINDOWS\system32\spoolsv.exe
2R SQLSERVERAGENT - C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -i MSSQLSERVER
2R srservice (System Restore Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R SSDPSRV (SSDP Discovery Service) - C:\WINDOWS\System32\svchost.exe -k LocalService
2R stisvc (Windows Image Acquisition (WIA)) - C:\WINDOWS\System32\svchost.exe -k imgsvc
3S SwPrv (MS Software Shadow Copy Provider) - C:\WINDOWS\System32\dllhost.exe /Processid:{261FF5D6-55B3-4D28-8348-7DBC93E219F0}
3S SysmonLog (Performance Logs and Alerts) - C:\WINDOWS\system32\smlogsvc.exe
3R TapiSrv (Telephony) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R TermService (Terminal Services) - C:\WINDOWS\System32\svchost -k DComLaunch
2R Themes - C:\WINDOWS\System32\svchost.exe -k netsvcs
4S TlntSvr (Telnet) - C:\WINDOWS\System32\tlntsvr.exe
2R TrkWks (Distributed Link Tracking Client) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S upnphost (Universal Plug and Play Device Host) - C:\WINDOWS\System32\svchost.exe -k LocalService
3S UPS (Uninterruptible Power Supply) - C:\WINDOWS\System32\ups.exe
3S VSS (Volume Shadow Copy) - C:\WINDOWS\System32\vssvc.exe
2R w32time (Windows Time) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R WebClient - C:\WINDOWS\System32\svchost.exe -k LocalService
2R WinDefend (Windows Defender) - "C:\Program Files\Windows Defender\MsMpEng.exe"
2R winmgmt (Windows Management Instrumentation) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R WMDM PMSP Service - C:\WINDOWS\System32\MsPMSPSv.exe
3S WmdmPmSN (Portable Media Serial Number Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S Wmi (Windows Management Instrumentation Driver Extensions) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S WmiApSrv (WMI Performance Adapter) - C:\WINDOWS\System32\wbem\wmiapsrv.exe
3S WMPNetworkSvc (Windows Media Player Network Sharing Service) - "C:\Program Files\Windows Media Player\WMPNetwk.exe"
2R wscsvc (Security Center) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R wuauserv (Automatic Updates) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S WudfSvc (Windows Driver Foundation - User-mode Driver Framework) - C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
2R WZCSVC (Wireless Zero Configuration) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S xmlprov (Network Provisioning Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs


-- Scheduled Tasks --------------------------------------------------------------

2007-02-25 10:45:09 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job<MPSCHE~1.JOB>
2007-02-15 01:07:17 264 --a------ C:\WINDOWS\Tasks\McDefragTask.job<MCDEFR~1.JOB>
2007-02-01 02:00:30 360 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2007-01-25 and 2007-02-25 ------------------------------

2007-02-19 16:33:24 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-19 16:33:19 0 d-------- C:\Program Files\Grisoft
2007-02-18 20:39:13 0 d-------- C:\Program Files\Hijackthis<HIJACK~1>
2007-02-17 11:49:24 0 d-------- C:\Program Files\Venturi2
2007-02-15 16:40:10 5632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-02-15 16:40:10 15104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-02-15 16:40:09 159232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-02-15 16:33:11 0 d-------- C:\Program Files\Canon
2007-02-15 16:33:09 0 d-------- C:\Program Files\Common Files\Canon
2007-02-15 15:16:18 0 d-------- C:\WINDOWS\ie7updates<IE7UPD~1>
2007-02-04 13:54:19 0 d-------- C:\Program Files\SpywareBot<SPYWAR~1>
2007-02-03 15:46:11 0 d-------- C:\Program Files\AutoCAD 2005<AUTOCA~1>
2007-02-03 15:46:11 0 d-------- C:\Documents and Settings\Vinni\Application Data\Autodesk
2007-02-03 15:46:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2007-02-02 17:09:46 0 d-------- C:\WINDOWS\WBEM
2007-02-02 17:09:44 0 d-------- C:\WINDOWS\system32\en-US
2007-02-02 17:07:07 0 d--h---c- C:\WINDOWS\ie7
2007-02-02 17:05:32 121856 -----n--- C:\WINDOWS\system32\xmllite.dll
2007-02-02 17:04:05 0 d-------- C:\WINDOWS\network diagnostic<NETWOR~1>
2007-01-29 03:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-25 18:50:41 5152826 --a------ C:\WINDOWS\system32\craxdrt.dll
2007-01-25 18:50:19 77824 --a------ C:\WINDOWS\scm.exe
2007-01-25 18:50:19 122880 --a------ C:\WINDOWS\osql.exe
2007-01-25 18:50:17 24990 --a------ C:\WINDOWS\system32\VFP6Run.exe
2007-01-25 18:50:17 876032 --a------ C:\WINDOWS\system32\VFP6Renu.DLL
2007-01-25 18:50:16 3373328 --a------ C:\WINDOWS\system32\VFP6R.DLL
2007-01-25 17:36:33 24576 --a------ C:\WINDOWS\system32\Sbtrvd32.dll
2007-01-25 17:36:33 66560 --a------ C:\WINDOWS\system32\S2dtconv.dll
2007-01-25 17:36:33 638464 --a------ C:\WINDOWS\system32\Oc30.dll
2007-01-25 17:36:33 0 d-------- C:\WINDOWS\Crystal


-- Find3M Report ----------------------------------------------------------------

2007-02-19 15:51:47 0 d-------- C:\Program Files\McAfee
2007-02-17 11:49:17 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-14 15:03:20 0 d---s---- C:\Documents and Settings\Vinni\Application Data\Microsoft<MICROS~1>
2007-02-08 18:06:07 0 d-------- C:\Program Files\Microsoft Home Publishing 2000<MI116F~1>
2007-02-04 15:27:55 0 d-------- C:\Documents and Settings\Vinni\Application Data\McAfee
2007-02-04 11:54:10 0 d-------- C:\Program Files\Dell
2007-01-28 13:20:13 0 d-------- C:\Program Files\mobile PhoneTools<MOBILE~1>
2007-01-26 17:08:31 0 d-------- C:\Program Files\Microsoft SQL Server<MI6841~1>
2007-01-17 15:56:37 0 d-------- C:\Program Files\LiveUpdate<LIVEUP~1>
2007-01-16 16:33:19 0 d-------- C:\Program Files\Windows Defender<WIFD1F~1>
2007-01-16 16:16:07 0 d-------- C:\Program Files\MUSICMATCH<MUSICM~1>
2007-01-15 22:17:59 0 d-------- C:\Documents and Settings\Vinni\Application Data\vlc
2007-01-15 22:10:57 0 d-------- C:\Program Files\VideoLAN
2007-01-14 20:57:36 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4>
2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll
2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll
2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll
2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll
2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll
2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll
2007-01-08 19:02:02 383488 --a------ C:\WINDOWS\system32\ieapfltr.dll
2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll
2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe
2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-12-30 16:33:42 0 d-------- C:\Program Files\Project1
2006-12-28 15:12:28 0 d-------- C:\Documents and Settings\Vinni\Application Data\PC Tools<PCTOOL~1>
2006-12-19 16:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 13:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-11-27 09:54:06 433152 --a------ C:\WINDOWS\system32\riched20.dll
2006-11-27 09:54:06 539136 --a------ C:\WINDOWS\system32\msftedit.dll


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"PopUpStopperFreeEdition"="C:\\PROGRA~1\\PANICW~1\\POP-UP~1\\PSFree.exe"
"Sonic RecordNow!"=""
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Motive SmartBridge"="C:\\PROGRA~1\\VERIZO~1\\SUPPOR~1\\SMARTB~1\\MotiveSB.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"WatchDog"="C:\\Program Files\\mobile PhoneTools\\WatchDog.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"diagent"="\"C:\\Program Files\\Creative\\SBLive\\Diagnostics\\diagent.exe\" startup"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MMTray"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe"
"mmtask"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=""
"NoCDBurning"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"=dword:00000001
"Btn_Search"=dword:00000002

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of ComboScan: finished at 2007-02-25 at 10:47:23 -------------------------
  • 0

#12
don77
Posted 25 February 2007 - 10:28 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
running better ?
by default a folder was created in C: navigate there and open the comboscan folder please,
There should be 2 txt files one is the one you posted here the other I would like to see please,

Post back both just to be sure please
  • 0

#13
pfd
Posted 25 February 2007 - 11:21 AM

pfd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Definite improvement! Thanks!

Don't mean to beat a dead horse but that @$%&ing DealHelper is still taking up 3.4 gig, won't uninstall and shows that it was last used today!

ComboScan v20070221.16 run by Vinni on 2007-02-25 at 10:46:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis (run as Vinni.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:46:47 AM, on 2/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\Documents and Settings\Vinni\Local Settings\Temporary Internet Files\Content.IE5\JQ08UWDE\comboscan[1].exe
C:\Program Files\Hijackthis\Vinni.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 63.70.62.16: 80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Kremlin Sentry.lnk = C:\Program Files\Mach5 Software\Kremlin\Kremlin Sentry.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.co...84/mcinsctl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe


-- HijackThis Fixed Entries (C:\Program Files\Hijackthis\backups\) --------------

backup-20070219-161956-652 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
backup-20070219-161956-684 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
backup-20070219-161956-757 O23 - Service: Network Security Service (__NS_Service_3) - Unknown owner - C:\WINDOWS\sdkbj32.exe (file missing)
backup-20070219-161956-831 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
backup-20070219-161956-862 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
backup-20070219-161956-873 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
backup-20070219-161956-889 O4 - HKLM\..\Run: [MSkernel32] C:\WINDOWS\system32\kernel32.exe

-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

4S agpCPQ (Compaq AGP Bus Filter) - C:\WINDOWS\SYSTEM32\DRIVERS\agpcpq.sys
4S alim1541 (ALI AGP Bus Filter) - C:\WINDOWS\SYSTEM32\DRIVERS\alim1541.sys
4S amdagp (AMD AGP Bus Filter Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\amdagp.sys
3S ati2mtag - C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys
1R AVG Anti-Spyware Driver - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1R AvgAsCln (AVG Anti-Spyware Clean Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
3S bvrp_pci - C:\WINDOWS\SYSTEM32\DRIVERS\bvrp_pci.sys
4S cbidf - C:\WINDOWS\SYSTEM32\DRIVERS\CBIDF2K.SYS
4S dac2w2k - C:\WINDOWS\SYSTEM32\DRIVERS\DAC2W2K.SYS
0R drvmcdb - C:\WINDOWS\SYSTEM32\DRIVERS\drvmcdb.sys
2R drvnddm - C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys
3R E100B (Intel® PRO Adapter Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\e100b325.sys
3S EL90X (3Com EtherLink XL 90X Adapter Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\EL90XND5.SYS
3S EL90XBC (3Com EtherLink XL 90XB/C Adapter Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS
3R HSFHWBS2 - C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys
3R HSF_DP - C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys
3S i81x - C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys
3S iAimFP0 - C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys
3S iAimFP1 - C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys
3S iAimFP2 - C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys
3S iAimFP3 - C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys
3S iAimFP4 - C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys
3S iAimTV0 - C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys
3S iAimTV1 - C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys
3S iAimTV2 - C:\WINDOWS\system32\DRIVERS\wATV03nt.sys (not found)
3S iAimTV3 - C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys
3S iAimTV4 - C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys
3R ialm - C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys
1R intelppm (Intel Processor Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\intelppm.sys
2R mdmxsdk - C:\WINDOWS\SYSTEM32\DRIVERS\mdmxsdk.sys
3R mfeavfk (McAfee Inc.) - C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
3R mfebopk (McAfee Inc.) - C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
3R mfehidk (McAfee Inc.) - C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
3S mferkdk (McAfee Inc.) - C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
3R mfesmfk (McAfee Inc.) - C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
1R MPFP - C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
3S nv - C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys
1R omci (OMCI WDM Device Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys
3R P16X (Creative SB Live! Series (WDM)) - C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys
1S P3 (Intel PentiumIII Processor Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\p3.sys
2R PfModNT - C:\WINDOWS\SYSTEM32\PFMODNT.SYS
0R PxHelp20 - C:\WINDOWS\SYSTEM32\DRIVERS\pxhelp20.sys
4S sisagp (SIS AGP Bus Filter) - C:\WINDOWS\SYSTEM32\DRIVERS\sisagp.sys
1R sscdbhk5 - C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys
1R ssrtln - C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys
2R tfsnboio - C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys
2R tfsncofs - C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys
2R tfsndrct - C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys
2R tfsndres - C:\WINDOWS\SYSTEM32\dla\tfsndres.sys
2R tfsnifs - C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys
2R tfsnopio - C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys
2R tfsnpool - C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys
2R tfsnudf - C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys
2R tfsnudfa - C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\usbehci.sys
3S usbscan (USB Scanner Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\usbscan.sys
3S usbser (Motorola USB Modem Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\usbser.sys
3S usbsermpt (Motorola USB Modem Driver for MPT) - C:\WINDOWS\SYSTEM32\DRIVERS\usbsermpt.sys
3S USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\USBSTOR.SYS
3R USB_RNDIS_XP (Westell WireSpeed Dual Connect Modem) - C:\WINDOWS\SYSTEM32\DRIVERS\usb8023.sys
4S viaagp (VIA AGP Bus Filter) - C:\WINDOWS\SYSTEM32\DRIVERS\viaagp.sys
3S wanatw (WAN Miniport (ATW)) - C:\WINDOWS\system32\DRIVERS\wanatw4.sys (not found)
3R winachsf - C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys
4S WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS
3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\WudfPf.sys
3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\SYSTEM32\DRIVERS\WudfRd.sys
3S {6080A529-897E-4629-A488-ABA0C29B635E} (Intel® Graphics Platform (SoftBIOS) Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\ialmsbw.sys
3S {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (Intel® Graphics Chipset (KCH) Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\ialmkchw.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

4S Alerter - C:\WINDOWS\System32\svchost.exe -k LocalService
3R ALG (Application Layer Gateway Service) - C:\WINDOWS\System32\alg.exe
3S AppMgmt (Application Management) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2R AudioSrv (Windows Audio) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
3S BITS (Background Intelligent Transfer Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2S Browser (Computer Browser) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R CCALib8 (Canon Camera Access Library 8) - C:\Program Files\Canon\CAL\CALMAIN.exe
3S CiSvc (Indexing Service) - C:\WINDOWS\system32\cisvc.exe
4S ClipSrv (ClipBook) - C:\WINDOWS\system32\clipsrv.exe
3S COMSysApp (COM+ System Application) - C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
2R Creative Service for CDROM Access - C:\WINDOWS\System32\CTsvcCDA.exe
2R CryptSvc (Cryptographic Services) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R DcomLaunch (DCOM Server Process Launcher) - C:\WINDOWS\system32\svchost -k DcomLaunch
2R Dhcp (DHCP Client) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S dmadmin (Logical Disk Manager Administrative Service) - C:\WINDOWS\System32\dmadmin.exe /com
2R dmserver (Logical Disk Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Dnscache (DNS Client) - C:\WINDOWS\System32\svchost.exe -k NetworkService
3R Emproxy (McAfee E-mail Proxy) - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
2R ERSvc (Error Reporting Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Eventlog (Event Log) - C:\WINDOWS\system32\services.exe
3R EventSystem (COM+ Event System) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R FastUserSwitchingCompatibility (Fast User Switching Compatibility) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2S Fax - C:\WINDOWS\system32\fxssvc.exe
2R helpsvc (Help and Support) - C:\WINDOWS\System32\svchost.exe -k netsvcs
4S HidServ (Human Interface Device Access) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S HTTPFilter (HTTP SSL) - C:\WINDOWS\System32\svchost.exe -k HTTPFilter
3S ImapiService (IMAPI CD-Burning COM Service) - C:\WINDOWS\System32\imapi.exe
2R lanmanserver (Server) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R lanmanworkstation (Workstation) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R LmHosts (TCP/IP NetBIOS Helper) - C:\WINDOWS\System32\svchost.exe -k LocalService
2R McAfee HackerWatch Service - "C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe"
3S mcmispupdmgr (McAfee Update Manager) - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
2R mcmscsvc (McAfee Services) - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
2R McNASvc (McAfee Network Agent) - "c:\program files\common files\mcafee\mna\mcnasvc.exe"
2R McODS (McAfee Scanner) - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
2R mcpromgr (McAfee Protection Manager) - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
2R McRedirector (McAfee Redirector Service) - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
2R McShield (McAfee Real-time Scanner) - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
2R McSysmon (McAfee SystemGuards) - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
4S Messenger - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S mnmsrvc (NetMeeting Remote Desktop Sharing) - C:\WINDOWS\System32\mnmsrvc.exe
2R MpfService (McAfee Personal Firewall Service) - "C:\Program Files\McAfee\MPF\MPFSrv.exe"
3S MSDTC (Distributed Transaction Coordinator) - C:\WINDOWS\System32\msdtc.exe
3S MSIServer (Windows Installer) - C:\WINDOWS\system32\msiexec.exe /V
2R MSSQLSERVER - C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -sMSSQLSERVER
3S MSSQLServerADHelper - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
4S NetDDE (Network DDE) - C:\WINDOWS\system32\netdde.exe
4S NetDDEdsdm (Network DDE DSDM) - C:\WINDOWS\system32\netdde.exe
3S Netlogon (Net Logon) - C:\WINDOWS\System32\lsass.exe
3R Netman (Network Connections) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S NetSvc (Intel NCS NetService) - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
3R Nla (Network Location Awareness (NLA)) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S NtLmSsp (NT LM Security Support Provider) - C:\WINDOWS\System32\lsass.exe
3S NtmsSvc (Removable Storage) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R PlugPlay (Plug and Play) - C:\WINDOWS\system32\services.exe
2R PolicyAgent (IPSEC Services) - C:\WINDOWS\System32\lsass.exe
2R ProtectedStorage (Protected Storage) - C:\WINDOWS\system32\lsass.exe
3S RasAuto (Remote Access Auto Connection Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R RasMan (Remote Access Connection Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S RDSessMgr (Remote Desktop Help Session Manager) - C:\WINDOWS\system32\sessmgr.exe
4S RemoteAccess (Routing and Remote Access) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R RemoteRegistry (Remote Registry) - C:\WINDOWS\system32\svchost.exe -k LocalService
3S RpcLocator (Remote Procedure Call (RPC) Locator) - C:\WINDOWS\System32\locator.exe
2R RpcSs (Remote Procedure Call (RPC)) - C:\WINDOWS\system32\svchost -k rpcss
3S RSVP (QoS RSVP) - C:\WINDOWS\System32\rsvp.exe
2R SamSs (Security Accounts Manager) - C:\WINDOWS\system32\lsass.exe
3S SCardSvr (Smart Card) - C:\WINDOWS\System32\SCardSvr.exe
2R Schedule (Task Scheduler) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R seclogon (Secondary Logon) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R SENS (System Event Notification) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R SharedAccess (Windows Firewall/Internet Connection Sharing (ICS)) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R ShellHWDetection (Shell Hardware Detection) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Spooler (Print Spooler) - C:\WINDOWS\system32\spoolsv.exe
2R SQLSERVERAGENT - C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -i MSSQLSERVER
2R srservice (System Restore Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R SSDPSRV (SSDP Discovery Service) - C:\WINDOWS\System32\svchost.exe -k LocalService
2R stisvc (Windows Image Acquisition (WIA)) - C:\WINDOWS\System32\svchost.exe -k imgsvc
3S SwPrv (MS Software Shadow Copy Provider) - C:\WINDOWS\System32\dllhost.exe /Processid:{261FF5D6-55B3-4D28-8348-7DBC93E219F0}
3S SysmonLog (Performance Logs and Alerts) - C:\WINDOWS\system32\smlogsvc.exe
3R TapiSrv (Telephony) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R TermService (Terminal Services) - C:\WINDOWS\System32\svchost -k DComLaunch
2R Themes - C:\WINDOWS\System32\svchost.exe -k netsvcs
4S TlntSvr (Telnet) - C:\WINDOWS\System32\tlntsvr.exe
2R TrkWks (Distributed Link Tracking Client) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S upnphost (Universal Plug and Play Device Host) - C:\WINDOWS\System32\svchost.exe -k LocalService
3S UPS (Uninterruptible Power Supply) - C:\WINDOWS\System32\ups.exe
3S VSS (Volume Shadow Copy) - C:\WINDOWS\System32\vssvc.exe
2R w32time (Windows Time) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R WebClient - C:\WINDOWS\System32\svchost.exe -k LocalService
2R WinDefend (Windows Defender) - "C:\Program Files\Windows Defender\MsMpEng.exe"
2R winmgmt (Windows Management Instrumentation) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R WMDM PMSP Service - C:\WINDOWS\System32\MsPMSPSv.exe
3S WmdmPmSN (Portable Media Serial Number Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S Wmi (Windows Management Instrumentation Driver Extensions) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S WmiApSrv (WMI Performance Adapter) - C:\WINDOWS\System32\wbem\wmiapsrv.exe
3S WMPNetworkSvc (Windows Media Player Network Sharing Service) - "C:\Program Files\Windows Media Player\WMPNetwk.exe"
2R wscsvc (Security Center) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R wuauserv (Automatic Updates) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S WudfSvc (Windows Driver Foundation - User-mode Driver Framework) - C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
2R WZCSVC (Wireless Zero Configuration) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S xmlprov (Network Provisioning Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs


-- Scheduled Tasks --------------------------------------------------------------

2007-02-25 10:45:09 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job<MPSCHE~1.JOB>
2007-02-15 01:07:17 264 --a------ C:\WINDOWS\Tasks\McDefragTask.job<MCDEFR~1.JOB>
2007-02-01 02:00:30 360 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2007-01-25 and 2007-02-25 ------------------------------

2007-02-19 16:33:24 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-19 16:33:19 0 d-------- C:\Program Files\Grisoft
2007-02-18 20:39:13 0 d-------- C:\Program Files\Hijackthis<HIJACK~1>
2007-02-17 11:49:24 0 d-------- C:\Program Files\Venturi2
2007-02-15 16:40:10 5632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-02-15 16:40:10 15104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-02-15 16:40:09 159232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-02-15 16:33:11 0 d-------- C:\Program Files\Canon
2007-02-15 16:33:09 0 d-------- C:\Program Files\Common Files\Canon
2007-02-15 15:16:18 0 d-------- C:\WINDOWS\ie7updates<IE7UPD~1>
2007-02-04 13:54:19 0 d-------- C:\Program Files\SpywareBot<SPYWAR~1>
2007-02-03 15:46:11 0 d-------- C:\Program Files\AutoCAD 2005<AUTOCA~1>
2007-02-03 15:46:11 0 d-------- C:\Documents and Settings\Vinni\Application Data\Autodesk
2007-02-03 15:46:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2007-02-02 17:09:46 0 d-------- C:\WINDOWS\WBEM
2007-02-02 17:09:44 0 d-------- C:\WINDOWS\system32\en-US
2007-02-02 17:07:07 0 d--h---c- C:\WINDOWS\ie7
2007-02-02 17:05:32 121856 -----n--- C:\WINDOWS\system32\xmllite.dll
2007-02-02 17:04:05 0 d-------- C:\WINDOWS\network diagnostic<NETWOR~1>
2007-01-29 03:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-25 18:50:41 5152826 --a------ C:\WINDOWS\system32\craxdrt.dll
2007-01-25 18:50:19 77824 --a------ C:\WINDOWS\scm.exe
2007-01-25 18:50:19 122880 --a------ C:\WINDOWS\osql.exe
2007-01-25 18:50:17 24990 --a------ C:\WINDOWS\system32\VFP6Run.exe
2007-01-25 18:50:17 876032 --a------ C:\WINDOWS\system32\VFP6Renu.DLL
2007-01-25 18:50:16 3373328 --a------ C:\WINDOWS\system32\VFP6R.DLL
2007-01-25 17:36:33 24576 --a------ C:\WINDOWS\system32\Sbtrvd32.dll
2007-01-25 17:36:33 66560 --a------ C:\WINDOWS\system32\S2dtconv.dll
2007-01-25 17:36:33 638464 --a------ C:\WINDOWS\system32\Oc30.dll
2007-01-25 17:36:33 0 d-------- C:\WINDOWS\Crystal


-- Find3M Report ----------------------------------------------------------------

2007-02-19 15:51:47 0 d-------- C:\Program Files\McAfee
2007-02-17 11:49:17 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-14 15:03:20 0 d---s---- C:\Documents and Settings\Vinni\Application Data\Microsoft<MICROS~1>
2007-02-08 18:06:07 0 d-------- C:\Program Files\Microsoft Home Publishing 2000<MI116F~1>
2007-02-04 15:27:55 0 d-------- C:\Documents and Settings\Vinni\Application Data\McAfee
2007-02-04 11:54:10 0 d-------- C:\Program Files\Dell
2007-01-28 13:20:13 0 d-------- C:\Program Files\mobile PhoneTools<MOBILE~1>
2007-01-26 17:08:31 0 d-------- C:\Program Files\Microsoft SQL Server<MI6841~1>
2007-01-17 15:56:37 0 d-------- C:\Program Files\LiveUpdate<LIVEUP~1>
2007-01-16 16:33:19 0 d-------- C:\Program Files\Windows Defender<WIFD1F~1>
2007-01-16 16:16:07 0 d-------- C:\Program Files\MUSICMATCH<MUSICM~1>
2007-01-15 22:17:59 0 d-------- C:\Documents and Settings\Vinni\Application Data\vlc
2007-01-15 22:10:57 0 d-------- C:\Program Files\VideoLAN
2007-01-14 20:57:36 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4>
2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll
2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll
2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll
2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll
2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll
2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll
2007-01-08 19:02:02 383488 --a------ C:\WINDOWS\system32\ieapfltr.dll
2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll
2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe
2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-12-30 16:33:42 0 d-------- C:\Program Files\Project1
2006-12-28 15:12:28 0 d-------- C:\Documents and Settings\Vinni\Application Data\PC Tools<PCTOOL~1>
2006-12-19 16:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 13:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-11-27 09:54:06 433152 --a------ C:\WINDOWS\system32\riched20.dll
2006-11-27 09:54:06 539136 --a------ C:\WINDOWS\system32\msftedit.dll


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"PopUpStopperFreeEdition"="C:\\PROGRA~1\\PANICW~1\\POP-UP~1\\PSFree.exe"
"Sonic RecordNow!"=""
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Motive SmartBridge"="C:\\PROGRA~1\\VERIZO~1\\SUPPOR~1\\SMARTB~1\\MotiveSB.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"WatchDog"="C:\\Program Files\\mobile PhoneTools\\WatchDog.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"diagent"="\"C:\\Program Files\\Creative\\SBLive\\Diagnostics\\diagent.exe\" startup"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MMTray"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe"
"mmtask"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=""
"NoCDBurning"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"=dword:00000001
"Btn_Search"=dword:00000002

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of ComboScan: finished at 2007-02-25 at 10:47:23 -------------------------


ComboScan v20070221.16 run by Vinni on 2007-02-25 at 10:46:10
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information -----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.66GHz
Percentage of Memory in Use: 59%
Physical Memory (total/avail): 509.98 MiB / 206.06 MiB
Pagefile Memory (total/avail): 1247.14 MiB / 944.57 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1996.44 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.47 GiB total, 57.49 GiB free.
D: is CDROM (No Media)


-- Security Center --------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)


-- Environment Variables --------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Vinni\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SPARKY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Vinni
LOGONSERVER=\\SPARKY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Outlook Express;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Vinni\LOCALS~1\Temp
TMP=C:\DOCUME~1\Vinni\LOCALS~1\Temp
USERDOMAIN=SPARKY
USERNAME=Vinni
USERPROFILE=C:\Documents and Settings\Vinni
windir=C:\WINDOWS


-- User Profiles ----------------------------------------------------------------

Vinni (admin)
Administrator (admin)


-- Add/Remove Programs ----------------------------------------------------------

--> "C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S /R
--> C:\PROGRA~1\VERIZO~1\SUPPOR~1\Uninstall.exe Verizon
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
45s by BFD --> C:\WINDOWS\unvise32.exe C:\Program Files\Fives\uninstal.log
7-Zip 3.13 --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\7-zip.inf,SevenZip.Uninstall
Adobe Download Manager 1.2 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Auction 45s --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Project1\ST6UNST.LOG"
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Badongo --> MsiExec.exe /X{873C7596-29B1-46C7-AC9D-42C62C29158F}
BitTorrent 4.4.1 --> "C:\Program Files\BitTorrent\uninstall.exe"
CAMEO --> C:\WINDOWS\IsUninst.exe -fC:\CAMEO\Uninst.isu
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Citrix Web Client --> C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Conexant SmartHSFi V.9x 56K DF PCI Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2702\HXFSETUP.EXE -U -IDel8d8xk.INF
DealHelper --> "C:\WINDOWS\Uninstall.exe" "C:\Program Files\DealHelper.com Inc.\dhuninst.log"
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Dell Support 5.0.0 (766) --> rundll32 C:\PROGRA~1\DELLSU~1\AUInst.dll,ExUninstall
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DS21Patch --> MsiExec.exe /I{9B79DCB0-AAD7-456B-8D07-433C936FA24B}
DVDSentry --> MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
FirePrograms for Windows Version 8.22 --> C:\Arrakis\UNWISE.EXE C:\Arrakis\INSTALL.LOG
FirePrograms for Windows Version 8.25 --> C:\Arrakis\UNWISE.EXE C:\Arrakis\INSTALL.LOG
FirePrograms for Windows Version 9.18 --> C:\Arrakis\UNWISE.EXE C:\Arrakis\INSTALL.LOG
FirePrograms for Windows Version 9.3 --> C:\Arrakis\UNWISE.EXE C:\Arrakis\INSTALL.LOG
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 1.99.1 --> C:\Program Files\Hijackthis\HijackThis.exe /uninstall
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet --> MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
KGB Archiver 1.2.0.23 fixed --> "C:\Program Files\KGB Archiver\unins000.exe"
Kremlin --> C:\PROGRA~1\MACH5S~1\Kremlin\UNWISE.EXE C:\PROGRA~1\MACH5S~1\Kremlin\INSTALL.LOG
LandView 5 --> C:\WINDOWS\uninst.exe -fc:\lv5\DeIsL3.isu -cc:\lv5\_ISREG32.DLL
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LiveUpdate BVRP Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x9
MARPLOT 3.3 --> C:\WINDOWS\IsUninst.exe -fC:\MARPLOT\Uninst.isu
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Encarta Encyclopedia Standard 2004 --> MsiExec.exe /I{04410044-9149-45C6-A806-F2BF9CFCE762}
Microsoft Expedia Streets & Trips 2000 --> C:\Program Files\Common Files\Microsoft Shared\Geography\Setup\acmsetup.exe /T SUT70409.stf
Microsoft Home Publishing 2000 --> MsiExec.exe /I{9944aa9e-362d-11d3-81ab-00c04fb932ba}
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Office 97, Professional Edition --> C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF
Microsoft Picture It! Express 2000 --> MsiExec.exe /I{A586D09E-1D2C-11D3-9A6B-00105A98B681}
Microsoft SQL Server Desktop Engine --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Word 2000 --> MsiExec.exe /I{00170409-78E1-11D2-B60F-006097C998E7}
Microsoft Works 2000 --> MsiExec.exe /I{56364334-9530-11D2-BFFC-00C04FA329AA}
Microsoft Works 2000 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2000\Setup\Launcher.exe D:\
mobile PhoneTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}\setup.exe" -l0x9
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Pop-Up Stopper Free Edition --> C:\PROGRA~1\PANICW~1\POP-UP~1\UNWISE.EXE C:\PROGRA~1\PANICW~1\POP-UP~1\INSTALL.LOG
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Report Writer for the WJ III --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Riverside Publishing\Report Writer for the WJ III\RWuninst.isu"
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sound Blaster Live! --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}\setup.exe" -l0x9
Spybot - Search & Destroy 1.3 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Verizon Online Support Center --> C:\WINDOWS\Motive\Verizon\MCCUninst.exe
VideoLAN VLC media player 0.8.6 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WinAce Archiver --> C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Word in Works Suite add-in --> MsiExec.exe /I{0DB93918-2A77-11D3-805A-00C04FA329AA}
WordPerfect Office 11 --> MsiExec.exe /I{54F90B55-BEB3-4F0D-8802-228822FA5921}


-- End of ComboScan: finished at 2007-02-25 at 10:47:23 -------------------------
  • 0

#14
don77
Posted 25 February 2007 - 11:47 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Very strange not sure why this wont uninstall the uninstaller is there ?

Lets try a few things here

Click on start, then control panel, and then double-click on add/remove programs. From within add/remove program uninstall the following if they exist by double-clicking on the following entries:


Search & Destroy 1.3

Now install the current version [/color] [/URL] and Spybot 1.4
after it has updated reboot to safe mode and run a scan with it please, Have it fix all it finds

See if you can again through add/remove remove dealhelper,
Navigate to this folder
C:\Program Files\DealHelper.com Inc <-- let me know the size of it and whats in it
  • 0

#15
pfd
Posted 25 February 2007 - 12:53 PM

pfd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Spybot removed 6 entries of SpywareBOT. Still won't let me uninstall DealHelper (uninstall log not found) and Explorer does not list the subdir: C:\Program Files\DealHelper.com Inc

Edited by pfd, 25 February 2007 - 12:54 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP