Hi, thanks for taking the time to reply to my problem. I do appreciate it.
So I ran combofix, then went to safe mode and ran AVG Anti-Spyware. The Rundll error and iesettingsupdate popup still appears at startup but the error for not being able to initialize McAfee virus-scan does not come up anymore.
Here's the combofix log and AVG log, followed by Hijackthis log.
dana - 06-11-15 18:09:39.60 Service Pack 1
ComboFix 06.11.9 - Running from: "C:\Spyware Software"
((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))
REGISTRY ENTRIES REMOVED:
[HKEY_CLASSES_ROOT\clsid\{A55E4C92-8C4B-4D75-B677-87192A7F9B6C}]
@=""
[HKEY_CLASSES_ROOT\clsid\{A55E4C92-8C4B-4D75-B677-87192A7F9B6C}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{A55E4C92-8C4B-4D75-B677-87192A7F9B6C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{A55E4C92-8C4B-4D75-B677-87192A7F9B6C}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{785954B6-E09E-4565-A550-556538AAFE52}]
@=""
[HKEY_CLASSES_ROOT\clsid\{785954B6-E09E-4565-A550-556538AAFE52}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{785954B6-E09E-4565-A550-556538AAFE52}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{785954B6-E09E-4565-A550-556538AAFE52}\InprocServer32]
@="C:\\WINDOWS\\system32\\dxound.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{B1A1A8AC-A84F-4907-A174-E240A4BF02FA}]
@=""
[HKEY_CLASSES_ROOT\clsid\{B1A1A8AC-A84F-4907-A174-E240A4BF02FA}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{B1A1A8AC-A84F-4907-A174-E240A4BF02FA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{B1A1A8AC-A84F-4907-A174-E240A4BF02FA}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{79A11153-829C-4BC9-8A67-1BD56051796C}]
@=""
[HKEY_CLASSES_ROOT\clsid\{79A11153-829C-4BC9-8A67-1BD56051796C}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{79A11153-829C-4BC9-8A67-1BD56051796C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{79A11153-829C-4BC9-8A67-1BD56051796C}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Granting sedebugprivilege to Administrators ... successful
((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))
* * * PRE-RUN - Filepaths extracted from the Registry * * * * * * * * * * * * * * * * * * * * * *
O4 - HKCU\...\Run C:\WINDOWS\system32\ljcetn.exe
O4 - HKLM\...\Run C:\WINDOWS\System32\ljcetn.exe
* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *
06-10-17 22:50 127488 ljcetn.exe.qoo
06-10-17 22:55 127488 erofa.exe.qoo
06-10-17 22:55 28672 ctsis.exe.qoo
06-10-11 19:01 53 vovnnq.dat.qoo
DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\aaa00000.sys
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\Program Files\cmfibula
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\WINDOWS\system32\MCROSO~1.NET
C:\QooBox\Purity\WINDOWS\system32\MCROSO~1.NET\M?crosoft.NET
C:\QooBox\Purity\Program Files\SSTEM3~1
((((((((((((((((((((((((((((((( Files Created from 2006-10-15 to 2006-11-15 ))))))))))))))))))))))))))))))))))
2006-11-10 10:31 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2006-11-10 10:31 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2006-11-10 10:31 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2006-11-10 10:31 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2006-11-10 10:31 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2006-11-10 10:31 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2006-11-02 19:11 114,464 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2006-11-02 19:10 601,689 ---hs---- C:\WINDOWS\system32\uwxbc.ini2
2006-10-30 22:26 110,612 --a------ C:\WINDOWS\system32\frotrixa.exe
2006-10-21 00:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-20 23:51 991,232 --a------ C:\WINDOWS\system32\esent.dll
2006-10-20 20:28 600,809 ---hs---- C:\WINDOWS\system32\uwxbc.bak2
2006-10-20 20:26 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-10-18 00:37 90,112 --a------ C:\WINDOWS\system32\mcrtl32.dll
2006-10-18 00:37 32,768 --a------ C:\WINDOWS\system32\instlsp.exe
2006-10-18 00:37 131,072 --a------ C:\WINDOWS\system32\mclsp.dll
2006-10-18 00:37 11,264 --a------ C:\WINDOWS\system32\sporder.dll
2006-10-18 00:11 9,216 --a------ C:\WINDOWS\system32\MpfApi.dll
2006-10-18 00:11 80,640 --a------ C:\WINDOWS\system32\drivers\MpFirewall.sys
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-30 22:27 -------- d-------- C:\Documents and Settings\dana\Application Data\SearchToolbarCorp
2006-10-27 18:22 -------- d-------- C:\Documents and Settings\dana\Application Data\Google
2006-10-21 00:02 -------- d-------- C:\Program Files\Grisoft
2006-10-17 22:43 -------- d-------- C:\Program Files\McAfee.com
2006-10-17 22:27 -------- d-------- C:\Program Files\ComcastToolbar
2006-10-12 20:24 409 --a------ C:\WINDOWS\kfilk.dll
2006-10-12 19:10 920 --a------ C:\WINDOWS\system32\winpfg32.sys
2006-10-12 18:32 2 --a------ C:\WINDOWS\system32\wnsapicc.exe
2006-10-11 19:06 502395 ---hs---- C:\WINDOWS\system32\uwxbc.bak1
2006-10-10 22:31 -------- d-------- C:\Program Files\PSDream
2006-10-10 22:30 32573 --a------ C:\WINDOWS\system32\brrot-uninst.exe
2006-10-10 22:29 1233 --a------ C:\WINDOWS\system32\cvha4feb.sys
2006-09-15 17:17 53248 --a------ C:\WINDOWS\uni_e6h.exe
2006-09-13 01:09 1110528 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-25 11:53 561664 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-25 05:14 595968 --a------ C:\WINDOWS\system32\xpsp2res.dll
2006-08-16 08:14 95232 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-16 08:14 70656 --a------ C:\WINDOWS\system32\ws2_32.dll
2006-08-16 08:14 54272 --a------ C:\WINDOWS\system32\ipv6mon.dll
2006-08-16 08:14 31232 --a------ C:\WINDOWS\system32\inetmib1.dll
2006-08-16 08:14 13312 --a------ C:\WINDOWS\system32\wship6.dll
2006-08-16 05:42 159232 --a------ C:\WINDOWS\system32\xpob2res.dll
2006-08-16 05:28 48640 --a------ C:\WINDOWS\system32\ipv6.exe
2006-08-16 05:27 83456 --a------ C:\WINDOWS\system32\netsh.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Gzgz"="?\\??anregw.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"adstart"="\"iexplore.exe\" \"
http://iesettingsupdate\"""cvha4feb"="RUNDLL32.EXE w2e906ef.dll,n 005a4fe6000000122e906ef"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"{A2-2C-CA-AE-ZN}"="c:\\windows\\system32\\oqdsregl.exe GEN001"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"tgcmd"="C:\\Program Files\\Support.com\\bin\\tgcmd.exe /server /startmonitor /deaf"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"MPSExe"="c:\\PROGRA~1\\mcafee.com\\mps\\mscifapp.exe /embedding"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\WindowsUpdate\\polobi.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Program Files\\Windows Media Player\\mejexaqa.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e4,02,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,50,01,00,00,1f,00,00,00,80,00,00,00,76,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxwu
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: 06-11-15 18:13:54.70
C:\ComboFix.txt ... 06-11-15 18:13
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 7:06:03 PM 11/15/2006
+ Scan result:
C:\Documents and Settings\dana\Cookies\dana@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\dana\Cookies\dana@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\dana\Cookies\dana@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\dana\Cookies\dana@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\dana\Cookies\dana@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 7:12:46 PM, on 11/15/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Spyware Software\HijackThis1991.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.comcast.net/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {7A40D445-6AA8-6303-81DE-1734E305E6ED} - C:\WINDOWS\System32\tkzjv.dll (file missing)
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: (no name) - {64BFDF7B-D472-4372-877A-6702A9A37FA6} - C:\WINDOWS\System32\cbxwu.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\System32\krqlogyk.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [adstart] "iexplore.exe" "
http://iesettingsupdate"O4 - HKLM\..\Run: [cvha4feb] RUNDLL32.EXE w2e906ef.dll,n 005a4fe6000000122e906ef
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [{A2-2C-CA-AE-ZN}] c:\windows\system32\oqdsregl.exe GEN001
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gzgz] ?\??anregw.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) -
http://housecall65.t...ivex/hcImpl.cabO16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} -
http://www.driveclea...leanerstart.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -
http://download.mcaf...01/mcinsctl.cabO16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) -
http://amiuptodate.m...pdatePortal.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
http://download.mcaf...,26/mcgdmgr.cabO20 - AppInit_DLLs: BattyRun2.dll
O20 - Winlogon Notify: cbxwu - C:\WINDOWS\System32\cbxwu.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Thanks