Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

ssherbear4183

3 Posts

7495

January 27th, 2009 20:00

help with virus

Here are the reports you asked for.  I was sort of confused so I hope I did this right.  Was I suppose to disable my virus protection before I did this?  If I was that is sort of a problem cause I can't do anything with my virus protection can't even open it. thankyou for your help. I'm not really sure how to put the attach file into a zipped folder like the prompt said too.  Sorry I am so confused.

 


DDS (Ver_09-01-19.01) - NTFSx86 
Run by sheree at 21:07:43.90 on Tue 01/27/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.510.131 [GMT -7:00]

AV: AVG 7.5.484 *On-access scanning enabled* (Updated)
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\DELLSU~2\DSAgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Documents and Settings\sheree\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/root/regwizard/RegWizardCookieDrop.asp?lcode=en-us&affid=105-79&acctid=86158819&email=sherbear4183@aol.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DDSMEkl: {2502bbd0-d73b-11dd-b4ec-cebf56d89593} - c:\windows\system32\vumer.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupport] "c:\progra~1\dellsu~2\DSAgnt.exe" /startup
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [tgcmd] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe
mRun: [Microsoft Works Update Detection] "c:\program files\common files\microsoft shared\works shared\WkUFind.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SpySweeper] c:\program files\webroot\spy sweeper\SpySweeperUI.exe /startintray
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - {7DD73374-7187-4103-8F29-622AA25E7C40}
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4935/mcfscan.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: bfbcfaefbfab - c:\windows\system32\bfbcfaefbfab.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: ieModule - {D4930AC5-8C00-4F5E-B185-7CACDD606784} -
SEH: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - No File
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-11-29 201320]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-11-29 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-11-29 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-11-29 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-11-29 40488]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-3 203280]
R4 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-1-18 359248]
R4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R4 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-11-29 144704]
R4 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2007-11-30 3504704]
R4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys --> c:\windows\system32\drivers\avgarkt.sys [?]
S1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;\??\c:\program files\grisoft\avg anti-spyware 7.5\guard.sys --> c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [?]
S1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys --> c:\windows\system32\drivers\avg7core.sys [?]
S1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys --> c:\windows\system32\drivers\avg7rsw.sys [?]
S1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys --> c:\windows\system32\drivers\avg7rsxp.sys [?]
S1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\avgarcln.sys --> c:\windows\system32\drivers\AvgArCln.sys [?]
S1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\avgascln.sys --> c:\windows\system32\drivers\AvgAsCln.sys [?]
S1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys --> c:\windows\system32\drivers\avgclean.sys [?]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-11-12 33752]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-11-29 33832]
S4 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe --> c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [?]
S4 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe --> c:\progra~1\grisoft\avg7\avgamsvr.exe [?]
S4 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe --> c:\progra~1\grisoft\avg7\avgupsvc.exe [?]
S4 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avg7\avgemc.exe --> c:\progra~1\grisoft\avg7\avgemc.exe [?]
S4 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys --> c:\windows\system32\drivers\avgtdi.sys [?]

=============== Created Last 30 ================

2009-01-13 17:03 

 -cd-h--- c:\docume~1\alluse~1\applic~1\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-01-13 16:45   --d----- c:\windows\system32\XPSViewer
2009-01-13 16:42 117,760 -------- c:\windows\system32\prntvpt.dll
2009-01-13 16:42 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-01-13 16:42 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-01-13 16:42 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-01-13 16:42 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-01-13 16:42 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-01-13 16:42 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-01-13 16:42   --d----- C:\b99e7c8f1d222d6b9494
2009-01-13 16:17   --d-hr-- C:\AHCache
2009-01-13 16:08   --d----- c:\docume~1\sheree\applic~1\Uniblue
2009-01-13 15:27 3,342 a------- c:\windows\system32\tmp.reg
2009-01-13 15:23   --d----- c:\docume~1\sheree\applic~1\Thinstall
2009-01-12 13:34   --d----- c:\windows\system32\scripting
2009-01-12 13:34   --d----- c:\windows\l2schemas
2009-01-12 13:34   --d----- c:\windows\system32\en
2009-01-12 13:34   --d----- c:\windows\system32\bits
2009-01-12 13:30   --d----- c:\windows\ServicePackFiles

==================== Find3M  ====================

2009-01-27 17:04 6,686 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-01-12 13:41 88,983 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-15 20:30 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-12 23:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-12 00:57 78,336 a------- c:\windows\system32\Agent.OMZ.Fix.exe
2008-12-11 03:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-11 03:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-11-29 17:58 82,944 a------- c:\windows\system32\IEDFix.C.exe
2007-01-03 18:01 5,073,920 ac-sh--- c:\program files\ehthumbs.db
2006-05-10 20:02 251 ac------ c:\program files\wt3d.ini

============= FINISH: 21:09:31.64 ===============

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-19.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/10/2006 11:13:35 AM
System Uptime: 1/27/2009 8:02:05 PM (1 hours ago)

Motherboard: Dell Inc.           |  | 0HJ054
Processor:               Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 144 GiB total, 127.788 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP315: 11/28/2008 9:45:04 AM - Software Distribution Service 3.0
RP316: 12/1/2008 10:08:14 AM - Software Distribution Service 3.0
RP317: 12/4/2008 8:19:06 AM - Software Distribution Service 3.0
RP318: 12/8/2008 10:28:26 AM - Software Distribution Service 3.0
RP319: 12/10/2008 5:44:22 PM - System Checkpoint
RP320: 12/11/2008 11:49:33 AM - Software Distribution Service 3.0
RP321: 12/15/2008 8:25:40 PM - Software Distribution Service 3.0
RP322: 12/15/2008 8:41:12 PM - Software Distribution Service 3.0
RP323: 12/18/2008 11:00:31 AM - Software Distribution Service 3.0
RP324: 12/19/2008 10:42:19 AM - Software Distribution Service 3.0
RP325: 12/22/2008 11:38:07 AM - Software Distribution Service 3.0
RP326: 12/25/2008 9:26:51 AM - Software Distribution Service 3.0
RP327: 12/29/2008 10:53:55 AM - Software Distribution Service 3.0
RP328: 1/1/2009 1:49:00 PM - Software Distribution Service 3.0
RP329: 1/5/2009 9:49:00 AM - Software Distribution Service 3.0
RP330: 1/8/2009 10:22:51 AM - Software Distribution Service 3.0
RP331: 1/12/2009 10:25:51 AM - Software Distribution Service 3.0
RP332: 1/12/2009 10:48:58 AM - Windows Defender Checkpoint
RP333: 1/12/2009 12:42:49 PM - Removed Rhapsody Player Engine
RP334: 1/12/2009 12:44:07 PM - Uninstall Taking Charge of Your Fertility
RP335: 1/12/2009 12:48:05 PM - Removed Windows Live Toolbar
RP336: 1/12/2009 12:56:22 PM - Software Distribution Service 3.0
RP337: 1/12/2009 1:05:24 PM - Software Distribution Service 3.0
RP338: 1/12/2009 1:13:38 PM - Software Distribution Service 3.0
RP339: 1/12/2009 6:51:06 PM - Cleaned registry with Windows Live OneCare safety scanner
RP340: 1/13/2009 1:24:39 AM - Windows Defender Checkpoint
RP341: 1/13/2009 11:00:20 AM - Software Distribution Service 3.0
RP342: 1/13/2009 4:43:51 PM - Installed Windows KB954550-v5.
RP343: 1/13/2009 4:44:18 PM - Printer Driver Microsoft XPS Document Writer Installed
RP344: 1/13/2009 4:44:50 PM - Printer Driver Microsoft XPS Document Writer Installed
RP345: 1/13/2009 5:16:45 PM - Uniblue RegistryBooster 2009
RP346: 1/13/2009 9:24:40 PM - Windows Defender Checkpoint
RP347: 1/14/2009 11:00:27 AM - Software Distribution Service 3.0
RP348: 1/16/2009 9:28:23 AM - Software Distribution Service 3.0
RP349: 1/18/2009 9:53:58 PM - Windows Defender Checkpoint
RP350: 1/19/2009 11:58:22 AM - Software Distribution Service 3.0
RP351: 2/19/2009 3:10:38 PM - Restore Operation
RP352: 2/19/2009 3:45:46 PM - Restore Operation
RP353: 2/19/2009 4:00:47 PM - Restore Operation
RP354: 2/22/2009 9:07:49 AM - Software Distribution Service 3.0
RP355: 2/23/2009 8:23:49 PM - Removed Google Earth.
RP356: 2/26/2009 9:46:16 AM - Software Distribution Service 3.0
RP357: 1/27/2009 5:49:04 PM - Software Distribution Service 3.0

==== Installed Programs ======================

 WILLPower
924PLC32
ABBYY FineReader 6.0 Sprint
Adobe Flash Player ActiveX
Adobe Reader 7.1.0
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
ATI Control Panel
ATI Display Driver
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CCScore
Conexant D850 56K V.9x DFVc Modem
Corel Paint Shop Pro X
Corel Photo Album 6
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Network Assistant
Dell Photo AIO Printer 924
Dell Support 3.2.1
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Digital Content Portal
Digital Line Detect
DIGOpt
DIGReqEx
EarthLink setup files
EducateU
ELIcon
ESPNMotion
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
essvcpt
getPlus(R) for Adobe
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HLPPDOCK
Home and Business ***
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 11
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
K-Lite Codec Pack 2.80 Basic
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KSU
Learn2 Player (Uninstall Only)
LiveUpdate 3.2 (Symantec Corporation)
Managed DirectX (0901)
McAfee SecurityCenter
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Picture It! Express 9
Microsoft Picture It! Library 9
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows XP Video Decoder Checkup Utility
Modem Helper
MSN
MSN Encarta Plus Support Files
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Musicmatch for Windows Media Player
Musicmatch® Jukebox
NetWaiting
NetZeroInstallers
Norton 360
Notifier
NRA Varmint Hunter
OfotoXMI
OTtBP
OTtBPSDK
Otto
QuickTime
Qwest QuickCare
RealPlayer
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Roxio UDF Reader
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
SFR
SHASTA
SKIN0001
SKINXSDK
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
Spy Sweeper for MSN
staticcr
TypingMaster Pro
Update for Windows Internet Explorer 7 (KB928089)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
VPRINTOL
WebCyberCoach 3.2 Dell
WebFldrs XP
WildTangent Web Driver
Winamp (remove only)
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WIRELESS
WordPerfect Office 12
WordPerfect OfficeReady
XviD & MP3 Codec Pack (remove only)

==== Event Viewer Messages From Past Week ========

2/20/2009 10:43:50 AM, error: Service Control Manager [7000]  - The McAfee SystemGuards service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
2/20/2009 10:43:50 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the McAfee SystemGuards service to connect.
2/20/2009 10:42:04 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AVG Anti-Rootkit AVG Anti-Spyware Driver Avg7Core Avg7RsW Avg7RsXP AvgArCln AvgAsCln AvgClean
2/20/2009 10:42:04 AM, error: Service Control Manager [7022]  - The Bonjour Service service hung on starting.
2/20/2009 10:40:12 AM, error: Service Control Manager [7000]  - The AVG Network Redirector service failed to start due to the following error:  The system cannot find the file specified.
2/20/2009 10:40:12 AM, error: Service Control Manager [7000]  - The AVG E-mail Scanner service failed to start due to the following error:  The system cannot find the path specified.
2/20/2009 10:40:12 AM, error: Service Control Manager [7000]  - The AVG7 Update Service service failed to start due to the following error:  The system cannot find the path specified.
2/20/2009 10:40:12 AM, error: Service Control Manager [7000]  - The AVG7 Alert Manager Server service failed to start due to the following error:  The system cannot find the path specified.
2/20/2009 10:40:12 AM, error: Service Control Manager [7000]  - The AVG Anti-Spyware Guard service failed to start due to the following error:  The system cannot find the file specified.
2/19/2009 5:16:11 PM, error: PlugPlayManager [11]  - The device Root\LEGACY_9ABFA62FF88E94018EC0EB094E728657\0000 disappeared from the system without first being prepared for removal.
2/19/2009 3:02:05 PM, error: W32Time [34]  - The time service has detected that the system time needs to be  changed by -2678399 seconds. The time service will not change the system  time by more than -54000 seconds. Verify that your time and time zone  are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.0.2:123->207.46.197.32:123) is working properly.
2/21/2009 3:39:57 PM, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
2/22/2009 3:40:09 PM, error: W32Time [34]  - The time service has detected that the system time needs to be  changed by -2678399 seconds. The time service will not change the system  time by more than -54000 seconds. Verify that your time and time zone  are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.0.2:123->207.46.232.182:123) is working properly.
2/22/2009 8:58:09 PM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
2/24/2009 10:27:08 AM, error: W32Time [34]  - The time service has detected that the system time needs to be  changed by -2678398 seconds. The time service will not change the system  time by more than -54000 seconds. Verify that your time and time zone  are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.0.2:123->207.46.232.182:123) is working properly.
2/24/2009 7:31:11 PM, error: Service Control Manager [7031]  - The McAfee Real-time Scanner service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/25/2009 3:22:12 PM, error: Service Control Manager [7031]  - The McAfee Real-time Scanner service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/26/2009 9:40:10 AM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.
1/27/2009 4:48:55 PM, error: Print [6161]  - The document http://www.womenshealthmag.com/fitness/abs-workouts?layout=prin owned by sheree failed to print on printer Dell Photo AIO Printer 924. Data type: LEMF. Size of the spool file in bytes: 2272292. Number of bytes printed: 2272292. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\D7MTZT91. Win32 error code returned by the print processor: 0 (0x0).
1/27/2009 5:11:46 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Webroot Spy Sweeper Engine service to connect.
1/27/2009 5:11:46 PM, error: Service Control Manager [7000]  - The Webroot Spy Sweeper Engine service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
1/27/2009 5:54:11 PM, error: DCOM [10001]  - Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} as /. The error: "%233" Happened while starting this command: C:\PROGRA~1\McAfee.com\Agent\mcagent.exe -Embedding

==== End Of File ===========================

 

 

Bugbatter

4 Apprentice

 • 

20.5K Posts

January 27th, 2009 20:00

If you have no conflicts, you do not have to do anything to McAfee.

It appears that you have AVG, and Norton 360 on there in addition to McAfee. It is not advisable to be running several anti-virus programs in realtime, or you will be having conflicts and slowdowns. After this malware is cleaned up a bit, I suggest removing two of them that you are not going to use.

Logs are not read on this forum, however.

Please review the instructions posted earlier for the link, and repost the logs on the Malware Removal Forum so we can begin cleaning.

In your post over there, please address the following:

* Have you have posted this issue on another forum? If so, please provide a link to the topic.

* If you have disabled System Restore in an attempt to begin cleaning malware, please enable it now. We will flush System Restore when we are finished cleaning and we are sure that everything is running smoothly.

* If you are using any cracked software, please remove it. Definition of cracked software HERE.

* If you are using any P2P (file sharing) programs, please remove them before we clean your computer.  The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. That includes BitTorrent and similar programs. There is a list HERE.    

* If this computer belongs to someone else, do you have authority to apply the fixes we will use?

* After we begin working, please print or copy all instructions to Notepad in order to assist you when carrying out procedures. Please follow all instructions in sequence. Do not, on your own, install/re-install any programs or run any fixes or scanners that you have not been instructed to use because this may cause conflicts with the tools that I am using. Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

* During the course of our cleanup please do not do any additional online work or surfing until we have verified that your system is clean.

* We may be using some specialized tools during our fix. Certain embedded files that are part of legitimate programs or specialized fix tools such as process.exe, restart.exe, SmiUpdate.exe, reboot.exe, ws2fix.exe, prcviewer.exe and nircmd.exe may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool", "Hacking tool", "Potentially unwanted tool", or even "malware (virus/trojan)" when that is not the case. Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them.

* If your replies do not fit in one post while we are handling your issue, please reply to yourself until all text is submitted. It may take several posts.

I look forward to your reply on the other forum.

Was this post helpful?

View All

No Events found!

Top