Author Topic: hijack this log (Read 1179 times)

ummzee · « **on:** July 19, 2008, 11:47:07 PM »

Computer hardly moving. McAfee needs o be deleted, it is out dated. Can't delete the add/delet won't open, to slow, it hangs.
Please let me know where to start to clean this mess up. Thanks. CPU running at 100% all the time.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:23:34 AM, on 7/20/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\AOL\1129383946\ee\aolsoftware.exe
C:\WINNT\system32\wuauclt.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\SDShred.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [RegistrySmart] "C:\Program Files\RegistrySmart\RegistrySmart.exe" -boot
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\Email RemovedEXE" -b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1212429283433
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F99E5A7-C18C-42CB-8927-4262AC2EE1FF}: NameServer = 64.83.1.10,209.137.171.10
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - AOL LLC - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

--
End of file - 3938 bytes

guestolo · « **Reply #1 on:** July 21, 2008, 07:45:26 PM »

Can you do the following

If you have an older version of dss.exe
Can you delete your copy, I need you to have an updated copy

Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post back the Whole contents of Main.txt and Extra.txt

ummzee · « **Reply #2 on:** July 21, 2008, 08:08:35 PM »

[quote name=\'guestolo\' post=\'437652\' date=\'Jul 21 2008, 07:00 PM\']Can you do the following

If you have an older version of dss.exe
Can you delete your copy, I need you to have an updated copy

Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post back the Whole contents of Main.txt and Extra.txt[/quote]

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-07-21 22:18:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:46 PM, on 7/21/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINNT\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
C:\WINNT\system32\wuauclt.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [RegistrySmart] "C:\Program Files\RegistrySmart\RegistrySmart.exe" -boot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1212429283433
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F99E5A7-C18C-42CB-8927-4262AC2EE1FF}: NameServer = 64.83.1.10,209.137.171.10
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - AOL LLC - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

--
End of file - 3804 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20070910-095809-152 O21 - SSODL: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - (no file)
backup-20070910-095809-785 O21 - SSODL: gHexXZmUpDgi - {A80C390E-02A6-93A4-5EAC-E97C9D9C1F59} - (no file)
backup-20070910-095809-401 O22 - SharedTaskScheduler: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - (no file)
backup-20071104-050808-847 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/
backup-20071104-050808-246 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1
backup-20071104-050808-421 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20071104-050808-235 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20071104-050808-623 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
backup-20071104-050808-546 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
backup-20071104-050808-384 O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
backup-20071104-050808-801 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20071104-050808-538 O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
backup-20071104-050808-491 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
backup-20071104-050808-733 O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
backup-20071104-050808-336 O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129383946\ee\AOLSoftware.exe
backup-20071104-050808-979 O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1129383946\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
backup-20071104-050808-314 O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1129383946\ee\SSCRun.exe
backup-20071104-050808-122 O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
backup-20071104-050808-620 O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
backup-20071104-050808-392 O4 - HKLM\..\Run: [PPRT] C:\Program Files\CA\PPRT\bin\ITMRTSVC_Logon.exe
backup-20071104-050808-342 O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
backup-20071104-050808-225 O4 - HKLM\..\Run: [ppsmcs] sqvx5gamet2.exe
backup-20071104-050808-672 O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
backup-20071104-050808-615 O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\Email RemovedEXE" -b
backup-20071104-050808-473 O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
backup-20071104-050808-946 O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
backup-20071104-050808-985 O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
backup-20071104-050808-365 O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
backup-20071104-050808-105 O4 - Global Startup: Broadband Support Center.lnk = C:\Program Files\Verizon Online\Support Center\bin\matcli.exe
backup-20071104-050808-133 O4 - Global Startup: Launchpad.lnk = C:\Program Files\IC Media Corp\ICM532\Launchpad.exe
backup-20071104-050808-394 O4 - Global Startup: SnapDetect.lnk = C:\WINNT\Twain_32\CA561A\SnapDetect.exe
backup-20071104-050808-410 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
backup-20071104-050808-310 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
backup-20071104-050822-760 O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
backup-20071104-050831-175 O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
backup-20071104-050847-100 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
backup-20071104-050926-678 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183255099528
backup-20071104-051017-900 O17 - HKLM\System\CCS\Services\Tcpip\..\{3F99E5A7-C18C-42CB-8927-4262AC2EE1FF}: NameServer = 209.137.171.10,209.137.171.20
backup-20071104-051017-697 O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
backup-20071104-051017-306 O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1129383946\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
backup-20071104-051017-480 O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
backup-20071104-051017-490 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
backup-20071104-051017-363 O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
backup-20071104-051017-459 O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
backup-20071104-051017-171 O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
backup-20071104-051017-175 O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
backup-20071104-051017-352 O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
backup-20071104-051017-602 O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
backup-20071104-051017-587 O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
backup-20071109-014108-966 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/
backup-20071109-014108-883 O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\PROGRA~1\mcafee\mps\mcpopup.dll
backup-20071109-014108-630 O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
backup-20071109-014108-839 O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\mcafee.com\personal firewall\MPFTray.exe"
backup-20071109-014108-662 O4 - HKLM\..\Run: [McAfee Privacy Service] C:\Program Files\McAfee\MPS\mps.exe -r
backup-20071109-014108-929 O4 - HKLM\..\Run: [Ultimate Fixer] "C:\Program Files\Ultimate Fixer\UltimateFixer.exe" hide
backup-20071109-014108-128 O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\Email RemovedEXE" -b
backup-20071109-014108-851 O4 - HKCU\..\Run: [ppsmcs] sqvx5gamet2.exe
backup-20071109-014108-844 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194266288331
backup-20071109-014108-460 O17 - HKLM\System\CCS\Services\Tcpip\..\{3F99E5A7-C18C-42CB-8927-4262AC2EE1FF}: NameServer = 85.255.114.70,85.255.112.182
backup-20071109-014108-886 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.70 85.255.112.182
backup-20071109-014108-409 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.70 85.255.112.182
backup-20071109-014108-356 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.70 85.255.112.182
backup-20071109-014108-999 O20 - Winlogon Notify: botreg - C:\Documents and Settings\All Users\Documents\Settings\bot.dll (file missing)
backup-20071109-014108-514 O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll (file missing)
backup-20071109-014108-666 O21 - SSODL: gHexXZmUpDgi - {A80C390E-02A6-93A4-5EAC-E97C9D9C1F59} - (no file)
backup-20071109-014108-433 O21 - SSODL: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - (no file)
backup-20071109-014108-285 O22 - SharedTaskScheduler: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - (no file)
backup-20071109-014108-168 O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
backup-20071109-014108-119 O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
backup-20071109-014108-354 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
backup-20071109-014108-991 O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
backup-20071109-014108-914 O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
backup-20071109-014108-334 O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
backup-20071109-014108-807 O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
backup-20071109-014108-920 O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
backup-20071109-014108-846 O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
backup-20071109-014108-131 O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
backup-20071109-014108-416 O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
backup-20071109-014108-828 O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
backup-20071109-014108-856 O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
backup-20071109-014108-726 O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
backup-20071109-014108-916 O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
backup-20071109-014108-816 O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
backup-20071109-014108-382 O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

-- File Associations -----------------------------------------------------------

[color=\"red\"].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/color]

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 MPFIREWL - c:\winnt\system32\drivers\mpfirewall.sys <Not Verified; McAfee; McAfee Personal Firewall>
R2 mdmxsdk - c:\winnt\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface>
R3 HSF_DP - c:\winnt\system32\drivers\hsf_dp.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 HSFHWBS2 - c:\winnt\system32\drivers\hsfhwbs2.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 winachsf - c:\winnt\system32\drivers\hsf_cnxt.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>

S2 windev-1fe3-5087 - c:\winnt\system32\windev-1fe3-5087.sys (file missing)
S3 catchme - c:\docume~1\admini~1\locals~1\temp\catchme.sys (file missing)
S3 MPE (BDA MPE Filter) - c:\winnt\system32\drivers\mpe.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
S3 NaiAvFilter1 - c:\winnt\system32\drivers\naiavf5x.sys <Not Verified; McAfee Inc.; VirusScan>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 AOLService (AOL Spyware Protection Service) -
S4 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-07-10 17:31:16 442 --a------ C:\WINNT\Tasks\RegistrySmart Scheduled Scan.job
2007-11-05 02:26:54 348 --a------ C:\WINNT\Tasks\McQcTask.job

-- Files created between 2008-06-21 and 2008-07-21 -----------------------------

2008-07-20 01:45:48 0 d-------- C:\FOUND.000
2008-07-20 00:08:18 642320 ---h----- C:\WINNT\ShellIconCache
2008-07-10 21:27:40 0 d-------- C:\FOUND.002

-- Find3M Report ---------------------------------------------------------------

Nothing modified in this timespan.

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 03:05p C:\WINNT\system32\mobsync.exe]
"RegistrySmart"="C:\Program Files\RegistrySmart\RegistrySmart.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe" [01/28/08 11:43a]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=NVDESK32.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

-- End of Deckard's System Scanner: finished at 2008-07-21 22:19:17 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows 2000 Professional (build 2195) SP 4.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 1400MHz
Percentage of Memory in Use: 65%
Physical Memory (total/avail): 255.08 MiB / 88.56 MiB
Pagefile Memory (total/avail): 617.01 MiB / 418.04 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1976.71 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 18.61 GiB total, 13.63 GiB free.
D: is Removable (No Media)
E: is CDROM (No Media)
F: is Removable (FAT)

\\.\PHYSICALDRIVE1 - IOMEGA ZIP 250

\\.\PHYSICALDRIVE0 - Maxtor 5T020H2 - 18.62 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 18.62 GiB - C:

\\.\PHYSICALDRIVE2 - LEXAR JUMPDRIVE USB Device - 243.17 MiB - 1 partition
\PARTITION0 - 16-bit FAT - 245.48 MiB - F:

-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=COMPUTER1
ComSpec=C:\WINNT\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
ICM_532_INF_PATH=C:\WINNT\INF\oem7.inf
ICM_532_INSTALL_DIR=C:\Program Files\IC Media Corp.\ICM532\Driver
ICM_532_PNF_PATH=C:\WINNT\INF\oem7.pnf
ICM_532_PRODUCT_VER=1.1.0.0
LOGONSERVER=\\COMPUTER1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Os2LibPath=C:\WINNT\system32\os2\dll;
Path=C:\WINNT\system32;C:\WINNT;C:\WINNT\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 0 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0007
ProgramFiles=C:\Program Files
PROMPT=$P$G
SystemDrive=C:
SystemRoot=C:\WINNT
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=COMPUTER1
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINNT

-- User Profiles ---------------------------------------------------------------

Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\mcafee.com\personal firewall\aol\uninst.exe" /PopUpMsgBox="N" /CheckMutx="N" /S
--> C:\PROGRA~1\VERIZO~1\SUPPOR~1\Uninstall.exe Verizon
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00BC-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00C6-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00D1-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF03DB-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
Adobe Acrobat 5.0 --> C:\WINNT\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
AOL Coach Version 1.0(Build:20030807.3) --> C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
Broadband Support Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00C5-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
DirectX 8 Hotfix - KB839643 --> C:\WINNT\$NtUninstallKB839643-DirectX8$\spuninst\spuninst.exe
EZPhoto Browser --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A393E43-9F1B-4B4D-AFC3-E4B6663F6DD3}\Setup.exe" -l0x9
EZPhoto Panorama --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B473BAC8-6A90-4D53-96C9-97A759A76EE8}\Setup.exe" -l0x9
EZPhoto Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED8F2441-E5B9-4F48-82AD-759C17A68ADB}\Setup.exe" -l0x9
EZShowtime MMS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5FB2EF0E-0254-4B7E-98C9-7F83E0C5E6C2}\Setup.exe" -l0x9
EZSuite For EZCam III --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{313aa16e-8c61-410c-a225-917462421659}\Setup.exe" -l0x9
EZVideo Mail --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8D4B52-52E5-41EF-9C43-8CDF1527DDFD}\Setup.exe" -l0x9
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ICM532 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FD3DF65-694C-4F71-97BA-1A70BB2B8B9C}\Setup.exe" -l0x9
Internet Explorer Q867801 --> C:\WINNT\ieuninst.exe C:\WINNT\INF\Q867801.inf
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LiveUpdate 1.7 (Symantec Corporation) --> C:\Program Files\\Symantec\LiveUpdate\LSETUP.EXE /U
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Data Access Components KB870669 --> C:\WINNT\muninst.exe C:\WINNT\INF\KB870669.inf
Microsoft Internet Explorer 6 SP1 --> rundll32 C:\WINNT\system32\setupwbv.dll,IE6Maintenance C:\Program Files\Internet Explorer\IE Uninstall\W2KEXCP.EXE /u
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft VGX Q833989 --> C:\WINNT\vgxuninst.exe C:\WINNT\INF\Q833989.inf
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Netscape Navigator (9.0.0.6) --> C:\Program Files\Netscape\Navigator 9\uninstall\helper.exe
NVIDIA Windows 2000 Display Drivers --> rundll32.exe C:\WINNT\System32\nvinstnt.dll,NvUninstallNT4 nvdd.inf
Outlook Express Q823353 --> C:\WINNT\oeuninst.exe C:\WINNT\INF\Q823353.inf
PassAlong Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC4732F4-665D-4E6B-8E50-74D6B6FBE5A9}\setup.exe" -l0x9
Pdf995 --> C:\Program Files\TaxCut06\pdf995\setup.exe uninstall
PdfEdit995 --> C:\Program Files\TaxCut06\pdf995\res\utilities\thinsetup.exe - uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> C:\WINNT\unvise32qt.exe C:\WINNT\system32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RegistrySmart 2.9.0 --> "C:\Program Files\RegistrySmart\unins000.exe"
SoftV92 Data Fax Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F00&SUBSYS_200214F1\HXFSETUP.EXE -U -IGENHSF5.inf
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINNT\unins000.exe"
Sybex CCNA Virtual Lab e-trainer --> C:\SYBEX\UNWISE.EXE C:\SYBEX\INSTALL.LOG
Sybex e-trainer --> C:\WINNT\IsUninst.exe -f"C:\Program Files\Sybex\e-trainer\Uninst.isu"
TaxCut Premium 2006 --> C:\PROGRA~1\TaxCut06\Program\removetc.exe
Verizon Online --> C:\WINNT\system32\VerizonUninstaller.exe
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Media Player system update (9 Series) --> C:\PROGRA~1\WINDOW~2\setup_wm.exe /Uninstall
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Yahoo! Toolbar --> C:\PROGRA~1\YAHOO!\COMMON\unyt.exe

-- Application Event Log -------------------------------------------------------

Event Record #/Type1080 / Warning
Event Submitted/Written: 07/21/2008 09:54:40 PM
Event ID/Source: 1 / MpfService
Event Description:
generated a warning message.

Time: Mon Jul 21 21:54:39 2008

Warning Text:
could not start Filter Engine (e1480ad0).

Error Number: 0x0

Error Description:
The operation completed successfully.

Event Record #/Type1078 / Warning
Event Submitted/Written: 07/20/2008 01:48:47 AM
Event ID/Source: 1 / MpfService
Event Description:
generated a warning message.

Time: Sun Jul 20 01:48:42 2008

Warning Text:
could not start Filter Engine (e2ab4ad0).

Error Number: 0x0

Error Description:
The operation completed successfully.

Event Record #/Type1075 / Warning
Event Submitted/Written: 07/20/2008 00:19:09 AM
Event ID/Source: 1 / MpfService
Event Description:
generated a warning message.

Time: Sun Jul 20 00:19:05 2008

Warning Text:
could not start Filter Engine (e29cbad0).

Error Number: 0x0

Error Description:
The operation completed successfully.

Event Record #/Type1072 / Warning
Event Submitted/Written: 07/19/2008 11:01:46 PM
Event ID/Source: 1 / MpfService
Event Description:
generated a warning message.

Time: Sat Jul 19 23:01:45 2008

Warning Text:
could not start Filter Engine (e2ae4ad0).

Error Number: 0x0

Error Description:
The operation completed successfully.

Event Record #/Type1071 / Error
Event Submitted/Written: 07/19/2008 09:41:56 AM
Event ID/Source: 2001 / rasctrs
Event Description:

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type2633 / Warning
Event Submitted/Written: 07/21/2008 10:02:52 PM
Event ID/Source: 11050 / dnscache
Event Description:
The DNS Client service could not contact any DNS servers for
a repeated number of attempts. For the next 30 seconds the
DNS Client service will not use the network to avoid further
network performance problems. It will resume its normal behavior
after that. If this problem persists, verify your TCP/IP
configuration, specifically check that you have a preferred
(and possibly an alternate) DNS server configured. If the problem
continues, verify network conditions to these DNS servers or contact
your network administrator.

Event Record #/Type2632 / Error
Event Submitted/Written: 07/21/2008 09:58:24 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service McAfee HackerWatch Service with arguments ""
in order to run the server:
{6021CE48-B556-4F11-BC68-A647F056F8CC}

Event Record #/Type2631 / Error
Event Submitted/Written: 07/21/2008 09:54:11 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1053" attempting to start the service mcmispupdmgr with arguments ""
in order to run the server:
{7323885B-407F-4839-9695-96F545FF6286}

Event Record #/Type2630 / Error
Event Submitted/Written: 07/21/2008 09:54:11 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The McAfee Update Manager service failed to start due to the following error:
%%1053

Event Record #/Type2629 / Error
Event Submitted/Written: 07/21/2008 09:54:11 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the McAfee Update Manager service to connect.

-- End of Deckard's System Scanner: finished at 2008-07-21 22:19:17 ------------

guestolo · « **Reply #3 on:** July 22, 2008, 10:54:35 PM »

Sorry for the delay, can you do the following
I want to see what we can find
If you have an older version of ComboFix, can you delete it please

Then do the following
why not post an uninstall list from Hijackthis
Download this file - Combofix.exe and save it ONLY to your desktop

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
By default it will save a copy to C:\Combofix.txt
I'll need to see this log later
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post back the log from Combofix

ummzee · « **Reply #4 on:** July 23, 2008, 05:33:38 AM »

[quote name=\'guestolo\' post=\'437800\' date=\'Jul 22 2008, 11:09 PM\']Sorry for the delay, can you do the following
I want to see what we can find
If you have an older version of ComboFix, can you delete it please

Then do the following
why not post an uninstall list from Hijackthis
Download this file - Combofix.exe and save it ONLY to your desktop

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
By default it will save a copy to C:\Combofix.txt
I'll need to see this log later
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post back the log from Combofix[/quote]

ummzee · « **Reply #5 on:** July 23, 2008, 05:36:14 AM »

The computer is working better. much better. I am sure you have a life like everyone else, no problem about the dely, have a great day and thankj you for your help.

ComboFix 08-07-22.4 - Administrator 07/23/2008 7:37:28.2 - [color=\"red\"]FAT32[/color]x86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.120 [GMT -4:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINNT\system32\config\SAM.SAV
C:\WINNT\system32\drivers\asc355o.sys
C:\WINNT\system32\mstsdsc.exe
C:\WINNT\Web\default.htt

----- BITS: Possible infected sites -----

http://teadis.net
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASC355O
-------\Legacy_WINDEV-1FE3-5087
-------\Service_asc355O
-------\Service_windev-1fe3-5087

((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 )))))))))))))))))))))))))))))))
.

2008-07-23 07:40 . 08-07-23 07:40    16,384   --a----t-   C:\WINNT\system32\Perflib_Perfdata_25c.dat
2008-07-21 22:18 . 08-07-21 22:18    <DIR>   d--------   C:\Deckard
2008-07-20 01:45 . 08-07-20 01:45    <DIR>   d--------   C:\FOUND.000
2008-07-20 00:08 . 08-07-23 07:17    743,374   ---h-----   C:\WINNT\ShellIconCache
2008-07-19 23:03 . 99-10-04 15:04    13,744   --a------   C:\WINNT\system32\drivers\kbdhid.sys
2008-07-19 23:03 . 99-10-04 15:04    13,744   --a------   C:\WINNT\system32\dllcache\kbdhid.sys
2008-07-19 23:02 . 03-06-19 15:05    19,728   --a------   C:\WINNT\system32\hidserv.exe
2008-07-19 23:02 . 03-06-19 15:05    19,728   --a------   C:\WINNT\system32\dllcache\hidserv.exe
2008-07-10 21:27 . 08-07-10 21:27    <DIR>   d--------   C:\FOUND.002

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-17 10:54   13,272   ----a-w   C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2004-05-14 19:34   271   ---h--w   C:\Program Files\desktop.ini
2004-05-14 19:34   21,952   ---h--w   C:\Program Files\folder.htt
1999-12-07 16:00   32,528   ----a-w   C:\WINNT\inf\wbfirdma.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 15:05 111376 C:\WINNT\system32\mobsync.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=NVDESK32.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll

R2 aswMon;avast! Standard Shield Support;C:\WINNT\system32\drivers\aswMon.sys [07-07-27 18:02 ]
R3 EL90BC;3Com EtherLink XL B/C Adapter Driver;C:\WINNT\system32\DRIVERS\el90xbc5.sys [99-10-23 12:22 ]
S4 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [07-01-04 16:38 ]
.
Contents of the 'Scheduled Tasks' folder
"2007-11-05 06:26:54 C:\WINNT\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-07-10 21:31:16 C:\WINNT\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
.
.
------- Supplementary Scan -------
.
O17 -: HKLM\CCS\Interface\{3F99E5A7-C18C-42CB-8927-4262AC2EE1FF}: NameServer = 64.83.1.10,209.137.171.10

O16 -: DirectAnimation Java Classes - file://C:\WINNT\Java\classes\dajava.cab
C:\WINNT\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINNT\Java\classes\xmldso.cab
C:\WINNT\Downloaded Program Files\Microsoft XML Parser for Java.osd

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-23 07:40:55
Windows 5.0.2195 Service Pack 4 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-23 7:42:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-23 11:42:30

Pre-Run: 14,632,910,848 bytes free
Post-Run: 14,664,744,960 bytes free

86

guestolo · « **Reply #6 on:** July 23, 2008, 09:17:26 PM »

I would like to try one more scanner please
download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

also post a fresh hijackthis log

ummzee · « **Reply #7 on:** July 24, 2008, 05:32:22 PM »

[quote name=\'guestolo\' post=\'437959\' date=\'Jul 23 2008, 08:32 PM\']I would like to try one more scanner please
download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

also post a fresh hijackthis log[/quote]

ummzee · « **Reply #8 on:** July 24, 2008, 05:36:26 PM »

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/laugh.gif\' class=\'bbc_emoticon\' alt=\':lol:\' />

Malwarebytes' Anti-Malware 1.23
Database version: 985
Windows 5.0.2195 Service Pack 4

7:45:19 PM 7/24/2008
mbam-log-7-24-2008 (19-45-19).txt

Scan type: Full Scan (C:\|)
Objects scanned: 57221
Time elapsed: 7 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\legacy_windev-2046-5b33 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\legacy_windev-5334-6060 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\legacy_windev-64b6-953 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\legacy_windev-7453-7b6a (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\legacy_windev-7656-2dc3 (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Administrator\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Administrator\Application Data\RegistrySmart\Log\2008 Jul 10 - 05_23_29 PM_991.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\RegistrySmart\Log\2008 Jul 10 - 05_29_34 PM_436.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\RegistrySmart\Registry Backups\2007-11-12_18-05-55.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

guestolo · « **Reply #9 on:** July 24, 2008, 07:53:46 PM »

Can you run a fresh scan with dss.exe please and post the new log from main.txt

ummzee · « **Reply #10 on:** July 26, 2008, 07:51:30 AM »

[quote name=\'guestolo\' post=\'438026\' date=\'Jul 24 2008, 08:08 PM\']Can you run a fresh scan with dss.exe please and post the new log from main.txt[/quote]

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-07-26 10:02:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:02:35 AM, on 7/26/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1212429283433
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F99E5A7-C18C-42CB-8927-4262AC2EE1FF}: NameServer = 64.83.1.10,209.137.171.10
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - AOL LLC - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

--
End of file - 3457 bytes

-- Files created between 2008-06-26 and 2008-07-26 -----------------------------

2008-07-24 19:33:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-07-24 19:32:58 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-24 19:32:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-23 07:36:24 68096 --a------ C:\WINNT\zip.exe
2008-07-23 07:36:24 49152 --a------ C:\WINNT\VFind.exe
2008-07-23 07:36:24 212480 --a------ C:\WINNT\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-23 07:36:24 136704 --a------ C:\WINNT\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-23 07:36:24 161792 --a------ C:\WINNT\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-23 07:36:24 98816 --a------ C:\WINNT\sed.exe
2008-07-23 07:36:24 80412 --a------ C:\WINNT\grep.exe
2008-07-23 07:36:24 89504 --a------ C:\WINNT\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-20 01:45:48 0 d-------- C:\FOUND.000
2008-07-20 00:08:18 743900 ---h----- C:\WINNT\ShellIconCache
2008-07-10 21:27:40 0 d-------- C:\FOUND.002

-- Find3M Report ---------------------------------------------------------------

Nothing modified in this timespan.

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 03:05p C:\WINNT\system32\mobsync.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=NVDESK32.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

-- End of Deckard's System Scanner: finished at 2008-07-26 10:03:00 ------------

guestolo · « **Reply #11 on:** July 26, 2008, 08:44:20 AM »

I see Avast and McAfee installed
Are you still planning on removing McAfee?

Can you post one more log
supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

ummzee · « **Reply #12 on:** July 26, 2008, 10:07:25 AM »

[quote name=\'guestolo\' post=\'438308\' date=\'Jul 26 2008, 08:59 AM\']I see Avast and McAfee installed
Are you still planning on removing McAfee?

Can you post one more log
supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents[/quote]

This is a family members computer who uses AOL, I believe AoL give its users a free copy of McAfee. The current copy is outdated and I need to remove it. The family member is not computer literate and may never load the free McAfee version, I will keep the AVAST.

Thanks for your help
ummzee aka modestgarb

Adobe Acrobat 5.0
AOL Coach Version 1.0(Build:20030807.3)
AOL Uninstaller (Choose which Products to Remove)
avast! Antivirus
Broadband Support Center
CCleaner (remove only)
DirectX 8 Hotfix - KB839643
EZPhoto Browser
EZPhoto Panorama
EZPhoto Tools
EZShowtime MMS
EZSuite For EZCam III
EZVideo Mail
HijackThis 2.0.2
ICM532
Internet Explorer Q867801
Learn2 Player (Uninstall Only)
LiveUpdate 1.7 (Symantec Corporation)
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft Data Access Components KB870669
Microsoft Internet Explorer 6 SP1
Microsoft Office XP Professional with FrontPage
Microsoft VGX Q833989
Mozilla Firefox (2.0.0.11)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Netscape Navigator (9.0.0.6)
NVIDIA Windows 2000 Display Drivers
Outlook Express Q823353
PassAlong Software
Pdf995
PdfEdit995
PowerDVD
QuickTime
RealPlayer
Security Update for Windows Media Player 6.4 (KB925398)
SoftV92 Data Fax Modem
SoundMAX
Spybot - Search & Destroy 1.5.2.20
Sybex CCNA Virtual Lab e-trainer
Sybex e-trainer
TaxCut Premium 2006
Verizon Online
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Windows 2000 Hotfix - KB329115
Windows 2000 Hotfix - KB823182
Windows 2000 Hotfix - KB823559
Windows 2000 Hotfix - KB824105
Windows 2000 Hotfix - KB825119
Windows 2000 Hotfix - KB826232
Windows 2000 Hotfix - KB828035
Windows 2000 Hotfix - KB828741
Windows 2000 Hotfix - KB828749
Windows 2000 Hotfix - KB835732
Windows 2000 Hotfix - KB837001
Windows 2000 Hotfix - KB839645
Windows 2000 Hotfix - KB840315
Windows 2000 Hotfix - KB840987
Windows 2000 Hotfix - KB841872
Windows 2000 Hotfix - KB841873
Windows 2000 Hotfix - KB842526
Windows 2000 Hotfix - KB842773
Windows 2000 Hotfix - KB926122
Windows Installer 3.1 (KB893803)
Windows Media Player Hotfix [See Q828026 for more information]
Windows Media Player system update (9 Series)
WinZip
Yahoo! Toolbar

guestolo · « **Reply #13 on:** July 26, 2008, 04:15:45 PM »

You shouldn't now have a problem removing McAfee
But before you do, you should download a new Firewall software

Did you have something in mind?
There are plenty of free ones

How old is this computer, it would be a good idea to update the amount of RAM
Are you willing to do this, I see 256mb only installed
It could sure use at least another 256mb if the system will allow
What's the exact make/model of computer?

ummzee · « **Reply #14 on:** July 26, 2008, 09:33:25 PM »

[quote name=\'guestolo\' post=\'438339\' date=\'Jul 26 2008, 04:30 PM\']You shouldn't now have a problem removing McAfee
But before you do, you should download a new Firewall software

Did you have something in mind?
There are plenty of free ones

How old is this computer, it would be a good idea to update the amount of RAM
Are you willing to do this, I see 256mb only installed
It could sure use at least another 256mb if the system will allow
What's the exact make/model of computer?[/quote]

guestolo · « **Reply #15 on:** July 26, 2008, 10:22:27 PM »

You quoted my last reply?

TheTechGuide Forum

News:

Author Topic: hijack this log (Read 1179 times)

ummzee

hijack this log

guestolo

hijack this log

ummzee

hijack this log

guestolo

hijack this log

ummzee

hijack this log

ummzee

hijack this log

guestolo

hijack this log

ummzee

hijack this log

ummzee

hijack this log

guestolo

hijack this log

ummzee

hijack this log

guestolo

hijack this log

ummzee

hijack this log

guestolo

hijack this log

ummzee

hijack this log

guestolo

hijack this log