Results 1 to 10 of 10

Thread: HJT log

  1. #1
    Member
    Join Date
    Nov 2007
    Posts
    14
    Points
    0

    Default HJT log

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Windows\OEM02Mon.exe
    C:\Program Files\Softwin\BitDefender10\bdmcon.exe
    C:\Program Files\Softwin\BitDefender10\bdagent.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
    O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-2110445819-1510953363-3035998584-1139\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User '?')
    O4 - HKUS\S-1-5-21-2110445819-1510953363-3035998584-500\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
    O4 - HKUS\S-1-5-21-4230628389-1415257647-3979508967-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: QuickSet.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O13 - Gopher Prefix:
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = angularsystemsinc.local
    O17 - HKLM\Software\..\Telephony: DomainName = angularsystemsinc.local
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6D3C2E2A-718A-4110-9E6D-E38AE4F85E76}: NameServer = 192.168.16.2
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = angularsystemsinc.local
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
    O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: Cadence License Manager - Macrovision Corporation - C:\OrCAD\license_manager\lmgrd.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\EmProxy\emproxy.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - Unknown owner - C:\Program Files\McAfee\MSC\mcupdmgr.exe (file missing)
    O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\Program Files\McAfee\MSC\mcmscsvc.exe (file missing)
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\Program Files\McAfee\VirusScan\mcods.exe (file missing)
    O23 - Service: McAfee Protection Manager (mcpromgr) - Unknown owner - C:\Program Files\McAfee\MSC\mcpromgr.exe (file missing)
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\Program Files\McAfee\VirusScan\Mcshield.exe (file missing)
    O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (file missing)
    O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)
    O23 - Service: McAfee Privacy Service (MPS9) - Unknown owner - C:\Program Files\McAfee\MPS\mps.exe (file missing)
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - Unknown owner - C:\Program Files\McAfee\MSK\MskSrver.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 12570 bytes

    this is related to the topic http://www.help2go.com/component/opt...topic/t,26379/ any help would be greatly appreciated.

  2. #2
    Member
    Join Date
    Dec 2002
    Posts
    12,000
    Points
    1191

    Default

    Hi:

    Top part of the log is missing, the next HJT be sure to include it.

    I see several entries 4 different Anti Viris programs.

    I see BitDefender, OneCare, McAfee and AVG. Which one are you going to keep ? Can only have one.

    Also would like to see the SUPERAntiSpyware Scan Log.

    BG

  3. #3
    Member
    Join Date
    Nov 2007
    Posts
    14
    Points
    0

    Default

    bitdefender and onecare have since gone (I was going to post a new one when I woke up today) but mcafee got uninstalled when I got the computer, so I have no idea what is going on with those. If there's a removal tool I'll look around this morning, otherwise any suggestion is appreciated. I'll run a new SASW scan and post the log for that as well. Thanks.

  4. #4
    Member
    Join Date
    Nov 2007
    Posts
    14
    Points
    0

    Default

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:52:00 PM, on 11/26/2007
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16546)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Windows\OEM02Mon.exe
    C:\Program Files\Softwin\BitDefender10\bdmcon.exe
    C:\Program Files\Softwin\BitDefender10\bdagent.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
    O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-2110445819-1510953363-3035998584-1139\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User '?')
    O4 - HKUS\S-1-5-21-2110445819-1510953363-3035998584-500\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
    O4 - HKUS\S-1-5-21-4230628389-1415257647-3979508967-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: QuickSet.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O13 - Gopher Prefix:
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = angularsystemsinc.local
    O17 - HKLM\Software\..\Telephony: DomainName = angularsystemsinc.local
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6D3C2E2A-718A-4110-9E6D-E38AE4F85E76}: NameServer = 192.168.16.2
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = angularsystemsinc.local
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
    O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: Cadence License Manager - Macrovision Corporation - C:\OrCAD\license_manager\lmgrd.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\EmProxy\emproxy.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - Unknown owner - C:\Program Files\McAfee\MSC\mcupdmgr.exe (file missing)
    O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\Program Files\McAfee\MSC\mcmscsvc.exe (file missing)
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\Program Files\McAfee\VirusScan\mcods.exe (file missing)
    O23 - Service: McAfee Protection Manager (mcpromgr) - Unknown owner - C:\Program Files\McAfee\MSC\mcpromgr.exe (file missing)
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\Program Files\McAfee\VirusScan\Mcshield.exe (file missing)
    O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (file missing)
    O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)
    O23 - Service: McAfee Privacy Service (MPS9) - Unknown owner - C:\Program Files\McAfee\MPS\mps.exe (file missing)
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - Unknown owner - C:\Program Files\McAfee\MSK\MskSrver.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 12570 bytes



    Let it be re-known: I uninstalled onecare,bitdefender, and mcafee. yet they seem to remain. I tried doing what the detective said, but again, they don't disappear. Maybe I'm doing something wrong. SASW is running and I will post that soon.

  5. #5
    Member
    Join Date
    Nov 2007
    Posts
    14
    Points
    0

    Default

    SASW just found 2 cookies (i deleted the most cookies yesterday during the last scan) I can post the log file, but it seems worthless.
    Here's yesterdays log

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/26/2007 at 04:37 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3259
    Trace Rules Database Version: 1270

    Scan type : Complete Scan
    Total Scan Time : 01:31:12

    Memory items scanned : 761
    Memory threats detected : 0
    Registry items scanned : 9476
    Registry threats detected : 0
    File items scanned : 108950
    File threats detected : 186

    Adware.Tracking Cookie
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\joe@server.iad.liveperson[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\joe@2o7[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\joe@statse.webtrendslive[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\joe@doubleclick[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\joe@serving-sys[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\joe@bs.serving-sys[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\joe@atdmt[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\joe@tribalfusion[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\joe@fastclick[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\joe@msnportal.112.2o7[1].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\joekrauska@2o7[1].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@adopt.specificclick[2].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@adrevolver[2].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@ads.cnn[2].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@ads.pointroll[1].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@advertising[2].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@atdmt[2].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@burstnet[1].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@doubleclick[1].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@edge.ru4[2].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@fastclick[1].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@imrworldwide[2].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@mediaplex[1].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@questionmarket[2].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@realmedia[2].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@statse.webtrendslive[1].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@tribalfusion[1].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@zedo[1].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joekrauska@2o7[1].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joekrauska@ad.yieldmanager[1].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joekrauska@ad1.clickhype[1].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joekrauska@adbrite[2].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joekrauska@ads.adbrite[1].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joekrauska@ads.cdfreaks[1].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joekrauska@advertising[2].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joekrauska@atdmt[2].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joekrauska@bs.serving-sys[1].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joekrauska@cadence.112.2o7[1].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joekrauska@clicksor[2].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joekrauska@doubleclick[1].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joekrauska@ehg-cadence.hitbox[1].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joekrauska@ehg-techtarget.hitbox[1].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joekrauska@eyewonder[1].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joekrauska@hitbox[1].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joekrauska@imrworldwide[2].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joekrauska@media.mtvnservices[2].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joekrauska@msnaccountservices.112.2o7[1].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joekrauska@msnportal.112.2o7[1].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joekrauska@overture[2].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joekrauska@questionmarket[2].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joekrauska@serving-sys[1].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joekrauska@statse.webtrendslive[2].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joekrauska@trafficmp[1].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joekrauska@tribalfusion[1].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joekrauska@viavh1com.112.2o7[2].txt
    C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\joekrauska@www.googleadservices[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@2.go.globaladsales[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@247realmedia[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@2o7[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@3.adbrite[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@acvs.mediaonenetwork[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@ad.yieldmanager[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@ad.zanox[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@ad1.clickhype[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@adbrite[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@adecn[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@adlegend[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@adopt.euroclick[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@adopt.specificclick[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@adrevolver[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@ads.addynamix[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@ads.albawaba[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@ads.bridgetrack[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@ads.cnn[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@ads.contactmusic[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@ads.expedia[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@ads.gamershell[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@ads.mediamayhemcorp[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@ads.pointroll[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@ads.realtechnetwork[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@ads.realtechnetwork[3].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@ads.revsci[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@ads2.ljworld[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@adserver.adreactor[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@adserver.filefront[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@adserver4.teracent[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@adtech[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@advertising[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@anad.tacoda[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@apmebf[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@atdmt[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@atwola[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@azjmp[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@bluestreak[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@brightcove.112.2o7[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@bs.serving-sys[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@burstnet[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@buycom.122.2o7[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@casalemedia[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@cgm.adbureau[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@clickaider[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@clickbank[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@clicktorrent[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@crackle[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@divx.112.2o7[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@doubleclick[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@e-2dj6wjkyuncjcko.stats.esomniture[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@e-2dj6wjlockaziep.stats.esomniture[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@ehg-advertisementbv.hitbox[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@ehg-atariinc.hitbox[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@ehg-bestbuy.hitbox[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@ehg-dig.hitbox[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@ehg-eset.hitbox[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@ehg-foxsports.hitbox[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@ehg-globalgamingleague.hitbox[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@ehg-groupernetworks.hitbox[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@ehg-ifilm.hitbox[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@ehg-safeharbor.hitbox[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@ehg-youtube.hitbox[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@ero-advertising[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@estorm.112.2o7[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@eyewonder[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@fastclick[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@hitbox[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@iacas.adbureau[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@imrworldwide[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@kakakucom.112.2o7[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@komtrack[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@mcclatchy.112.2o7[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@media.adrevolver[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@media.adrevolver[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@mediaonenetwork[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@mediaplex[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@msnaccountservices.112.2o7[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@msnportal.112.2o7[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@msnportalbeetoffice2007.112.2o7[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@nielsen.112.2o7[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@overture[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@pandasoftware.112.2o7[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@partner2profit[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@partners.webmasterplan[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@pentonmedia.122.2o7[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@qnsr[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@questionmarket[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@realmedia[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@revsci[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@sales.liveperson[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@sales.liveperson[3].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@server.cpmstar[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@server.iad.liveperson[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@server.iad.liveperson[3].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@serving-sys[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@slingmedia[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@softonic.112.2o7[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@sonycorporate.122.2o7[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@sonyelectronicssupportus.112.2o7[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@sonyeurope.112.2o7[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@sonygs.112.2o7[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@sonymarketingjp.112.2o7[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@specificclick[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@statcounter[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@stats.gamestop[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@stats2.reliablestats[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@statse.webtrendslive[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@superstats[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@support.slingmedia[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@tacoda[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@toplist[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@track.bestbuy[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@tradedoubler[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@trafficmp[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@tribalfusion[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@viamtvcom.112.2o7[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@videoegg.adbureau[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@www.3dstats[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@www.adultdvdwarehouse[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@www.burstnet[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@www.googleadservices[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@www.googleadservices[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@www.slingmedia[2].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@www.zanox-affiliate[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@www3.addfreestats[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@www5.addfreestats[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@xiti[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@yadro[1].txt
    C:\Users\Joe.JOELAP\AppData\Roaming\Microsoft\Windows\Cookies\Low\joe@zedo[2].txt

  6. #6
    Member
    Join Date
    Dec 2002
    Posts
    12,000
    Points
    1191

    Default

    Lets try this:

    Re boot the PC in the safe mode, by tapping F8 during start up -select safe mode:

    Run another HJT scan, and check the following files to have HJT fix:

    O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"

    O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg

    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"

    O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe

    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8. cab

    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\EmProxy\emproxy.exe

    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

    O23 - Service: McAfee Update Manager (mcmispupdmgr) - Unknown owner - C:\Program Files\McAfee\MSC\mcupdmgr.exe (file missing)

    O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\Program Files\McAfee\MSC\mcmscsvc.exe (file missing)

    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

    O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\Program Files\McAfee\VirusScan\mcods.exe (file missing)

    O23 - Service: McAfee Protection Manager (mcpromgr) - Unknown owner - C:\Program Files\McAfee\MSC\mcpromgr.exe (file missing)

    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe

    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe

    O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\Program Files\McAfee\VirusScan\Mcshield.exe (file missing)

    O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (file missing)

    O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)

    O23 - Service: McAfee Privacy Service (MPS9) - Unknown owner - C:\Program Files\McAfee\MPS\mps.exe (file missing)

    O23 - Service: McAfee SpamKiller Service (MSK80Service) - Unknown owner - C:\Program Files\McAfee\MSK\MskSrver.exe (file missing)

    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe

    O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe


    Press the fixed check button , close the HJT program.

    Still in the safe mode find and delete the following if found:

    C:\Program Files\Softwin ...Folder

    C:\Program Files\McAfee ...Folder

    C:\Program Files\Microsoft Windows OneCare Live ...Folder

    Re boot the PC in the Normal Mode.

    Run this program:

    Download and run the McAfee Consumer Products Removal tool (MCPR.exe).
    Running the McAfee Consumer Product Removal tool (MCPR.exe) removes all 2005, 2006, and 2007 versions of McAfee consumer products.[list]

    Download the removal tool from http://download.mcafee.com/products/...tches/MCPR.exe
    • Click Save and save the file to any folder on the computer.
    • Navigate to the folder where the file is saved.
    • Double-click MCPR.exe.
    • Click Run. A Command Line window will be displayed, and then close automatically. Wait for a second Command Line window to be displayed.
      Note: Do not double-click MCPR.exe again, you may have to wait up to 1 minute for the next window to appear.
      After the second window appears, the program will begin the cleanup.
    • Observe the installation, which could take several minutes. The following message will be displayed in the Command Line window:
      The machine must reboot to complete the un-installation. Reboot now? [y.n]
    • Press Y on the keyboard.
    • Wait for the computer to restart.

    All McAfee products are now removed from your computer.
    These McAfee removal instructions can be found at http://ts.mcafeehelp.com/faq3.asp?docid=408302

    Please post a new HJT log.

    BG

  7. #7
    Member
    Join Date
    Nov 2007
    Posts
    14
    Points
    0

    Default

    3rd and hopefully last hijack log, thanks for the help with the mcafee crap.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:08:08 PM, on 11/27/2007
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16546)
    Boot mode: Safe mode

    Running processes:
    C:\Windows\Explorer.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
    O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: QuickSet.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O13 - Gopher Prefix:
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = angularsystemsinc.local
    O17 - HKLM\Software\..\Telephony: DomainName = angularsystemsinc.local
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6D3C2E2A-718A-4110-9E6D-E38AE4F85E76}: NameServer = 192.168.16.2
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = angularsystemsinc.local
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = angularsystemsinc.local
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
    O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Cadence License Manager - Macrovision Corporation - C:\OrCAD\license_manager\lmgrd.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\EmProxy\emproxy.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - Unknown owner - C:\Program Files\McAfee\MSC\mcupdmgr.exe (file missing)
    O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\Program Files\McAfee\MSC\mcmscsvc.exe (file missing)
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\Program Files\McAfee\VirusScan\mcods.exe (file missing)
    O23 - Service: McAfee Protection Manager (mcpromgr) - Unknown owner - C:\Program Files\McAfee\MSC\mcpromgr.exe (file missing)
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\Program Files\McAfee\VirusScan\Mcshield.exe (file missing)
    O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (file missing)
    O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)
    O23 - Service: McAfee Privacy Service (MPS9) - Unknown owner - C:\Program Files\McAfee\MPS\mps.exe (file missing)
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - Unknown owner - C:\Program Files\McAfee\MSK\MskSrver.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 10321 bytes

  8. #8
    Member
    Join Date
    Nov 2007
    Posts
    14
    Points
    0

    Default

    quote]3rd and hopefully last hijack log, thanks for the help with the mcafee crap.[/quote]

    and i spoke too soon, i clearly see all the mcafee stuff there, I may have to do this on the other account on the computer as well, it seems to hold on to stuff longer than i want it too. I'll post back.

  9. #9
    Member
    Join Date
    Nov 2007
    Posts
    14
    Points
    0

    Default

    it seems like hijackthis wasn't saving a new file or overwriting it correctly (maybe i'm supposed to do something i don't know about?) it was just giving me the same log file every time, even though the results were different. This one looks a lot better.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:23:55 PM, on 11/27/2007
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16546)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Windows\OEM02Mon.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
    O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-2110445819-1510953363-3035998584-1139\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User '?')
    O4 - HKUS\S-1-5-21-2110445819-1510953363-3035998584-500\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
    O4 - HKUS\S-1-5-21-4230628389-1415257647-3979508967-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: QuickSet.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O13 - Gopher Prefix:
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = angularsystemsinc.local
    O17 - HKLM\Software\..\Telephony: DomainName = angularsystemsinc.local
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6D3C2E2A-718A-4110-9E6D-E38AE4F85E76}: NameServer = 192.168.16.2
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = angularsystemsinc.local
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = angularsystemsinc.local
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
    O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Cadence License Manager - Macrovision Corporation - C:\OrCAD\license_manager\lmgrd.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 9829 bytes

  10. #10
    Member
    Join Date
    Dec 2002
    Posts
    12,000
    Points
    1191

    Default

    Sorry it took a couple of days to get back to you........

    Your original problem was:

    I can no longer get avg or windows onecare to start. avg doesn't do anything, onecare tells me I need to restart
    Are you still having these types of problems ? Should not be since One Care, McAfee and Bit Defender have been removed.

    Again one AV and one Firewall only.

    The things I wanted you to remove are gone. The reason that appeared in the next to last last log, was you ran a HJT whilst still in the safe mood, with out rebooting. The last log is clean.

    Going to re open your post in the Computer help forum, at this time.

    BG