Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page McAfee detects : Adware-PurityScan wont delete
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 04-03-2007, 07:19 PM   #1 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 37
OS: xp


McAfee detects : Adware-PurityScan wont delete
I have been recieving the following the last two days. I have tried Adware SE, Mcaffee, Cleanup, SpywareBlaster, Spybot-Search&Destroy, nothing works. Below is the message from the popup i get from Mcafee that wont go away. Attached are the log files. I closed the extra.txt file without saving and cant get it again. Thanks in advance for any help u can offer.

McAfee has automatically blocked a potentially unwanted program from running on your computer.

Details
Name: Adware-PurityScan

More Info
Potentially unwanted programs include spyware, adware, and other programs that might create additional security or privacy risks to your computer data and personal information. They are often downloaded in conjunction with a program that you want.

Process: C:\Program Files\SiteAdvisor\6028\SAService.exe
Process Name: SAService Application
File Path: C:\WINDOWS\system32\nslookup.dll

If you do not recognize this potentially unwanted program, McAfee recommends that you remove it. If you recognize this potentially unwanted program, trust it, and then rerun the program that triggered this alert.
Attached Files
File Type: txt adwaresescanlog.txt (33.3 KB, 0 views)
File Type: txt main.txt (27.7 KB, 1 views)
File Type: txt rapport.txt (2.2 KB, 1 views)
File Type: txt Activescan.txt (5.4 KB, 1 views)
upsidedownguy is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 04-03-2007, 07:21 PM   #2 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 37
OS: xp


Re: McAfee detects : Adware-PurityScan wont delete
below is text from main file.......

Deckard's System Scanner v20070328.36
Run by Talya Mandzych on 2007-04-03 at 21:01:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
88: 2007-04-04 01:01:30 UTC - RP358 - Deckard's System Scanner Restore Point
87: 2007-04-04 00:35:01 UTC - RP357 - Removed Ad-Aware SE Personal
86: 2007-04-03 23:39:52 UTC - RP356 - Software Distribution Service 2.0
85: 2007-04-03 22:03:37 UTC - RP355 - Installed Ad-Aware SE Personal
84: 2007-04-03 21:52:02 UTC - RP354 - Software Distribution Service 2.0


-- First Restore Point --
1: 2007-01-04 23:46:14 UTC - RP271 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Talya Mandzych.exe) -------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:03:02 PM, on 4/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\progra~1\mcafee\MCAFEE~1\masalert.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\AOL\1149009009\ee\AOLSoftware.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Documents and Settings\Talya Mandzych\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Talya Mandzych.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.adelphia.net/
R3 - URLSearchHook: (no name) - {0D8EBBD3-0339-26B9-44FF-52275B8FB8B8} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: CPub Object - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O2 - BHO: (no name) - {FEF90D85-D2A2-4A48-BEDC-5A25EF33D2A0} - blank (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O3 - Toolbar: Starware316 - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware316\bin\Starware316.dll
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1149009009\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Spy Sweeper Updater V 2.0.0.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdcc...d/tgctlins.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\nslookup.dll
O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winmbj32 - winmbj32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 DRVMCDB - c:\windows\system32\drivers\drvmcdb.sys
R0 SymSnap - c:\windows\system32\drivers\symsnap.sys
R1 DLACDBHM - c:\windows\system32\drivers\dlacdbhm.sys
R1 DLARTL_N - c:\windows\system32\drivers\dlartl_n.sys
R1 MPFP - c:\windows\system32\drivers\mpfp.sys
R1 V2IMount - c:\windows\system32\drivers\v2imount.sys
R2 DLABOIOM - c:\windows\system32\dla\dlaboiom.sys
R2 DLADResN - c:\windows\system32\dla\dladresn.sys
R2 DLAIFS_M - c:\windows\system32\dla\dlaifs_m.sys
R2 DLAOPIOM - c:\windows\system32\dla\dlaopiom.sys
R2 DLAPoolM - c:\windows\system32\dla\dlapoolm.sys
R2 DLAUDF_M - c:\windows\system32\dla\dlaudf_m.sys
R2 DLAUDFAM - c:\windows\system32\dla\dlaudfam.sys
R2 DRVNDDM - c:\windows\system32\drivers\drvnddm.sys
R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys
R3 HSF_DP - c:\windows\system32\drivers\hsf_dp.sys
R3 HSFHWBS2 - c:\windows\system32\drivers\hsfhwbs2.sys
R3 ialm - c:\windows\system32\drivers\ialmnt5.sys
R3 MODEMCSA (Unimodem Streaming Filter Device) - c:\windows\system32\drivers\modemcsa.sys
R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys
R3 senfilt - c:\windows\system32\drivers\senfilt.sys
R3 smwdm - c:\windows\system32\drivers\smwdm.sys
R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys

S1 nod32drv - c:\windows\system32\drivers\nod32drv.sys
S3 AMON - c:\windows\system32\drivers\amon.sys
S3 nm (Network Monitor Driver) - c:\windows\system32\drivers\nmnt.sys
S3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
S3 XPAD910 (XPADFilter Service 910) - c:\windows\system32\drivers\xpad910.sys
S4 cbidf - c:\windows\system32\drivers\cbidf2k.sys
S4 dac2w2k - c:\windows\system32\drivers\dac2w2k.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 MSK80Service (McAfee SpamKiller Service) - "c:\program files\mcafee\msk\msksrver.exe"
R3 dlcc_device - c:\windows\system32\dlcccoms.exe -service

S2 McAfee AntiSpyware Service - "c:\progra~1\mcafee\mcafee antispyware\massrv.exe"
S3 MBackMonitor - c:\program files\mcafee\mbk\mbackmonitor.exe
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Scheduled Tasks -------------------------------------------------------------

2007-04-03 02:04:07 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job<MPSCHE~1.JOB>
2007-04-01 01:00:05 376 --a------ C:\WINDOWS\Tasks\McQcTask.job
2007-03-29 09:46:12 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>
2007-03-15 01:00:03 284 --a------ C:\WINDOWS\Tasks\McDefragTask.job<MCDEFR~1.JOB>


-- Files created between 2007-03-03 and 2007-04-03 -----------------------------

2007-04-03 20:31:50 298104 --a------ C:\WINDOWS\system32\imon.dll
2007-04-03 20:31:49 15424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-04-03 20:31:49 512096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-04-03 18:08:21 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-04-03 17:19:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-04-03 17:15:00 0 d-------- C:\Documents and Settings\Talya Mandzych\Application Data\r2 Studios<R2STUD~1>
2007-04-03 17:15:00 0 d-------- C:\Documents and Settings\All Users\Application Data\r2 Studios<R2STUD~1>
2007-04-03 17:14:55 0 d-------- C:\Program Files\r2 Studios<R2STUD~1>
2007-04-03 17:10:41 0 d-------- C:\Program Files\Lavasoft
2007-04-03 16:42:37 0 d-------- C:\Program Files\InterMute<INTERM~1>
2007-04-03 16:37:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-04-03 16:28:26 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-04-03 16:14:18 0 d-------- C:\Program Files\CCleaner
2007-04-03 01:13:20 4430 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-02 01:08:48 0 d-------- C:\WINDOWS\system32\logs
2007-04-01 22:13:43 0 d-------- C:\Documents and Settings\Talya Mandzych\Application Data\Real
2007-03-28 00:59:43 0 d-------- C:\Program Files\Google
2007-03-24 16:38:32 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-03-24 16:36:16 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-03-12 18:58:59 0 d-------- C:\Documents and Settings\Talya Mandzych\Application Data\SecondLife<SECOND~1>
2007-03-12 18:57:43 0 d-------- C:\Program Files\SecondLife<SECOND~1>
2007-03-12 02:46:41 0 d-------- C:\Documents and Settings\Talya Mandzych\Application Data\FlashFXP


-- Find3M Report ---------------------------------------------------------------

2007-04-03 20:33:34 0 d-------- C:\Documents and Settings\Talya Mandzych\Application Data\Azureus
2007-04-03 20:22:38 0 d-------- C:\Program Files\iTunes
2007-04-03 20:21:16 0 d-------- C:\Program Files\Dell Photo AIO Printer 924<DELLPH~1>
2007-04-03 20:19:16 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-04-03 20:16:51 0 d-------- C:\Program Files\Azureus
2007-04-03 18:03:45 0 d-------- C:\Documents and Settings\Talya Mandzych\Application Data\Lavasoft
2007-04-03 17:59:57 0 d-------- C:\Program Files\Java
2007-04-01 22:14:48 4607 --a------ C:\WINDOWS\mozver.dat
2007-03-31 17:01:49 0 --a------ C:\Documents and Settings\Talya Mandzych\Application Data\.googlewebacchosts<GOOGLE~1>
2007-03-29 12:20:04 0 d-------- C:\Program Files\Dl_cats
2007-03-27 22:49:06 0 d-------- C:\Documents and Settings\Talya Mandzych\Application Data\AdobeUM
2007-03-27 22:36:34 0 d-------- C:\Documents and Settings\Talya Mandzych\Application Data\Adobe
2007-03-17 18:43:09 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-17 18:43:07 0 d-------- C:\Program Files\Common Files\Ulead Systems<ULEADS~1>
2007-03-17 18:29:43 0 d-------- C:\Program Files\Plaxo
2007-03-17 18:26:14 0 d-------- C:\Documents and Settings\Talya Mandzych\Application Data\Shareaza
2007-03-17 18:18:02 0 d-------- C:\Program Files\Corel
2007-03-17 17:38:02 0 d-------- C:\Program Files\Yahoo!
2007-03-17 17:28:36 0 d-------- C:\Program Files\HP
2007-03-17 1727 7520 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-03-17 1726 168 -r-hs---- C:\WINDOWS\system32\47A20BE3E6.sys<47A20B~1.SYS>
2007-03-17 16:56:29 0 d-------- C:\Program Files\Starware316<STARWA~1>
2007-03-17 16:56:25 0 d-------- C:\Program Files\NetWaiting<NETWAI~1>
2007-03-17 16:56:22 0 d-------- C:\Program Files\Modem Helper<MODEMH~1>
2007-03-17 16:56:21 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-03-17 16:56:21 0 d-------- C:\Program Files\LimeWire
2007-03-17 16:56:13 0 d-------- C:\Program Files\Advanced GIF Animator<ADVANC~1>
2007-03-12 22:52:56 0 d-------- C:\Program Files\Common Files\Sonic Shared<SONICS~1>
2007-03-08 11:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 11:36:28 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 11:36:28 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 09:47:48 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-22 18:32:56 0 d-------- C:\Program Files\SiteAdvisor<SITEAD~1>


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Aim6"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"DLCCCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\DLCCtime.dll,_RunDLLEntry@16"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"_AntiSpyware"="c:\\progra~1\\mcafee\\MCAFEE~1\\masalert.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"SiteAdvisor"="C:\\Program Files\\SiteAdvisor\\6028\\SiteAdv.exe"
"RegistryMechanic"=""
"Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe"
"Norton Ghost 10.0"="\"C:\\Program Files\\Norton Ghost\\Agent\\GhostTray.exe\""
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"MskAgentexe"="C:\\Program Files\\McAfee\\MSK\\MskAgent.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb11.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1149009009\\ee\\AOLSoftware.exe"
"dlccmon.exe"="\"C:\\Program Files\\Dell Photo AIO Printer 924\\dlccmon.exe\""
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
"backup"="C:\\WINDOWS\\pss\\Digital Line Detect.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\DIGITA~1\\DLG.exe "
"item"="Digital Line Detect"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"item"="HP Digital Imaging Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Talya Mandzych^Start Menu^Programs^Startup^Cyber-shot Viewer Media Check Tool.lnk]
"backup"="C:\\WINDOWS\\pss\\Cyber-shot Viewer Media Check Tool.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Sony\\SONYPI~1\\VOLUME~1\\SPUVOL~1.EXE "
"item"="Cyber-shot Viewer Media Check Tool"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Talya Mandzych^Start Menu^Programs^Startup^Slide.exe.lnk]
"backup"="C:\\WINDOWS\\pss\\Slide.exe.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Slide\\Slide.exe "
"item"="Slide.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PlaxoHelper"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpamBlocker]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SbOEAddOn"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="monitor"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=dword:00000003
"AOL ACS"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\WINDOWS\system32\nslookup.dll"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{259BA022-2005-45E9-A965-10EDB9C00605}"="Windows Updater"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cfgmngr32
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmbj32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- Hosts -----------------------------------------------------------------------

127.0.0.1 serial.alcohol-soft.com


-- End of Deckard's System Scanner: finished at 2007-04-03 at 21:03:53 ---------
upsidedownguy is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-04-2007, 01:00 AM   #3 (permalink)
Analyst, Security Team
 
Sempurna's Avatar
 
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2


Re: McAfee detects : Adware-PurityScan wont delete
Hi upsidedownguy,

Welcome to Tech Support Forum!

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

OK, let’s do this first.

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:

To disable Spybot’s TeaTimer function:
  • Run Spybot-S&D.
  • Go to the Mode menu, and make sure "Advanced Mode" is selected.
  • On the left hand side, choose Tools -> Resident.
  • Uncheck "Resident TeaTimer" and OK any prompts.
  • Please download ResetTeaTimer.bat and save it to your desktop.
  • Double-click ResetTeaTimer.bat to remove all entries set by TeaTimer.


NEXT:

Go to the Start menu, and click on Control Panel. Choose Add/Remove Programs and remove any of the following that are listed:

ClickSpring
Cowabanga by OIN
MediaTickets
MediaTickets by OIN
OIN
Outerinfo
Outer Info Network
PurityScan
PurityScan by OIN
Snowball Wars by OIN
Starware316
TizzleTalk
TizzleTalk by OIN
Yazzle by OIN
Yazzle ActiveX by OIN
Yazzle Cowabanga by OIN
Yazzle Kobe Balls! By OIN
Yazzle Picster by OIN
Yazzle Snowball Wars by OIN
Yazzle Sudoku by OIN
Zolero Translator
(Anything else with the word "OIN" or "Outerinfo" or "Outer Info Network" or "Yazzle" in them)


NEXT:

Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present):

R3 - URLSearchHook: (no name) - {0D8EBBD3-0339-26B9-44FF-52275B8FB8B8} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {FEF90D85-D2A2-4A48-BEDC-5A25EF33D2A0} - blank (file missing)
O3 - Toolbar: Starware316 - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware316\bin\Starware316.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
O20 - AppInit_DLLs: C:\WINDOWS\system32\nslookup.dll
O20 - Winlogon Notify: winmbj32 - winmbj32.dll (file missing)


Close ALL programs and browsers (including this one), leaving ONLY HijackThis open, then click "Fix checked".

Then please exit HijackThis.


NEXT:

Please download OTMoveIt by OldTimer:
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\47A20BE3E6.sys
    C:\WINDOWS\system32\nslookup.dll
    C:\Program Files\Starware316

  • Return to OTMoveIt, right-click on the Paste List of Files/Folders to be Moved window and choose Paste.
  • Click the red MoveIt! button.
  • Copy everything in the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it in your next reply.
  • Close OTMoveIt.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. After reboot, please run OTMoveIt again, follow the directions as above, and post the Results report for me to see.


NEXT:

Please download HostsXpert and save it to your desktop:
  • Extract the zip file to your desktop or a permanent folder on your hard drive.
  • Open the folder and double-click on HostsXpert.exe
  • Make sure that the "Make hosts writable?" button in the upper right corner is checked.
  • Click "Back up host files".
  • Click "Restore original hosts".
  • Click "OK" and exit the program.


NEXT:

Let's run some cleanup and diagnostic scans to make sure we're not leaving anything behind.

Please download CCleaner (freeware) and save it to your desktop:
  1. Run the CCleaner installer.
  2. During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
  3. Once installed, run CCleaner and click the Windows tab.
  4. Select the following:
    • Check everything under the Internet Explorer section.
    • Check everything under the Windows Explorer section.
    • Check everything under the System section.
    • Check ONLY Old Prefetch data under the Advanced section.
  5. Then, click the Applications tab:
    • UNCHECK everything there.
  6. Next, click the Options button, then click the Advanced button:
    • UNCHECK : "Only delete files in Windows Temp folders older than 48 hours".
  7. Next, click the Cleaner button, then click the Run Cleaner button (bottom right), then Exit.

CAUTION: Please do NOT use the Issues button. This is a built-in registry cleaner. If you don’t know how to use it, you may cause irreparable damage to your system.


NEXT:

Please download ComboFix by sUBs:

NOTE: In the event you already have ComboFix, this is a new version that I need you to download.
  • Save it to your desktop.
  • Double-click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT:

Please do an online scan with Kaspersky Online Scanner:
  1. Click on Kaspersky Online Scanner.
  2. You will be prompted to install an ActiveX component from Kaspersky, click Yes.
  3. The program will launch and then begin downloading the latest definition files.
  4. Once the files have been downloaded click on Next.
  5. Now click on Scan Settings.
  6. In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  7. Click OK.
  8. Now under select a target to scan:
    • Select My Computer.
  9. This program will start and scan your system.
  10. The scan will take a while so be patient and let it run.
  11. Once the scan is complete it will display if your system has been infected.
    • Now click on the Save Report As button.
    • In the File name: field, type kavscan.
    • In the Save as type: field, select Text file (*.txt).
  12. Save the file to your desktop.
  13. Copy and paste that information in your next post.

Note for Internet Explorer 7 users: If at any time you have trouble with the Accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.


NEXT:

Your log shows that you have disabled some startup programs using msconfig. This is not recommended because I cannot clearly see everything that is loading on your computer at startup. This can be bad if they are malware, so I would like you to re-enable those startup entries.

To re-enable all startup items please follow these instructions:
  • Please go to Start -> Run and type (or copy and paste):

    msconfig

  • Click OK.
  • If not already selected go to the General tab.
  • Under Startup Selection select "Normal Startup - load all device drivers and services".
  • Click Apply and then Close.
  • When you are prompted to reboot, select "Exit Without Restart".
  • Post a new HijackThis log when you are done.


NEXT:

Please REBOOT your computer normally into Windows and post these logs in your next reply:
  1. The results report from OTMoveIt.
  2. The log from the ComboFix scan.
  3. The log from the Kaspersky scan.
  4. A new HijackThis log.

(You might have to paste the logs in multiple posts in the event they are too long and breach the post length of the forum software).

Also, please let me know how things are running now and if you encountered any problems while you were following the directions I posted.
__________________

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
Sempurna is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-04-2007, 03:44 PM   #4 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 37
OS: xp


Re: McAfee detects : Adware-PurityScan wont delete
Thanks for your help. Once rebooted I dont know if the purity-scan is still there because I clicked trust it on mcafee to get rid of the popup. Will it still show it in the logs? What do I do to see if its still there. Computer seems ok except a few things, the folders take longer than usual to load when clicking on them and the internet moves a bit slower. Below are the logs shows virus in the online scan.

Moveitlog

C:\WINDOWS\system32\47A20BE3E6.sys moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\nslookup.dll
C:\WINDOWS\system32\nslookup.dll NOT unregistered.
C:\WINDOWS\system32\nslookup.dll moved successfully.
C:\Program Files\Starware316\icons moved successfully.
C:\Program Files\Starware316\bin moved successfully.
C:\Program Files\Starware316 moved successfully.

Created on 04/04/2007 07:48:22

"Talya Mandzych" - 07-04-04 7:54:58 Service Pack 2
ComboFix 07-04-04.5 - Running from: "C:\Documents and Settings\Talya Mandzych\Desktop"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\components
C:\Program Files\Common Files\{38113~1
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\DOCUME~1
C:\qoobox\purity\DOCUME~1\TALYAM~1
C:\qoobox\purity\DOCUME~1\TALYAM~1\APPLIC~1
C:\qoobox\purity\DOCUME~1\TALYAM~1\APPLIC~1\from.txt
C:\qoobox\purity\DOCUME~1\TALYAM~1\APPLIC~1\MBOLS~1
C:\qoobox\purity\DOCUME~1\TALYAM~1\APPLIC~1\MBOLS~1\??mbols
C:\qoobox\purity\Program Files\Common Files\SMANTE~1
C:\qoobox\purity\Program Files\Common Files\SMANTE~1\??chost.exe


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm
-------\LEGACY_MCHINJDRV


((((((((((((((((((((((((((((((( Files Created from 2007-03-04 to 2007-04-04 ))))))))))))))))))))))))))))))))))


2007-04-04 06:20 <DIR> d-------- C:\Program Files\ASIO4ALL v2
2007-04-04 06:19 <DIR> d-------- C:\Program Files\VstPlugins
2007-04-04 06:14 <DIR> d-------- C:\Program Files\Image-Line
2007-04-04 02:09 <DIR> d-------- C:\WINDOWS\LastGood
2007-04-03 21:01 <DIR> d-------- C:\Deckard
2007-04-03 20:31 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-04-03 20:31 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-04-03 20:31 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-04-03 18:08 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-04-03 17:19 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
2007-04-03 17:15 <DIR> d-------- C:\DOCUME~1\TALYAM~1\APPLIC~1\r2 Studios
2007-04-03 17:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\r2 Studios
2007-04-03 17:14 <DIR> d-------- C:\Program Files\r2 Studios
2007-04-03 17:10 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-03 16:42 <DIR> d-------- C:\Program Files\InterMute
2007-04-03 16:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-04-03 16:28 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-04-03 16:14 <DIR> d-------- C:\Program Files\CCleaner
2007-04-03 01:13 4,430 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-02 01:08 <DIR> d-------- C:\WINDOWS\system32\logs
2007-04-01 22:13 <DIR> d-------- C:\DOCUME~1\TALYAM~1\APPLIC~1\Real
2007-03-28 00:59 <DIR> d-------- C:\Program Files\Google
2007-03-24 16:38 <DIR> d-------- C:\Program Files\QuickTime
2007-03-24 16:36 <DIR> d-------- C:\Program Files\Apple Software Update
2007-03-12 18:58 <DIR> d-------- C:\DOCUME~1\TALYAM~1\APPLIC~1\SecondLife
2007-03-12 18:57 <DIR> d-------- C:\Program Files\SecondLife
2007-03-12 02:46 <DIR> d-------- C:\DOCUME~1\TALYAM~1\APPLIC~1\FlashFXP


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-03 22:58 -------- d-------- C:\DOCUME~1\TALYAM~1\APPLIC~1\azureus
2007-04-03 20:22 -------- d-------- C:\Program Files\itunes
2007-04-03 20:21 -------- d-------- C:\Program Files\dell photo aio printer 924
2007-04-03 20:16 -------- d-------- C:\Program Files\azureus
2007-04-03 18:03 -------- d-------- C:\DOCUME~1\TALYAM~1\APPLIC~1\lavasoft
2007-04-03 17:59 -------- d-------- C:\Program Files\java
2007-04-01 22:14 4607 --a------ C:\WINDOWS\mozver.dat
2007-03-31 17:01 0 --a------ C:\DOCUME~1\TALYAM~1\APPLIC~1\.googlewebacchosts
2007-03-29 12:20 -------- d-------- C:\Program Files\dl_cats
2007-03-17 18:43 -------- d--h----- C:\Program Files\installshield installation information
2007-03-17 18:43 -------- d-------- C:\Program Files\Common Files\ulead systems
2007-03-17 18:29 -------- d-------- C:\Program Files\plaxo
2007-03-17 18:26 -------- d-------- C:\DOCUME~1\TALYAM~1\APPLIC~1\shareaza
2007-03-17 18:18 -------- d-------- C:\Program Files\corel
2007-03-17 17:38 -------- d-------- C:\Program Files\yahoo!
2007-03-17 17:28 -------- d-------- C:\Program Files\hp
2007-03-17 17:06 7520 --ahs---- C:\WINDOWS\system32\kgygaavl.sys
2007-03-17 16:56 -------- d-------- C:\Program Files\netwaiting
2007-03-17 16:56 -------- d-------- C:\Program Files\modem helper
2007-03-17 16:56 -------- d-------- C:\Program Files\messenger
2007-03-17 16:56 -------- d-------- C:\Program Files\limewire
2007-03-08 11:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 11:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 11:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 09:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-02 14:16 109608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-02-22 18:32 -------- d-------- C:\Program Files\siteadvisor


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
"backup"="C:\\WINDOWS\\pss\\Digital Line Detect.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\DIGITA~1\\DLG.exe "
"item"="Digital Line Detect"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"item"="HP Digital Imaging Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Spy Sweeper Updater V 2.0.0.lnk]
"backup"="C:\\WINDOWS\\pss\\Spy Sweeper Updater V 2.0.0.lnkCommon Startup"
"location"="Common Startup"
"item"="Spy Sweeper Updater V 2.0.0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Talya Mandzych^Start Menu^Programs^Startup^Cyber-shot Viewer Media Check Tool.lnk]
"backup"="C:\\WINDOWS\\pss\\Cyber-shot Viewer Media Check Tool.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Sony\\SONYPI~1\\VOLUME~1\\SPUVOL~1.EXE "
"item"="Cyber-shot Viewer Media Check Tool"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Talya Mandzych^Start Menu^Programs^Startup^Slide.exe.lnk]
"backup"="C:\\WINDOWS\\pss\\Slide.exe.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Slide\\Slide.exe "
"item"="Slide.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLLaunch"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DSAgnt"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DLACTRLW"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLCCCATS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DLCCtime"
"hkey"="HKLM"
"command"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\DLCCtime.dll,_RunDLLEntry@16"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlccmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dlccmon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Dell Photo AIO Printer 924\\dlccmon.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1149009009\\ee\\AOLSoftware.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hkcmd"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\hkcmd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpcmpmgr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpztsb11"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb11.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="igfxtray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\igfxtray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IPHSend"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="isuspm"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="issch"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MskAgentexe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MskAgent"
"hkey"="HKLM"
"command"="C:\\Program Files\\McAfee\\MSK\\MskAgent.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nod32kui"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GhostTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Norton Ghost\\Agent\\GhostTray.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="igfxpers"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\igfxpers.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PlaxoHelper"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SiteAdv"
"hkey"="HKLM"
"command"="C:\\Program Files\\SiteAdvisor\\6028\\SiteAdv.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="smax4pnp"
"hkey"="HKLM"
"command"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpamBlocker]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SbOEAddOn"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TeaTimer"
"hkey"="HKCU"
"command"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="monitor"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\_AntiSpyware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="masalert"
"hkey"="HKLM"
"command"="c:\\progra~1\\mcafee\\MCAFEE~1\\masalert.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=dword:00000003
"AOL ACS"=dword:00000002


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{259BA022-2005-45E9-A965-10EDB9C00605}"="Windows Updater"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cfgmngr32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\MP Scheduled Scan.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-04 7:59:08
C:\ComboFix-quarantined-files.txt ... 07-04-04 07:59


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, April 04, 2007 5:21:10 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 4/04/2007
Kaspersky Anti-Virus database records: 290794
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 80886
Number of viruses found: 10
Number of infected objects: 20
Number of suspicious objects: 0
Duration of the scan process: 02:05:36

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{2EB9F2CE-A5D3-46A6-9500-E754C7C92AD0}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{3F497490-2A61-4AD7-A2BA-EB5E5F6AA7FD}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{F8F33081-9772-4FDA-A4A0-AB54DBEC1319}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\RBLDB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Talya Mandzych\Application Data\Mozilla\Firefox\Profiles\e2b0xnek.default\cert8.db Object is locked skipped
C:\Documents and Settings\Talya Mandzych\Application Data\Mozilla\Firefox\Profiles\e2b0xnek.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Talya Mandzych\Application Data\Mozilla\Firefox\Profiles\e2b0xnek.default\history.dat Object is locked skipped
C:\Documents and Settings\Talya Mandzych\Application Data\Mozilla\Firefox\Profiles\e2b0xnek.default\key3.db Object is locked skipped
C:\Documents and Settings\Talya Mandzych\Application Data\Mozilla\Firefox\Profiles\e2b0xnek.default\parent.lock Object is locked skipped
C:\Documents and Settings\Talya Mandzych\Application Data\Mozilla\Firefox\Profiles\e2b0xnek.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Talya Mandzych\Application Data\Mozilla\Firefox\Profiles\e2b0xnek.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Talya Mandzych\Application Data\SiteAdvisor\SiteAdv.csh Object is locked skipped
C:\Documents and Settings\Talya Mandzych\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Talya Mandzych\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Talya Mandzych\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Talya Mandzych\Local Settings\Application Data\Mozilla\Firefox\Profiles\e2b0xnek.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Talya Mandzych\Local Settings\Application Data\Mozilla\Firefox\Profiles\e2b0xnek.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Talya Mandzych\Local Settings\Application Data\Mozilla\Firefox\Profiles\e2b0xnek.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Talya Mandzych\Local Settings\Application Data\Mozilla\Firefox\Profiles\e2b0xnek.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Talya Mandzych\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Talya Mandzych\Local Settings\History\History.IE5\MSHist012007040420070405\index.dat Object is locked skipped
C:\Documents and Settings\Talya Mandzych\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Talya Mandzych\My Documents\spywareaids\SmitfraudFix\Process.exe Object is locked skipped
C:\Documents and Settings\Talya Mandzych\My Documents\spywareaids\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Talya Mandzych\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Talya Mandzych\ntuser.dat.LOG Object is locked skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbHostIE.dll Infected: not-a-virus:AdWare.Win32.HotBar.bx skipped
C:\Program Files\SpamBlockerUtility\SBTV\SBTV.exe Infected: not-a-virus:AdWare.Win32.180Solutions.ay skipped
C:\Program Files\SpamBlockerUtility\SBTV\SBTVHelper.dll Infected: not-a-virus:AdWare.Win32.HotBar.bi skipped
C:\Program Files\SpamBlockerUtility\SBTV\uninstaller.exe/data0002 Infected: not-a-virus:AdWare.Win32.180Solutions.ay skipped
C:\Program Files\SpamBlockerUtility\SBTV\uninstaller.exe NSIS: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP327\A0047343.exe/stream/data0008 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP327\A0047343.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP327\A0047343.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP332\A0047640.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP332\A0047659.dll Infected: not-a-virus:AdWare.Win32.Comet.ac skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP351\A0053831.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP351\A0053831.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP351\A0053831.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP360\A0054171.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP360\A0054172.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP360\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd0157.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcafee_pTDQVawwpCIPGaZ Object is locked skipped
C:\WINDOWS\Temp\mcafee_PzghpOX38jXOvpA Object is locked skipped
C:\WINDOWS\Temp\mcmsc_AXjXsQ4GdBW0MHw Object is locked skipped
C:\WINDOWS\Temp\mcmsc_bMhCwTVhwpuMR23 Object is locked skipped
C:\WINDOWS\Temp\mcmsc_d5eyiOlXwWt2K5c Object is locked skipped
C:\WINDOWS\Temp\mcmsc_dYHo4Mj5U61bYrH Object is locked skipped
C:\WINDOWS\Temp\mcmsc_HHA7UBcbuFFFkqI Object is locked skipped
C:\WINDOWS\Temp\mcmsc_hmrdlMzycTXbjAD Object is locked skipped
C:\WINDOWS\Temp\mcmsc_m0EKnr7TtwzlA8x Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_b7c.dat Object is locked skipped
C:\WINDOWS\Temp\sqlite_8DaxQKlaU6pGVi1 Object is locked skipped
C:\WINDOWS\Temp\sqlite_9QSq9h31JLyx8jk Object is locked skipped
C:\WINDOWS\Temp\sqlite_E7ghaQJs9H7i5mc Object is locked skipped
C:\WINDOWS\Temp\sqlite_FuQIz9XYrd6OscU Object is locked skipped
C:\WINDOWS\Temp\sqlite_yejea0lFGdyCtBq Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\Program Files\Starware316\bin\Starware316.dll Infected: not-a-virus:AdWare.Win32.Comet.az skipped
C:\_OTMoveIt\MovedFiles\Program Files\Starware316\Setup.exe/stream/data0008 Infected: not-a-virus:AdWare.Win32.Comet.az skipped
C:\_OTMoveIt\MovedFiles\Program Files\Starware316\Setup.exe/stream Infected: not-a-virus:AdWare.Win32.Comet.az skipped
C:\_OTMoveIt\MovedFiles\Program Files\Starware316\Setup.exe NSIS: infected - 2 skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\nslookup.dll Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP360\change.log Object is locked skipped

Scan process completed.


Logfile of HijackThis v1.99.1
Scan saved at 5:36:52 PM, on 4/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\progra~1\mcafee\MCAFEE~1\masalert.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\AOL\1149009009\ee\AOLSoftware.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.adelphia.net/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: CPub Object - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O2 - BHO: (no name) - {FEF90D85-D2A2-4A48-BEDC-5A25EF33D2A0} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1149009009\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdcc...d/tgctlins.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winmbj32 - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: McAfee Application Installer Cleanup (0037041175666966) (0037041175666966mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\003704~1.EXE (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
upsidedownguy is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-04-2007, 08:47 PM   #5 (permalink)
Analyst, Security Team
 
Sempurna's Avatar
 
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2


Re: McAfee detects : Adware-PurityScan wont delete
Hi upsidedownguy,

You’re most welcome upsidedownguy.

OK, here’s what we do next.

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:

To disable Spybot’s TeaTimer function:
  • Run Spybot-S&D.
  • Go to the Mode menu, and make sure "Advanced Mode" is selected.
  • On the left hand side, choose Tools -> Resident.
  • Uncheck "Resident TeaTimer" and OK any prompts.
  • Please download ResetTeaTimer.bat and save it to your desktop.
  • Double-click ResetTeaTimer.bat to remove all entries set by TeaTimer.


NEXT:

Go to the Start menu, and click on Control Panel. Choose Add/Remove Programs and remove any of the following that are listed:

SpamBlockerUtility


NEXT:

Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present):

O2 - BHO: (no name) - {FEF90D85-D2A2-4A48-BEDC-5A25EF33D2A0} - (no file)
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} -
O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\
O20 - Winlogon Notify: winmbj32 - C:\WINDOWS\


Close ALL programs and browsers (including this one), leaving ONLY HijackThis open, then click "Fix checked".

Then please exit HijackThis.


NEXT:

Using Windows Explorer (right-click your Start button and select Explore), please navigate to and delete the following FOLDERS (if they exist):

C:\Program Files\SpamBlockerUtility


NEXT:

Please reboot your computer normally into Windows and then please post a new HijackThis log.

How are things running now?
__________________

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
Last edited by Sempurna; 04-04-2007 at 08:55 PM.
Sempurna is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-05-2007, 12:15 AM   #6 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 37
OS: xp


Re: McAfee detects : Adware-PurityScan wont delete
Seems to be running better after doing everything.....Only things I notice are sometimes the folders take a bit to load up, startup a lil slow and internet at times is slow.......Below is the log......

Logfile of HijackThis v1.99.1
Scan saved at 2:11:14 AM, on 4/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\progra~1\mcafee\MCAFEE~1\masalert.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\AOL\1149009009\ee\AOLSoftware.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.adelphia.net/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: CPub Object - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1149009009\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdcc...d/tgctlins.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: McAfee Application Installer Cleanup (0162291175741042) (0162291175741042mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\016229~1.EXE (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


Could you help me detrimine what I need running in msconfig under startup?
Also what are my best bets for security I have Mcafee and all the utilities used to do this cleanup....But what is good for spyware since Mcafee isnt doing the trick.......Thanks again for all your help
upsidedownguy is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-05-2007, 12:31 AM   #7 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 37
OS: xp


Re: McAfee detects : Adware-PurityScan wont delete
Also when running Registry Mechanic it comes back with errors....Should I be using this program does it work? Its scanning now 31 problems and counting in custom control section only........
upsidedownguy is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-05-2007, 03:37 AM   #8 (permalink)
Analyst, Security Team
 
Sempurna's Avatar
 
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2


Re: McAfee detects : Adware-PurityScan wont delete
Hi upsidedownguy,

Quote:
Could you help me detrimine what I need running in msconfig under startup?
Sure, but I need to you run a normal startup from msconfig first.

To re-enable all startup items please follow these instructions:
  • Please go to Start -> Run and type (or copy and paste):

    msconfig

  • Click OK.
  • If not already selected go to the General tab.
  • Under Startup Selection select "Normal Startup - load all device drivers and services".
  • Click Apply and then Close.
  • When you are prompted to reboot, select "Exit Without Restart".
  • Post a new HijackThis log when you are done.


Quote:
Also what are my best bets for security I have Mcafee and all the utilities used to do this cleanup....But what is good for spyware since Mcafee isnt doing the trick.
I run AVG Anti-Spyware and SUPERAntiSpyware on my machine.

The free trial versions are meant for ad-hoc scans and do not have resident shields or active protection. Good scanners, though.


Quote:
Also when running Registry Mechanic it comes back with errors....Should I be using this program does it work? Its scanning now 31 problems and counting in custom control section only.
I’m not too keen on registry cleaners, although I use RegSeeker myself. Messing with the registry is awfully risky business. Even when I clean my own registry, I will only remove entries that I know for sure are obsolete.

I go through every line found, and I still leave a lot lying around because I’m not 100% sure if some of the entries ought to be deleted or not.

Best not to mess around with the registry unless you know what you’re doing. No registry cleaner is 100% reliable. And once your registry is screwed, things don’t go well from there.
__________________

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
Last edited by Sempurna; 04-05-2007 at 03:39 AM.
Sempurna is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 01:41 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85