# C:\windows\system32\services.exe



## Kiers (Apr 4, 2007)

Hi

I've searched your forums looking for a similar issue, and i have found similar problems, unfortunately they werent specific enough to help me out so i had to make a thread of my own.

I managed to get a virus and subsequently i downloaded avast virus protection, it ran the scan and delete virus function and found two infected files, one was kernels118.exe and the other was contained in c:\windows\system32\services.exe. Like an idiot i authorised the deletion of this file and since then i have been having this problem, on occasion i get one of two errors, a bsod and a little box with a red cross in it giving me a countdown saying that services and controller apps has encountered a problem and the system needs to restart. The error code is
-1073741819

I did i hijackthis scan and here are the results.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:46:45, on 04/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\nbcvxst.exe
C:\WINDOWS\system32\winolssx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\aclppmon.exe
C:\WINDOWS\system32\dpimmsl.exe
C:\WINDOWS\system32\blmpwest.exe
C:\WINDOWS\system32\autsueom.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ksdlmvbs.exe
C:\WINDOWS\system32\vssmnptc.exe
C:\WINDOWS\system32\sdmvdlxe.exe
C:\WINDOWS\system32\mmcvwli.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kieran Arstall\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://uk.mcafee.com/root/campaign.asp?cid=16318
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\system32\autosys.exe
O4 - HKLM\..\Run: [knddnetd] C:\WINDOWS\system32\nbcvxst.exe
O4 - HKLM\..\Run: [cvaptmol] C:\WINDOWS\system32\winolssx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [cmjlodsm] C:\WINDOWS\system32\aclppmon.exe
O4 - HKLM\..\Run: [cxmslrs] C:\WINDOWS\system32\dpimmsl.exe
O4 - HKLM\..\Run: [hcinstmdl] C:\WINDOWS\system32\blmpwest.exe
O4 - HKLM\..\Run: [mbclssid] autsueom.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels1118.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cwingllib] C:\WINDOWS\system32\ksdlmvbs.exe
O4 - HKCU\..\Run: [ymmsddlop] C:\WINDOWS\system32\vssmnptc.exe
O4 - HKCU\..\Run: [jmlcv4m] C:\WINDOWS\system32\sdmvdlxe.exe
O4 - HKCU\..\Run: [mdwinllm3] C:\WINDOWS\system32\mmcvwli.exe
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8180 bytes

i need to restart my pc now as i had to run a shutdown -a thing to stop an autorestart

ok, to add, whenever i try to access device manager i get the error mmc cannot open the file c:\windows\system32\devmgmt.exe, this may be because the file does not exist, is not an mmc console or was created by a later version of mmc. Also when i open up internet explorer i get the error message

Cannot find file :///c:secure32.html

Any help on this will be massively appreciated as its proving to be a real burden on writing my dissertation. Perhaps if i reinstall everything this problem might go away?


----------



## bonk (Sep 8, 2005)

You are still infected please wait for a Log Expert to pass by.......

If you do not receive help then you can click on the red triangle on the right in your post and request it be moved to the security section.


----------



## bonk (Sep 8, 2005)

Please do not do anything until a log expert becomes available.


----------



## dvk01 (Dec 14, 2002)

Download  Combofix to your desktop:

* Double-click combofix.exe & follow the prompts.
* When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


----------



## Kiers (Apr 4, 2007)

Thanks for your reply,

This log is a trifle long!!

"Kieran Arstall" - 07-04-04 15:32:45 Service Pack 2
ComboFix 07-04-04.5 - Running from: "C:\Program Files\Mozilla Firefox"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\kernels1118.exe
C:\DOCUME~1\KIERAN~1\APPLIC~1.\install.dat
C:\WINDOWS\system32\maxd641.exe
C:\WINDOWS\wpcjmd.log

((((((((((((((((((((((((((((((( Files Created from 2007-03-04 to 2007-04-04 ))))))))))))))))))))))))))))))))))

2007-04-04 15:19	74,017	--a------	C:\WINDOWS\ffsgtrhgfesfr.exe
2007-04-04 15:19	71,504	--a------	C:\WINDOWS\nrnbvcbvnnhbgfv.exe
2007-04-03 19:43 d--------	C:\Program Files\IObit
2007-03-31 04:07	72,254	--a------	C:\WINDOWS\bvcsbntrfs.exe
2007-03-30 00:21 d--------	C:\Program Files\CCleaner
2007-03-29 21:29	55,694	--a------	C:\WINDOWS\asdmeeld.exe
2007-03-29 17:32	74,374	--a------	C:\WINDOWS\ujhygsgtjhtrgef.exe
2007-03-29 11:53	15,360	--a------	C:\WINDOWS\system32\wmmsysips.dll
2007-03-29 00:09	76,976	--a------	C:\WINDOWS\ujytrdsvcbgre.exe
2007-03-25 17:27	5,767,168	--a------	C:\DOCUME~1\KIERAN~1\ntuser.dat
2007-03-25 17:27	237,568	--a------	C:\DOCUME~1\LOCALS~1\ntuser.dat
2007-03-22 22:05	76,976	--a------	C:\WINDOWS\qwergsfrhtrh.exe
2007-03-22 21:51	74,017	--a------	C:\WINDOWS\huyjhrgcbhtr.exe
2007-03-22 21:38	71,504	--a------	C:\WINDOWS\juhytgrfewd.exe
2007-03-22 04:26	74,017	--a------	C:\WINDOWS\xdsfgtrfdsfr.exe
2007-03-21 15:07	14,464	--a------	C:\WINDOWS\system32\drivers\fanio.sys
2007-03-21 15:06 d--------	C:\Program Files\I8kfanGUI
2007-03-21 01:56	71,504	--a------	C:\WINDOWS\uytgrfedgtr.exe
2007-03-19 23:09	74,374	--a------	C:\WINDOWS\jnhbvr.exe
2007-03-19 22:59	72,254	--a------	C:\WINDOWS\hygtvfrcnbf.exe
2007-03-17 12:28	306,688	--a------	C:\WINDOWS\IsUninst.exe
2007-03-17 06:32 d--------	C:\Program Files\iTunes
2007-03-17 06:32 d--------	C:\Program Files\iPod
2007-03-17 06:30 d--------	C:\Program Files\Apple Software Update
2007-03-16 15:26	74,374	--a------	C:\WINDOWS\efrgthhrg.exe
2007-03-16 15:26	72,254	--a------	C:\WINDOWS\mnbrtv.exe
2007-03-16 15:13	8,832	--a------	C:\WINDOWS\system32\drivers\wmiacpi.sys
2007-03-16 15:02 d--------	C:\Program Files\DAEMON Tools
2007-03-16 15:01 d--------	C:\UT2004
2007-03-16 15:01 d--------	C:\Program Files\Steam
2007-03-16 15:00 d--------	C:\Program Files\Black Isle
2007-03-16 14:58 d--------	C:\Program Files\McAfee.com
2007-03-16 14:57 d--------	C:\WINDOWS\LastGood(2)
2007-03-16 14:50 d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
2007-03-16 14:38 d--------	C:\DOCUME~1\KIERAN~1\APPLIC~1\InstallShield
2007-03-16 14:34 d--------	C:\Program Files\Common Files\Teleca Shared
2007-03-16 14:27 d--------	C:\Program Files\Sony Ericsson
2007-03-16 14:24 d--------	C:\Program Files\QuickTime
2007-03-16 14:22 d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
2007-03-14 01:45 d--------	C:\Program Files\PPStream
2007-03-14 01:45 d--------	C:\DOCUME~1\KIERAN~1\APPLIC~1\ppstream
2007-03-12 09:18 d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe(2)
2007-03-12 07:15 d--------	C:\Program Files\iTunes(2)
2007-03-12 07:15 d--------	C:\Program Files\iPod(2)
2007-03-12 07:13 d--------	C:\Program Files\QuickTime(2)
2007-03-09 21:28 d--------	C:\Program Files\Common Files\Teleca Shared(2)
2007-03-09 21:28 d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca(2)
2007-03-09 21:25 d--------	C:\Program Files\Disc2Phone(2)
2007-03-09 20:45 d--------	C:\Program Files\Sony Ericsson(2)
2007-03-08 15:43 d--------	C:\ProgramData
2007-03-08 15:34 d--------	C:\Program Files\EA SPORTS
2007-03-06 15:49 d--------	C:\Program Files\Black Isle(2)

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

* Rootkit driver pe386 is present. ... attempting disinfection *
 pe386 ...... driver unloaded successfully. 
_ ADS removed - system32: deleted 80488 bytes in 1 streams. _

2007-04-03 19:48	108032	--a------	C:\WINDOWS\system32\services.exe
2007-03-31 20:13	--------	d--------	C:\DOCUME~1\KIERAN~1\APPLIC~1\utorrent
2007-03-30 00:31	--------	d--------	C:\Program Files\gemmaster
2007-03-30 00:29	--------	d--------	C:\Program Files\corel
2007-03-24 01:58	--------	d--h-----	C:\Program Files\installshield installation information
2007-03-23 05:26	--------	d--------	C:\Program Files\java
2007-03-16 15:01	--------	d--------	C:\Program Files\microsoft games
2007-03-16 14:56	--------	d--------	C:\Program Files\paint.net
2007-03-16 14:54	--------	d--------	C:\Program Files\audacity
2007-03-16 14:27	--------	d--------	C:\Program Files\microsoft activesync
2007-03-16 14:26	--------	d--------	C:\Program Files\william hill poker
2007-03-14 01:47	--------	d--------	C:\Program Files\msn messenger
2007-03-10 00:38	2528	--a------	C:\DOCUME~1\KIERAN~1\APPLIC~1\$_hpcst$.hpc
2007-03-09 20:47	--------	d--------	C:\DOCUME~1\KIERAN~1\APPLIC~1\sony ericsson
2007-01-15 23:28	4384	--a------	C:\WINDOWS\mozver.dat
2007-01-15 01:53	83956	--a------	C:\WINDOWS\ghrgeghf.exe
2007-01-15 01:53	75460	--a------	C:\WINDOWS\jibjnw.exe
2007-01-14 11:44	78577	--a------	C:\WINDOWS\reftrh.exe
2007-01-14 11:44	75252	--a------	C:\WINDOWS\tmihjs.exe
2007-01-12 14:45	78577	--a------	C:\WINDOWS\wdehtrh.exe
2007-01-09 03:52	75252	---hs----	C:\WINDOWS\system32\vssmnptc.exe
2007-01-09 03:52	3072	---hs----	C:\WINDOWS\system32\porumnss.exe
2007-01-08 20:01	17408	--a------	C:\WINDOWS\system32\corpol.dll
2007-01-05 18:47	78722	--a------	C:\WINDOWS\njnciedw.exe
2007-01-05 13:38	81019	--a------	C:\WINDOWS\wcedjbjdew.exe
2007-01-04 03:06	3072	---hs----	C:\WINDOWS\system32\addmmoie.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"cwingllib"="C:\\WINDOWS\\system32\\ksdlmvbs.exe"
"ymmsddlop"="C:\\WINDOWS\\system32\\vssmnptc.exe"
"jmlcv4m"="C:\\WINDOWS\\system32\\sdmvdlxe.exe"
"mdwinllm3"="C:\\WINDOWS\\system32\\mmcvwli.exe"
"i8kfangui"="C:\\Program Files\\I8kfanGUI\\I8kfanGUI.exe /startup"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"SigmatelSysTrayApp"="stsystra.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"Broadcom Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"AutoSys"="C:\\WINDOWS\\system32\\autosys.exe"
"knddnetd"="C:\\WINDOWS\\system32\\nbcvxst.exe"
"cvaptmol"="C:\\WINDOWS\\system32\\winolssx.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"cmjlodsm"="C:\\WINDOWS\\system32\\aclppmon.exe"
"cxmslrs"="C:\\WINDOWS\\system32\\dpimmsl.exe"
"hcinstmdl"="C:\\WINDOWS\\system32\\blmpwest.exe"
"mbclssid"="autsueom.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DVDLauncher"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleDesktop"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KHost"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\kdx\\KHost.exe -all"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="McAgent"
"hkey"="HKLM"
"command"="c:\\PROGRA~1\\mcafee.com\\agent\\McAgent.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="McUpdate"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="netWaiting"
"hkey"="HKCU"
"command"="C:\\Program Files\\NetWaiting\\netWaiting.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MpfTray"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MskAgent"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSKDetct"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealPlay"
"hkey"="HKLM"
"command"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcvsshld"
"hkey"="HKLM"
"command"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=dword:00000003
"seclogon"=dword:00000002
"ose"=dword:00000003
"iPodService"=dword:00000003
"KService"=dword:00000002
"mcupdmgr.exe"=dword:00000003
"McTskshd.exe"=dword:00000002
"McShield"=dword:00000002
"McDetect.exe"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{CE07DBD6-75BB-495E-8765-D7EF4242EE61}"="System Registry Hook"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=dword:00000000
"NoResolveSearch"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages	REG_MULTI_SZ msv1_0\0\0
Security Packages	REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages	REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter	REG_MULTI_SZ HTTPFilter\0\0
LocalService	REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService	REG_MULTI_SZ DnsCache\0\0
DcomLaunch	REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss	REG_MULTI_SZ RpcSs\0\0
imgsvc	REG_MULTI_SZ StiSvc\0\0
termsvcs	REG_MULTI_SZ TermService\0\0
Usnsvc	REG_MULTI_SZ usnsvc\0\0
WudfServiceGroup	REG_MULTI_SZ WUDFSvc\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
Shell\AutoRun\command	E:\autorun.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
Shell\AutoRun\command	E:\setup.exe

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-04 15:37:16
C:\ComboFix-quarantined-files.txt ... 07-04-04 15:37


----------



## dvk01 (Dec 14, 2002)

1. Please *download* *The Avenger* by Swandog46 to your *Desktop*.
Click on Avenger.zip to open the file
Extract *avenger.exe* to your desktop

2. Copy *all the text* contained in the quote box below to your Clipboard by highlighting it and pressing (*Ctrl+C*):



> Files to delete:
> C:\WINDOWS\ghrgeghf.exe
> C:\WINDOWS\jibjnw.exe
> C:\WINDOWS\reftrh.exe
> ...


_*
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.*_

3. Now, *start The Avenger program* by clicking on its icon on your desktop.
 Under "*Script file to execute*" choose "*Input Script Manually*".
Now click on the *Magnifying Glass icon* which will open a new window titled "*View/edit script*" 
 Paste the text copied to clipboard into this window by pressing (*Ctrl+V*).
 Click *Done* 
 Now click on the *Green Light* to begin execution of the script 
 Answer "*Yes*" twice when prompted.
4. *The Avenger will automatically do the following*:
It will *Restart your computer*. ( In cases where the code to execute contains "*Drivers to Unload*", The Avenger will actually *restart your system twice.*) 
On reboot, it will briefly *open a black command window* on your desktop, this is normal.
After the restart, it *creates a log file* that should open with the results of Avenger's actions. This log file will be located at *C:\avenger.txt*
 The Avenger will also have *backed up all the files, etc., that you asked it to delete*, and will have zipped them and moved the zip archives to *C:\avenger\backup.zip*.
5. Please *copy/paste* the content of *c:\avenger.txt* into your reply with a new HJT log please

and also

please go to http://www.thespykiller.co.uk/index.php?board=1.0 and upload these files so I can examine them 
Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, If there is more than 1 file then press the more attachments button for each extra file and browse and select etc and then when all the files are listed in the windows press send to upload the files ( do not post HJT logs there as they will not get dealt with)

Files to submit:

C:\avenger\backup.zip


----------



## Kiers (Apr 4, 2007)

ok, followed the steps.

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\cwgecncw

*******************

Script file located at: avignsoq

Could not open script file! Error

Could not open script file! Status: 0xc000003b Abort!

HJT log

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:14:36, on 04/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\nbcvxst.exe
C:\WINDOWS\system32\winolssx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\aclppmon.exe
C:\WINDOWS\system32\dpimmsl.exe
C:\WINDOWS\system32\blmpwest.exe
C:\WINDOWS\system32\autsueom.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ksdlmvbs.exe
C:\WINDOWS\system32\vssmnptc.exe
C:\WINDOWS\system32\sdmvdlxe.exe
C:\WINDOWS\system32\mmcvwli.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Kieran Arstall\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://uk.mcafee.com/root/campaign.asp?cid=16318
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\system32\autosys.exe
O4 - HKLM\..\Run: [knddnetd] C:\WINDOWS\system32\nbcvxst.exe
O4 - HKLM\..\Run: [cvaptmol] C:\WINDOWS\system32\winolssx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [cmjlodsm] C:\WINDOWS\system32\aclppmon.exe
O4 - HKLM\..\Run: [cxmslrs] C:\WINDOWS\system32\dpimmsl.exe
O4 - HKLM\..\Run: [hcinstmdl] C:\WINDOWS\system32\blmpwest.exe
O4 - HKLM\..\Run: [mbclssid] autsueom.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cwingllib] C:\WINDOWS\system32\ksdlmvbs.exe
O4 - HKCU\..\Run: [ymmsddlop] C:\WINDOWS\system32\vssmnptc.exe
O4 - HKCU\..\Run: [jmlcv4m] C:\WINDOWS\system32\sdmvdlxe.exe
O4 - HKCU\..\Run: [mdwinllm3] C:\WINDOWS\system32\mmcvwli.exe
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8182 bytes

I assume there is a problem with the avenger so i didnt know what to do regarding thespykiller


----------



## dvk01 (Dec 14, 2002)

the error is because you didn't copy the ENTIRE contents of the quote box INCLUDING the "Files to delete:" line


----------

