1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved hijacked homepage to Google

Discussion in 'Malware and Virus Removal Archive' started by treend, 2008/05/17.

  1. 2008/05/17
    treend

    treend Inactive Thread Starter

    Joined:
    2007/03/19
    Messages:
    35
    Likes Received:
    0
    [Resolved]hijacked homepage to Google

    Hello, again. You last helped me several months ago and the computer has been great. Unfortunately, homepage was recently hijacked to Google again and a pop-up message stating your computer is infected recurs every few minutes. All else seems fine. Ran McAfee virus scan, spybot search and destroy, Ad-Aware and have AVG Anti-spyware. Problem continues. Many thanks for any help that you can provide.

    TreeND

    Deckard's System Scanner v20071014.68
    Run by George on 2008-05-17 10:56:18
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as George.exe) ----------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:56:21 AM, on 5/17/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\braviax.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\PROGRA~1\McAfee\MPS\mps.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\George\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\George.exe

    F2 - REG:system.ini: UserInit=userinit.exe,
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE "
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe "
    O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://63.108.96.230/tsweb/msrdp.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O24 - Desktop Component 0: (no name) - http://www.shop50states.com/images/capcty1.gif

    --
    End of file - 8220 bytes

    -- Files created between 2008-04-17 and 2008-05-17 -----------------------------

    2008-05-17 10:34:07 0 d-------- C:\Program Files\Trend Micro
    2008-05-07 17:19:32 30208 --a------ C:\WINDOWS\system32\braviax.exe
    2008-05-04 14:43:37 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
    2008-05-03 22:09:48 0 d-------- C:\DISNEY


    -- Find3M Report ---------------------------------------------------------------

    2008-05-17 10:25:03 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
    2008-05-17 10:25:03 384 --a------ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
    2008-05-17 10:14:59 0 d-------- C:\Documents and Settings\George\Application Data\Adobe
    2008-05-17 07:40:50 0 d-------- C:\Program Files\Google
    2008-05-09 18:46:31 0 d-------- C:\Program Files\Common Files\Adobe
    2008-04-21 17:20:13 0 d-------- C:\Program Files\McAfee
    2008-04-04 20:49:17 16 --a------ C:\WINDOWS\popcinfo.dat


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched "= "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 07:48 PM]
    "IAAnotif "= "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [06/29/2004 01:23 PM]
    "ATIPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/25/2004 02:52 PM]
    "IntelMeM "= "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 10:12 PM]
    "CTSysVol "= "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [09/17/2003 12:43 PM]
    "CTDVDDET "= "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [06/18/2003 03:00 AM]
    "CTHelper "= "CTHELPER.EXE" [03/11/2004 11:50 AM C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
    "UpdReg "= "C:\WINDOWS\UpdReg.EXE" [05/11/2000 03:00 AM]
    "DVDLauncher "= "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [10/12/2004 06:54 PM]
    "UpdateManager "= "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/07/2004 03:01 AM]
    "mmtask "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [09/14/2004 10:50 AM]
    "RealTray "= "C:\Program Files\Real\RealPlayer\RealPlay.exe" [01/03/2005 04:46 PM]
    "dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [11/16/2004 01:05 AM]
    "!AVG Anti-Spyware "= "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [11/15/2007 12:43 AM]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 02:11 PM]
    "dscactivate "= "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 10:24 AM]
    "braviax "= "C:\WINDOWS\system32\braviax.exe" [05/07/2008 05:19 PM]
    "Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [03/29/2007 08:15 PM]
    "DellSupportCenter "= "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 10:23 AM]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "RunNarrator "=Narrator.exe

    C:\Documents and Settings\George\Start Menu\Programs\Startup\
    DESKTOP.INI [8/11/2004 7:15:06 PM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [12/29/2005 3:19:49 PM]
    DESKTOP.INI [8/11/2004 7:15:06 PM]
    HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [6/9/2004 3:16:08 PM]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools "=0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "




    -- End of Deckard's System Scanner: finished at 2008-05-17 10:56:46 ------------
     
    Last edited: 2008/05/17
    treend,
    #1
  2. 2008/05/17
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi treend

    Welcome back :(

    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, the Advanced Options Menu should appear;
    • Select the first option, to run Windows in Safe Mode, then press Enter.
    • Choose your usual account.
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

    Thanks
    Geri
     
    Geri,
    #2


  3. to hide this advert.

  4. 2008/05/17
    treend

    treend Inactive Thread Starter

    Joined:
    2007/03/19
    Messages:
    35
    Likes Received:
    0
    Geri,

    Thanks again for your help. See below and next thread.

    TreeND


    SDFix: Version 1.183
    Run by George on Sat 05/17/2008 at 11:29 AM

    Microsoft Windows XP [Version 5.1.2600]
    Running From: C:\SDFix

    Checking Services :
    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\WINDOWS\system32\braviax.exe - Deleted


    Removing Temp Files

    ADS Check :

    Final Check :

    catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-17 11:36:54
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\\Program Files\\iTunes\\iTunes.exe "= "C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes "
    "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "= "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    Remaining Files :


    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Tue 24 Aug 2004 155,648 A..H. --- "C:\DELL\PRIMOSDK.DLL "
    Tue 24 Aug 2004 360,448 A..H. --- "C:\DELL\PX.DLL "
    Wed 28 Jul 2004 56,832 A..H. --- "C:\DELL\PXCPYA64.EXE "
    Wed 28 Jul 2004 108,544 A..H. --- "C:\DELL\PXCPYI64.EXE "
    Wed 18 Aug 2004 389,120 A..H. --- "C:\DELL\PXDRV.DLL "
    Mon 2 Aug 2004 20,576 A..H. --- "C:\DELL\PXHELP20.SYS "
    Mon 2 Aug 2004 54,976 A..H. --- "C:\DELL\PXHELP64.SYS "
    Mon 2 Aug 2004 32,272 A..H. --- "C:\DELL\PXHELPER.SYS "
    Mon 2 Aug 2004 26,720 A..H. --- "C:\DELL\PXHLPA64.SYS "
    Mon 2 Aug 2004 57,344 A..H. --- "C:\DELL\PXHPINST.EXE "
    Mon 2 Aug 2004 53,760 A..H. --- "C:\DELL\PXINSA64.EXE "
    Mon 2 Aug 2004 104,960 A..H. --- "C:\DELL\PXINSI64.EXE "
    Tue 24 Aug 2004 159,744 A..H. --- "C:\DELL\PXMAS.DLL "
    Wed 28 Jul 2004 57,344 A..H. --- "C:\DELL\PXSETUP.EXE "
    Tue 24 Aug 2004 339,968 A..H. --- "C:\DELL\PXWAVE.DLL "
    Thu 20 May 2004 28,672 A..H. --- "C:\DELL\VXBLOCK.DLL "
    Tue 24 Aug 2004 155,648 A..H. --- "C:\DELL\MEDIAEXE\PRIMOSDK.DLL "
    Tue 24 Aug 2004 360,448 A..H. --- "C:\DELL\MEDIAEXE\PX.DLL "
    Wed 28 Jul 2004 56,832 A..H. --- "C:\DELL\MEDIAEXE\PXCPYA64.EXE "
    Wed 28 Jul 2004 108,544 A..H. --- "C:\DELL\MEDIAEXE\PXCPYI64.EXE "
    Wed 18 Aug 2004 389,120 A..H. --- "C:\DELL\MEDIAEXE\PXDRV.DLL "
    Mon 2 Aug 2004 20,576 A..H. --- "C:\DELL\MEDIAEXE\PXHELP20.SYS "
    Mon 2 Aug 2004 54,976 A..H. --- "C:\DELL\MEDIAEXE\PXHELP64.SYS "
    Mon 2 Aug 2004 32,272 A..H. --- "C:\DELL\MEDIAEXE\PXHELPER.SYS "
    Mon 2 Aug 2004 26,720 A..H. --- "C:\DELL\MEDIAEXE\PXHLPA64.SYS "
    Mon 2 Aug 2004 57,344 A..H. --- "C:\DELL\MEDIAEXE\PXHPINST.EXE "
    Mon 2 Aug 2004 53,760 A..H. --- "C:\DELL\MEDIAEXE\PXINSA64.EXE "
    Mon 2 Aug 2004 104,960 A..H. --- "C:\DELL\MEDIAEXE\PXINSI64.EXE "
    Tue 24 Aug 2004 159,744 A..H. --- "C:\DELL\MEDIAEXE\PXMAS.DLL "
    Wed 28 Jul 2004 57,344 A..H. --- "C:\DELL\MEDIAEXE\PXSETUP.EXE "
    Tue 24 Aug 2004 339,968 A..H. --- "C:\DELL\MEDIAEXE\PXWAVE.DLL "
    Thu 20 May 2004 28,672 A..H. --- "C:\DELL\MEDIAEXE\VXBLOCK.DLL "
    Thu 1 Sep 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak "
    Sat 17 Mar 2007 31,232 ...H. --- "C:\Documents and Settings\Tim\My Documents\~WRL2644.tmp "
    Sat 24 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp "
    Tue 6 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\BIT1B.tmp "
    Fri 13 Apr 2007 8 A..H. --- "C:\Documents and Settings\George\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp "
    Fri 13 Apr 2007 8 A..H. --- "C:\Documents and Settings\George\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp "
    Fri 13 Apr 2007 8 A..H. --- "C:\Documents and Settings\George\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp "
    Fri 13 Apr 2007 8 A..H. --- "C:\Documents and Settings\George\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Heather\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Heather\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Heather\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Heather\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Lori\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Lori\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Lori\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Lori\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp "
    Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Tim\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp "
    Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Tim\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp "
    Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Tim\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp "
    Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Tim\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp "

    Finished!


    SDFix: Version 1.183
    Run by George on Sat 05/17/2008 at 11:29 AM

    Microsoft Windows XP [Version 5.1.2600]
    Running From: C:\SDFix

    Checking Services :


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\WINDOWS\system32\braviax.exe - Deleted





    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-17 11:36:54
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\\Program Files\\iTunes\\iTunes.exe "= "C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes "
    "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "= "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    Remaining Files :


    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Tue 24 Aug 2004 155,648 A..H. --- "C:\DELL\PRIMOSDK.DLL "
    Tue 24 Aug 2004 360,448 A..H. --- "C:\DELL\PX.DLL "
    Wed 28 Jul 2004 56,832 A..H. --- "C:\DELL\PXCPYA64.EXE "
    Wed 28 Jul 2004 108,544 A..H. --- "C:\DELL\PXCPYI64.EXE "
    Wed 18 Aug 2004 389,120 A..H. --- "C:\DELL\PXDRV.DLL "
    Mon 2 Aug 2004 20,576 A..H. --- "C:\DELL\PXHELP20.SYS "
    Mon 2 Aug 2004 54,976 A..H. --- "C:\DELL\PXHELP64.SYS "
    Mon 2 Aug 2004 32,272 A..H. --- "C:\DELL\PXHELPER.SYS "
    Mon 2 Aug 2004 26,720 A..H. --- "C:\DELL\PXHLPA64.SYS "
    Mon 2 Aug 2004 57,344 A..H. --- "C:\DELL\PXHPINST.EXE "
    Mon 2 Aug 2004 53,760 A..H. --- "C:\DELL\PXINSA64.EXE "
    Mon 2 Aug 2004 104,960 A..H. --- "C:\DELL\PXINSI64.EXE "
    Tue 24 Aug 2004 159,744 A..H. --- "C:\DELL\PXMAS.DLL "
    Wed 28 Jul 2004 57,344 A..H. --- "C:\DELL\PXSETUP.EXE "
    Tue 24 Aug 2004 339,968 A..H. --- "C:\DELL\PXWAVE.DLL "
    Thu 20 May 2004 28,672 A..H. --- "C:\DELL\VXBLOCK.DLL "
    Tue 24 Aug 2004 155,648 A..H. --- "C:\DELL\MEDIAEXE\PRIMOSDK.DLL "
    Tue 24 Aug 2004 360,448 A..H. --- "C:\DELL\MEDIAEXE\PX.DLL "
    Wed 28 Jul 2004 56,832 A..H. --- "C:\DELL\MEDIAEXE\PXCPYA64.EXE "
    Wed 28 Jul 2004 108,544 A..H. --- "C:\DELL\MEDIAEXE\PXCPYI64.EXE "
    Wed 18 Aug 2004 389,120 A..H. --- "C:\DELL\MEDIAEXE\PXDRV.DLL "
    Mon 2 Aug 2004 20,576 A..H. --- "C:\DELL\MEDIAEXE\PXHELP20.SYS "
    Mon 2 Aug 2004 54,976 A..H. --- "C:\DELL\MEDIAEXE\PXHELP64.SYS "
    Mon 2 Aug 2004 32,272 A..H. --- "C:\DELL\MEDIAEXE\PXHELPER.SYS "
    Mon 2 Aug 2004 26,720 A..H. --- "C:\DELL\MEDIAEXE\PXHLPA64.SYS "
    Mon 2 Aug 2004 57,344 A..H. --- "C:\DELL\MEDIAEXE\PXHPINST.EXE "
    Mon 2 Aug 2004 53,760 A..H. --- "C:\DELL\MEDIAEXE\PXINSA64.EXE "
    Mon 2 Aug 2004 104,960 A..H. --- "C:\DELL\MEDIAEXE\PXINSI64.EXE "
    Tue 24 Aug 2004 159,744 A..H. --- "C:\DELL\MEDIAEXE\PXMAS.DLL "
    Wed 28 Jul 2004 57,344 A..H. --- "C:\DELL\MEDIAEXE\PXSETUP.EXE "
    Tue 24 Aug 2004 339,968 A..H. --- "C:\DELL\MEDIAEXE\PXWAVE.DLL "
    Thu 20 May 2004 28,672 A..H. --- "C:\DELL\MEDIAEXE\VXBLOCK.DLL "
    Thu 1 Sep 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak "
    Sat 17 Mar 2007 31,232 ...H. --- "C:\Documents and Settings\Tim\My Documents\~WRL2644.tmp "
    Sat 24 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp "
    Tue 6 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\BIT1B.tmp "
    Fri 13 Apr 2007 8 A..H. --- "C:\Documents and Settings\George\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp "
    Fri 13 Apr 2007 8 A..H. --- "C:\Documents and Settings\George\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp "
    Fri 13 Apr 2007 8 A..H. --- "C:\Documents and Settings\George\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp "
    Fri 13 Apr 2007 8 A..H. --- "C:\Documents and Settings\George\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Heather\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Heather\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Heather\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Heather\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Lori\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Lori\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Lori\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Lori\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp "
    Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Tim\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp "
    Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Tim\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp "
    Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Tim\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp "
    Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Tim\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp "

    Finished!


    SDFix: Version 1.183
    Run by George on Sat 05/17/2008 at 11:29 AM

    Microsoft Windows XP [Version 5.1.2600]
    Running From: C:\SDFix

    Checking Services :


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\WINDOWS\system32\braviax.exe - Deleted





    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-17 11:36:54
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\\Program Files\\iTunes\\iTunes.exe "= "C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes "
    "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "= "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    Remaining Files :


    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Tue 24 Aug 2004 155,648 A..H. --- "C:\DELL\PRIMOSDK.DLL "
    Tue 24 Aug 2004 360,448 A..H. --- "C:\DELL\PX.DLL "
    Wed 28 Jul 2004 56,832 A..H. --- "C:\DELL\PXCPYA64.EXE "
    Wed 28 Jul 2004 108,544 A..H. --- "C:\DELL\PXCPYI64.EXE "
    Wed 18 Aug 2004 389,120 A..H. --- "C:\DELL\PXDRV.DLL "
    Mon 2 Aug 2004 20,576 A..H. --- "C:\DELL\PXHELP20.SYS "
    Mon 2 Aug 2004 54,976 A..H. --- "C:\DELL\PXHELP64.SYS "
    Mon 2 Aug 2004 32,272 A..H. --- "C:\DELL\PXHELPER.SYS "
    Mon 2 Aug 2004 26,720 A..H. --- "C:\DELL\PXHLPA64.SYS "
    Mon 2 Aug 2004 57,344 A..H. --- "C:\DELL\PXHPINST.EXE "
    Mon 2 Aug 2004 53,760 A..H. --- "C:\DELL\PXINSA64.EXE "
    Mon 2 Aug 2004 104,960 A..H. --- "C:\DELL\PXINSI64.EXE "
    Tue 24 Aug 2004 159,744 A..H. --- "C:\DELL\PXMAS.DLL "
    Wed 28 Jul 2004 57,344 A..H. --- "C:\DELL\PXSETUP.EXE "
    Tue 24 Aug 2004 339,968 A..H. --- "C:\DELL\PXWAVE.DLL "
    Thu 20 May 2004 28,672 A..H. --- "C:\DELL\VXBLOCK.DLL "
    Tue 24 Aug 2004 155,648 A..H. --- "C:\DELL\MEDIAEXE\PRIMOSDK.DLL "
    Tue 24 Aug 2004 360,448 A..H. --- "C:\DELL\MEDIAEXE\PX.DLL "
    Wed 28 Jul 2004 56,832 A..H. --- "C:\DELL\MEDIAEXE\PXCPYA64.EXE "
    Wed 28 Jul 2004 108,544 A..H. --- "C:\DELL\MEDIAEXE\PXCPYI64.EXE "
    Wed 18 Aug 2004 389,120 A..H. --- "C:\DELL\MEDIAEXE\PXDRV.DLL "
    Mon 2 Aug 2004 20,576 A..H. --- "C:\DELL\MEDIAEXE\PXHELP20.SYS "
    Mon 2 Aug 2004 54,976 A..H. --- "C:\DELL\MEDIAEXE\PXHELP64.SYS "
    Mon 2 Aug 2004 32,272 A..H. --- "C:\DELL\MEDIAEXE\PXHELPER.SYS "
    Mon 2 Aug 2004 26,720 A..H. --- "C:\DELL\MEDIAEXE\PXHLPA64.SYS "
    Mon 2 Aug 2004 57,344 A..H. --- "C:\DELL\MEDIAEXE\PXHPINST.EXE "
    Mon 2 Aug 2004 53,760 A..H. --- "C:\DELL\MEDIAEXE\PXINSA64.EXE "
    Mon 2 Aug 2004 104,960 A..H. --- "C:\DELL\MEDIAEXE\PXINSI64.EXE "
    Tue 24 Aug 2004 159,744 A..H. --- "C:\DELL\MEDIAEXE\PXMAS.DLL "
    Wed 28 Jul 2004 57,344 A..H. --- "C:\DELL\MEDIAEXE\PXSETUP.EXE "
    Tue 24 Aug 2004 339,968 A..H. --- "C:\DELL\MEDIAEXE\PXWAVE.DLL "
    Thu 20 May 2004 28,672 A..H. --- "C:\DELL\MEDIAEXE\VXBLOCK.DLL "
    Thu 1 Sep 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak "
    Sat 17 Mar 2007 31,232 ...H. --- "C:\Documents and Settings\Tim\My Documents\~WRL2644.tmp "
    Sat 24 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp "
    Tue 6 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\BIT1B.tmp "
    Fri 13 Apr 2007 8 A..H. --- "C:\Documents and Settings\George\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp "
    Fri 13 Apr 2007 8 A..H. --- "C:\Documents and Settings\George\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp "
    Fri 13 Apr 2007 8 A..H. --- "C:\Documents and Settings\George\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp "
    Fri 13 Apr 2007 8 A..H. --- "C:\Documents and Settings\George\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Heather\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Heather\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Heather\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Heather\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Lori\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Lori\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Lori\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Lori\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp "
    Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Tim\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp "
    Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Tim\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp "
    Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Tim\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp "
    Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Tim\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp "

    Finished!


    SDFix: Version 1.183
    Run by George on Sat 05/17/2008 at 11:29 AM

    Microsoft Windows XP [Version 5.1.2600]
    Running From: C:\SDFix

    Checking Services :


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\WINDOWS\system32\braviax.exe - Deleted





    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-17 11:36:54
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\\Program Files\\iTunes\\iTunes.exe "= "C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes "
    "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "= "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    Remaining Files :


    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Tue 24 Aug 2004 155,648 A..H. --- "C:\DELL\PRIMOSDK.DLL "
    Tue 24 Aug 2004 360,448 A..H. --- "C:\DELL\PX.DLL "
    Wed 28 Jul 2004 56,832 A..H. --- "C:\DELL\PXCPYA64.EXE "
    Wed 28 Jul 2004 108,544 A..H. --- "C:\DELL\PXCPYI64.EXE "
    Wed 18 Aug 2004 389,120 A..H. --- "C:\DELL\PXDRV.DLL "
    Mon 2 Aug 2004 20,576 A..H. --- "C:\DELL\PXHELP20.SYS "
    Mon 2 Aug 2004 54,976 A..H. --- "C:\DELL\PXHELP64.SYS "
    Mon 2 Aug 2004 32,272 A..H. --- "C:\DELL\PXHELPER.SYS "
    Mon 2 Aug 2004 26,720 A..H. --- "C:\DELL\PXHLPA64.SYS "
    Mon 2 Aug 2004 57,344 A..H. --- "C:\DELL\PXHPINST.EXE "
    Mon 2 Aug 2004 53,760 A..H. --- "C:\DELL\PXINSA64.EXE "
    Mon 2 Aug 2004 104,960 A..H. --- "C:\DELL\PXINSI64.EXE "
    Tue 24 Aug 2004 159,744 A..H. --- "C:\DELL\PXMAS.DLL "
    Wed 28 Jul 2004 57,344 A..H. --- "C:\DELL\PXSETUP.EXE "
    Tue 24 Aug 2004 339,968 A..H. --- "C:\DELL\PXWAVE.DLL "
    Thu 20 May 2004 28,672 A..H. --- "C:\DELL\VXBLOCK.DLL "
    Tue 24 Aug 2004 155,648 A..H. --- "C:\DELL\MEDIAEXE\PRIMOSDK.DLL "
    Tue 24 Aug 2004 360,448 A..H. --- "C:\DELL\MEDIAEXE\PX.DLL "
    Wed 28 Jul 2004 56,832 A..H. --- "C:\DELL\MEDIAEXE\PXCPYA64.EXE "
    Wed 28 Jul 2004 108,544 A..H. --- "C:\DELL\MEDIAEXE\PXCPYI64.EXE "
    Wed 18 Aug 2004 389,120 A..H. --- "C:\DELL\MEDIAEXE\PXDRV.DLL "
    Mon 2 Aug 2004 20,576 A..H. --- "C:\DELL\MEDIAEXE\PXHELP20.SYS "
    Mon 2 Aug 2004 54,976 A..H. --- "C:\DELL\MEDIAEXE\PXHELP64.SYS "
    Mon 2 Aug 2004 32,272 A..H. --- "C:\DELL\MEDIAEXE\PXHELPER.SYS "
    Mon 2 Aug 2004 26,720 A..H. --- "C:\DELL\MEDIAEXE\PXHLPA64.SYS "
    Mon 2 Aug 2004 57,344 A..H. --- "C:\DELL\MEDIAEXE\PXHPINST.EXE "
    Mon 2 Aug 2004 53,760 A..H. --- "C:\DELL\MEDIAEXE\PXINSA64.EXE "
    Mon 2 Aug 2004 104,960 A..H. --- "C:\DELL\MEDIAEXE\PXINSI64.EXE "
    Tue 24 Aug 2004 159,744 A..H. --- "C:\DELL\MEDIAEXE\PXMAS.DLL "
    Wed 28 Jul 2004 57,344 A..H. --- "C:\DELL\MEDIAEXE\PXSETUP.EXE "
    Tue 24 Aug 2004 339,968 A..H. --- "C:\DELL\MEDIAEXE\PXWAVE.DLL "
    Thu 20 May 2004 28,672 A..H. --- "C:\DELL\MEDIAEXE\VXBLOCK.DLL "
    Thu 1 Sep 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak "
    Sat 17 Mar 2007 31,232 ...H. --- "C:\Documents and Settings\Tim\My Documents\~WRL2644.tmp "
    Sat 24 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp "
    Tue 6 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\BIT1B.tmp "
    Fri 13 Apr 2007 8 A..H. --- "C:\Documents and Settings\George\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp "
    Fri 13 Apr 2007 8 A..H. --- "C:\Documents and Settings\George\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp "
    Fri 13 Apr 2007 8 A..H. --- "C:\Documents and Settings\George\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp "
    Fri 13 Apr 2007 8 A..H. --- "C:\Documents and Settings\George\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Heather\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Heather\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Heather\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Heather\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Lori\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Lori\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Lori\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Lori\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp "
    Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Tim\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp "
    Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Tim\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp "
    Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Tim\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp "
    Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Tim\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp "

    Finished!


    SDFix: Version 1.183
    Run by George on Sat 05/17/2008 at 11:29 AM

    Microsoft Windows XP [Version 5.1.2600]
    Running From: C:\SDFix

    Checking Services :


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\WINDOWS\system32\braviax.exe - Deleted





    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-17 11:36:54
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\\Program Files\\iTunes\\iTunes.exe "= "C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes "
    "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "= "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    Remaining Files :


    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Tue 24 Aug 2004 155,648 A..H. --- "C:\DELL\PRIMOSDK.DLL "
    Tue 24 Aug 2004 360,448 A..H. --- "C:\DELL\PX.DLL "
    Wed 28 Jul 2004 56,832 A..H. --- "C:\DELL\PXCPYA64.EXE "
    Wed 28 Jul 2004 108,544 A..H. --- "C:\DELL\PXCPYI64.EXE "
    Wed 18 Aug 2004 389,120 A..H. --- "C:\DELL\PXDRV.DLL "
    Mon 2 Aug 2004 20,576 A..H. --- "C:\DELL\PXHELP20.SYS "
    Mon 2 Aug 2004 54,976 A..H. --- "C:\DELL\PXHELP64.SYS "
    Mon 2 Aug 2004 32,272 A..H. --- "C:\DELL\PXHELPER.SYS "
    Mon 2 Aug 2004 26,720 A..H. --- "C:\DELL\PXHLPA64.SYS "
    Mon 2 Aug 2004 57,344 A..H. --- "C:\DELL\PXHPINST.EXE "
    Mon 2 Aug 2004 53,760 A..H. --- "C:\DELL\PXINSA64.EXE "
    Mon 2 Aug 2004 104,960 A..H. --- "C:\DELL\PXINSI64.EXE "
    Tue 24 Aug 2004 159,744 A..H. --- "C:\DELL\PXMAS.DLL "
    Wed 28 Jul 2004 57,344 A..H. --- "C:\DELL\PXSETUP.EXE "
    Tue 24 Aug 2004 339,968 A..H. --- "C:\DELL\PXWAVE.DLL "
    Thu 20 May 2004 28,672 A..H. --- "C:\DELL\VXBLOCK.DLL "
    Tue 24 Aug 2004 155,648 A..H. --- "C:\DELL\MEDIAEXE\PRIMOSDK.DLL "
    Tue 24 Aug 2004 360,448 A..H. --- "C:\DELL\MEDIAEXE\PX.DLL "
    Wed 28 Jul 2004 56,832 A..H. --- "C:\DELL\MEDIAEXE\PXCPYA64.EXE "
    Wed 28 Jul 2004 108,544 A..H. --- "C:\DELL\MEDIAEXE\PXCPYI64.EXE "
    Wed 18 Aug 2004 389,120 A..H. --- "C:\DELL\MEDIAEXE\PXDRV.DLL "
    Mon 2 Aug 2004 20,576 A..H. --- "C:\DELL\MEDIAEXE\PXHELP20.SYS "
    Mon 2 Aug 2004 54,976 A..H. --- "C:\DELL\MEDIAEXE\PXHELP64.SYS "
    Mon 2 Aug 2004 32,272 A..H. --- "C:\DELL\MEDIAEXE\PXHELPER.SYS "
    Mon 2 Aug 2004 26,720 A..H. --- "C:\DELL\MEDIAEXE\PXHLPA64.SYS "
    Mon 2 Aug 2004 57,344 A..H. --- "C:\DELL\MEDIAEXE\PXHPINST.EXE "
    Mon 2 Aug 2004 53,760 A..H. --- "C:\DELL\MEDIAEXE\PXINSA64.EXE "
    Mon 2 Aug 2004 104,960 A..H. --- "C:\DELL\MEDIAEXE\PXINSI64.EXE "
    Tue 24 Aug 2004 159,744 A..H. --- "C:\DELL\MEDIAEXE\PXMAS.DLL "
    Wed 28 Jul 2004 57,344 A..H. --- "C:\DELL\MEDIAEXE\PXSETUP.EXE "
    Tue 24 Aug 2004 339,968 A..H. --- "C:\DELL\MEDIAEXE\PXWAVE.DLL "
    Thu 20 May 2004 28,672 A..H. --- "C:\DELL\MEDIAEXE\VXBLOCK.DLL "
    Thu 1 Sep 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak "
    Sat 17 Mar 2007 31,232 ...H. --- "C:\Documents and Settings\Tim\My Documents\~WRL2644.tmp "
    Sat 24 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp "
    Tue 6 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\BIT1B.tmp "
    Fri 13 Apr 2007 8 A..H. --- "C:\Documents and Settings\George\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp "
    Fri 13 Apr 2007 8 A..H. --- "C:\Documents and Settings\George\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp "
    Fri 13 Apr 2007 8 A..H. --- "C:\Documents and Settings\George\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp "
    Fri 13 Apr 2007 8 A..H. --- "C:\Documents and Settings\George\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Heather\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Heather\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Heather\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Heather\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Lori\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Lori\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Lori\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Lori\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp "
    Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Tim\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp "
    Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Tim\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp "
    Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Tim\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp "
    Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Tim\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp "

    Finished!


    SDFix: Version 1.183
    Run by George on Sat 05/17/2008 at 11:29 AM

    Microsoft Windows XP [Version 5.1.2600]
    Running From: C:\SDFix

    Checking Services :


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\WINDOWS\system32\braviax.exe - Deleted





    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-17 11:36:54
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\\Program Files\\iTunes\\iTunes.exe "= "C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes "
    "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "= "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    Remaining Files :
     
    treend,
    #3
  5. 2008/05/17
    treend

    treend Inactive Thread Starter

    Joined:
    2007/03/19
    Messages:
    35
    Likes Received:
    0
    Continued...

    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Tue 24 Aug 2004 155,648 A..H. --- "C:\DELL\PRIMOSDK.DLL "
    Tue 24 Aug 2004 360,448 A..H. --- "C:\DELL\PX.DLL "
    Wed 28 Jul 2004 56,832 A..H. --- "C:\DELL\PXCPYA64.EXE "
    Wed 28 Jul 2004 108,544 A..H. --- "C:\DELL\PXCPYI64.EXE "
    Wed 18 Aug 2004 389,120 A..H. --- "C:\DELL\PXDRV.DLL "
    Mon 2 Aug 2004 20,576 A..H. --- "C:\DELL\PXHELP20.SYS "
    Mon 2 Aug 2004 54,976 A..H. --- "C:\DELL\PXHELP64.SYS "
    Mon 2 Aug 2004 32,272 A..H. --- "C:\DELL\PXHELPER.SYS "
    Mon 2 Aug 2004 26,720 A..H. --- "C:\DELL\PXHLPA64.SYS "
    Mon 2 Aug 2004 57,344 A..H. --- "C:\DELL\PXHPINST.EXE "
    Mon 2 Aug 2004 53,760 A..H. --- "C:\DELL\PXINSA64.EXE "
    Mon 2 Aug 2004 104,960 A..H. --- "C:\DELL\PXINSI64.EXE "
    Tue 24 Aug 2004 159,744 A..H. --- "C:\DELL\PXMAS.DLL "
    Wed 28 Jul 2004 57,344 A..H. --- "C:\DELL\PXSETUP.EXE "
    Tue 24 Aug 2004 339,968 A..H. --- "C:\DELL\PXWAVE.DLL "
    Thu 20 May 2004 28,672 A..H. --- "C:\DELL\VXBLOCK.DLL "
    Tue 24 Aug 2004 155,648 A..H. --- "C:\DELL\MEDIAEXE\PRIMOSDK.DLL "
    Tue 24 Aug 2004 360,448 A..H. --- "C:\DELL\MEDIAEXE\PX.DLL "
    Wed 28 Jul 2004 56,832 A..H. --- "C:\DELL\MEDIAEXE\PXCPYA64.EXE "
    Wed 28 Jul 2004 108,544 A..H. --- "C:\DELL\MEDIAEXE\PXCPYI64.EXE "
    Wed 18 Aug 2004 389,120 A..H. --- "C:\DELL\MEDIAEXE\PXDRV.DLL "
    Mon 2 Aug 2004 20,576 A..H. --- "C:\DELL\MEDIAEXE\PXHELP20.SYS "
    Mon 2 Aug 2004 54,976 A..H. --- "C:\DELL\MEDIAEXE\PXHELP64.SYS "
    Mon 2 Aug 2004 32,272 A..H. --- "C:\DELL\MEDIAEXE\PXHELPER.SYS "
    Mon 2 Aug 2004 26,720 A..H. --- "C:\DELL\MEDIAEXE\PXHLPA64.SYS "
    Mon 2 Aug 2004 57,344 A..H. --- "C:\DELL\MEDIAEXE\PXHPINST.EXE "
    Mon 2 Aug 2004 53,760 A..H. --- "C:\DELL\MEDIAEXE\PXINSA64.EXE "
    Mon 2 Aug 2004 104,960 A..H. --- "C:\DELL\MEDIAEXE\PXINSI64.EXE "
    Tue 24 Aug 2004 159,744 A..H. --- "C:\DELL\MEDIAEXE\PXMAS.DLL "
    Wed 28 Jul 2004 57,344 A..H. --- "C:\DELL\MEDIAEXE\PXSETUP.EXE "
    Tue 24 Aug 2004 339,968 A..H. --- "C:\DELL\MEDIAEXE\PXWAVE.DLL "
    Thu 20 May 2004 28,672 A..H. --- "C:\DELL\MEDIAEXE\VXBLOCK.DLL "
    Thu 1 Sep 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak "
    Sat 17 Mar 2007 31,232 ...H. --- "C:\Documents and Settings\Tim\My Documents\~WRL2644.tmp "
    Sat 24 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp "
    Tue 6 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\BIT1B.tmp "
    Fri 13 Apr 2007 8 A..H. --- "C:\Documents and Settings\George\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp "
    Fri 13 Apr 2007 8 A..H. --- "C:\Documents and Settings\George\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp "
    Fri 13 Apr 2007 8 A..H. --- "C:\Documents and Settings\George\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp "
    Fri 13 Apr 2007 8 A..H. --- "C:\Documents and Settings\George\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Heather\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Heather\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Heather\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Heather\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Lori\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Lori\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Lori\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Lori\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp "
    Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Tim\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp "
    Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Tim\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp "
    Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Tim\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp "
    Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Tim\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp "

    Finished!

    Deckard's System Scanner v20071014.68
    Run by George on 2008-05-17 11:56:57
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as George.exe) ----------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:57:03 AM, on 5/17/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\PROGRA~1\McAfee\MPS\mps.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\George\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\George.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com/
    F2 - REG:system.ini: UserInit=userinit.exe,
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE "
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-21-299419450-3118701898-1013829791-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Tim')
    O4 - HKUS\S-1-5-21-299419450-3118701898-1013829791-1009\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe (User 'Tim')
    O4 - HKUS\S-1-5-21-299419450-3118701898-1013829791-1009\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Tim')
    O4 - HKUS\S-1-5-21-299419450-3118701898-1013829791-1009\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Tim')
    O4 - HKUS\S-1-5-21-299419450-3118701898-1013829791-1009\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Tim')
    O4 - HKUS\S-1-5-21-299419450-3118701898-1013829791-1009\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe (User 'Tim')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - S-1-5-21-299419450-3118701898-1013829791-1009 Startup: PowerReg Scheduler V3.exe (User 'Tim')
    O4 - S-1-5-21-299419450-3118701898-1013829791-1009 Startup: PowerReg Scheduler.exe (User 'Tim')
    O4 - S-1-5-21-299419450-3118701898-1013829791-1009 User Startup: PowerReg Scheduler V3.exe (User 'Tim')
    O4 - S-1-5-21-299419450-3118701898-1013829791-1009 User Startup: PowerReg Scheduler.exe (User 'Tim')
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://63.108.96.230/tsweb/msrdp.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O24 - Desktop Component 0: (no name) - http://www.shop50states.com/images/capcty1.gif

    --
    End of file - 9545 bytes

    -- Files created between 2008-04-17 and 2008-05-17 -----------------------------

    2008-05-17 10:34:07 0 d-------- C:\Program Files\Trend Micro
    2008-05-04 14:43:37 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
    2008-05-03 22:09:48 0 d-------- C:\DISNEY


    -- Find3M Report ---------------------------------------------------------------

    2008-05-17 11:50:59 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
    2008-05-17 11:50:59 384 --a------ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
    2008-05-17 10:14:59 0 d-------- C:\Documents and Settings\George\Application Data\Adobe
    2008-05-17 07:40:50 0 d-------- C:\Program Files\Google
    2008-05-09 18:46:31 0 d-------- C:\Program Files\Common Files\Adobe
    2008-04-21 17:20:13 0 d-------- C:\Program Files\McAfee
    2008-04-04 20:49:17 16 --a------ C:\WINDOWS\popcinfo.dat


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched "= "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 07:48 PM]
    "IAAnotif "= "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [06/29/2004 01:23 PM]
    "ATIPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/25/2004 02:52 PM]
    "IntelMeM "= "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 10:12 PM]
    "CTSysVol "= "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [09/17/2003 12:43 PM]
    "CTDVDDET "= "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [06/18/2003 03:00 AM]
    "CTHelper "= "CTHELPER.EXE" [03/11/2004 11:50 AM C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
    "UpdReg "= "C:\WINDOWS\UpdReg.EXE" [05/11/2000 03:00 AM]
    "DVDLauncher "= "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [10/12/2004 06:54 PM]
    "UpdateManager "= "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/07/2004 03:01 AM]
    "mmtask "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [09/14/2004 10:50 AM]
    "RealTray "= "C:\Program Files\Real\RealPlayer\RealPlay.exe" [01/03/2005 04:46 PM]
    "dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [11/16/2004 01:05 AM]
    "!AVG Anti-Spyware "= "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [11/15/2007 12:43 AM]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 02:11 PM]
    "dscactivate "= "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 10:24 AM]
    "Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [03/29/2007 08:15 PM]
    "DellSupportCenter "= "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 10:23 AM]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "RunNarrator "=Narrator.exe

    C:\Documents and Settings\George\Start Menu\Programs\Startup\
    DESKTOP.INI [8/11/2004 7:15:06 PM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [12/29/2005 3:19:49 PM]
    DESKTOP.INI [8/11/2004 7:15:06 PM]
    HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [6/9/2004 3:16:08 PM]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools "=0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "




    -- End of Deckard's System Scanner: finished at 2008-05-17 11:57:26 ------------
     
    treend,
    #4
  6. 2008/05/17
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi treend

    Has the redirect and pop ups stopped?

    If so I will need to see a HJT log from each of these user accounts.

    Heather

    Lori

    Tim

    Please do one at a time.

    Thanks
    Geri
     
    Geri,
    #5
  7. 2008/05/17
    treend

    treend Inactive Thread Starter

    Joined:
    2007/03/19
    Messages:
    35
    Likes Received:
    0
    Geri,

    Yes, the problems are fixed, here is Tim.

    Thanks,

    TreeND

    Deckard's System Scanner v20071014.68
    Run by Tim on 2008-05-17 12:48:09
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as Tim.exe) -------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:48:12 PM, on 5/17/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\PROGRA~1\McAfee\MPS\mps.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\McAfee\MPS\mpsevh.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    C:\Program Files\palmOne\Hotsync.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Tim\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Tim.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    F2 - REG:system.ini: UserInit=userinit.exe,
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE "
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
    O4 - HKUS\S-1-5-21-299419450-3118701898-1013829791-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'George')
    O4 - HKUS\S-1-5-21-299419450-3118701898-1013829791-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'George')
    O4 - HKUS\S-1-5-21-299419450-3118701898-1013829791-1007\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (User 'George')
    O4 - HKUS\S-1-5-21-299419450-3118701898-1013829791-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'George')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://63.108.96.230/tsweb/msrdp.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O24 - Desktop Component 0: (no name) - http://sites.younglife.org/camps/LostCanyon/Facilities/snowcroppedCR107.JPG

    --
    End of file - 9162 bytes

    -- Files created between 2008-04-17 and 2008-05-17 -----------------------------

    2008-05-17 10:34:07 0 d-------- C:\Program Files\Trend Micro
    2008-05-04 14:43:37 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
    2008-05-03 22:09:48 0 d-------- C:\DISNEY


    -- Find3M Report ---------------------------------------------------------------

    2008-05-17 11:50:59 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
    2008-05-17 11:50:59 384 --a------ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
    2008-05-17 07:40:50 0 d-------- C:\Program Files\Google
    2008-05-09 18:46:31 0 d-------- C:\Program Files\Common Files\Adobe
    2008-04-21 17:20:13 0 d-------- C:\Program Files\McAfee
    2008-04-05 19:42:16 0 d-------- C:\Documents and Settings\Tim\Application Data\U3
    2008-04-04 20:49:17 16 --a------ C:\WINDOWS\popcinfo.dat


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched "= "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 07:48 PM]
    "IAAnotif "= "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [06/29/2004 01:23 PM]
    "ATIPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/25/2004 02:52 PM]
    "IntelMeM "= "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 10:12 PM]
    "CTSysVol "= "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [09/17/2003 12:43 PM]
    "CTDVDDET "= "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [06/18/2003 03:00 AM]
    "CTHelper "= "CTHELPER.EXE" [03/11/2004 11:50 AM C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
    "UpdReg "= "C:\WINDOWS\UpdReg.EXE" [05/11/2000 03:00 AM]
    "DVDLauncher "= "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [10/12/2004 06:54 PM]
    "UpdateManager "= "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/07/2004 03:01 AM]
    "mmtask "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [09/14/2004 10:50 AM]
    "RealTray "= "C:\Program Files\Real\RealPlayer\RealPlay.exe" [01/03/2005 04:46 PM]
    "dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [11/16/2004 01:05 AM]
    "!AVG Anti-Spyware "= "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [11/15/2007 12:43 AM]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 02:11 PM]
    "dscactivate "= "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 10:24 AM]
    "Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
    "MSKAGENTEXE "= "C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" []
    "DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [03/29/2007 08:15 PM]
    "braviax "= "C:\WINDOWS\system32\braviax.exe" []

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "RunNarrator "=Narrator.exe

    C:\Documents and Settings\Tim\Start Menu\Programs\Startup\
    DESKTOP.INI [8/11/2004 7:15:06 PM]
    PowerReg Scheduler V3.exe [5/26/2007 9:27:16 PM]
    PowerReg Scheduler.exe [2/8/2005 9:46:43 PM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [12/29/2005 3:19:49 PM]
    DESKTOP.INI [8/11/2004 7:15:06 PM]
    HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [6/9/2004 3:16:08 PM]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools "=0 (0x0)
    "NoDispAppearancePage "=0 (0x0)
    "NoColorChoice "=0 (0x0)
    "NoSizeChoice "=0 (0x0)
    "NoDispBackgroundPage "=0 (0x0)
    "NoDispScrSavPage "=0 (0x0)
    "NoDispCPL "=0 (0x0)
    "NoVisualStyleChoice "=0 (0x0)
    "NoDispSettingsPage "=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoActiveDesktop "=0 (0x0)
    "NoActiveDesktopChanges "=0 (0x0)
    "NoSaveSettings "=0 (0x0)
    "NoThemesTab "=0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48cdd3a4-eee1-11db-b5f3-001111b6930f}]
    AutoRun\command- F:\LaunchU3.exe




    -- End of Deckard's System Scanner: finished at 2008-05-17 12:48:49 ------------
     
    treend,
    #6
  8. 2008/05/17
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    OK SDFix needs to be on the desk top in Tims user account and then ran.

    Then post the dss log for that account and then a dss log for the next user account.

    Thanks
    Geri
     
    Geri,
    #7
  9. 2008/05/17
    treend

    treend Inactive Thread Starter

    Joined:
    2007/03/19
    Messages:
    35
    Likes Received:
    0
    Geri,

    Tim is fixed. Thanks.

    TreeND


    SDFix: Version 1.183
    Run by Tim on Sat 05/17/2008 at 01:51 PM

    Microsoft Windows XP [Version 5.1.2600]
    Running From: C:\SDFix

    Checking Services :


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting


    Checking Files :

    No Trojan Files Found






    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-17 14:00:05
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\\Program Files\\iTunes\\iTunes.exe "= "C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes "
    "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "= "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    Remaining Files :


    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Tue 24 Aug 2004 155,648 A..H. --- "C:\DELL\PRIMOSDK.DLL "
    Tue 24 Aug 2004 360,448 A..H. --- "C:\DELL\PX.DLL "
    Wed 28 Jul 2004 56,832 A..H. --- "C:\DELL\PXCPYA64.EXE "
    Wed 28 Jul 2004 108,544 A..H. --- "C:\DELL\PXCPYI64.EXE "
    Wed 18 Aug 2004 389,120 A..H. --- "C:\DELL\PXDRV.DLL "
    Mon 2 Aug 2004 20,576 A..H. --- "C:\DELL\PXHELP20.SYS "
    Mon 2 Aug 2004 54,976 A..H. --- "C:\DELL\PXHELP64.SYS "
    Mon 2 Aug 2004 32,272 A..H. --- "C:\DELL\PXHELPER.SYS "
    Mon 2 Aug 2004 26,720 A..H. --- "C:\DELL\PXHLPA64.SYS "
    Mon 2 Aug 2004 57,344 A..H. --- "C:\DELL\PXHPINST.EXE "
    Mon 2 Aug 2004 53,760 A..H. --- "C:\DELL\PXINSA64.EXE "
    Mon 2 Aug 2004 104,960 A..H. --- "C:\DELL\PXINSI64.EXE "
    Tue 24 Aug 2004 159,744 A..H. --- "C:\DELL\PXMAS.DLL "
    Wed 28 Jul 2004 57,344 A..H. --- "C:\DELL\PXSETUP.EXE "
    Tue 24 Aug 2004 339,968 A..H. --- "C:\DELL\PXWAVE.DLL "
    Thu 20 May 2004 28,672 A..H. --- "C:\DELL\VXBLOCK.DLL "
    Tue 24 Aug 2004 155,648 A..H. --- "C:\DELL\MEDIAEXE\PRIMOSDK.DLL "
    Tue 24 Aug 2004 360,448 A..H. --- "C:\DELL\MEDIAEXE\PX.DLL "
    Wed 28 Jul 2004 56,832 A..H. --- "C:\DELL\MEDIAEXE\PXCPYA64.EXE "
    Wed 28 Jul 2004 108,544 A..H. --- "C:\DELL\MEDIAEXE\PXCPYI64.EXE "
    Wed 18 Aug 2004 389,120 A..H. --- "C:\DELL\MEDIAEXE\PXDRV.DLL "
    Mon 2 Aug 2004 20,576 A..H. --- "C:\DELL\MEDIAEXE\PXHELP20.SYS "
    Mon 2 Aug 2004 54,976 A..H. --- "C:\DELL\MEDIAEXE\PXHELP64.SYS "
    Mon 2 Aug 2004 32,272 A..H. --- "C:\DELL\MEDIAEXE\PXHELPER.SYS "
    Mon 2 Aug 2004 26,720 A..H. --- "C:\DELL\MEDIAEXE\PXHLPA64.SYS "
    Mon 2 Aug 2004 57,344 A..H. --- "C:\DELL\MEDIAEXE\PXHPINST.EXE "
    Mon 2 Aug 2004 53,760 A..H. --- "C:\DELL\MEDIAEXE\PXINSA64.EXE "
    Mon 2 Aug 2004 104,960 A..H. --- "C:\DELL\MEDIAEXE\PXINSI64.EXE "
    Tue 24 Aug 2004 159,744 A..H. --- "C:\DELL\MEDIAEXE\PXMAS.DLL "
    Wed 28 Jul 2004 57,344 A..H. --- "C:\DELL\MEDIAEXE\PXSETUP.EXE "
    Tue 24 Aug 2004 339,968 A..H. --- "C:\DELL\MEDIAEXE\PXWAVE.DLL "
    Thu 20 May 2004 28,672 A..H. --- "C:\DELL\MEDIAEXE\VXBLOCK.DLL "
    Thu 1 Sep 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak "
    Sat 17 Mar 2007 31,232 ...H. --- "C:\Documents and Settings\Tim\My Documents\~WRL2644.tmp "
    Sat 24 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp "
    Tue 6 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\BIT1B.tmp "
    Fri 13 Apr 2007 8 A..H. --- "C:\Documents and Settings\George\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp "
    Fri 13 Apr 2007 8 A..H. --- "C:\Documents and Settings\George\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp "
    Fri 13 Apr 2007 8 A..H. --- "C:\Documents and Settings\George\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp "
    Fri 13 Apr 2007 8 A..H. --- "C:\Documents and Settings\George\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Heather\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Heather\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Heather\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Heather\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Lori\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Lori\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Lori\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Lori\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp "
    Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Tim\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp "
    Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Tim\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp "
    Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Tim\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp "
    Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Tim\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp "

    Finished!

    Deckard's System Scanner v20071014.68
    Run by Tim on 2008-05-17 14:04:49
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as Tim.exe) -------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:04:56 PM, on 5/17/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\PROGRA~1\McAfee\MPS\mps.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\McAfee\MPS\mpsevh.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    C:\Program Files\palmOne\Hotsync.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\Tim\Desktop\dss.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Tim.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    F2 - REG:system.ini: UserInit=userinit.exe,
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE "
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://63.108.96.230/tsweb/msrdp.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O24 - Desktop Component 0: (no name) - http://sites.younglife.org/camps/LostCanyon/Facilities/snowcroppedCR107.JPG

    --
    End of file - 8510 bytes

    -- Files created between 2008-04-17 and 2008-05-17 -----------------------------

    2008-05-17 10:34:07 0 d-------- C:\Program Files\Trend Micro
    2008-05-04 14:43:37 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
    2008-05-03 22:09:48 0 d-------- C:\DISNEY


    -- Find3M Report ---------------------------------------------------------------

    2008-05-17 13:46:16 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
    2008-05-17 13:46:16 384 --a------ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
    2008-05-17 07:40:50 0 d-------- C:\Program Files\Google
    2008-05-09 18:46:31 0 d-------- C:\Program Files\Common Files\Adobe
    2008-04-21 17:20:13 0 d-------- C:\Program Files\McAfee
    2008-04-05 19:42:16 0 d-------- C:\Documents and Settings\Tim\Application Data\U3
    2008-04-04 20:49:17 16 --a------ C:\WINDOWS\popcinfo.dat


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched "= "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 07:48 PM]
    "IAAnotif "= "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [06/29/2004 01:23 PM]
    "ATIPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/25/2004 02:52 PM]
    "IntelMeM "= "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 10:12 PM]
    "CTSysVol "= "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [09/17/2003 12:43 PM]
    "CTDVDDET "= "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [06/18/2003 03:00 AM]
    "CTHelper "= "CTHELPER.EXE" [03/11/2004 11:50 AM C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
    "UpdReg "= "C:\WINDOWS\UpdReg.EXE" [05/11/2000 03:00 AM]
    "DVDLauncher "= "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [10/12/2004 06:54 PM]
    "UpdateManager "= "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/07/2004 03:01 AM]
    "mmtask "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [09/14/2004 10:50 AM]
    "RealTray "= "C:\Program Files\Real\RealPlayer\RealPlay.exe" [01/03/2005 04:46 PM]
    "dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [11/16/2004 01:05 AM]
    "!AVG Anti-Spyware "= "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [11/15/2007 12:43 AM]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 02:11 PM]
    "dscactivate "= "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 10:24 AM]
    "Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
    "MSKAGENTEXE "= "C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" []
    "DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [03/29/2007 08:15 PM]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "RunNarrator "=Narrator.exe

    C:\Documents and Settings\Tim\Start Menu\Programs\Startup\
    DESKTOP.INI [8/11/2004 7:15:06 PM]
    PowerReg Scheduler V3.exe [5/26/2007 9:27:16 PM]
    PowerReg Scheduler.exe [2/8/2005 9:46:43 PM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [12/29/2005 3:19:49 PM]
    DESKTOP.INI [8/11/2004 7:15:06 PM]
    HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [6/9/2004 3:16:08 PM]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoDispAppearancePage "=0 (0x0)
    "DisableRegistryTools "=0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48cdd3a4-eee1-11db-b5f3-001111b6930f}]
    AutoRun\command- F:\LaunchU3.exe




    -- End of Deckard's System Scanner: finished at 2008-05-17 14:05:15 ------------
     
    treend,
    #8
  10. 2008/05/17
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    OK dss on The next account.

    Geri
     
    Geri,
    #9
  11. 2008/05/22
    treend

    treend Inactive Thread Starter

    Joined:
    2007/03/19
    Messages:
    35
    Likes Received:
    0
    Geri,

    I was away a few days. Here is the next log, however, the problem seems to have been fixed on this account with the previous fixes.

    Thanks,

    TreeND

    Deckard's System Scanner v20071014.68
    Run by Heather on 2008-05-17 14:37:35
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as Heather.exe) ---------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:37:43 PM, on 5/17/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\PROGRA~1\McAfee\MPS\mps.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    C:\Program Files\palmOne\Hotsync.exe
    C:\Documents and Settings\Heather\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Heather.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    F2 - REG:system.ini: UserInit=userinit.exe,
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE "
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKUS\S-1-5-21-299419450-3118701898-1013829791-1009\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe (User 'Tim')
    O4 - HKUS\S-1-5-21-299419450-3118701898-1013829791-1009\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Tim')
    O4 - HKUS\S-1-5-21-299419450-3118701898-1013829791-1009\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Tim')
    O4 - HKUS\S-1-5-21-299419450-3118701898-1013829791-1009\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Tim')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - S-1-5-21-299419450-3118701898-1013829791-1009 Startup: PowerReg Scheduler V3.exe (User 'Tim')
    O4 - S-1-5-21-299419450-3118701898-1013829791-1009 Startup: PowerReg Scheduler.exe (User 'Tim')
    O4 - S-1-5-21-299419450-3118701898-1013829791-1009 User Startup: PowerReg Scheduler V3.exe (User 'Tim')
    O4 - S-1-5-21-299419450-3118701898-1013829791-1009 User Startup: PowerReg Scheduler.exe (User 'Tim')
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://63.108.96.230/tsweb/msrdp.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe

    --
    End of file - 9225 bytes

    -- Files created between 2008-04-17 and 2008-05-17 -----------------------------

    2008-05-17 10:34:07 0 d-------- C:\Program Files\Trend Micro
    2008-05-04 14:43:37 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
    2008-05-03 22:09:48 0 d-------- C:\DISNEY


    -- Find3M Report ---------------------------------------------------------------

    2008-05-17 14:29:14 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
    2008-05-17 14:29:14 384 --a------ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
    2008-05-17 07:40:50 0 d-------- C:\Program Files\Google
    2008-05-09 18:46:31 0 d-------- C:\Program Files\Common Files\Adobe
    2008-04-21 17:20:13 0 d-------- C:\Program Files\McAfee
    2008-04-04 20:49:17 16 --a------ C:\WINDOWS\popcinfo.dat


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched "= "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 07:48 PM]
    "IAAnotif "= "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [06/29/2004 01:23 PM]
    "ATIPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/25/2004 02:52 PM]
    "IntelMeM "= "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 10:12 PM]
    "CTSysVol "= "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [09/17/2003 12:43 PM]
    "CTDVDDET "= "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [06/18/2003 03:00 AM]
    "CTHelper "= "CTHELPER.EXE" [03/11/2004 11:50 AM C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
    "UpdReg "= "C:\WINDOWS\UpdReg.EXE" [05/11/2000 03:00 AM]
    "DVDLauncher "= "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [10/12/2004 06:54 PM]
    "UpdateManager "= "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/07/2004 03:01 AM]
    "mmtask "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [09/14/2004 10:50 AM]
    "RealTray "= "C:\Program Files\Real\RealPlayer\RealPlay.exe" [01/03/2005 04:46 PM]
    "dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [11/16/2004 01:05 AM]
    "!AVG Anti-Spyware "= "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [11/15/2007 12:43 AM]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 02:11 PM]
    "dscactivate "= "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 10:24 AM]
    "Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
    "DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [03/29/2007 08:15 PM]
    "AdobeUpdater "= "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [03/01/2007 10:37 AM]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "RunNarrator "=Narrator.exe

    C:\Documents and Settings\Heather\Start Menu\Programs\Startup\
    DESKTOP.INI [8/11/2004 7:15:06 PM]
    PowerReg Scheduler V3.exe [4/29/2006 6:04:52 PM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [12/29/2005 3:19:49 PM]
    DESKTOP.INI [8/11/2004 7:15:06 PM]
    HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [6/9/2004 3:16:08 PM]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableTaskMgr "=0 (0x0)
    "DisableRegistryTools "=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoWindowsUpdate "=0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08b0dae3-9a7c-11da-b246-001111b6930f}]
    AutoRun\command- F:\JDLightning\Windows\JDLightning.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99f2bfcc-b670-11dc-b83b-001111b6930f}]
    AutoRun\command- F:\JDLightning\Windows\JDLightning.exe




    -- End of Deckard's System Scanner: finished at 2008-05-17 14:38:04 ------------
     
    treend,
    #10
  12. 2008/05/22
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    OK, That one looks OK.

    Is there one more?

    Thanks
    Geri
     
    Geri,
    #11
  13. 2008/05/23
    treend

    treend Inactive Thread Starter

    Joined:
    2007/03/19
    Messages:
    35
    Likes Received:
    0
    Geri,

    Last account also appears fixed.

    TreeND

    Deckard's System Scanner v20071014.68
    Run by Lori on 2008-05-22 18:39:24
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as Lori.exe) ------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:39:31 PM, on 5/22/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\PROGRA~1\McAfee\MPS\mps.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    C:\Program Files\palmOne\Hotsync.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\Lori\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Lori.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/a/
    F2 - REG:system.ini: UserInit=userinit.exe,
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE "
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://63.108.96.230/tsweb/msrdp.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe

    --
    End of file - 8570 bytes

    -- Files created between 2008-04-22 and 2008-05-22 -----------------------------

    2008-05-17 10:34:07 0 d-------- C:\Program Files\Trend Micro
    2008-05-04 14:43:37 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
    2008-05-03 22:09:48 0 d-------- C:\DISNEY


    -- Find3M Report ---------------------------------------------------------------

    2008-05-20 18:11:04 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
    2008-05-20 18:11:04 384 --a------ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
    2008-05-17 07:40:50 0 d-------- C:\Program Files\Google
    2008-05-09 18:46:31 0 d-------- C:\Program Files\Common Files\Adobe
    2008-04-21 17:20:13 0 d-------- C:\Program Files\McAfee
    2008-04-04 20:49:17 16 --a------ C:\WINDOWS\popcinfo.dat


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched "= "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 07:48 PM]
    "IAAnotif "= "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [06/29/2004 01:23 PM]
    "ATIPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/25/2004 02:52 PM]
    "IntelMeM "= "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 10:12 PM]
    "CTSysVol "= "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [09/17/2003 12:43 PM]
    "CTDVDDET "= "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [06/18/2003 03:00 AM]
    "CTHelper "= "CTHELPER.EXE" [03/11/2004 11:50 AM C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
    "UpdReg "= "C:\WINDOWS\UpdReg.EXE" [05/11/2000 03:00 AM]
    "DVDLauncher "= "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [10/12/2004 06:54 PM]
    "UpdateManager "= "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/07/2004 03:01 AM]
    "mmtask "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [09/14/2004 10:50 AM]
    "RealTray "= "C:\Program Files\Real\RealPlayer\RealPlay.exe" [01/03/2005 04:46 PM]
    "dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [11/16/2004 01:05 AM]
    "!AVG Anti-Spyware "= "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [11/15/2007 12:43 AM]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 02:11 PM]
    "dscactivate "= "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 10:24 AM]
    "Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
    "MSKAGENTEXE "= "C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" []
    "DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [03/29/2007 08:15 PM]
    "updateMgr "= "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
    "DellSupportCenter "= "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 10:23 AM]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "RunNarrator "=Narrator.exe

    C:\Documents and Settings\Lori\Start Menu\Programs\Startup\
    DESKTOP.INI [8/11/2004 7:15:06 PM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [12/29/2005 3:19:49 PM]
    DESKTOP.INI [8/11/2004 7:15:06 PM]
    HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [6/9/2004 3:16:08 PM]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools "=0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99f2bfcc-b670-11dc-b83b-001111b6930f}]
    AutoRun\command- F:\JDLightning\Windows\JDLightning.exe




    -- End of Deckard's System Scanner: finished at 2008-05-22 18:39:51 ------------
     
    treend,
    #12
  14. 2008/05/23
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi treend
    OK Good.

    Now do this.

    You can delete any tools you were asked to download and the files/folders or logs they created, There will be newer versions if ever needed again any way.

    These Tools.

    dss.exe
    SDFix.exe

    These Folders.

    C:\Deckard
    C:\SDFix

    If you have ATF Cleaner please run it.

    If you don't please download it.

    Download ATF Cleaner by Atribune and save it to your Desktop.
    This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
    Double click ATF-Cleaner.exe to run the program.
    Check the boxes to the left of:

    Windows Temp
    Current User Temp
    All Users Temp
    Temporary Internet Files
    Prefetch
    Java Cache
    Recycle bin

    The rest are optional - if you want it to remove everything check "Select All ".
    Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK

    Now lets get a on-line scan.

    Please do an online scan with Kaspersky WebScanner

    Click on "Accept" If your pop "“up blocker blocks the ActiveX download, allow it, click on "Accept" again

    You will be prompted to install an ActiveX component from Kaspersky, Click Yes or Install.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
      • Scan Options:
      • Scan Archives
        Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      • Select My Computer
    • This will start the program and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Now click on the Save as Text button:
    • Save the file to your desktop.
    • Copy and paste that information in your next post.

    Please post the Kaspersky results.

    Thanks
    Geri
     
    Geri,
    #13
  15. 2008/05/25
    treend

    treend Inactive Thread Starter

    Joined:
    2007/03/19
    Messages:
    35
    Likes Received:
    0
    Geri,

    Done. Thanks,

    TreeND

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Sunday, May 25, 2008 4:09:15 PM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 25/05/2008
    Kaspersky Anti-Virus database records: 800225
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\

    Scan Statistics:
    Total number of scanned objects: 71597
    Number of viruses found: 1
    Number of infected objects: 1
    Number of suspicious objects: 0
    Duration of the scan process: 01:29:16

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\logout.edb Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR10.tmp Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ab71646864b4b5eb6a61b9a8a7106535_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\George\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\George\Local Settings\Application Data\ApplicationHistory\sprtcmd.exe.63e7480d.ini.inuse Object is locked skipped
    C:\Documents and Settings\George\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\George\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\George\Local Settings\Application Data\SupportSoft\dellsupportcenter\George\state\logs\sprtcmd.log Object is locked skipped
    C:\Documents and Settings\George\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
    C:\Documents and Settings\George\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\George\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\George\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Lori\ntuser.dat Object is locked skipped
    C:\Documents and Settings\Lori\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\master.mdf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\mastlog.ldf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\model.mdf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\modellog.ldf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\tempdb.mdf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\templog.ldf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\LOG\ERRORLOG Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP35\A0009828.exe Infected: not-a-virus:FraudTool.Win32.UltimateDefender.ie skipped
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP39\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\Temp\mcafee_2yKCGhkJoahQEk3 Object is locked skipped
    C:\WINDOWS\Temp\mcafee_eVizoMxJZqxuBIK Object is locked skipped
    C:\WINDOWS\Temp\mcafee_L1ubBueekCfL4S1 Object is locked skipped
    C:\WINDOWS\Temp\mcmsc_KIC3JXBYngzwxiJ Object is locked skipped
    C:\WINDOWS\Temp\mcmsc_L5Qm5CTcqgOSdMz Object is locked skipped
    C:\WINDOWS\Temp\Perflib_Perfdata_97c.dat Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    C:\WINDOWS\{00000004-00000000-00000002-00001102-00000004-20061102}.CDF Object is locked skipped

    Scan process completed.
     
    treend,
    #14
  16. 2008/05/25
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi treend
    Ok Looks Good.

    Please do this.

    We need to turn off and on system restore. There are infections in it and by using system restore you would reinfect yourself.

    You must be logged in as an Administrator to do this. If you are not logged in as an Administrator, the System Restore tab will not be displayed.
    Turning off System Restore will clear out all previous restore points.

    To turn off Windows XP System Restore:
    NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    8. Restart the computer and follow the instructions in the next section to turn on System Restore.

    To turn on Windows XP System Restore:
    1. Click Start.
    2. Right-click My Computer, and then click Properties.
    3. Click the System Restore tab.
    4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives. "
    5. Click Apply, and then click OK
    6. Make a new restore point.
    7. Click Start, All Programs, Accessories, System Tools, System Restore.
    Choose Create a restore point and clicked Next, Under "Type a description for your restore point…â€put a name in the box,. Click Create. In the next window click Close.


    Please look at this link for some preventive recommendations, It could keep you from ending up back here to the Spyware and Virus Removal Forums.
    http://www.windowsbbs.com/showthread.php?t=67958


    Let me know how things are running.

    Thanks
    Geri
     
    Geri,
    #15
  17. 2008/05/28
    treend

    treend Inactive Thread Starter

    Joined:
    2007/03/19
    Messages:
    35
    Likes Received:
    0
    Geri,

    Created a new system restore. Everything seems to be running well. Once again you have been a tremendous help. Thanks for your time.

    Sincerely,

    TreeND
     
    treend,
    #16
  18. 2008/05/28
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi treend
    Glad I could help out. :)

    I'll mark this one resolved.

    Surf Safely
    Geri
     
    Geri,
    #17

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...