1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved No control panel, hijacked homepage, recurrent security alert

Discussion in 'Malware and Virus Removal Archive' started by treend, 2007/11/21.

Page 1 of 3
  1. 2007/11/21
    treend

    treend Inactive Thread Starter

    Joined:
    2007/03/19
    Messages:
    35
    Likes Received:
    0
    [Resolved]No control panel, hijacked homepage, recurrent security alert

    Having numerous problems.

    Control panel has disappeared. When going to my computer to try to add/delete programs, a window pops up twice saying that the operation has been cancelled due to restrictions on the computer - contact system administrator.

    Windows security alert "Warning! Potential Spyware operation!" occurs every 5 minutes wanting you to download a spyware remover.

    Homepage is hijacked to google homepage each time the computer is rebooted.

    Can not enable windows updates.

    Macafee virus scan can not be enabled.

    I have run spybot search and destroy, Ad-aware, and macafee virus scan multiple times. Identified/fixed multiple problems (spy sherriff, virtumonde, cimuz, smitfraud) yet problems persist.

    Thanks. I greatly appreciate any help you can provide.

    Deckard's System Scanner v20071014.68
    Run by George on 2007-11-21 21:16:15
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as George.exe) ----------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:16:16 PM, on 11/21/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\proper.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\spoolw.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\palmOne\Hotsync.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\WINDOWS\System32\svchost.exe
    c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\George\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\George.exe

    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\system32\bronto.dll (file missing)
    O2 - BHO: (no name) - {DABCE839-3831-3818-AF3A-3837BCD324D2} - C:\WINDOWS\system32\mskvtns.dll (file missing)
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE "
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [dumprep] C:\WINDOWS\system32\spoolw.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Startup: infos.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: autos.exe
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://63.108.96.230/tsweb/msrdp.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\skuns.dat
    O20 - Winlogon Notify: sysfldr - C:\WINDOWS\SYSTEM32\sysfldr.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O24 - Desktop Component 0: (no name) - http://www.shop50states.com/images/capcty1.gif

    --
    End of file - 9056 bytes

    -- Files created between 2007-10-21 and 2007-11-21 -----------------------------

    2007-11-19 17:44:47 0 d-------- C:\Documents and Settings\Tim\Application Data\U3
    2007-11-18 19:44:36 0 d-------- C:\Documents and Settings\Tim\Application Data\Grisoft
    2007-11-17 12:04:31 5632 --a------ C:\WINDOWS\system32\winter.exe
    2007-11-17 12:04:31 5632 --a------ C:\WINDOWS\system32\proper.exe
    2007-11-17 12:04:28 0 d-------- C:\Documents and Settings\Heather\Application Data\Grisoft
    2007-11-16 23:58:22 0 d-------- C:\WINDOWS\system32\ActiveScan
    2007-11-16 22:39:46 4678 --a------ C:\WINDOWS\system32\tmp.reg
    2007-11-16 22:33:39 0 d-------- C:\Documents and Settings\George\Application Data\Grisoft
    2007-11-16 22:33:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-16 22:11:05 63488 --a------ C:\WINDOWS\system32\spoolw.exe
    2007-11-16 22:11:05 289280 --a------ C:\WINDOWS\system32\libcurl.dll <Not Verified; The cURL library, http://curl.haxx.se/; The cURL library>
    2007-11-15 21:45:52 0 d-------- C:\Program Files\Trend Micro
    2007-11-15 20:00:07 20992 --a------ C:\WINDOWS\daverx.exe
    2007-11-10 22:34:45 10725 --a------ C:\WINDOWS\system32\msftedswc.dll
    2007-11-10 22:34:44 56195 --a------ C:\WINDOWS\system32\msdtexch.dll
    2007-11-10 22:10:15 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
    2007-11-10 21:37:24 156336 --a------ C:\WINDOWS\dracee.exe
    2007-11-10 21:22:29 1175106 --a------ C:\Documents and Settings\Lori\Application Data\Install.dat
    2007-11-07 16:56:02 0 --a------ C:\bbzip.exe
    2007-11-07 16:54:54 1175106 --a------ C:\Documents and Settings\Tim\Application Data\Install.dat
    2007-11-07 16:54:02 11776 --a------ C:\Documents and Settings\Tim\wn852.exe
    2007-10-28 12:14:11 0 d-------- C:\Program Files\iTunes
    2007-10-28 12:12:42 0 d-------- C:\Program Files\QuickTime
    2007-10-28 12:11:31 0 d------c- C:\WINDOWS\system32\DRVSTORE
    2007-10-28 12:11:19 0 d-------- C:\Program Files\Common Files\Apple
    2007-10-28 12:11:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple


    -- Find3M Report ---------------------------------------------------------------

    2007-11-21 20:56:43 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
    2007-11-21 20:56:43 384 --a------ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
    2007-11-17 00:54:54 0 d-------- C:\Program Files\palmOne
    2007-11-17 00:44:04 0 d-------- C:\Program Files\Messenger
    2007-11-17 00:41:49 0 d-------- C:\Program Files\Google
    2007-11-17 00:41:43 0 d-------- C:\Program Files\DellSupport
    2007-11-17 00:40:37 0 d-------- C:\Program Files\Common Files\DataViz
    2007-10-28 12:14:16 0 d-------- C:\Program Files\iPod
    2007-10-28 12:11:44 0 d-------- C:\Program Files\Apple Software Update
    2007-10-28 12:11:19 0 d-------- C:\Program Files\Common Files
    2007-10-19 20:36:20 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-10-19 20:36:20 0 d-------- C:\Program Files\Atari
    2007-10-18 20:00:46 16 --a------ C:\WINDOWS\popcinfo.dat
    2007-09-24 19:49:34 49152 --a------ C:\WINDOWS\system32\LxrSge10s.exe
    2007-09-24 19:49:34 282624 --a------ C:\WINDOWS\LxrSGe11e.dll <Not Verified; Lexar Media Inc.; >
    2007-09-24 19:49:34 1605632 --a------ C:\WINDOWS\LxrJDLApp.exe <Not Verified; Lexar Media, Inc.; JumpDrive Lightning Application>


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D27987B8-7244-4DE0-AE10-39B826B492F1}]
    C:\WINDOWS\system32\bronto.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DABCE839-3831-3818-AF3A-3837BCD324D2}]
    C:\WINDOWS\system32\mskvtns.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched "= "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 06:48 PM]
    "IAAnotif "= "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [06/29/2004 12:23 PM]
    "ATIPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/25/2004 01:52 PM]
    "IntelMeM "= "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 09:12 PM]
    "CTSysVol "= "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [09/17/2003 11:43 AM]
    "CTDVDDET "= "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [06/18/2003 02:00 AM]
    "CTHelper "= "CTHELPER.EXE" [03/11/2004 10:50 AM C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
    "UpdReg "= "C:\WINDOWS\UpdReg.EXE" [05/11/2000 02:00 AM]
    "DVDLauncher "= "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [10/12/2004 05:54 PM]
    "UpdateManager "= "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/07/2004 02:01 AM]
    "MMTray "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [09/14/2004 09:50 AM]
    "mmtask "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [09/14/2004 09:50 AM]
    "VSOCheckTask "= "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [07/08/2005 05:18 PM]
    "MCAgentExe "= "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [09/22/2005 05:29 PM]
    "MCUpdateExe "= "C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [01/11/2006 11:05 AM]
    "RealTray "= "C:\Program Files\Real\RealPlayer\RealPlay.exe" [01/03/2005 03:46 PM]
    "VirusScan Online "= "C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [08/10/2005 11:49 AM]
    "dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [11/16/2004 12:05 AM]
    "OASClnt "= "C:\Program Files\McAfee.com\VSO\oasclnt.exe" [08/11/2005 09:02 PM]
    "MPFExe "= "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [11/11/2005 04:00 PM]
    "MPSExe "= "c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" [03/30/2006 01:31 PM]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [06/29/2007 05:24 AM]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [09/26/2007 01:42 PM]
    "dumprep "= "C:\WINDOWS\system32\spoolw.exe" [11/16/2007 10:11 PM]
    "!AVG Anti-Spyware "= "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]
    "Undefined "= "C:\WINDOWS\system32\winter.exe" [11/07/2007 04:57 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
    "DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 10:09 AM]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [03/29/2007 07:15 PM]
    "Undefined "= "C:\WINDOWS\system32\winter.exe" [11/07/2007 04:57 PM]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "RunNarrator "=Narrator.exe

    C:\Documents and Settings\George\Start Menu\Programs\Startup\
    DESKTOP.INI [8/11/2004 6:15:06 PM]
    infos.exe [11/7/2007 4:57:14 PM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
    autos.exe [11/7/2007 4:57:14 PM]
    DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [12/29/2005 2:19:49 PM]
    DESKTOP.INI [8/11/2004 6:15:06 PM]
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [3/19/2007 8:05:03 PM]
    HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [6/9/2004 2:16:08 PM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools "=1 (0x1)
    "DisableTaskMgr "=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools "=0 (0x0)
    "DisableTaskMgr "=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoControlPanel "=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoControlPanel "=1 (0x1)
    "NoWindowsUpdate "=1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sysfldr]
    sysfldr.dll 04/16/2007 10:52 AM 12800 C:\WINDOWS\SYSTEM32\sysfldr.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls "=C:\WINDOWS\system32\skuns.dat




    -- End of Deckard's System Scanner: finished at 2007-11-21 21:16:55 ------------
     
    treend,
    #1
  2. 2007/11/21
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi treend
    You have quite the mess going on here:rolleyes:

    It may be helpful to print or save these instructions to a text file. You can use it as a checklist to make sure all tasks are completed, in the order given, and all logs are available for posting. Since you have been asked to run multiple tasks and post several logs, please re-read all instructions prior to posting back, to make sure all requested actions have been completed and all requested logs are available. This will help save us both time. Thanks!

    Please make sure you do these in the order given.

    (1)
    Scan again with HijackThis and fix the following entry.

    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

    Close HijackThis.

    (2)
    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, the Advanced Options Menu should appear;
    • Select the first option, to run Windows in Safe Mode, then press Enter.
    • Choose your usual account.
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

    (3)
    Please download SmitfraudFix (by S!Ri) to your Desktop.

    You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

    Next, please reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter ".
    • Choose your usual account.
    Once in Safe Mode, double-click on SmitfraudFix.exe
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted : "Registry cleaning - Do you want to clean the registry ? "; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter ".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    (4)
    Download ComboFix from Here or [color= "Red"]Here[/color] to your Desktop.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    Please post the SDFix log, Smitfraudfix log, Combofix log and a new dss log.
    All these logs may take more then one post to get them in.

    Thanks
    Geri
     
    Geri,
    #2


  3. to hide this advert.

  4. 2007/11/22
    treend

    treend Inactive Thread Starter

    Joined:
    2007/03/19
    Messages:
    35
    Likes Received:
    0
    Hi Geri,

    Happy Thanksgiving and thank you very much for your help and guidance.

    I followed your instructions all reports/logs attached (Combofix log to follow in next reply). Control panel has returned and I am no longer getting the security alert every 5 minutes. Homepage does not appear to be hijacked to google any longer and windows updates are now enabled.

    So far, the only clear remaining problem that I can see is that I am unable to enable my virus scan in macafee (when I click on enable, nothing happens) and I am unable to verify my privacy service subscription (when I click on verify, nothing happens.

    Deckard's System Scanner v20071014.68
    Run by George on 2007-11-22 10:25:29
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as George.exe) ----------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:25:32 AM, on 11/22/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\spoolw.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\palmOne\Hotsync.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\WINDOWS\System32\svchost.exe
    c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
    C:\Documents and Settings\George\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\George.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com/
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE "
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [dumprep] C:\WINDOWS\system32\spoolw.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://63.108.96.230/tsweb/msrdp.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O24 - Desktop Component 0: (no name) - http://www.shop50states.com/images/capcty1.gif

    --
    End of file - 8478 bytes

    -- Files created between 2007-10-22 and 2007-11-22 -----------------------------

    2007-11-22 09:11:06 0 d-------- C:\WINDOWS\ERUNT
    2007-11-22 08:44:22 0 d-------- C:\Documents and Settings\Lori\Application Data\Grisoft
    2007-11-19 17:44:47 0 d-------- C:\Documents and Settings\Tim\Application Data\U3
    2007-11-18 19:44:36 0 d-------- C:\Documents and Settings\Tim\Application Data\Grisoft
    2007-11-17 12:04:28 0 d-------- C:\Documents and Settings\Heather\Application Data\Grisoft
    2007-11-16 23:58:22 0 d-------- C:\WINDOWS\system32\ActiveScan
    2007-11-16 22:39:46 4700 --a------ C:\WINDOWS\system32\tmp.reg
    2007-11-16 22:33:39 0 d-------- C:\Documents and Settings\George\Application Data\Grisoft
    2007-11-16 22:33:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-16 22:11:05 63488 --a------ C:\WINDOWS\system32\spoolw.exe
    2007-11-16 22:11:05 289280 --a------ C:\WINDOWS\system32\libcurl.dll <Not Verified; The cURL library, http://curl.haxx.se/; The cURL library>
    2007-11-15 21:45:52 0 d-------- C:\Program Files\Trend Micro
    2007-11-15 20:00:07 20992 --a------ C:\WINDOWS\daverx.exe
    2007-11-10 22:34:45 10725 --a------ C:\WINDOWS\system32\msftedswc.dll
    2007-11-10 22:34:44 56195 --a------ C:\WINDOWS\system32\msdtexch.dll
    2007-11-10 22:10:15 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
    2007-11-10 21:37:24 156336 --a------ C:\WINDOWS\dracee.exe
    2007-11-07 16:54:02 11776 --a------ C:\Documents and Settings\Tim\wn852.exe
    2007-10-28 12:14:11 0 d-------- C:\Program Files\iTunes
    2007-10-28 12:12:42 0 d-------- C:\Program Files\QuickTime
    2007-10-28 12:11:31 0 d------c- C:\WINDOWS\system32\DRVSTORE
    2007-10-28 12:11:19 0 d-------- C:\Program Files\Common Files\Apple
    2007-10-28 12:11:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple


    -- Find3M Report ---------------------------------------------------------------

    2007-11-22 09:53:53 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
    2007-11-22 09:53:53 384 --a------ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
    2007-11-17 00:54:54 0 d-------- C:\Program Files\palmOne
    2007-11-17 00:44:04 0 d-------- C:\Program Files\Messenger
    2007-11-17 00:41:49 0 d-------- C:\Program Files\Google
    2007-11-17 00:41:43 0 d-------- C:\Program Files\DellSupport
    2007-11-17 00:40:37 0 d-------- C:\Program Files\Common Files\DataViz
    2007-10-28 12:14:16 0 d-------- C:\Program Files\iPod
    2007-10-28 12:11:44 0 d-------- C:\Program Files\Apple Software Update
    2007-10-28 12:11:19 0 d-------- C:\Program Files\Common Files
    2007-10-19 20:36:20 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-10-19 20:36:20 0 d-------- C:\Program Files\Atari
    2007-10-18 20:00:46 16 --a------ C:\WINDOWS\popcinfo.dat
    2007-09-24 19:49:34 49152 --a------ C:\WINDOWS\system32\LxrSge10s.exe
    2007-09-24 19:49:34 282624 --a------ C:\WINDOWS\LxrSGe11e.dll <Not Verified; Lexar Media Inc.; >
    2007-09-24 19:49:34 1605632 --a------ C:\WINDOWS\LxrJDLApp.exe <Not Verified; Lexar Media, Inc.; JumpDrive Lightning Application>


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched "= "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 06:48 PM]
    "IAAnotif "= "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [06/29/2004 12:23 PM]
    "ATIPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/25/2004 01:52 PM]
    "IntelMeM "= "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 09:12 PM]
    "CTSysVol "= "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [09/17/2003 11:43 AM]
    "CTDVDDET "= "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [06/18/2003 02:00 AM]
    "CTHelper "= "CTHELPER.EXE" [03/11/2004 10:50 AM C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
    "UpdReg "= "C:\WINDOWS\UpdReg.EXE" [05/11/2000 02:00 AM]
    "DVDLauncher "= "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [10/12/2004 05:54 PM]
    "UpdateManager "= "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/07/2004 02:01 AM]
    "MMTray "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [09/14/2004 09:50 AM]
    "mmtask "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [09/14/2004 09:50 AM]
    "VSOCheckTask "= "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [07/08/2005 05:18 PM]
    "MCAgentExe "= "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [09/22/2005 05:29 PM]
    "MCUpdateExe "= "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [01/11/2006 11:05 AM]
    "RealTray "= "C:\Program Files\Real\RealPlayer\RealPlay.exe" [01/03/2005 03:46 PM]
    "VirusScan Online "= "C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [08/10/2005 11:49 AM]
    "dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [11/16/2004 12:05 AM]
    "OASClnt "= "C:\Program Files\McAfee.com\VSO\oasclnt.exe" [08/11/2005 09:02 PM]
    "MPFExe "= "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [11/11/2005 04:00 PM]
    "MPSExe "= "c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" [03/30/2006 01:31 PM]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [06/29/2007 05:24 AM]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [09/26/2007 01:42 PM]
    "dumprep "= "C:\WINDOWS\system32\spoolw.exe" [11/16/2007 10:11 PM]
    "!AVG Anti-Spyware "= "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
    "DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 10:09 AM]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [03/29/2007 07:15 PM]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "RunNarrator "=Narrator.exe

    C:\Documents and Settings\George\Start Menu\Programs\Startup\
    DESKTOP.INI [8/11/2004 6:15:06 PM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
    DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [12/29/2005 2:19:49 PM]
    DESKTOP.INI [8/11/2004 6:15:06 PM]
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [3/19/2007 8:05:03 PM]
    HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [6/9/2004 2:16:08 PM]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools "=0 (0x0)




    -- End of Deckard's System Scanner: finished at 2007-11-22 10:26:03 ------------


    SDFix: Version 1.115

    Run by George on Thu 11/22/2007 at 09:11 AM

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:

    Name:
    noskrnl.sys
    ntio256

    Path:
    \??\C:\WINDOWS\system32\noskrnl.sys
    \??\C:\WINDOWS\system32\ntio256.sys

    noskrnl.sys - Deleted
    ntio256 - Deleted



    Restoring Windows Registry Values
    Restoring Windows Default Hosts File
    Restoring Missing Security Center Service
    Restoring Missing SharedAccess Service

    Rebooting...

    Service asc3550p - Deleted after Reboot

    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\WINDOWS\SYSTEM32\CMMGR32.EXE - Deleted
    C:\BBZIP.EXE - Deleted
    C:\68.TMP - Deleted
    C:\Documents and Settings\Tim\Local Settings\Temp\1.dllb - Deleted
    C:\Documents and Settings\Tim\Local Settings\Temp\2.dllb - Deleted
    C:\Documents and Settings\Tim\Local Settings\Temp\5.dllb - Deleted
    C:\Documents and Settings\Tim\Local Settings\Temp\6.dllb - Deleted
    C:\Documents and Settings\Tim\Local Settings\Temp\7.dllb - Deleted
    C:\Documents and Settings\Lori\Local Settings\Temp\v4xd6.gam5e - Deleted
    C:\Documents and Settings\Tim\Local Settings\Temp\v4xd6.gam5e - Deleted
    C:\Documents and Settings\Tim\Local Settings\Temp\v5xd4.ga2me - Deleted
    C:\WINDOWS\system32\sysfldr.dll - Deleted



    Folder C:\Documents and Settings\All Users\Documents\Settings - Removed

    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.



    Final Check:

    catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-22 09:17:36
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
    "TracesProcessed "=dword:00000083

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services:
    ------------------



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\\WINDOWS\\system32\\vedxga3me2.exe "= "C:\\WINDOWS\\system32\\vedxga3me2.exe:*:Enabled:microsoft "
    "C:\\DOCUME~1\\Lori\\LOCALS~1\\Temp\\2F.tmp.taras "= "C:\\DOCUME~1\\Lori\\LOCALS~1\\Temp\\2F.tmp.taras:*:Enabled:mstaskmgr.exe "
    "%windir%\\system32\\winav.exe "= "%windir%\\system32\\winav.exe:*:Enabled:mad:xpsp2res.dll,-22019 "
    "C:\\DOCUME~1\\George\\LOCALS~1\\Temp\\14.tmp.taras "= "C:\\DOCUME~1\\George\\LOCALS~1\\Temp\\14.tmp.taras:*:Enabled:mstaskmgr.exe "
    "%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "

    Remaining Files:
    ---------------

    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    Tue 24 Aug 2004 155,648 A..H. --- "C:\DELL\PRIMOSDK.DLL "
    Tue 24 Aug 2004 360,448 A..H. --- "C:\DELL\PX.DLL "
    Wed 28 Jul 2004 56,832 A..H. --- "C:\DELL\PXCPYA64.EXE "
    Wed 28 Jul 2004 108,544 A..H. --- "C:\DELL\PXCPYI64.EXE "
    Wed 18 Aug 2004 389,120 A..H. --- "C:\DELL\PXDRV.DLL "
    Mon 2 Aug 2004 20,576 A..H. --- "C:\DELL\PXHELP20.SYS "
    Mon 2 Aug 2004 54,976 A..H. --- "C:\DELL\PXHELP64.SYS "
    Mon 2 Aug 2004 32,272 A..H. --- "C:\DELL\PXHELPER.SYS "
    Mon 2 Aug 2004 26,720 A..H. --- "C:\DELL\PXHLPA64.SYS "
    Mon 2 Aug 2004 57,344 A..H. --- "C:\DELL\PXHPINST.EXE "
    Mon 2 Aug 2004 53,760 A..H. --- "C:\DELL\PXINSA64.EXE "
    Mon 2 Aug 2004 104,960 A..H. --- "C:\DELL\PXINSI64.EXE "
    Tue 24 Aug 2004 159,744 A..H. --- "C:\DELL\PXMAS.DLL "
    Wed 28 Jul 2004 57,344 A..H. --- "C:\DELL\PXSETUP.EXE "
    Tue 24 Aug 2004 339,968 A..H. --- "C:\DELL\PXWAVE.DLL "
    Thu 20 May 2004 28,672 A..H. --- "C:\DELL\VXBLOCK.DLL "
    Tue 24 Aug 2004 155,648 A..H. --- "C:\DELL\MEDIAEXE\PRIMOSDK.DLL "
    Tue 24 Aug 2004 360,448 A..H. --- "C:\DELL\MEDIAEXE\PX.DLL "
    Wed 28 Jul 2004 56,832 A..H. --- "C:\DELL\MEDIAEXE\PXCPYA64.EXE "
    Wed 28 Jul 2004 108,544 A..H. --- "C:\DELL\MEDIAEXE\PXCPYI64.EXE "
    Wed 18 Aug 2004 389,120 A..H. --- "C:\DELL\MEDIAEXE\PXDRV.DLL "
    Mon 2 Aug 2004 20,576 A..H. --- "C:\DELL\MEDIAEXE\PXHELP20.SYS "
    Mon 2 Aug 2004 54,976 A..H. --- "C:\DELL\MEDIAEXE\PXHELP64.SYS "
    Mon 2 Aug 2004 32,272 A..H. --- "C:\DELL\MEDIAEXE\PXHELPER.SYS "
    Mon 2 Aug 2004 26,720 A..H. --- "C:\DELL\MEDIAEXE\PXHLPA64.SYS "
    Mon 2 Aug 2004 57,344 A..H. --- "C:\DELL\MEDIAEXE\PXHPINST.EXE "
    Mon 2 Aug 2004 53,760 A..H. --- "C:\DELL\MEDIAEXE\PXINSA64.EXE "
    Mon 2 Aug 2004 104,960 A..H. --- "C:\DELL\MEDIAEXE\PXINSI64.EXE "
    Tue 24 Aug 2004 159,744 A..H. --- "C:\DELL\MEDIAEXE\PXMAS.DLL "
    Wed 28 Jul 2004 57,344 A..H. --- "C:\DELL\MEDIAEXE\PXSETUP.EXE "
    Tue 24 Aug 2004 339,968 A..H. --- "C:\DELL\MEDIAEXE\PXWAVE.DLL "
    Thu 20 May 2004 28,672 A..H. --- "C:\DELL\MEDIAEXE\VXBLOCK.DLL "
    Thu 1 Sep 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak "
    Thu 5 Oct 2006 26,112 ...H. --- "C:\Documents and Settings\Tim\Desktop\~WRL0077.tmp "
    Mon 4 Apr 2005 47,616 ...H. --- "C:\Documents and Settings\Tim\My Documents\~WRL0003.tmp "
    Sat 17 Mar 2007 31,232 ...H. --- "C:\Documents and Settings\Tim\My Documents\~WRL2644.tmp "
    Thu 4 Oct 2007 1,675,264 ...H. --- "C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\game.exe "
    Thu 18 Oct 2007 1,675,264 ...H. --- "C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\game2.exe "
    Sat 24 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp "
    Thu 4 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8361ae28fcfac79271825a6b2935fdb6\BIT6A.tmp "
    Fri 13 Apr 2007 8 A..H. --- "C:\Documents and Settings\George\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp "
    Fri 13 Apr 2007 8 A..H. --- "C:\Documents and Settings\George\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp "
    Fri 13 Apr 2007 8 A..H. --- "C:\Documents and Settings\George\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp "
    Fri 13 Apr 2007 8 A..H. --- "C:\Documents and Settings\George\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Heather\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Heather\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Heather\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Heather\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Lori\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Lori\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Lori\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp "
    Wed 11 Apr 2007 8 A..H. --- "C:\Documents and Settings\Lori\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp "
    Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Tim\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp "
    Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Tim\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp "
    Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Tim\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp "
    Sat 14 Apr 2007 8 A..H. --- "C:\Documents and Settings\Tim\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp "

    Finished!

    SmitFraudFix v2.253

    Scan done at 9:25:38.67, Thu 11/22/2007
    Run from C:\Documents and Settings\George\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    192.168.200.3 ad.doubleclick.net
    192.168.200.3 ad.fastclick.net
    192.168.200.3 ads.fastclick.net
    192.168.200.3 ar.atwola.com
    192.168.200.3 atdmt.com
    192.168.200.3 avp.ch
    192.168.200.3 avp.com
    192.168.200.3 avp.ru
    192.168.200.3 awaps.net
    192.168.200.3 banner.fastclick.net
    192.168.200.3 banners.fastclick.net
    192.168.200.3 ca.com
    192.168.200.3 click.atdmt.com
    192.168.200.3 clicks.atdmt.com
    192.168.200.3 customer.symantec.com
    192.168.200.3 dispatch.mcafee.com
    192.168.200.3 download.mcafee.com
    192.168.200.3 downloads-us1.kaspersky-labs.com
    192.168.200.3 downloads-us2.kaspersky-labs.com
    192.168.200.3 downloads-us3.kaspersky-labs.com
    192.168.200.3 downloads1.kaspersky-labs.com
    192.168.200.3 downloads2.kaspersky-labs.com
    192.168.200.3 downloads3.kaspersky-labs.com
    192.168.200.3 downloads4.kaspersky-labs.com
    192.168.200.3 engine.awaps.net
    192.168.200.3 f-secure.com
    192.168.200.3 fastclick.net
    192.168.200.3 ftp.avp.ch
    192.168.200.3 ftp.downloads1.kaspersky-labs.com
    192.168.200.3 ftp.downloads2.kaspersky-labs.com
    192.168.200.3 ftp.downloads3.kaspersky-labs.com
    192.168.200.3 ftp.f-secure.com
    192.168.200.3 ftp.kasperskylab.ru
    192.168.200.3 ftp.sophos.com
    192.168.200.3 ids.kaspersky-labs.com
    192.168.200.3 kaspersky-labs.com
    192.168.200.3 kaspersky.com
    192.168.200.3 liveupdate.symantec.com
    192.168.200.3 liveupdate.symantecliveupdate.com
    192.168.200.3 mast.mcafee.com
    192.168.200.3 mcafee.com
    192.168.200.3 media.fastclick.net
    192.168.200.3 my-etrust.com
    192.168.200.3 nai.com
    192.168.200.3 networkassociates.com
    192.168.200.3 norton.com
    192.168.200.3 phx.corporate-ir.net
    192.168.200.3 rads.mcafee.com
    192.168.200.3 secure.nai.com
    192.168.200.3 securityresponse.symantec.com
    192.168.200.3 service1.symantec.com
    192.168.200.3 sophos.com
    192.168.200.3 spd.atdmt.com
    192.168.200.3 symantec.com
    192.168.200.3 trendmicro.com
    192.168.200.3 update.symantec.com
    192.168.200.3 updates.symantec.com
    192.168.200.3 updates1.kaspersky-labs.com
    192.168.200.3 updates2.kaspersky-labs.com
    192.168.200.3 updates3.kaspersky-labs.com
    192.168.200.3 updates4.kaspersky-labs.com
    192.168.200.3 updates5.kaspersky-labs.com
    192.168.200.3 us.mcafee.com
    192.168.200.3 vil.nai.com
    192.168.200.3 viruslist.com
    192.168.200.3 viruslist.ru
    192.168.200.3 virusscan.jotti.org
    192.168.200.3 virustotal.com
    192.168.200.3 www.avp.ch
    192.168.200.3 www.avp.com
    192.168.200.3 www.avp.ru
    192.168.200.3 www.awaps.net
    192.168.200.3 www.ca.com
    192.168.200.3 www.f-secure.com
    192.168.200.3 www.fastclick.net
    192.168.200.3 www.grisoft.com
    192.168.200.3 www.kaspersky-labs.com
    192.168.200.3 www.kaspersky.com
    192.168.200.3 www.kaspersky.ru
    192.168.200.3 www.mcafee.com
    192.168.200.3 www.my-etrust.com
    192.168.200.3 www.nai.com
    192.168.200.3 www.networkassociates.com
    192.168.200.3 www.sophos.com
    192.168.200.3 www.symantec.com
    192.168.200.3 www.symantec.com
    192.168.200.3 www.trendmicro.com
    192.168.200.3 www.viruslist.com
    192.168.200.3 www.viruslist.ru
    192.168.200.3 www.virustotal.com
    192.168.200.3 www3.ca.com

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\WINDOWS\system32\proper.exe Deleted
    C:\WINDOWS\system32\winter.exe Deleted
    C:\DOCUME~1\George\STARTM~1\Programs\Startup\infos.exe Deleted
    C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\autos.exe Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{459F0711-CFB2-4DC9-BFB7-B0CAAFE888FE}: DhcpNameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{46D1C78D-48B4-49A4-95D1-AC4090CC0266}: DhcpNameServer=68.87.73.242 68.87.71.226
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{EA219350-B25F-4304-B0A7-CA6C15D25C3F}: DhcpNameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{459F0711-CFB2-4DC9-BFB7-B0CAAFE888FE}: DhcpNameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{46D1C78D-48B4-49A4-95D1-AC4090CC0266}: DhcpNameServer=68.87.73.242 68.87.71.226
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{EA219350-B25F-4304-B0A7-CA6C15D25C3F}: DhcpNameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{459F0711-CFB2-4DC9-BFB7-B0CAAFE888FE}: DhcpNameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{46D1C78D-48B4-49A4-95D1-AC4090CC0266}: DhcpNameServer=68.87.73.242 68.87.71.226
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{EA219350-B25F-4304-B0A7-CA6C15D25C3F}: DhcpNameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.73.242 68.87.71.226
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.73.242 68.87.71.226
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.73.242 68.87.71.226


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "system "=" "


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
    treend,
    #3
  5. 2007/11/22
    treend

    treend Inactive Thread Starter

    Joined:
    2007/03/19
    Messages:
    35
    Likes Received:
    0
    Hello again, here is the combofix log. Thanks again.

    ComboFix 07-11-19.3 - George 2007-11-22 9:35:11.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.582 [GMT -5:00]
    Running from: C:\Documents and Settings\George\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\infos.exe
    C:\Documents and Settings\Heather\Start Menu\Programs\Startup\infos.exe
    C:\Documents and Settings\Lori\Application Data\install.dat
    C:\Documents and Settings\Lori\Desktop\bravesentry.lnk
    C:\Documents and Settings\Lori\Start Menu\Programs\Brave-Sentry
    C:\Documents and Settings\Lori\Start Menu\Programs\Brave-Sentry\BraveSentry.lnk
    C:\Documents and Settings\Lori\Start Menu\Programs\Brave-Sentry\Uninstall.lnk
    C:\Documents and Settings\Lori\Start Menu\Programs\Startup\infos.exe
    C:\Documents and Settings\Tim\Application Data\install.dat
    C:\Documents and Settings\Tim\Start Menu\Programs\Startup\infos.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_ASC3550P
    -------\LEGACY_DRIVER
    -------\LEGACY_NTIO256
    -------\LEGACY_RUNTIME
    -------\LEGACY_RUNTIME2
    -------\LEGACY_XLAVBA8
    -------\xlavba8


    ((((((((((((((((((((((((( Files Created from 2007-10-22 to 2007-11-22 )))))))))))))))))))))))))))))))
    .

    2007-11-22 09:11 <DIR> d-------- C:\WINDOWS\ERUNT
    2007-11-22 08:44 <DIR> d-------- C:\Documents and Settings\Lori\Application Data\Grisoft
    2007-11-19 17:44 <DIR> d-------- C:\Documents and Settings\Tim\Application Data\U3
    2007-11-18 19:44 <DIR> d-------- C:\Documents and Settings\Tim\Application Data\Grisoft
    2007-11-17 12:04 <DIR> d-------- C:\Documents and Settings\Heather\Application Data\Grisoft
    2007-11-16 22:33 <DIR> d-------- C:\Documents and Settings\George\Application Data\Grisoft
    2007-11-16 22:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-16 22:33 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
    2007-11-16 22:11 289,280 --a------ C:\WINDOWS\SYSTEM32\libcurl.dll
    2007-11-15 21:45 <DIR> d-------- C:\Program Files\Trend Micro
    2007-11-15 21:42 <DIR> d-------- C:\Deckard
    2007-11-15 20:00 20,992 --a------ C:\WINDOWS\daverx.exe
    2007-11-10 22:34 56,195 --a------ C:\WINDOWS\SYSTEM32\msdtexch.dll
    2007-11-10 22:34 10,725 --a------ C:\WINDOWS\SYSTEM32\msftedswc.dll
    2007-11-10 22:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
    2007-11-10 21:37 156,336 --a------ C:\WINDOWS\dracee.exe
    2007-11-07 17:38 29 --a------ C:\WINDOWS\SYSTEM32\etfpogir.tmp
    2007-11-07 16:54 11,776 --a------ C:\Documents and Settings\Tim\wn852.exe
    2007-10-28 12:14 <DIR> d-------- C:\Program Files\iTunes
    2007-10-28 12:12 <DIR> d-------- C:\Program Files\QuickTime
    2007-10-28 12:11 <DIR> d----c--- C:\WINDOWS\SYSTEM32\DRVSTORE
    2007-10-28 12:11 <DIR> d-------- C:\Program Files\Common Files\Apple
    2007-10-28 12:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-22 14:25 4,700 ----a-w C:\WINDOWS\SYSTEM32\tmp.reg
    2007-11-21 19:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2007-11-17 22:27 380,416 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\rstrui.exe
    2007-11-17 05:54 --------- d-----w C:\Program Files\palmOne
    2007-11-17 05:41 --------- d-----w C:\Program Files\Google
    2007-11-17 05:41 --------- d-----w C:\Program Files\DellSupport
    2007-11-17 05:40 --------- d-----w C:\Program Files\Common Files\DataViz
    2007-11-17 03:11 63,488 ----a-w C:\WINDOWS\SYSTEM32\spoolw.exe
    2007-10-28 17:14 --------- d-----w C:\Program Files\iPod
    2007-10-28 17:11 --------- d-----w C:\Program Files\Apple Software Update
    2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
    2007-10-20 01:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-10-20 01:36 --------- d-----w C:\Program Files\Atari
    2007-09-25 00:49 69,856 ----a-w C:\WINDOWS\system32\drivers\LxrSge10d.sys
    2007-09-25 00:49 49,152 ----a-w C:\WINDOWS\SYSTEM32\LxrSge10s.exe
    2007-09-25 00:49 282,624 ----a-w C:\WINDOWS\LxrSGe11e.dll
    2007-09-25 00:49 1,605,632 ----a-w C:\WINDOWS\LxrJDLApp.exe
    2007-08-22 12:55 96,256 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\inseng.dll
    2007-08-22 12:55 665,600 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
    2007-08-22 12:55 617,984 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
    2007-08-22 12:55 55,808 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
    2007-08-22 12:55 532,480 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
    2007-08-22 12:55 474,112 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shlwapi.dll
    2007-08-22 12:55 449,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
    2007-08-22 12:55 39,424 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
    2007-08-22 12:55 357,888 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
    2007-08-22 12:55 3,064,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
    2007-08-22 12:55 251,904 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iepeers.dll
    2007-08-22 12:55 205,824 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
    2007-08-22 12:55 16,384 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
    2007-08-22 12:55 151,040 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdfview.dll
    2007-08-22 12:55 146,432 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
    2007-08-22 12:55 1,498,112 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shdocvw.dll
    2007-08-22 12:55 1,054,208 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\danim.dll
    2007-08-22 12:55 1,022,976 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\browseui.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
    "DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-29 19:15]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched "= "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48]
    "IAAnotif "= "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 12:23]
    "ATIPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 13:52]
    "IntelMeM "= "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12]
    "CTSysVol "= "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 11:43]
    "CTDVDDET "= "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 02:00]
    "CTHelper "= "CTHELPER.EXE" [2004-03-11 10:50 C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
    "UpdReg "= "C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00]
    "DVDLauncher "= "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 17:54]
    "UpdateManager "= "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01]
    "MMTray "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 09:50]
    "mmtask "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 09:50]
    "VSOCheckTask "= "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 17:18]
    "MCAgentExe "= "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 17:29]
    "MCUpdateExe "= "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 11:05]
    "RealTray "= "C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-01-03 15:46]
    "VirusScan Online "= "C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 11:49]
    "dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-11-16 00:05]
    "OASClnt "= "C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 21:02]
    "MPFExe "= "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 16:00]
    "MPSExe "= "c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" [2006-03-30 13:31]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
    "dumprep "= "C:\WINDOWS\system32\spoolw.exe" [2007-11-16 22:11]
    "!AVG Anti-Spyware "= "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator "= "Narrator.exe" [2004-08-04 06:00 C:\WINDOWS\SYSTEM32\NARRATOR.EXE]

    C:\Documents and Settings\Heather\Start Menu\Programs\Startup\
    PowerReg Scheduler V3.exe [2006-04-29 17:04:52]

    C:\Documents and Settings\Tim\Start Menu\Programs\Startup\
    PowerReg Scheduler V3.exe [2007-05-26 20:27:16]
    PowerReg Scheduler.exe [2005-02-08 20:46:43]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
    DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [2005-12-29 14:19:49]
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-03-19 20:05:03]
    HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [2004-06-09 14:16:08]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools "= 0 (0x0)

    S3 SQLAgent$MICROSOFTBCM;SQLAgent$MICROSOFTBCM;C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -i MICROSOFTBCM

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-10-28 17:11:46 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-11-22 14:40:08 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DESKTOPUPSTAIRS-George).job "
    - c:\program files\mcafee.com\vso\mcmnhdlr.exe
    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-22 09:40:36
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-22 9:41:54 - machine was rebooted
    .
    --- E O F ---
     
    treend,
    #4
  6. 2007/11/22
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi

    Highlight and copy the contents of the quote box below and paste it into a blank notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
    [​IMG]
    Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

    Please post the combofix log and a new dss log.

    Thanks
    Geri
     
    Geri,
    #5
  7. 2007/11/22
    treend

    treend Inactive Thread Starter

    Joined:
    2007/03/19
    Messages:
    35
    Likes Received:
    0
    Thanks again. Done.

    Deckard's System Scanner v20071014.68
    Run by George on 2007-11-22 13:00:13
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as George.exe) ----------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:00:15 PM, on 11/22/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\palmOne\Hotsync.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
    C:\Documents and Settings\George\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\George.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com/
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE "
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [dumprep] C:\WINDOWS\system32\spoolw.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://63.108.96.230/tsweb/msrdp.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O24 - Desktop Component 0: (no name) - http://www.shop50states.com/images/capcty1.gif

    --
    End of file - 8643 bytes

    -- Files created between 2007-10-22 and 2007-11-22 -----------------------------

    2007-11-22 09:11:06 0 d-------- C:\WINDOWS\ERUNT
    2007-11-22 08:44:22 0 d-------- C:\Documents and Settings\Lori\Application Data\Grisoft
    2007-11-19 17:44:47 0 d-------- C:\Documents and Settings\Tim\Application Data\U3
    2007-11-18 19:44:36 0 d-------- C:\Documents and Settings\Tim\Application Data\Grisoft
    2007-11-17 12:04:28 0 d-------- C:\Documents and Settings\Heather\Application Data\Grisoft
    2007-11-16 23:58:22 0 d-------- C:\WINDOWS\system32\ActiveScan
    2007-11-16 22:39:46 4700 --a------ C:\WINDOWS\system32\tmp.reg
    2007-11-16 22:33:39 0 d-------- C:\Documents and Settings\George\Application Data\Grisoft
    2007-11-16 22:33:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-16 22:11:05 289280 --a------ C:\WINDOWS\system32\libcurl.dll <Not Verified; The cURL library, http://curl.haxx.se/; The cURL library>
    2007-11-15 21:45:52 0 d-------- C:\Program Files\Trend Micro
    2007-11-10 22:10:15 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
    2007-11-07 16:54:02 11776 --a------ C:\Documents and Settings\Tim\wn852.exe
    2007-10-28 12:14:11 0 d-------- C:\Program Files\iTunes
    2007-10-28 12:12:42 0 d-------- C:\Program Files\QuickTime
    2007-10-28 12:11:31 0 d------c- C:\WINDOWS\system32\DRVSTORE
    2007-10-28 12:11:19 0 d-------- C:\Program Files\Common Files\Apple
    2007-10-28 12:11:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple


    -- Find3M Report ---------------------------------------------------------------

    2007-11-22 12:56:58 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
    2007-11-22 12:56:58 384 --a------ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
    2007-11-17 00:54:54 0 d-------- C:\Program Files\palmOne
    2007-11-17 00:44:04 0 d-------- C:\Program Files\Messenger
    2007-11-17 00:41:49 0 d-------- C:\Program Files\Google
    2007-11-17 00:41:43 0 d-------- C:\Program Files\DellSupport
    2007-11-17 00:40:37 0 d-------- C:\Program Files\Common Files\DataViz
    2007-10-28 12:14:16 0 d-------- C:\Program Files\iPod
    2007-10-28 12:11:44 0 d-------- C:\Program Files\Apple Software Update
    2007-10-28 12:11:19 0 d-------- C:\Program Files\Common Files
    2007-10-19 20:36:20 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-10-19 20:36:20 0 d-------- C:\Program Files\Atari
    2007-09-24 19:49:34 49152 --a------ C:\WINDOWS\system32\LxrSge10s.exe
    2007-09-24 19:49:34 282624 --a------ C:\WINDOWS\LxrSGe11e.dll <Not Verified; Lexar Media Inc.; >
    2007-09-24 19:49:34 1605632 --a------ C:\WINDOWS\LxrJDLApp.exe <Not Verified; Lexar Media, Inc.; JumpDrive Lightning Application>


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched "= "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 06:48 PM]
    "IAAnotif "= "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [06/29/2004 12:23 PM]
    "ATIPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/25/2004 01:52 PM]
    "IntelMeM "= "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 09:12 PM]
    "CTSysVol "= "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [09/17/2003 11:43 AM]
    "CTDVDDET "= "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [06/18/2003 02:00 AM]
    "CTHelper "= "CTHELPER.EXE" [03/11/2004 10:50 AM C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
    "UpdReg "= "C:\WINDOWS\UpdReg.EXE" [05/11/2000 02:00 AM]
    "DVDLauncher "= "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [10/12/2004 05:54 PM]
    "UpdateManager "= "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/07/2004 02:01 AM]
    "MMTray "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [09/14/2004 09:50 AM]
    "mmtask "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [09/14/2004 09:50 AM]
    "VSOCheckTask "= "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [07/08/2005 05:18 PM]
    "MCAgentExe "= "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [09/22/2005 05:29 PM]
    "MCUpdateExe "= "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [01/11/2006 11:05 AM]
    "RealTray "= "C:\Program Files\Real\RealPlayer\RealPlay.exe" [01/03/2005 03:46 PM]
    "VirusScan Online "= "C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [08/10/2005 11:49 AM]
    "dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [11/16/2004 12:05 AM]
    "OASClnt "= "C:\Program Files\McAfee.com\VSO\oasclnt.exe" [08/11/2005 09:02 PM]
    "MPFExe "= "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [11/11/2005 04:00 PM]
    "MPSExe "= "c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" [03/30/2006 01:31 PM]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [06/29/2007 05:24 AM]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [09/26/2007 01:42 PM]
    "dumprep "= "C:\WINDOWS\system32\spoolw.exe" []
    "!AVG Anti-Spyware "= "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
    "DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 10:09 AM]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [03/29/2007 07:15 PM]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "RunNarrator "=Narrator.exe

    C:\Documents and Settings\George\Start Menu\Programs\Startup\
    DESKTOP.INI [8/11/2004 6:15:06 PM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
    DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [12/29/2005 2:19:49 PM]
    DESKTOP.INI [8/11/2004 6:15:06 PM]
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [3/19/2007 8:05:03 PM]
    HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [6/9/2004 2:16:08 PM]




    -- End of Deckard's System Scanner: finished at 2007-11-22 13:00:39 ------------

    ComboFix 07-11-19.3 - George 2007-11-22 12:54:10.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.583 [GMT -5:00]
    Running from: C:\Documents and Settings\George\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\George\Desktop\CFScript.txt
    * Created a new restore point

    FILE
    C:\WINDOWS\daverx.exe
    C:\WINDOWS\dracee.exe
    C:\WINDOWS\popcinfo.dat
    C:\WINDOWS\system32\msdtexch.dll
    C:\WINDOWS\system32\msftedswc.dll
    C:\WINDOWS\system32\spoolw.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\daverx.exe
    C:\WINDOWS\dracee.exe
    C:\WINDOWS\popcinfo.dat
    C:\WINDOWS\system32\msdtexch.dll
    C:\WINDOWS\system32\msftedswc.dll
    C:\WINDOWS\system32\spoolw.exe

    .
    ((((((((((((((((((((((((( Files Created from 2007-10-22 to 2007-11-22 )))))))))))))))))))))))))))))))
    .

    2007-11-22 09:11 <DIR> d-------- C:\WINDOWS\ERUNT
    2007-11-22 08:44 <DIR> d-------- C:\Documents and Settings\Lori\Application Data\Grisoft
    2007-11-19 17:44 <DIR> d-------- C:\Documents and Settings\Tim\Application Data\U3
    2007-11-18 19:44 <DIR> d-------- C:\Documents and Settings\Tim\Application Data\Grisoft
    2007-11-17 12:04 <DIR> d-------- C:\Documents and Settings\Heather\Application Data\Grisoft
    2007-11-16 23:58 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
    2007-11-16 22:33 <DIR> d-------- C:\Documents and Settings\George\Application Data\Grisoft
    2007-11-16 22:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-16 22:33 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
    2007-11-16 22:11 289,280 --a------ C:\WINDOWS\SYSTEM32\libcurl.dll
    2007-11-15 21:45 <DIR> d-------- C:\Program Files\Trend Micro
    2007-11-15 21:42 <DIR> d-------- C:\Deckard
    2007-11-10 22:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
    2007-11-07 17:38 29 --a------ C:\WINDOWS\SYSTEM32\etfpogir.tmp
    2007-11-07 16:54 11,776 --a------ C:\Documents and Settings\Tim\wn852.exe
    2007-10-28 12:14 <DIR> d-------- C:\Program Files\iTunes
    2007-10-28 12:12 <DIR> d-------- C:\Program Files\QuickTime
    2007-10-28 12:11 <DIR> d-------- C:\Program Files\Common Files\Apple
    2007-10-28 12:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-21 19:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2007-11-17 05:54 --------- d-----w C:\Program Files\palmOne
    2007-11-17 05:41 --------- d-----w C:\Program Files\Google
    2007-11-17 05:41 --------- d-----w C:\Program Files\DellSupport
    2007-11-17 05:40 --------- d-----w C:\Program Files\Common Files\DataViz
    2007-10-28 17:14 --------- d-----w C:\Program Files\iPod
    2007-10-28 17:11 --------- d-----w C:\Program Files\Apple Software Update
    2007-10-20 01:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-10-20 01:36 --------- d-----w C:\Program Files\Atari
    2007-09-25 00:49 69,856 ----a-w C:\WINDOWS\system32\drivers\LxrSge10d.sys
    2007-09-25 00:49 282,624 ----a-w C:\WINDOWS\LxrSGe11e.dll
    2007-09-25 00:49 1,605,632 ----a-w C:\WINDOWS\LxrJDLApp.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2007-11-22_ 9.41.18.63 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-11-22 17:57:52 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_244.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
    "DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-29 19:15]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched "= "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48]
    "IAAnotif "= "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 12:23]
    "ATIPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 13:52]
    "IntelMeM "= "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12]
    "CTSysVol "= "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 11:43]
    "CTDVDDET "= "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 02:00]
    "CTHelper "= "CTHELPER.EXE" [2004-03-11 10:50 C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
    "UpdReg "= "C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00]
    "DVDLauncher "= "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 17:54]
    "UpdateManager "= "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01]
    "MMTray "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 09:50]
    "mmtask "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 09:50]
    "VSOCheckTask "= "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 17:18]
    "MCAgentExe "= "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 17:29]
    "MCUpdateExe "= "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 11:05]
    "RealTray "= "C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-01-03 15:46]
    "VirusScan Online "= "C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 11:49]
    "dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-11-16 00:05]
    "OASClnt "= "C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 21:02]
    "MPFExe "= "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 16:00]
    "MPSExe "= "c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" [2006-03-30 13:31]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
    "dumprep "= "C:\WINDOWS\system32\spoolw.exe" []
    "!AVG Anti-Spyware "= "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator "= "Narrator.exe" [2004-08-04 06:00 C:\WINDOWS\SYSTEM32\NARRATOR.EXE]

    C:\Documents and Settings\Heather\Start Menu\Programs\Startup\
    PowerReg Scheduler V3.exe [2006-04-29 17:04:52]

    C:\Documents and Settings\Tim\Start Menu\Programs\Startup\
    PowerReg Scheduler V3.exe [2007-05-26 20:27:16]
    PowerReg Scheduler.exe [2005-02-08 20:46:43]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
    DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [2005-12-29 14:19:49]
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-03-19 20:05:03]
    HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [2004-06-09 14:16:08]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools "= 0 (0x0)

    S3 SQLAgent$MICROSOFTBCM;SQLAgent$MICROSOFTBCM;C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -i MICROSOFTBCM

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-10-28 17:11:46 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-11-22 17:57:44 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DESKTOPUPSTAIRS-George).job "
    - c:\program files\mcafee.com\vso\mcmnhdlr.exe
    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-22 12:57:47
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-22 12:59:31 - machine was rebooted
    C:\ComboFix2.txt ... 2007-11-22 09:41
    .
    --- E O F ---
     
    treend,
    #6
  8. 2007/11/22
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi treend
    Darn, I missed this one:rolleyes:

    Using Windows Explorer (to get there right-click your Start button and go to "Explore "), please delete these files (if present):

    C:\Documents and Settings\Tim\wn852.exe

    After that, Reboot.

    Please post a new HJT log

    Thanks
    Geri
     
    Geri,
    #7
  9. 2007/11/22
    treend

    treend Inactive Thread Starter

    Joined:
    2007/03/19
    Messages:
    35
    Likes Received:
    0
    Hi Geri,

    Don't get down on yourself, you are doing great!!! Done. Still the only thing I notice is an inability to enable Macaffee virus scan or verify privacy service. Thanks again.

    Deckard's System Scanner v20071014.68
    Run by George on 2007-11-22 14:21:37
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as George.exe) ----------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:21:40 PM, on 11/22/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\palmOne\Hotsync.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\WINDOWS\System32\svchost.exe
    c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\George\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\George.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com/
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE "
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [dumprep] C:\WINDOWS\system32\spoolw.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://63.108.96.230/tsweb/msrdp.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O24 - Desktop Component 0: (no name) - http://www.shop50states.com/images/capcty1.gif

    --
    End of file - 8643 bytes

    -- Files created between 2007-10-22 and 2007-11-22 -----------------------------

    2007-11-22 09:11:06 0 d-------- C:\WINDOWS\ERUNT
    2007-11-22 08:44:22 0 d-------- C:\Documents and Settings\Lori\Application Data\Grisoft
    2007-11-19 17:44:47 0 d-------- C:\Documents and Settings\Tim\Application Data\U3
    2007-11-18 19:44:36 0 d-------- C:\Documents and Settings\Tim\Application Data\Grisoft
    2007-11-17 12:04:28 0 d-------- C:\Documents and Settings\Heather\Application Data\Grisoft
    2007-11-16 23:58:22 0 d-------- C:\WINDOWS\system32\ActiveScan
    2007-11-16 22:39:46 4700 --a------ C:\WINDOWS\system32\tmp.reg
    2007-11-16 22:33:39 0 d-------- C:\Documents and Settings\George\Application Data\Grisoft
    2007-11-16 22:33:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-16 22:11:05 289280 --a------ C:\WINDOWS\system32\libcurl.dll <Not Verified; The cURL library, http://curl.haxx.se/; The cURL library>
    2007-11-15 21:45:52 0 d-------- C:\Program Files\Trend Micro
    2007-11-10 22:10:15 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
    2007-10-28 12:14:11 0 d-------- C:\Program Files\iTunes
    2007-10-28 12:12:42 0 d-------- C:\Program Files\QuickTime
    2007-10-28 12:11:31 0 d------c- C:\WINDOWS\system32\DRVSTORE
    2007-10-28 12:11:19 0 d-------- C:\Program Files\Common Files\Apple
    2007-10-28 12:11:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple


    -- Find3M Report ---------------------------------------------------------------

    2007-11-22 14:19:40 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
    2007-11-22 14:19:40 384 --a------ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
    2007-11-17 00:54:54 0 d-------- C:\Program Files\palmOne
    2007-11-17 00:44:04 0 d-------- C:\Program Files\Messenger
    2007-11-17 00:41:49 0 d-------- C:\Program Files\Google
    2007-11-17 00:41:43 0 d-------- C:\Program Files\DellSupport
    2007-11-17 00:40:37 0 d-------- C:\Program Files\Common Files\DataViz
    2007-10-28 12:14:16 0 d-------- C:\Program Files\iPod
    2007-10-28 12:11:44 0 d-------- C:\Program Files\Apple Software Update
    2007-10-28 12:11:19 0 d-------- C:\Program Files\Common Files
    2007-10-19 20:36:20 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-10-19 20:36:20 0 d-------- C:\Program Files\Atari
    2007-09-24 19:49:34 49152 --a------ C:\WINDOWS\system32\LxrSge10s.exe
    2007-09-24 19:49:34 282624 --a------ C:\WINDOWS\LxrSGe11e.dll <Not Verified; Lexar Media Inc.; >
    2007-09-24 19:49:34 1605632 --a------ C:\WINDOWS\LxrJDLApp.exe <Not Verified; Lexar Media, Inc.; JumpDrive Lightning Application>


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched "= "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 06:48 PM]
    "IAAnotif "= "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [06/29/2004 12:23 PM]
    "ATIPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/25/2004 01:52 PM]
    "IntelMeM "= "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 09:12 PM]
    "CTSysVol "= "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [09/17/2003 11:43 AM]
    "CTDVDDET "= "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [06/18/2003 02:00 AM]
    "CTHelper "= "CTHELPER.EXE" [03/11/2004 10:50 AM C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
    "UpdReg "= "C:\WINDOWS\UpdReg.EXE" [05/11/2000 02:00 AM]
    "DVDLauncher "= "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [10/12/2004 05:54 PM]
    "UpdateManager "= "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/07/2004 02:01 AM]
    "MMTray "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [09/14/2004 09:50 AM]
    "mmtask "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [09/14/2004 09:50 AM]
    "VSOCheckTask "= "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [07/08/2005 05:18 PM]
    "MCAgentExe "= "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [09/22/2005 05:29 PM]
    "MCUpdateExe "= "C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [01/11/2006 11:05 AM]
    "RealTray "= "C:\Program Files\Real\RealPlayer\RealPlay.exe" [01/03/2005 03:46 PM]
    "VirusScan Online "= "C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [08/10/2005 11:49 AM]
    "dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [11/16/2004 12:05 AM]
    "OASClnt "= "C:\Program Files\McAfee.com\VSO\oasclnt.exe" [08/11/2005 09:02 PM]
    "MPFExe "= "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [11/11/2005 04:00 PM]
    "MPSExe "= "c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" [03/30/2006 01:31 PM]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [06/29/2007 05:24 AM]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [09/26/2007 01:42 PM]
    "dumprep "= "C:\WINDOWS\system32\spoolw.exe" []
    "!AVG Anti-Spyware "= "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
    "DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 10:09 AM]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [03/29/2007 07:15 PM]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "RunNarrator "=Narrator.exe

    C:\Documents and Settings\George\Start Menu\Programs\Startup\
    DESKTOP.INI [8/11/2004 6:15:06 PM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
    DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [12/29/2005 2:19:49 PM]
    DESKTOP.INI [8/11/2004 6:15:06 PM]
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [3/19/2007 8:05:03 PM]
    HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [6/9/2004 2:16:08 PM]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools "=0 (0x0)




    -- End of Deckard's System Scanner: finished at 2007-11-22 14:22:04 ------------
     
    treend,
    #8
  10. 2007/11/22
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.

    O4 - HKLM\..\Run: [dumprep] C:\WINDOWS\system32\spoolw.exe

    Now close all windows other than HiJackThis, then click Fix Checked.

    Close HJT.

    I'm checking on the McAfee problem, It "may" need a reinstall. I'll let you know.

    In the mean time lets get a on-line scan.

    Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
     
    Geri,
    #9
  11. 2007/11/22
    treend

    treend Inactive Thread Starter

    Joined:
    2007/03/19
    Messages:
    35
    Likes Received:
    0
    Hi Geri

    Done.

    Unfortunately, I noticed that I have similar problems with no control panel on the other 3 accounts on the computer. Do I need to go through the same process with each account?? I did a Hijack This log on these accounts and it is slightly different than mine at the end (with some of the entries {HKEY No control panel} and a few others similar to my initial log) There are no other problems (as i initially had - hijacked homepage, security alerts) on these accounts that I can detect. Thanks.

    Treend

    Incident Status Location

    Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\Heather\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
    Virus:Trj/Spammer.AEV Disinfected C:\Deckard\System Scanner\20071115222330\backup\WINDOWS\temp\startdrv.exe
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\George\Cookies\george@247realmedia[1].txt
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\George\Cookies\george@ad.yieldmanager[1].txt
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\George\Cookies\george@go[1].txt
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\George\Cookies\george@questionmarket[1].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\George\Cookies\george@tribalfusion[1].txt
    Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\George\Desktop\ComboFix.exe[nircmd.exe]
    Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\George\Desktop\ComboFix.exe[nircmd.cfexe]
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\George\Desktop\SDFix.exe[SDFix\apps\Process.exe]
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\George\Desktop\SmitfraudFix\Process.exe
    Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\George\Desktop\SmitfraudFix\Reboot.exe
    Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\George\Desktop\SmitfraudFix\restart.exe
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Heather\Cookies\heather@atwola[1].txt
    Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Heather\Cookies\heather@azjmp[2].txt
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Heather\Cookies\heather@go[2].txt
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Lori\Cookies\lori@atwola[1].txt
    Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Lori\Cookies\lori@did-it[1].txt
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Lori\Cookies\lori@go[2].txt
    Adware:Adware/PrivateVideo Not disinfected C:\Documents and Settings\Tim\NetHood\My Web Sites on MSN\My Web Sites on MSN\PrivateVideo\Uninstall.exe
    Adware:Adware/PrivateVideo Not disinfected C:\Documents and Settings\Tim\NetHood\My Web Sites on MSN\PrivateVideo\Uninstall.exe
    Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\Tim\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
    Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\Tim\Start Menu\Programs\Startup\PowerReg Scheduler.exe
    Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\fixwareout\FindT\nircmd.exe
    Adware:Adware/WinAntiVirus2007 Not disinfected C:\qoobox\Quarantine\C\Documents and Settings\Administrator\Start Menu\Programs\Startup\infos.exe.vir
    Adware:Adware/WinAntiVirus2007 Not disinfected C:\qoobox\Quarantine\C\Documents and Settings\Heather\Start Menu\Programs\Startup\infos.exe.vir
    Adware:Adware/WinAntiVirus2007 Not disinfected C:\qoobox\Quarantine\C\Documents and Settings\Lori\Start Menu\Programs\Startup\infos.exe.vir
    Adware:Adware/WinAntiVirus2007 Not disinfected C:\qoobox\Quarantine\C\Documents and Settings\Tim\Start Menu\Programs\Startup\infos.exe.vir
    Virus:Trj/Spammer.AEV Disinfected C:\qoobox\Quarantine\C\WINDOWS\daverx.exe.vir
    Virus:Bck/Agent.HDS Disinfected C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\spoolw.exe.vir
    Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe
    Adware:Adware/Adsmart Not disinfected C:\SDFix\backups\backups.zip[backups/1.dllb]
    Adware:Adware/BraveSentry Not disinfected C:\SDFix\backups\backups.zip[backups/2.dllb]
    Adware:Adware/Adsmart Not disinfected C:\SDFix\backups\backups.zip[backups/5.dllb]
    Adware:Adware/Adsmart Not disinfected C:\SDFix\backups\backups.zip[backups/6.dllb]
    Adware:Adware/Adsmart Not disinfected C:\SDFix\backups\backups.zip[backups/7.dllb]
    Adware:Adware/Adsmart Not disinfected C:\SDFix\backups\backups.zip[backups/v4xd6.gam5e]
    Adware:Adware/Adsmart Not disinfected C:\SDFix\backups\backups.zip[backups/v5xd4.ga2me]
    Adware:Adware/WinAntiVirus2007 Not disinfected C:\SDFix\backups\HOSTS
    Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\SDFix\apps\Process.exe
    Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe
     
    Last edited: 2007/11/22
    treend,
    #10
  12. 2007/11/23
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi treend
    We will have to see a HJT log and a dss log from each account, Not all infections are global, nor are all fixes global.
    Lets get this one clean first then we will go through each account one at a time.

    Did you install the cURL library ?
    If you did not look for it in add/remove list if there remove it. Using windows explorer delete this file.
    C:\WINDOWS\system32\libcurl.dll


    Open “NotePad” Copy the contents of the code box below to the blank NotePad.
    Click "File" > "Save as "
    In the "Save In" box at the top click the down arrow and select DeskTop

    In the “File name” type in: fix.reg
    In the “Save As Type” select: All Files
    Once saved, Go to your desktop double click “fix.reg file” and let it merge with the registry.

    Code:
    REGEDIT4 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list] 
 "C:\WINDOWS\system32\vedxga3me2.exe "=- 
 "C:\DOCUME~1\Lori\LOCALS~1\Temp\2F.tmp.taras" =- 
 "%windir%\system32\winav.exe "=- 
 "C:\DOCUME~1\George\LOCALS~1\Temp\14.tmp.taras "=-

    McAfee may have to be reinstalled from what I have been told, some of these infections disable the AV and the only way to get them working again is a reinstall.

    I would like to see a log from one other tool.

    Download FindAWF from the link below, saving to the desktop.

    http://noahdfear.geekstogo.com/FindAWF.exe

    Double click it to run. Choose option 1 press enter.

    Let the program run, a notepad will open after it has finished.

    Please copy and paste the results back here.

    Thanks
    Geri
     
    Geri,
    #11
  13. 2007/11/23
    treend

    treend Inactive Thread Starter

    Joined:
    2007/03/19
    Messages:
    35
    Likes Received:
    0
    Thanks. Done. I will reinstall Macaffee.


    Find AWF report by noahdfear ©2006
    Version 1.40

    The current date is: Fri 11/23/2007
    The current time is: 12:16:37.26


    bak folders found
    ~~~~~~~~~~~



    Duplicate files of bak directory contents
    ~~~~~~~~~~~~~~~~~~~~~~~



    end of report
     
    treend,
    #12
  14. 2007/11/23
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi Treed
    OK The AWF log is just what we wanted to see. you can delete that tool.

    Let me know if the McAfee reinstall works, make sure you update it and run a scan. let me know if it finds anything.

    Also Please post one more dss log, if it looks good then we will move on to the next account.

    Thanks
    Geri
     
    Geri,
    #13
  15. 2007/11/24
    treend

    treend Inactive Thread Starter

    Joined:
    2007/03/19
    Messages:
    35
    Likes Received:
    0
    Hi Geri,

    Reinstalled Macaffee. Works fine. No Problems. Only recognizes SDfix as PUP otherwise clean. Log as follows.

    Thanks,

    treend

    Deckard's System Scanner v20071014.68
    Run by George on 2007-11-24 21:37:32
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as George.exe) ----------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:37:44 PM, on 11/24/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    C:\Program Files\palmOne\Hotsync.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\PROGRA~1\McAfee\MPS\mps.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Documents and Settings\George\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\George.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com/
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE "
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://63.108.96.230/tsweb/msrdp.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O24 - Desktop Component 0: (no name) - http://www.shop50states.com/images/capcty1.gif

    --
    End of file - 8885 bytes

    -- Files created between 2007-10-24 and 2007-11-24 -----------------------------

    2007-11-23 12:53:10 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
    2007-11-23 12:51:26 0 d-------- C:\Program Files\Common Files\McAfee
    2007-11-23 11:22:41 0 d-------- C:\Program Files\iTunes
    2007-11-23 11:21:40 0 d-------- C:\Program Files\QuickTime
    2007-11-22 09:11:06 0 d-------- C:\WINDOWS\ERUNT
    2007-11-22 08:44:22 0 d-------- C:\Documents and Settings\Lori\Application Data\Grisoft
    2007-11-19 17:44:47 0 d-------- C:\Documents and Settings\Tim\Application Data\U3
    2007-11-18 19:44:36 0 d-------- C:\Documents and Settings\Tim\Application Data\Grisoft
    2007-11-17 12:04:28 0 d-------- C:\Documents and Settings\Heather\Application Data\Grisoft
    2007-11-16 23:58:22 0 d-------- C:\WINDOWS\system32\ActiveScan
    2007-11-16 22:39:46 4700 --a------ C:\WINDOWS\system32\tmp.reg
    2007-11-16 22:33:39 0 d-------- C:\Documents and Settings\George\Application Data\Grisoft
    2007-11-16 22:33:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-15 21:45:52 0 d-------- C:\Program Files\Trend Micro
    2007-11-10 22:10:15 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
    2007-10-28 12:11:31 0 d------c- C:\WINDOWS\system32\DRVSTORE
    2007-10-28 12:11:19 0 d-------- C:\Program Files\Common Files\Apple
    2007-10-28 12:11:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple


    -- Find3M Report ---------------------------------------------------------------

    2007-11-23 14:05:12 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
    2007-11-23 14:05:12 384 --a------ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
    2007-11-23 12:55:36 0 d-------- C:\Program Files\McAfee
    2007-11-23 12:55:36 0 d-------- C:\Program Files\McAfee.com
    2007-11-23 12:51:26 0 d-------- C:\Program Files\Common Files
    2007-11-23 11:22:46 0 d-------- C:\Program Files\iPod
    2007-11-22 15:59:12 0 d-------- C:\Program Files\palmOne
    2007-11-22 15:48:28 0 d-------- C:\Program Files\Messenger
    2007-11-22 15:45:59 0 d-------- C:\Program Files\Google
    2007-11-22 15:45:53 0 d-------- C:\Program Files\DellSupport
    2007-11-22 15:44:48 0 d-------- C:\Program Files\Common Files\DataViz
    2007-11-22 15:07:36 1250 --a------ C:\WINDOWS\checkip.dat
    2007-10-28 12:11:44 0 d-------- C:\Program Files\Apple Software Update
    2007-10-19 20:36:20 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-10-19 20:36:20 0 d-------- C:\Program Files\Atari
    2007-09-24 19:49:34 49152 --a------ C:\WINDOWS\system32\LxrSge10s.exe
    2007-09-24 19:49:34 282624 --a------ C:\WINDOWS\LxrSGe11e.dll <Not Verified; Lexar Media Inc.; >
    2007-09-24 19:49:34 1605632 --a------ C:\WINDOWS\LxrJDLApp.exe <Not Verified; Lexar Media, Inc.; JumpDrive Lightning Application>


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched "= "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 06:48 PM]
    "IAAnotif "= "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [06/29/2004 12:23 PM]
    "ATIPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/25/2004 01:52 PM]
    "IntelMeM "= "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 09:12 PM]
    "CTSysVol "= "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [09/17/2003 11:43 AM]
    "CTDVDDET "= "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [06/18/2003 02:00 AM]
    "CTHelper "= "CTHELPER.EXE" [03/11/2004 10:50 AM C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
    "UpdReg "= "C:\WINDOWS\UpdReg.EXE" [05/11/2000 02:00 AM]
    "DVDLauncher "= "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [10/12/2004 05:54 PM]
    "UpdateManager "= "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/07/2004 02:01 AM]
    "MMTray "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [09/14/2004 09:50 AM]
    "mmtask "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [09/14/2004 09:50 AM]
    "RealTray "= "C:\Program Files\Real\RealPlayer\RealPlay.exe" [01/03/2005 03:46 PM]
    "dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [11/16/2004 12:05 AM]
    "!AVG Anti-Spyware "= "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]
    "QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [11/14/2007 11:43 PM]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 01:11 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
    "DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 10:09 AM]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [03/29/2007 07:15 PM]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "RunNarrator "=Narrator.exe

    C:\Documents and Settings\George\Start Menu\Programs\Startup\
    DESKTOP.INI [8/11/2004 6:15:06 PM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
    DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [12/29/2005 2:19:49 PM]
    DESKTOP.INI [8/11/2004 6:15:06 PM]
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [3/19/2007 8:05:03 PM]
    HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [6/9/2004 2:16:08 PM]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools "=0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "




    -- End of Deckard's System Scanner: finished at 2007-11-24 21:38:17 ------------
     
    treend,
    #14
  16. 2007/11/24
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi Treend
    OK that log looks good.

    Log into one of the other accounts and post a HJT log and a dss log here.

    These others should be easier to clean up, I hope :rolleyes:

    Geri
     
    Geri,
    #15
  17. 2007/11/25
    treend

    treend Inactive Thread Starter

    Joined:
    2007/03/19
    Messages:
    35
    Likes Received:
    0
    Geri,

    Thanks a million. The first account appears to be in great working order. Here is the log for the next account.

    Treend

    Deckard's System Scanner v20071014.68
    Run by Tim on 2007-11-25 08:48:44
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as Tim.exe) -------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:48:52 AM, on 11/25/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\PROGRA~1\McAfee\MPS\mps.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\palmOne\Hotsync.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    C:\Documents and Settings\Tim\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Tim.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE "
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
    O4 - HKCU\..\Run: [Service Pack 1] C:\WINDOWS\system32\vedxg6ame4.exe
    O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
    O4 - HKUS\S-1-5-21-299419450-3118701898-1013829791-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'George')
    O4 - HKUS\S-1-5-21-299419450-3118701898-1013829791-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'George')
    O4 - HKUS\S-1-5-21-299419450-3118701898-1013829791-1007\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'George')
    O4 - HKUS\S-1-5-21-299419450-3118701898-1013829791-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'George')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://63.108.96.230/tsweb/msrdp.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe

    --
    End of file - 9780 bytes

    -- Files created between 2007-10-25 and 2007-11-25 -----------------------------

    2007-11-23 12:53:10 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
    2007-11-23 12:51:26 0 d-------- C:\Program Files\Common Files\McAfee
    2007-11-23 11:22:41 0 d-------- C:\Program Files\iTunes
    2007-11-23 11:21:40 0 d-------- C:\Program Files\QuickTime
    2007-11-22 09:11:06 0 d-------- C:\WINDOWS\ERUNT
    2007-11-22 08:44:22 0 d-------- C:\Documents and Settings\Lori\Application Data\Grisoft
    2007-11-19 17:44:47 0 d-------- C:\Documents and Settings\Tim\Application Data\U3
    2007-11-18 19:44:36 0 d-------- C:\Documents and Settings\Tim\Application Data\Grisoft
    2007-11-17 12:04:28 0 d-------- C:\Documents and Settings\Heather\Application Data\Grisoft
    2007-11-16 23:58:22 0 d-------- C:\WINDOWS\system32\ActiveScan
    2007-11-16 22:39:46 4700 --a------ C:\WINDOWS\system32\tmp.reg
    2007-11-16 22:33:39 0 d-------- C:\Documents and Settings\George\Application Data\Grisoft
    2007-11-16 22:33:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-15 21:45:52 0 d-------- C:\Program Files\Trend Micro
    2007-11-10 22:10:15 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
    2007-10-28 12:11:31 0 d------c- C:\WINDOWS\system32\DRVSTORE
    2007-10-28 12:11:19 0 d-------- C:\Program Files\Common Files\Apple
    2007-10-28 12:11:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple


    -- Find3M Report ---------------------------------------------------------------

    2007-11-24 22:36:08 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
    2007-11-24 22:36:08 384 --a------ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
    2007-11-23 12:55:36 0 d-------- C:\Program Files\McAfee
    2007-11-23 12:55:36 0 d-------- C:\Program Files\McAfee.com
    2007-11-23 12:51:26 0 d-------- C:\Program Files\Common Files
    2007-11-23 11:22:46 0 d-------- C:\Program Files\iPod
    2007-11-22 15:59:12 0 d-------- C:\Program Files\palmOne
    2007-11-22 15:48:28 0 d-------- C:\Program Files\Messenger
    2007-11-22 15:45:59 0 d-------- C:\Program Files\Google
    2007-11-22 15:45:53 0 d-------- C:\Program Files\DellSupport
    2007-11-22 15:44:48 0 d-------- C:\Program Files\Common Files\DataViz
    2007-11-22 15:07:36 1250 --a------ C:\WINDOWS\checkip.dat
    2007-10-28 12:11:44 0 d-------- C:\Program Files\Apple Software Update
    2007-10-19 20:36:20 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-10-19 20:36:20 0 d-------- C:\Program Files\Atari
    2007-09-24 19:49:34 49152 --a------ C:\WINDOWS\system32\LxrSge10s.exe
    2007-09-24 19:49:34 282624 --a------ C:\WINDOWS\LxrSGe11e.dll <Not Verified; Lexar Media Inc.; >
    2007-09-24 19:49:34 1605632 --a------ C:\WINDOWS\LxrJDLApp.exe <Not Verified; Lexar Media, Inc.; JumpDrive Lightning Application>


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched "= "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 06:48 PM]
    "IAAnotif "= "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [06/29/2004 12:23 PM]
    "ATIPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/25/2004 01:52 PM]
    "IntelMeM "= "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 09:12 PM]
    "CTSysVol "= "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [09/17/2003 11:43 AM]
    "CTDVDDET "= "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [06/18/2003 02:00 AM]
    "CTHelper "= "CTHELPER.EXE" [03/11/2004 10:50 AM C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
    "UpdReg "= "C:\WINDOWS\UpdReg.EXE" [05/11/2000 02:00 AM]
    "DVDLauncher "= "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [10/12/2004 05:54 PM]
    "UpdateManager "= "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/07/2004 02:01 AM]
    "MMTray "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [09/14/2004 09:50 AM]
    "mmtask "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [09/14/2004 09:50 AM]
    "RealTray "= "C:\Program Files\Real\RealPlayer\RealPlay.exe" [01/03/2005 03:46 PM]
    "dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [11/16/2004 12:05 AM]
    "!AVG Anti-Spyware "= "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]
    "QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [11/14/2007 11:43 PM]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 01:11 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
    "MSKAGENTEXE "= "C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" []
    "DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 10:09 AM]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [03/29/2007 07:15 PM]
    "Windows update loader "= "C:\Windows\xpupdate.exe" []
    "Service Pack 1 "= "C:\WINDOWS\system32\vedxg6ame4.exe" []
    "Undefined "= "C:\WINDOWS\system32\winter.exe" []

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "RunNarrator "=Narrator.exe

    C:\Documents and Settings\Tim\Start Menu\Programs\Startup\
    DESKTOP.INI [8/11/2004 6:15:06 PM]
    PowerReg Scheduler V3.exe [5/26/2007 8:27:16 PM]
    PowerReg Scheduler.exe [2/8/2005 8:46:43 PM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
    DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [12/29/2005 2:19:49 PM]
    DESKTOP.INI [8/11/2004 6:15:06 PM]
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [3/19/2007 8:05:03 PM]
    HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [6/9/2004 2:16:08 PM]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableTaskMgr "=1 (0x1)
    "Wallpaper "=C:\WINDOWS\desktop.html
    "DisableRegistryTools "=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoActiveDesktop "=0 (0x0)
    "ForceActiveDesktopOn "=1 (0x1)
    "NoControlPanel "=1 (0x1)
    "NoWindowsUpdate "=1 (0x1)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08b0dae3-9a7c-11da-b246-001111b6930f}]
    AutoRun\command- F:\JDLightning\Windows\JDLightning.exe




    -- End of Deckard's System Scanner: finished at 2007-11-25 08:49:20 ------------
     
    treend,
    #16
  18. 2007/11/25
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi treend
    Sorry for the delay, been kind of busy.

    Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.

    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
    O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
    O4 - HKCU\..\Run: [Service Pack 1] C:\WINDOWS\system32\vedxg6ame4.exe
    O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

    Now close all windows other than HiJackThis, then click Fix Checked.

    Close HJT.


    Using Windows Explorer (to get there right-click your Start button and go to "Explore "), please delete these files (if present):

    C:\WINDOWS\desktop.html


    Open “NotePad” Copy the contents of the quote box below to the blank NotePad.
    Click "File" > "Save as "
    In the "Save In" box at the top click the down arrow and select DeskTop

    In the “File name” type in: fix.reg
    In the “Save As Type” select: All Files
    Once saved, Go to your desktop double click “fix.reg file” and let it merge with the registry.

    Please post a new dss log from this account.

    Thanks
    Geri
     
    Geri,
    #17
  19. 2007/11/26
    treend

    treend Inactive Thread Starter

    Joined:
    2007/03/19
    Messages:
    35
    Likes Received:
    0
    Hi Geri,

    Done. I could not find C:/windows/desktop.html (including with a search). The control panel has returned, however, unable to adjust or change the background (appears locked up-nothing happens when that window is opened).

    Thanks again,

    treend

    Deckard's System Scanner v20071014.68
    Run by Tim on 2007-11-26 18:29:03
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as Tim.exe) -------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:29:06 PM, on 11/26/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\PROGRA~1\McAfee\MPS\mps.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\palmOne\Hotsync.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\Tim\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Tim.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE "
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://63.108.96.230/tsweb/msrdp.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

    --
    End of file - 9149 bytes

    -- Files created between 2007-10-26 and 2007-11-26 -----------------------------

    2007-11-25 09:08:15 0 d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
    2007-11-25 09:07:38 0 d-------- C:\Program Files\Dell Support Center
    2007-11-25 09:07:35 0 d-------- C:\Program Files\Common Files\supportsoft
    2007-11-23 12:53:10 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
    2007-11-23 12:51:26 0 d-------- C:\Program Files\Common Files\McAfee
    2007-11-23 11:22:41 0 d-------- C:\Program Files\iTunes
    2007-11-23 11:21:40 0 d-------- C:\Program Files\QuickTime
    2007-11-22 09:11:06 0 d-------- C:\WINDOWS\ERUNT
    2007-11-22 08:44:22 0 d-------- C:\Documents and Settings\Lori\Application Data\Grisoft
    2007-11-19 17:44:47 0 d-------- C:\Documents and Settings\Tim\Application Data\U3
    2007-11-18 19:44:36 0 d-------- C:\Documents and Settings\Tim\Application Data\Grisoft
    2007-11-17 12:04:28 0 d-------- C:\Documents and Settings\Heather\Application Data\Grisoft
    2007-11-16 23:58:22 0 d-------- C:\WINDOWS\system32\ActiveScan
    2007-11-16 22:39:46 4700 --a------ C:\WINDOWS\system32\tmp.reg
    2007-11-16 22:33:39 0 d-------- C:\Documents and Settings\George\Application Data\Grisoft
    2007-11-16 22:33:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-15 21:45:52 0 d-------- C:\Program Files\Trend Micro
    2007-11-10 22:10:15 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
    2007-10-28 12:11:31 0 d------c- C:\WINDOWS\system32\DRVSTORE
    2007-10-28 12:11:19 0 d-------- C:\Program Files\Common Files\Apple
    2007-10-28 12:11:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple


    -- Find3M Report ---------------------------------------------------------------

    2007-11-26 16:56:26 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
    2007-11-26 16:56:26 384 --a------ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
    2007-11-25 09:07:35 0 d-------- C:\Program Files\Common Files
    2007-11-23 12:55:36 0 d-------- C:\Program Files\McAfee
    2007-11-23 12:55:36 0 d-------- C:\Program Files\McAfee.com
    2007-11-23 11:22:46 0 d-------- C:\Program Files\iPod
    2007-11-22 15:59:12 0 d-------- C:\Program Files\palmOne
    2007-11-22 15:48:28 0 d-------- C:\Program Files\Messenger
    2007-11-22 15:45:59 0 d-------- C:\Program Files\Google
    2007-11-22 15:45:53 0 d-------- C:\Program Files\DellSupport
    2007-11-22 15:44:48 0 d-------- C:\Program Files\Common Files\DataViz
    2007-11-22 15:07:36 1250 --a------ C:\WINDOWS\checkip.dat
    2007-10-28 12:11:44 0 d-------- C:\Program Files\Apple Software Update
    2007-10-19 20:36:20 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-10-19 20:36:20 0 d-------- C:\Program Files\Atari
    2007-09-24 19:49:34 49152 --a------ C:\WINDOWS\system32\LxrSge10s.exe
    2007-09-24 19:49:34 282624 --a------ C:\WINDOWS\LxrSGe11e.dll <Not Verified; Lexar Media Inc.; >
    2007-09-24 19:49:34 1605632 --a------ C:\WINDOWS\LxrJDLApp.exe <Not Verified; Lexar Media, Inc.; JumpDrive Lightning Application>


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched "= "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 06:48 PM]
    "IAAnotif "= "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [06/29/2004 12:23 PM]
    "ATIPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/25/2004 01:52 PM]
    "IntelMeM "= "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 09:12 PM]
    "CTSysVol "= "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [09/17/2003 11:43 AM]
    "CTDVDDET "= "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [06/18/2003 02:00 AM]
    "CTHelper "= "CTHELPER.EXE" [03/11/2004 10:50 AM C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
    "UpdReg "= "C:\WINDOWS\UpdReg.EXE" [05/11/2000 02:00 AM]
    "DVDLauncher "= "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [10/12/2004 05:54 PM]
    "UpdateManager "= "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/07/2004 02:01 AM]
    "MMTray "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [09/14/2004 09:50 AM]
    "mmtask "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [09/14/2004 09:50 AM]
    "RealTray "= "C:\Program Files\Real\RealPlayer\RealPlay.exe" [01/03/2005 03:46 PM]
    "dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [11/16/2004 12:05 AM]
    "!AVG Anti-Spyware "= "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]
    "QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [11/14/2007 11:43 PM]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 01:11 PM]
    "dscactivate "= "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 09:24 AM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
    "MSKAGENTEXE "= "C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" []
    "DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 10:09 AM]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [03/29/2007 07:15 PM]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "RunNarrator "=Narrator.exe

    C:\Documents and Settings\Tim\Start Menu\Programs\Startup\
    DESKTOP.INI [8/11/2004 6:15:06 PM]
    PowerReg Scheduler V3.exe [5/26/2007 8:27:16 PM]
    PowerReg Scheduler.exe [2/8/2005 8:46:43 PM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
    DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [12/29/2005 2:19:49 PM]
    DESKTOP.INI [8/11/2004 6:15:06 PM]
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [3/19/2007 8:05:03 PM]
    HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [6/9/2004 2:16:08 PM]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "Wallpaper "=C:\WINDOWS\desktop.html

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08b0dae3-9a7c-11da-b246-001111b6930f}]
    AutoRun\command- F:\JDLightning\Windows\JDLightning.exe




    -- End of Deckard's System Scanner: finished at 2007-11-26 18:29:34 ------------
     
    treend,
    #18
  20. 2007/11/26
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi treend
    What window are you speaking of?

    Try this.
    Right click your desktop, choose properties, under the desktop tab click the "Customize desktop" button under the Web tab remove all the pages entries from there except the "My Current Home Page" and OK your way out.

    Let me know if that helps.

    Geri
     
    Geri,
    #19
  21. 2007/11/26
    treend

    treend Inactive Thread Starter

    Joined:
    2007/03/19
    Messages:
    35
    Likes Received:
    0
    Geri,

    Unfortunately, that does not help (there are no other entries). Under display properties, desktop tab ,there is a scroll bar for various backgrounds (wind, zapotec etc.) which is frozen. The sample screen is white (as opposed to the current color of the desktop). If you choose to try to change the color, it applies this to the background of the icon names as opposed to the desktop background. Browse and stretch buttons are not highlighted for use. Another strange thing in this regard, when you switch users, the old background from this account briefly flashes on the screen???

    Treend
     
    Last edited: 2007/11/26
    treend,
    #20
Page 1 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...