1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved No control panel, hijacked homepage, recurrent security alert

Discussion in 'Malware and Virus Removal Archive' started by treend, 2007/11/21.

Page 2 of 3
  1. 2007/11/26
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi Treend

    My Control panel backround is white,:rolleyes: I'll look around at this also.
    Geri
     
    Geri,
    #21
  2. 2007/11/26
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    Open contol panel, on the left hand side click on "Switch to Category View ".

    Is that what you had before?

    Geri
     
    Geri,
    #22


  3. to hide this advert.

  4. 2007/11/26
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    OK please do this.
    Open “NotePad” Copy the contents of the quote box below to the blank NotePad.
    Click "File" > "Save as "
    In the "Save In" box at the top click the down arrow and select DeskTop

    In the “File name” type in: fix.reg
    In the “Save As Type” select: All Files
    Once saved, Go to your desktop double click “fix.reg file” and let it merge with the registry.
    Fix that and then run each of the following
    Go here
    http://www.kellys-korner-xp.com/xp_tweaks.htm

    Find these (You have to right click the links and 'Save Target As' save to desktop).
    Go to the desktop and Double click the vbs file. You will be prompted when the script is done.

    #16 (left column) - Active Desktop enable/disable (want to enable)

    #285 (right column) - Restore All Display Tabs

    Logoff and back on.

    Let me know if things are working again.

    Geri
     
    Geri,
    #23
  5. 2007/11/27
    treend

    treend Inactive Thread Starter

    Joined:
    2007/03/19
    Messages:
    35
    Likes Received:
    0
    Geri,

    Control panel was in category view. Blue background returned with going to theme tab and choosing windows XP (somehow it had switched to a 'modified theme').

    On a bigger note, your suggestions were great. All is well again. Everything in this account appears to be working perfectly.

    Thanks again, below is the 'final" log from this account (didn't know whether you needed to see this). Hopefully, this is 2 accounts down with two to go. Please let me know if this is OK and whether we can proceed with the next account. I suspect that the problems may be identical.

    Deckard's System Scanner v20071014.68
    Run by Tim on 2007-11-27 18:34:33
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as Tim.exe) -------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:34:42 PM, on 11/27/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\palmOne\Hotsync.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\PROGRA~1\McAfee\MPS\mps.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Documents and Settings\Tim\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Tim.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/a/?cookieattempt=1
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE "
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://63.108.96.230/tsweb/msrdp.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

    --
    End of file - 9307 bytes

    -- Files created between 2007-10-27 and 2007-11-27 -----------------------------

    2007-11-25 09:08:15 0 d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
    2007-11-25 09:07:38 0 d-------- C:\Program Files\Dell Support Center
    2007-11-25 09:07:35 0 d-------- C:\Program Files\Common Files\supportsoft
    2007-11-23 12:53:10 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
    2007-11-23 12:51:26 0 d-------- C:\Program Files\Common Files\McAfee
    2007-11-23 11:22:41 0 d-------- C:\Program Files\iTunes
    2007-11-23 11:21:40 0 d-------- C:\Program Files\QuickTime
    2007-11-22 09:11:06 0 d-------- C:\WINDOWS\ERUNT
    2007-11-22 08:44:22 0 d-------- C:\Documents and Settings\Lori\Application Data\Grisoft
    2007-11-19 17:44:47 0 d-------- C:\Documents and Settings\Tim\Application Data\U3
    2007-11-18 19:44:36 0 d-------- C:\Documents and Settings\Tim\Application Data\Grisoft
    2007-11-17 12:04:28 0 d-------- C:\Documents and Settings\Heather\Application Data\Grisoft
    2007-11-16 23:58:22 0 d-------- C:\WINDOWS\system32\ActiveScan
    2007-11-16 22:39:46 4700 --a------ C:\WINDOWS\system32\tmp.reg
    2007-11-16 22:33:39 0 d-------- C:\Documents and Settings\George\Application Data\Grisoft
    2007-11-16 22:33:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-15 21:45:52 0 d-------- C:\Program Files\Trend Micro
    2007-11-10 22:10:15 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
    2007-10-28 12:11:31 0 d------c- C:\WINDOWS\system32\DRVSTORE
    2007-10-28 12:11:19 0 d-------- C:\Program Files\Common Files\Apple
    2007-10-28 12:11:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple


    -- Find3M Report ---------------------------------------------------------------

    2007-11-27 18:24:53 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
    2007-11-27 18:24:53 384 --a------ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
    2007-11-25 09:07:35 0 d-------- C:\Program Files\Common Files
    2007-11-23 12:55:36 0 d-------- C:\Program Files\McAfee
    2007-11-23 12:55:36 0 d-------- C:\Program Files\McAfee.com
    2007-11-23 11:22:46 0 d-------- C:\Program Files\iPod
    2007-11-22 15:59:12 0 d-------- C:\Program Files\palmOne
    2007-11-22 15:48:28 0 d-------- C:\Program Files\Messenger
    2007-11-22 15:45:59 0 d-------- C:\Program Files\Google
    2007-11-22 15:45:53 0 d-------- C:\Program Files\DellSupport
    2007-11-22 15:44:48 0 d-------- C:\Program Files\Common Files\DataViz
    2007-11-22 15:07:36 1250 --a------ C:\WINDOWS\checkip.dat
    2007-10-28 12:11:44 0 d-------- C:\Program Files\Apple Software Update
    2007-10-19 20:36:20 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-10-19 20:36:20 0 d-------- C:\Program Files\Atari
    2007-09-24 19:49:34 49152 --a------ C:\WINDOWS\system32\LxrSge10s.exe
    2007-09-24 19:49:34 282624 --a------ C:\WINDOWS\LxrSGe11e.dll <Not Verified; Lexar Media Inc.; >
    2007-09-24 19:49:34 1605632 --a------ C:\WINDOWS\LxrJDLApp.exe <Not Verified; Lexar Media, Inc.; JumpDrive Lightning Application>


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched "= "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 06:48 PM]
    "IAAnotif "= "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [06/29/2004 12:23 PM]
    "ATIPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/25/2004 01:52 PM]
    "IntelMeM "= "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 09:12 PM]
    "CTSysVol "= "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [09/17/2003 11:43 AM]
    "CTDVDDET "= "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [06/18/2003 02:00 AM]
    "CTHelper "= "CTHELPER.EXE" [03/11/2004 10:50 AM C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
    "UpdReg "= "C:\WINDOWS\UpdReg.EXE" [05/11/2000 02:00 AM]
    "DVDLauncher "= "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [10/12/2004 05:54 PM]
    "UpdateManager "= "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/07/2004 02:01 AM]
    "MMTray "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [09/14/2004 09:50 AM]
    "mmtask "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [09/14/2004 09:50 AM]
    "RealTray "= "C:\Program Files\Real\RealPlayer\RealPlay.exe" [01/03/2005 03:46 PM]
    "dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [11/16/2004 12:05 AM]
    "!AVG Anti-Spyware "= "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]
    "QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [11/14/2007 11:43 PM]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 01:11 PM]
    "dscactivate "= "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 09:24 AM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
    "MSKAGENTEXE "= "C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" []
    "DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 10:09 AM]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [03/29/2007 07:15 PM]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "RunNarrator "=Narrator.exe

    C:\Documents and Settings\Tim\Start Menu\Programs\Startup\
    DESKTOP.INI [8/11/2004 6:15:06 PM]
    PowerReg Scheduler V3.exe [5/26/2007 8:27:16 PM]
    PowerReg Scheduler.exe [2/8/2005 8:46:43 PM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
    DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [12/29/2005 2:19:49 PM]
    DESKTOP.INI [8/11/2004 6:15:06 PM]
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [3/19/2007 8:05:03 PM]
    HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [6/9/2004 2:16:08 PM]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools "=0 (0x0)
    "NoDispAppearancePage "=0 (0x0)
    "NoColorChoice "=0 (0x0)
    "NoSizeChoice "=0 (0x0)
    "NoDispBackgroundPage "=0 (0x0)
    "NoDispScrSavPage "=0 (0x0)
    "NoDispCPL "=0 (0x0)
    "NoVisualStyleChoice "=0 (0x0)
    "NoDispSettingsPage "=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoActiveDesktop "=0 (0x0)
    "NoActiveDesktopChanges "=00000000
    "NoSaveSettings "=0 (0x0)
    "NoThemesTab "=0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08b0dae3-9a7c-11da-b246-001111b6930f}]
    AutoRun\command- F:\JDLightning\Windows\JDLightning.exe




    -- End of Deckard's System Scanner: finished at 2007-11-27 18:35:06 ------------
     
    treend,
    #24
  6. 2007/11/27
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi treend
    Good to hear:)

    That log looks OK.
    Log onto the next account and post the logs.

    Geri
     
    Geri,
    #25
  7. 2007/11/27
    treend

    treend Inactive Thread Starter

    Joined:
    2007/03/19
    Messages:
    35
    Likes Received:
    0
    Geri,

    Here is the next log. Thanks.

    Treend

    Deckard's System Scanner v20071014.68
    Run by Lori on 2007-11-27 18:41:29
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as Lori.exe) ------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:41:31 PM, on 11/27/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\PROGRA~1\McAfee\MPS\mps.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\McAfee\MPS\mpsevh.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\lexpps.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\palmOne\Hotsync.exe
    C:\Documents and Settings\Lori\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Lori.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE "
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
    O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
    O4 - HKCU\..\Run: [Service Pack 1] C:\WINDOWS\system32\vedxg6ame4.exe
    O4 - HKUS\S-1-5-21-299419450-3118701898-1013829791-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Tim')
    O4 - HKUS\S-1-5-21-299419450-3118701898-1013829791-1009\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe (User 'Tim')
    O4 - HKUS\S-1-5-21-299419450-3118701898-1013829791-1009\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Tim')
    O4 - HKUS\S-1-5-21-299419450-3118701898-1013829791-1009\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Tim')
    O4 - HKUS\S-1-5-21-299419450-3118701898-1013829791-1009\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Tim')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - S-1-5-21-299419450-3118701898-1013829791-1009 Startup: PowerReg Scheduler V3.exe (User 'Tim')
    O4 - S-1-5-21-299419450-3118701898-1013829791-1009 Startup: PowerReg Scheduler.exe (User 'Tim')
    O4 - S-1-5-21-299419450-3118701898-1013829791-1009 User Startup: PowerReg Scheduler V3.exe (User 'Tim')
    O4 - S-1-5-21-299419450-3118701898-1013829791-1009 User Startup: PowerReg Scheduler.exe (User 'Tim')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://63.108.96.230/tsweb/msrdp.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

    --
    End of file - 10642 bytes

    -- Files created between 2007-10-27 and 2007-11-27 -----------------------------

    2007-11-25 09:08:15 0 d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
    2007-11-25 09:07:38 0 d-------- C:\Program Files\Dell Support Center
    2007-11-25 09:07:35 0 d-------- C:\Program Files\Common Files\supportsoft
    2007-11-23 12:53:10 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
    2007-11-23 12:51:26 0 d-------- C:\Program Files\Common Files\McAfee
    2007-11-23 11:22:41 0 d-------- C:\Program Files\iTunes
    2007-11-23 11:21:40 0 d-------- C:\Program Files\QuickTime
    2007-11-22 09:11:06 0 d-------- C:\WINDOWS\ERUNT
    2007-11-22 08:44:22 0 d-------- C:\Documents and Settings\Lori\Application Data\Grisoft
    2007-11-19 17:44:47 0 d-------- C:\Documents and Settings\Tim\Application Data\U3
    2007-11-18 19:44:36 0 d-------- C:\Documents and Settings\Tim\Application Data\Grisoft
    2007-11-17 12:04:28 0 d-------- C:\Documents and Settings\Heather\Application Data\Grisoft
    2007-11-16 23:58:22 0 d-------- C:\WINDOWS\system32\ActiveScan
    2007-11-16 22:39:46 4700 --a------ C:\WINDOWS\system32\tmp.reg
    2007-11-16 22:33:39 0 d-------- C:\Documents and Settings\George\Application Data\Grisoft
    2007-11-16 22:33:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-15 21:45:52 0 d-------- C:\Program Files\Trend Micro
    2007-11-10 22:10:15 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
    2007-10-28 12:11:31 0 d------c- C:\WINDOWS\system32\DRVSTORE
    2007-10-28 12:11:19 0 d-------- C:\Program Files\Common Files\Apple
    2007-10-28 12:11:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple


    -- Find3M Report ---------------------------------------------------------------

    2007-11-27 18:24:53 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
    2007-11-27 18:24:53 384 --a------ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
    2007-11-25 09:07:35 0 d-------- C:\Program Files\Common Files
    2007-11-23 12:55:36 0 d-------- C:\Program Files\McAfee
    2007-11-23 12:55:36 0 d-------- C:\Program Files\McAfee.com
    2007-11-23 11:22:46 0 d-------- C:\Program Files\iPod
    2007-11-22 15:59:12 0 d-------- C:\Program Files\palmOne
    2007-11-22 15:48:28 0 d-------- C:\Program Files\Messenger
    2007-11-22 15:45:59 0 d-------- C:\Program Files\Google
    2007-11-22 15:45:53 0 d-------- C:\Program Files\DellSupport
    2007-11-22 15:44:48 0 d-------- C:\Program Files\Common Files\DataViz
    2007-11-22 15:07:36 1250 --a------ C:\WINDOWS\checkip.dat
    2007-10-28 12:11:44 0 d-------- C:\Program Files\Apple Software Update
    2007-10-19 20:36:20 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-10-19 20:36:20 0 d-------- C:\Program Files\Atari
    2007-09-24 19:49:34 49152 --a------ C:\WINDOWS\system32\LxrSge10s.exe
    2007-09-24 19:49:34 282624 --a------ C:\WINDOWS\LxrSGe11e.dll <Not Verified; Lexar Media Inc.; >
    2007-09-24 19:49:34 1605632 --a------ C:\WINDOWS\LxrJDLApp.exe <Not Verified; Lexar Media, Inc.; JumpDrive Lightning Application>


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched "= "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 06:48 PM]
    "IAAnotif "= "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [06/29/2004 12:23 PM]
    "ATIPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/25/2004 01:52 PM]
    "IntelMeM "= "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 09:12 PM]
    "CTSysVol "= "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [09/17/2003 11:43 AM]
    "CTDVDDET "= "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [06/18/2003 02:00 AM]
    "CTHelper "= "CTHELPER.EXE" [03/11/2004 10:50 AM C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
    "UpdReg "= "C:\WINDOWS\UpdReg.EXE" [05/11/2000 02:00 AM]
    "DVDLauncher "= "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [10/12/2004 05:54 PM]
    "UpdateManager "= "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/07/2004 02:01 AM]
    "MMTray "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [09/14/2004 09:50 AM]
    "mmtask "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [09/14/2004 09:50 AM]
    "RealTray "= "C:\Program Files\Real\RealPlayer\RealPlay.exe" [01/03/2005 03:46 PM]
    "dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [11/16/2004 12:05 AM]
    "!AVG Anti-Spyware "= "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]
    "QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [11/14/2007 11:43 PM]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 01:11 PM]
    "dscactivate "= "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 09:24 AM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
    "MSKAGENTEXE "= "C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" []
    "DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 10:09 AM]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [03/29/2007 07:15 PM]
    "updateMgr "= "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]
    "Undefined "= "C:\WINDOWS\system32\winter.exe" []
    "Windows update loader "= "C:\Windows\xpupdate.exe" []
    "Service Pack 1 "= "C:\WINDOWS\system32\vedxg6ame4.exe" []

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "RunNarrator "=Narrator.exe

    C:\Documents and Settings\Lori\Start Menu\Programs\Startup\
    DESKTOP.INI [8/11/2004 6:15:06 PM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
    DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [12/29/2005 2:19:49 PM]
    DESKTOP.INI [8/11/2004 6:15:06 PM]
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [3/19/2007 8:05:03 PM]
    HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [6/9/2004 2:16:08 PM]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableTaskMgr "=1 (0x1)
    "DisableRegistryTools "=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoControlPanel "=1 (0x1)
    "NoWindowsUpdate "=1 (0x1)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08b0dae3-9a7c-11da-b246-001111b6930f}]
    AutoRun\command- F:\JDLightning\Windows\JDLightning.exe




    -- End of Deckard's System Scanner: finished at 2007-11-27 18:42:06 ------------
     
    treend,
    #26
  8. 2007/11/27
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi Treend

    OK, Lets do this one a little differently:)

    Are you comfortable with editing the registry, It's a easy fix.
    Let me know.

    Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.

    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
    O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
    O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
    O4 - HKCU\..\Run: [Service Pack 1] C:\WINDOWS\system32\vedxg6ame4.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

    Now close all windows other than HiJackThis, then click Fix Checked.

    Close HJT.

    Geri
     
    Geri,
    #27
  9. 2007/11/27
    treend

    treend Inactive Thread Starter

    Joined:
    2007/03/19
    Messages:
    35
    Likes Received:
    0
    Geri,

    Fixed HJT log. I know that you have edited the registry on the other account but unfortunately I am not comfotable doing this myself.

    Thanks,

    Treend
     
    treend,
    #28
  10. 2007/11/27
    treend

    treend Inactive Thread Starter

    Joined:
    2007/03/19
    Messages:
    35
    Likes Received:
    0
    Geri,

    I was brave and went ahead and tried to edit the registry (looking at the prior accounts as examples) I think that I suceeded. Control panel is back and working. If the log is OK, one account to go.

    Thanks,

    Treend

    Deckard's System Scanner v20071014.68
    Run by Lori on 2007-11-27 23:36:39
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as Lori.exe) ------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:36:41 PM, on 11/27/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\palmOne\Hotsync.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\PROGRA~1\McAfee\MPS\mps.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Documents and Settings\Lori\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Lori.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/a/
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE "
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://63.108.96.230/tsweb/msrdp.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

    --
    End of file - 9398 bytes

    -- Files created between 2007-10-27 and 2007-11-27 -----------------------------

    2007-11-25 09:08:15 0 d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
    2007-11-25 09:07:38 0 d-------- C:\Program Files\Dell Support Center
    2007-11-25 09:07:35 0 d-------- C:\Program Files\Common Files\supportsoft
    2007-11-23 12:53:10 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
    2007-11-23 12:51:26 0 d-------- C:\Program Files\Common Files\McAfee
    2007-11-23 11:22:41 0 d-------- C:\Program Files\iTunes
    2007-11-23 11:21:40 0 d-------- C:\Program Files\QuickTime
    2007-11-22 09:11:06 0 d-------- C:\WINDOWS\ERUNT
    2007-11-22 08:44:22 0 d-------- C:\Documents and Settings\Lori\Application Data\Grisoft
    2007-11-19 17:44:47 0 d-------- C:\Documents and Settings\Tim\Application Data\U3
    2007-11-18 19:44:36 0 d-------- C:\Documents and Settings\Tim\Application Data\Grisoft
    2007-11-17 12:04:28 0 d-------- C:\Documents and Settings\Heather\Application Data\Grisoft
    2007-11-16 23:58:22 0 d-------- C:\WINDOWS\system32\ActiveScan
    2007-11-16 22:39:46 4700 --a------ C:\WINDOWS\system32\tmp.reg
    2007-11-16 22:33:39 0 d-------- C:\Documents and Settings\George\Application Data\Grisoft
    2007-11-16 22:33:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-15 21:45:52 0 d-------- C:\Program Files\Trend Micro
    2007-11-10 22:10:15 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
    2007-10-28 12:11:31 0 d------c- C:\WINDOWS\system32\DRVSTORE
    2007-10-28 12:11:19 0 d-------- C:\Program Files\Common Files\Apple
    2007-10-28 12:11:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple


    -- Find3M Report ---------------------------------------------------------------

    2007-11-27 23:32:41 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
    2007-11-27 23:32:41 384 --a------ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
    2007-11-25 09:07:35 0 d-------- C:\Program Files\Common Files
    2007-11-23 12:55:36 0 d-------- C:\Program Files\McAfee
    2007-11-23 12:55:36 0 d-------- C:\Program Files\McAfee.com
    2007-11-23 11:22:46 0 d-------- C:\Program Files\iPod
    2007-11-22 15:59:12 0 d-------- C:\Program Files\palmOne
    2007-11-22 15:48:28 0 d-------- C:\Program Files\Messenger
    2007-11-22 15:45:59 0 d-------- C:\Program Files\Google
    2007-11-22 15:45:53 0 d-------- C:\Program Files\DellSupport
    2007-11-22 15:44:48 0 d-------- C:\Program Files\Common Files\DataViz
    2007-11-22 15:07:36 1250 --a------ C:\WINDOWS\checkip.dat
    2007-10-28 12:11:44 0 d-------- C:\Program Files\Apple Software Update
    2007-10-19 20:36:20 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-10-19 20:36:20 0 d-------- C:\Program Files\Atari
    2007-09-24 19:49:34 49152 --a------ C:\WINDOWS\system32\LxrSge10s.exe
    2007-09-24 19:49:34 282624 --a------ C:\WINDOWS\LxrSGe11e.dll <Not Verified; Lexar Media Inc.; >
    2007-09-24 19:49:34 1605632 --a------ C:\WINDOWS\LxrJDLApp.exe <Not Verified; Lexar Media, Inc.; JumpDrive Lightning Application>


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched "= "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 06:48 PM]
    "IAAnotif "= "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [06/29/2004 12:23 PM]
    "ATIPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/25/2004 01:52 PM]
    "IntelMeM "= "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 09:12 PM]
    "CTSysVol "= "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [09/17/2003 11:43 AM]
    "CTDVDDET "= "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [06/18/2003 02:00 AM]
    "CTHelper "= "CTHELPER.EXE" [03/11/2004 10:50 AM C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
    "UpdReg "= "C:\WINDOWS\UpdReg.EXE" [05/11/2000 02:00 AM]
    "DVDLauncher "= "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [10/12/2004 05:54 PM]
    "UpdateManager "= "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/07/2004 02:01 AM]
    "mmtask "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [09/14/2004 09:50 AM]
    "RealTray "= "C:\Program Files\Real\RealPlayer\RealPlay.exe" [01/03/2005 03:46 PM]
    "dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [11/16/2004 12:05 AM]
    "!AVG Anti-Spyware "= "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]
    "QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [11/14/2007 11:43 PM]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 01:11 PM]
    "dscactivate "= "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 09:24 AM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
    "MSKAGENTEXE "= "C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" []
    "DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 10:09 AM]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [03/29/2007 07:15 PM]
    "updateMgr "= "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]
    "DellSupportCenter "= "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 09:23 AM]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "RunNarrator "=Narrator.exe

    C:\Documents and Settings\Lori\Start Menu\Programs\Startup\
    DESKTOP.INI [8/11/2004 6:15:06 PM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
    DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [12/29/2005 2:19:49 PM]
    DESKTOP.INI [8/11/2004 6:15:06 PM]
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [3/19/2007 8:05:03 PM]
    HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [6/9/2004 2:16:08 PM]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools "=0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08b0dae3-9a7c-11da-b246-001111b6930f}]
    AutoRun\command- F:\JDLightning\Windows\JDLightning.exe




    -- End of Deckard's System Scanner: finished at 2007-11-27 23:37:10 ------------
     
    treend,
    #29
  11. 2007/11/27
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi Treend
    OK LOL
    That's not exactly what I meant. Please don't do it that way again OK ! :p

    I was going to have you change the values manually. :rolleyes:

    OK log looks OK, Post the last one.

    Geri
     
    Geri,
    #30
  12. 2007/11/27
    treend

    treend Inactive Thread Starter

    Joined:
    2007/03/19
    Messages:
    35
    Likes Received:
    0
    Geri,

    Sorry, I misunderstood what you meant. I was following the prior format. Last account, quick and easy I hope.

    Thanks,

    Treend

    Deckard's System Scanner v20071014.68
    Run by Heather on 2007-11-27 23:47:09
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as Heather.exe) ---------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:47:12 PM, on 11/27/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\PROGRA~1\McAfee\MPS\mps.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\palmOne\Hotsync.exe
    C:\Documents and Settings\Heather\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Heather.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/a/
    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE "
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
    O4 - HKUS\S-1-5-21-299419450-3118701898-1013829791-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Lori')
    O4 - HKUS\S-1-5-21-299419450-3118701898-1013829791-1008\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe (User 'Lori')
    O4 - HKUS\S-1-5-21-299419450-3118701898-1013829791-1008\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Lori')
    O4 - HKUS\S-1-5-21-299419450-3118701898-1013829791-1008\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Lori')
    O4 - HKUS\S-1-5-21-299419450-3118701898-1013829791-1008\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 (User 'Lori')
    O4 - HKUS\S-1-5-21-299419450-3118701898-1013829791-1008\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (User 'Lori')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://63.108.96.230/tsweb/msrdp.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

    --
    End of file - 10010 bytes

    -- Files created between 2007-10-27 and 2007-11-27 -----------------------------

    2007-11-25 09:08:15 0 d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
    2007-11-25 09:07:38 0 d-------- C:\Program Files\Dell Support Center
    2007-11-25 09:07:35 0 d-------- C:\Program Files\Common Files\supportsoft
    2007-11-23 12:53:10 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
    2007-11-23 12:51:26 0 d-------- C:\Program Files\Common Files\McAfee
    2007-11-23 11:22:41 0 d-------- C:\Program Files\iTunes
    2007-11-23 11:21:40 0 d-------- C:\Program Files\QuickTime
    2007-11-22 09:11:06 0 d-------- C:\WINDOWS\ERUNT
    2007-11-22 08:44:22 0 d-------- C:\Documents and Settings\Lori\Application Data\Grisoft
    2007-11-19 17:44:47 0 d-------- C:\Documents and Settings\Tim\Application Data\U3
    2007-11-18 19:44:36 0 d-------- C:\Documents and Settings\Tim\Application Data\Grisoft
    2007-11-17 12:04:28 0 d-------- C:\Documents and Settings\Heather\Application Data\Grisoft
    2007-11-16 23:58:22 0 d-------- C:\WINDOWS\system32\ActiveScan
    2007-11-16 22:39:46 4700 --a------ C:\WINDOWS\system32\tmp.reg
    2007-11-16 22:33:39 0 d-------- C:\Documents and Settings\George\Application Data\Grisoft
    2007-11-16 22:33:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-15 21:45:52 0 d-------- C:\Program Files\Trend Micro
    2007-11-10 22:10:15 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
    2007-10-28 12:11:31 0 d------c- C:\WINDOWS\system32\DRVSTORE
    2007-10-28 12:11:19 0 d-------- C:\Program Files\Common Files\Apple
    2007-10-28 12:11:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple


    -- Find3M Report ---------------------------------------------------------------

    2007-11-27 23:32:41 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
    2007-11-27 23:32:41 384 --a------ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
    2007-11-25 09:07:35 0 d-------- C:\Program Files\Common Files
    2007-11-23 12:55:36 0 d-------- C:\Program Files\McAfee
    2007-11-23 12:55:36 0 d-------- C:\Program Files\McAfee.com
    2007-11-23 11:22:46 0 d-------- C:\Program Files\iPod
    2007-11-22 15:59:12 0 d-------- C:\Program Files\palmOne
    2007-11-22 15:48:28 0 d-------- C:\Program Files\Messenger
    2007-11-22 15:45:59 0 d-------- C:\Program Files\Google
    2007-11-22 15:45:53 0 d-------- C:\Program Files\DellSupport
    2007-11-22 15:44:48 0 d-------- C:\Program Files\Common Files\DataViz
    2007-11-22 15:07:36 1250 --a------ C:\WINDOWS\checkip.dat
    2007-10-28 12:11:44 0 d-------- C:\Program Files\Apple Software Update
    2007-10-19 20:36:20 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-10-19 20:36:20 0 d-------- C:\Program Files\Atari
    2007-09-24 19:49:34 49152 --a------ C:\WINDOWS\system32\LxrSge10s.exe
    2007-09-24 19:49:34 282624 --a------ C:\WINDOWS\LxrSGe11e.dll <Not Verified; Lexar Media Inc.; >
    2007-09-24 19:49:34 1605632 --a------ C:\WINDOWS\LxrJDLApp.exe <Not Verified; Lexar Media, Inc.; JumpDrive Lightning Application>


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched "= "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 06:48 PM]
    "IAAnotif "= "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [06/29/2004 12:23 PM]
    "ATIPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/25/2004 01:52 PM]
    "IntelMeM "= "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 09:12 PM]
    "CTSysVol "= "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [09/17/2003 11:43 AM]
    "CTDVDDET "= "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [06/18/2003 02:00 AM]
    "CTHelper "= "CTHELPER.EXE" [03/11/2004 10:50 AM C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
    "UpdReg "= "C:\WINDOWS\UpdReg.EXE" [05/11/2000 02:00 AM]
    "DVDLauncher "= "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [10/12/2004 05:54 PM]
    "UpdateManager "= "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/07/2004 02:01 AM]
    "mmtask "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [09/14/2004 09:50 AM]
    "RealTray "= "C:\Program Files\Real\RealPlayer\RealPlay.exe" [01/03/2005 03:46 PM]
    "dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [11/16/2004 12:05 AM]
    "!AVG Anti-Spyware "= "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]
    "QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [11/14/2007 11:43 PM]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 01:11 PM]
    "dscactivate "= "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 09:24 AM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
    "DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 10:09 AM]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [03/29/2007 07:15 PM]
    "Undefined "= "C:\WINDOWS\system32\winter.exe" []

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "RunNarrator "=Narrator.exe

    C:\Documents and Settings\Heather\Start Menu\Programs\Startup\
    DESKTOP.INI [8/11/2004 6:15:06 PM]
    PowerReg Scheduler V3.exe [4/29/2006 5:04:52 PM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
    DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [12/29/2005 2:19:49 PM]
    DESKTOP.INI [8/11/2004 6:15:06 PM]
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [3/19/2007 8:05:03 PM]
    HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [6/9/2004 2:16:08 PM]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableTaskMgr "=1 (0x1)
    "DisableRegistryTools "=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoControlPanel "=1 (0x1)
    "NoWindowsUpdate "=1 (0x1)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08b0dae3-9a7c-11da-b246-001111b6930f}]
    AutoRun\command- F:\JDLightning\Windows\JDLightning.exe




    -- End of Deckard's System Scanner: finished at 2007-11-27 23:47:42 ------------
     
    treend,
    #31
  13. 2007/11/27
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi

    OK

    Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.

    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
    O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe

    Now close all windows other than HiJackThis, then click Fix Checked.

    Close HJT.

    OK Now, Lets try this manually. If you have any doubts stop and come back and tell me...OK

    To Open registry editor.
    Click Start>Run Type in regedit click OK.
    Click the + sign next to each Key and sub key until you come to system

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

    Click on (system), on the right hand side right click on (DisableTaskMgr) click modify
    in the window that opens Change the data value to ( 0 ) Zero. click OK, OK any prompts

    Now do this one.

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

    NoControlPanel < Change the value to ( 0 ) Zero
    NoWindowsUpdate < Change the value to ( 0 ) Zero

    Click the - sign next to each Key and sub key to deplete the registry hive back to where it started then exit registry editor.

    Let me know how it goes, again if you have any doubts "stop" and come back here.

    Geri
     
    Geri,
    #32
  14. 2007/11/28
    treend

    treend Inactive Thread Starter

    Joined:
    2007/03/19
    Messages:
    35
    Likes Received:
    0
    Geri,

    No problem. It is pretty straightforward and easy as you suggest. Things seem to be back to normal on this account as well. Here is a new log.

    Thanks again,

    Treend

    Deckard's System Scanner v20071014.68
    Run by Heather on 2007-11-28 21:37:30
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as Heather.exe) ---------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:37:39 PM, on 11/28/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\palmOne\Hotsync.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\McAfee\MPS\mps.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Heather\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Heather.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/a/
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE "
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://63.108.96.230/tsweb/msrdp.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

    --
    End of file - 9056 bytes

    -- Files created between 2007-10-28 and 2007-11-28 -----------------------------

    2007-11-25 09:08:15 0 d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
    2007-11-25 09:07:38 0 d-------- C:\Program Files\Dell Support Center
    2007-11-25 09:07:35 0 d-------- C:\Program Files\Common Files\supportsoft
    2007-11-23 12:53:10 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
    2007-11-23 12:51:26 0 d-------- C:\Program Files\Common Files\McAfee
    2007-11-23 11:22:41 0 d-------- C:\Program Files\iTunes
    2007-11-23 11:21:40 0 d-------- C:\Program Files\QuickTime
    2007-11-22 09:11:06 0 d-------- C:\WINDOWS\ERUNT
    2007-11-22 08:44:22 0 d-------- C:\Documents and Settings\Lori\Application Data\Grisoft
    2007-11-19 17:44:47 0 d-------- C:\Documents and Settings\Tim\Application Data\U3
    2007-11-18 19:44:36 0 d-------- C:\Documents and Settings\Tim\Application Data\Grisoft
    2007-11-17 12:04:28 0 d-------- C:\Documents and Settings\Heather\Application Data\Grisoft
    2007-11-16 23:58:22 0 d-------- C:\WINDOWS\system32\ActiveScan
    2007-11-16 22:39:46 4700 --a------ C:\WINDOWS\system32\tmp.reg
    2007-11-16 22:33:39 0 d-------- C:\Documents and Settings\George\Application Data\Grisoft
    2007-11-16 22:33:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-15 21:45:52 0 d-------- C:\Program Files\Trend Micro
    2007-11-10 22:10:15 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
    2007-10-28 12:11:31 0 d------c- C:\WINDOWS\system32\DRVSTORE
    2007-10-28 12:11:19 0 d-------- C:\Program Files\Common Files\Apple
    2007-10-28 12:11:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple


    -- Find3M Report ---------------------------------------------------------------

    2007-11-28 19:16:30 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
    2007-11-28 19:16:30 384 --a------ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-20061102}.dat
    2007-11-25 09:07:35 0 d-------- C:\Program Files\Common Files
    2007-11-23 12:55:36 0 d-------- C:\Program Files\McAfee
    2007-11-23 12:55:36 0 d-------- C:\Program Files\McAfee.com
    2007-11-23 11:22:46 0 d-------- C:\Program Files\iPod
    2007-11-22 15:59:12 0 d-------- C:\Program Files\palmOne
    2007-11-22 15:48:28 0 d-------- C:\Program Files\Messenger
    2007-11-22 15:45:59 0 d-------- C:\Program Files\Google
    2007-11-22 15:45:53 0 d-------- C:\Program Files\DellSupport
    2007-11-22 15:44:48 0 d-------- C:\Program Files\Common Files\DataViz
    2007-11-22 15:07:36 1250 --a------ C:\WINDOWS\checkip.dat
    2007-10-28 12:11:44 0 d-------- C:\Program Files\Apple Software Update
    2007-10-19 20:36:20 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-10-19 20:36:20 0 d-------- C:\Program Files\Atari
    2007-09-24 19:49:34 49152 --a------ C:\WINDOWS\system32\LxrSge10s.exe
    2007-09-24 19:49:34 282624 --a------ C:\WINDOWS\LxrSGe11e.dll <Not Verified; Lexar Media Inc.; >
    2007-09-24 19:49:34 1605632 --a------ C:\WINDOWS\LxrJDLApp.exe <Not Verified; Lexar Media, Inc.; JumpDrive Lightning Application>


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched "= "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 06:48 PM]
    "IAAnotif "= "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [06/29/2004 12:23 PM]
    "ATIPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/25/2004 01:52 PM]
    "IntelMeM "= "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 09:12 PM]
    "CTSysVol "= "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [09/17/2003 11:43 AM]
    "CTDVDDET "= "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [06/18/2003 02:00 AM]
    "CTHelper "= "CTHELPER.EXE" [03/11/2004 10:50 AM C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
    "UpdReg "= "C:\WINDOWS\UpdReg.EXE" [05/11/2000 02:00 AM]
    "DVDLauncher "= "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [10/12/2004 05:54 PM]
    "UpdateManager "= "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/07/2004 02:01 AM]
    "mmtask "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [09/14/2004 09:50 AM]
    "RealTray "= "C:\Program Files\Real\RealPlayer\RealPlay.exe" [01/03/2005 03:46 PM]
    "dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [11/16/2004 12:05 AM]
    "!AVG Anti-Spyware "= "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]
    "QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [11/14/2007 11:43 PM]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 01:11 PM]
    "dscactivate "= "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 09:24 AM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
    "DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 10:09 AM]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [03/29/2007 07:15 PM]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "RunNarrator "=Narrator.exe

    C:\Documents and Settings\Heather\Start Menu\Programs\Startup\
    DESKTOP.INI [8/11/2004 6:15:06 PM]
    PowerReg Scheduler V3.exe [4/29/2006 5:04:52 PM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
    DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [12/29/2005 2:19:49 PM]
    DESKTOP.INI [8/11/2004 6:15:06 PM]
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [3/19/2007 8:05:03 PM]
    HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [6/9/2004 2:16:08 PM]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableTaskMgr "=0 (0x0)
    "DisableRegistryTools "=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoWindowsUpdate "=0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "




    -- End of Deckard's System Scanner: finished at 2007-11-28 21:38:03 ------------
     
    treend,
    #33
  15. 2007/11/28
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi Treend
    OK that looks good.

    Lets do a little clean up and get one more on'line scan, then if all looks good we'll finish up.

    Please do these in the order given.

    Click Start>Run in the run box copy and paste or type ComboFix /u then hit Enter to uninstall ComboFix and remove the files/folders it created.

    You can delete any tools you were asked to download and the files/folders or logs they created, There will be newer versions if ever needed again any way.

    These Tools
    SDFix.exe
    dss.exe

    These files/folders
    C:\Report.txt
    C:\Deckard
    Any Regfix files on your desktop that we created.

    Download ATF Cleaner by Atribune and save it to your Desktop.
    This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
    Double click ATF-Cleaner.exe to run the program.
    Check the boxes to the left of:

    Windows Temp
    Current User Temp
    All Users Temp
    Temporary Internet Files
    Prefetch
    Java Cache
    Recycle bin

    The rest are optional - if you want it to remove everything check "Select All ".
    Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.


    Now Lets get a scan from here.

    Please do an online scan with Kaspersky WebScanner

    Click on Kaspersky Online Scanner

    You will be promted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
      • Scan Options:
      • Scan Archives
        Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      • Select My Computer
    • This will program will start and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Now click on the Save as Text button:
    • Save the file to your desktop.
    • Copy and paste that information in your next post.

    Please post the Kaspersky results

    Thanks
    Geri
     
    Geri,
    #34
  16. 2007/11/29
    treend

    treend Inactive Thread Starter

    Joined:
    2007/03/19
    Messages:
    35
    Likes Received:
    0
    Hi Geri,

    Clean up went smoothly. Kaspersky log attached.

    Thanks,

    Treend

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Thursday, November 29, 2007 9:21:04 PM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 30/11/2007
    Kaspersky Anti-Virus database records: 468649
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\

    Scan Statistics:
    Total number of scanned objects: 66514
    Number of viruses found: 2
    Number of infected objects: 1
    Number of suspicious objects: 2
    Duration of the scan process: 01:21:37

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFRB.tmp Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ab71646864b4b5eb6a61b9a8a7106535_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinMurloffrtk.zip/startdrv.exe Suspicious: Password-protected-EXE skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinMurloffrtk.zip ZIP: suspicious - 1 skipped
    C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
    C:\Documents and Settings\George\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\George\Local Settings\Application Data\ApplicationHistory\sprtcmd.exe.63e7480d.ini.inuse Object is locked skipped
    C:\Documents and Settings\George\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\George\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\George\Local Settings\Application Data\SupportSoft\DellSupportCenter\George\state\logs\sprtcmd.log Object is locked skipped
    C:\Documents and Settings\George\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
    C:\Documents and Settings\George\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\George\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\George\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\master.mdf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\mastlog.ldf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\model.mdf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\modellog.ldf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\tempdb.mdf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\templog.ldf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\LOG\ERRORLOG Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20071121-163836.backup Infected: Trojan.Win32.Qhost.mg skipped
    C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\Temp\mcafee_6G3TfksXKflbo06 Object is locked skipped
    C:\WINDOWS\Temp\mcmsc_KJORluRTKSmshnh Object is locked skipped
    C:\WINDOWS\Temp\mcmsc_oVWSo2pQYo79NSa Object is locked skipped
    C:\WINDOWS\Temp\Perflib_Perfdata_9ec.dat Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    C:\WINDOWS\{00000004-00000000-00000002-00001102-00000004-20061102}.CDF Object is locked skipped

    Scan process completed.
     
    treend,
    #35
  17. 2007/11/29
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi Treend
    Please go here

    C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.

    Right click on hosts file select open with select note pad

    Please copy and paste the contents here.

    Thanks
    Geri
     
    Geri,
    #36
  18. 2007/11/30
    treend

    treend Inactive Thread Starter

    Joined:
    2007/03/19
    Messages:
    35
    Likes Received:
    0
    Geri,

    In C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts, this is all that appears:

    127.0.0.1 localhost

    There are other files in this folder (C:\WINDOWS\SYSTEM32\DRIVERS\ETC), including C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20071121-163836.backup, as listed on the kaspersky log to be infected with Trojan.Win32.Qhost.mg.

    When I right-clicked on this and scanned with AVG Anti-spyware, it was immediately recognized as infected with Malware, Trojan.Win32.Qhost.mg, and the file was automatically quarantined.

    Of note, I did not have AVG Anti-spyware on the computer prior to when this mess occurred.

    Thanks,

    George
     
    treend,
    #37
  19. 2007/11/30
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi George
    OK good.
    Please open SpyBot S/D, click on recovery, check all the boxes in there and click Purge selected items, Ok if prompted.

    Run one more scan at Kasperskys and if no infections are found Great !
    If it shows any then post the results.

    Let me know.

    Geri
     
    Geri,
    #38
  20. 2007/11/30
    treend

    treend Inactive Thread Starter

    Joined:
    2007/03/19
    Messages:
    35
    Likes Received:
    0
    Geri,

    Done. Ran another scan. Looks like another trojan was found?

    Your thoughts?

    Thanks,

    Treend
    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Friday, November 30, 2007 11:02:29 PM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 1/12/2007
    Kaspersky Anti-Virus database records: 469643
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\

    Scan Statistics:
    Total number of scanned objects: 70827
    Number of viruses found: 1
    Number of infected objects: 1
    Number of suspicious objects: 0
    Duration of the scan process: 01:27:55

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{F2101932-0061-47F4-AC20-9DA507D6BADB}.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR1.tmp Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ab71646864b4b5eb6a61b9a8a7106535_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
    C:\Documents and Settings\George\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\George\Local Settings\Application Data\ApplicationHistory\sprtcmd.exe.63e7480d.ini.inuse Object is locked skipped
    C:\Documents and Settings\George\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\George\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\George\Local Settings\Application Data\SupportSoft\DellSupportCenter\George\state\logs\sprtcmd.log Object is locked skipped
    C:\Documents and Settings\George\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
    C:\Documents and Settings\George\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\George\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\George\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Tim\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
    C:\Documents and Settings\Tim\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
    C:\Documents and Settings\Tim\Application Data\GTek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
    C:\Documents and Settings\Tim\Application Data\GTek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
    C:\Documents and Settings\Tim\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Tim\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Tim\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Tim\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
    C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\69GB8PQ3\ze[1].htm Infected: Trojan-Downloader.JS.Psyme.ls skipped
    C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Tim\ntuser.dat Object is locked skipped
    C:\Documents and Settings\Tim\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\master.mdf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\mastlog.ldf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\model.mdf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\modellog.ldf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\tempdb.mdf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\templog.ldf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\LOG\ERRORLOG Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\Temp\mcafee_RaRjHyigMyKY6ey Object is locked skipped
    C:\WINDOWS\Temp\mcmsc_acpbAVWMGuiN0ZG Object is locked skipped
    C:\WINDOWS\Temp\mcmsc_KwaicKL0QecoVme Object is locked skipped
    C:\WINDOWS\Temp\mcmsc_q3qTtcO0jOY7mz9 Object is locked skipped
    C:\WINDOWS\Temp\mcmsc_tlBAq57rN9QTctG Object is locked skipped
    C:\WINDOWS\Temp\Perflib_Perfdata_35c.dat Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    C:\WINDOWS\{00000004-00000000-00000002-00001102-00000004-20061102}.CDF Object is locked skipped

    Scan process completed.
     
    treend,
    #39
  21. 2007/11/30
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi George
    Run ATF Cleaner,

    Then log into Tims account and go here to see if this is gone. If it is there delete it.

    Using Windows Explorer (to get there right-click your Start button and go to "Explore "),

    C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\69GB8PQ3\ze[1].htm

    Let me know
    Geri
     
    Geri,
    #40
Page 2 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...