vundo problems

Started by trouble, March 02, 2008, 05:23:20 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1 2 3 4
User actions

trouble

March 02, 2008, 05:23:20 PM
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:58:51 AM, on 3/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SpywareStop\SpywareStop.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ErrorKiller\ErrorKiller.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: {ff0277a2-a8d8-51c8-5184-9907c063c8e3} - {3e8c360c-7099-4815-8c15-8d8a2a7720ff} - C:\WINDOWS\system32\sujwcorc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: (no name) - {DEA3F205-1844-418E-B3A9-19BF4F30AB2F} - C:\WINDOWS\system32\gebyv.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Popup Killer - {2D58DD23-2759-4C7B-9351-D68AF7D0D868} - C:\PROGRA~1\POPUPR~1\popup.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ErrorKiller] C:\Program Files\ErrorKiller\ErrorKiller.exe
O4 - HKLM\..\Run: [880dad0a] rundll32.exe "C:\WINDOWS\system32\bijfpagx.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpywareStop] C:\Program Files\SpywareStop\SpywareStop.exe -boot
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: 
O20 - Winlogon Notify: qomkhef - qomkhef.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

--
End of file - 10707 bytes

I know that I need some help.  When I get on the internet the computer will automatically open new internet explorer windows and take me to various places.  A common theme is a malware program that wants to scan my coputer and tell me how infected I am, then wants me to purchase their product.  I am currently running McAfee Security Suite that I got through Comcast, and I also purchased sbybot program that I thought would help, but it finds the "vundo" or "conhook" viruses each time I run it.  I select "clean infections" and it appears to clean them, but if I run the program again it finds the same errors.  Most of them are "hkey"'s.  I had the online helper at spybot attempt to help me and they ran some fixes, but to no avail I still get the same "infections" when I run "spyware stop".  A coworker in my computer department recomended I try this forum for help.  Any ideas are appreciated.

Niecarrah

#1
March 03, 2008, 06:29:32 AM
Firstly, in order for our Experts to help you.  You need to update 2 programs that are seriously OUT OF DATE!  And VERY vulnerable.  You must first go to Add/Remove Programs and remove your version of Sun Java!  Also Adobe is seriously old!  The easiest way to accomplish this is to go to Secunia.com here is the link http://secunia.com/software_inspector/and run the scan here.  I also suspect that you think you have downloaded SpywareStop but it indeed SpywareBot and this is another can of worms, but I will let this to our experts.  You need to make certain you computer is up to date, this scan will allow you to know that all patches, fixes and updates are needed or complete. Then you need to empty all unnecessary files and the best way to to do this is to download ATF Cleaner from Atribune.org.,this is the link http://www.atribune.org/content/view/25/2/  choosing select all, then restart your computer and post a FRESH HJT log file.  Then I am sure the Experts will take it from there.  BTW since you already use some McAfee products you should also use McAfee Site Advisor then you would know when you are downloading from a genuine site unlike the one you loaded, that  SpywareStop thing, and ErrorKiller is a suspect also. Download here http://www.siteadvisor.com/  You may also take a look at this program http://www.winpatrol.com/download.html as it will keep your computer safe in real time, and BEST of all, the programs are all FREE!!!!
1.  Remove OLD Sun Java Console
2.  Go to Secunia and update
3.  atribune.org and clean files
4.  Restart
5.  Run HJT and post a fresh log file

And wait patiently, as help is on the way!

:welcome: to Landzdown, you have come to the right place!
I can't know...?
NEVER LET BEING GOOD ENOUGH, BE GOOD ENOUGH!"

trouble

#2
March 03, 2008, 08:53:04 AM
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:14 PM, on 3/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SpywareStop\SpywareStop.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ErrorKiller\ErrorKiller.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: {ff0277a2-a8d8-51c8-5184-9907c063c8e3} - {3e8c360c-7099-4815-8c15-8d8a2a7720ff} - C:\WINDOWS\system32\sujwcorc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: (no name) - {DEA3F205-1844-418E-B3A9-19BF4F30AB2F} - C:\WINDOWS\system32\gebyv.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Popup Killer - {2D58DD23-2759-4C7B-9351-D68AF7D0D868} - C:\PROGRA~1\POPUPR~1\popup.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ErrorKiller] C:\Program Files\ErrorKiller\ErrorKiller.exe
O4 - HKLM\..\Run: [880dad0a] rundll32.exe "C:\WINDOWS\system32\bijfpagx.dll",b
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpywareStop] C:\Program Files\SpywareStop\SpywareStop.exe -boot
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: 
O20 - Winlogon Notify: qomkhef - qomkhef.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

--
End of file - 11030 bytes

Here is my new log file.  Thanks for the detailed instructions, they worked great.

Corrine

#3
March 04, 2008, 01:35:54 AM
Hi, trouble.  Welcome to LandzDown Forum!  Tell your co-worker thank you for recommending us to help.  As you have already seen, from the help from Niecarrah that the members of LzD all chip in. 

With regard to ErrorKiller, it is a so-called registry cleaner with other options. Registry cleaners often do more damage than harm.  One false removal and you end up re-installing your system.  This particular software has been seen frequently recommended on sites together with various rogue antispyware cleaners.  In addition, Ben Edelman, a highly respected member of the security community, had this to report at McAfee Site Advisor:

QuoteIn http://www.benedelman.org/news/021408-1.html , I present a variety of false and deceptive advertising practices, and other troubling behaviors, by (and on behalf of) C-NetMedia, operator of this site.

Although the decision is yours, I would not have it on my computer.

Please follow these instructions carefully: 

Download Combofix from any of the links below, and save it to your desktop.  For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

            Link 1
            Link 2
            Link 3


**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
    When finished, it will produce a report for you. 
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.  ONLY run ComboFix one time.





Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

trouble

#4
March 05, 2008, 08:56:03 AM
I removed error killer, thanks.  I thought it was helping me.  When I went to the bleeping comuter site to read the instructions for combofix it tells me to go to microsoft support and download a recovery console.  I have the windows xp media edition 2002 that I received as a free upgrade from Dell when I purchased the computer.  I cannot find the recovery console for this edition.  Can I load the Home edition?

Clark76

#5
March 06, 2008, 12:07:20 AM
With xp media edition use the XP professional recovery console.
Proud Member of ASAP
Proud Member of UNITE

trouble

#6
March 06, 2008, 07:41:45 AM
Hijack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:37 PM, on 3/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SpywareStop\SpywareStop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Popup Killer - {2D58DD23-2759-4C7B-9351-D68AF7D0D868} - C:\PROGRA~1\POPUPR~1\popup.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpywareStop] C:\Program Files\SpywareStop\SpywareStop.exe -boot
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: 
O20 - Winlogon Notify: qomkhef - qomkhef.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

--
End of file - 10255 bytes

the next one is the combofix log

ComboFix 08-03-04.2 - Mark Neary 2008-03-05 22:22:15.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.154 [GMT -8:00]
Running from: C:\Documents and Settings\Mark Neary\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM8b3e9e96.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\beipunwv.dll
C:\WINDOWS\system32\bijfpagx.dll
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cdlpbnvv.dll
C:\WINDOWS\system32\cigrmgww.dll
C:\WINDOWS\system32\cvjmquxs.dll
C:\WINDOWS\system32\daSgo02
C:\WINDOWS\system32\elydsdny.dll
C:\WINDOWS\system32\eqdwxsco.dll
C:\WINDOWS\system32\fbabqyvm.ini
C:\WINDOWS\system32\inekuhqt.ini
C:\WINDOWS\system32\innuuuar.dll
C:\WINDOWS\system32\iswdmomq.dll
C:\WINDOWS\system32\kimcfocd.ini
C:\WINDOWS\system32\kqiunjfo.dll
C:\WINDOWS\system32\linyfgix.dll
C:\WINDOWS\system32\llebouhl.dll
C:\WINDOWS\system32\mbdwfnve.dll
C:\WINDOWS\system32\mbefvoml.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mehvbwsy.dll
C:\WINDOWS\system32\ocsxwdqe.ini
C:\WINDOWS\system32\osbxvved.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\ppppiphf.dll
C:\WINDOWS\system32\rauuunni.ini
C:\WINDOWS\system32\rrneefsu.dll
C:\WINDOWS\system32\spqdxpek.dll
C:\WINDOWS\system32\suhgrfqb.dll
C:\WINDOWS\system32\sujwcorc.dll
C:\WINDOWS\system32\sxuqmjvc.ini
C:\WINDOWS\system32\tnrnsime.dll
C:\WINDOWS\system32\tqhukeni.dll
C:\WINDOWS\system32\vybeg.bak1
C:\WINDOWS\system32\vybeg.bak2
C:\WINDOWS\system32\vybeg.ini
C:\WINDOWS\system32\vybeg.ini2
C:\WINDOWS\system32\xgapfjib.ini
C:\WINDOWS\system32\xuvbilek.dll
C:\WINDOWS\system32\yaddrhwl.ini

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE


(((((((((((((((((((((((((   Files Created from 2008-02-06 to 2008-03-06  )))))))))))))))))))))))))))))))
.

2008-03-02 23:16 . 2008-03-02 23:16   <DIR>   d--------   C:\Documents and Settings\Mark Neary\Application Data\Talkback
2008-03-02 23:15 . 2008-03-02 23:15   <DIR>   d--------   C:\Program Files\Common Files\xing shared
2008-03-02 23:15 . 2008-03-02 23:15   0   --a------   C:\WINDOWS\nsreg.dat
2008-03-02 23:08 . 2008-03-02 23:09   1,355   --a------   C:\WINDOWS\imsins.BAK
2008-03-02 22:58 . 2007-09-24 23:31   69,632   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-03-02 22:57 . 2008-03-02 22:57   <DIR>   d--------   C:\Program Files\Common Files\Java
2008-03-02 07:58 . 2008-03-02 07:58   <DIR>   d--------   C:\Program Files\Trend Micro
2008-02-27 21:58 . 2008-03-03 20:31   <DIR>   d--------   C:\Program Files\SpywareStop
2008-02-27 21:58 . 2008-03-03 20:31   <DIR>   d--------   C:\Documents and Settings\Mark Neary\Application Data\SpywareStop
2008-02-27 21:58 . 2008-02-21 12:10   19,696   --a------   C:\WINDOWS\system32\drivers\spywarestop.sys
2008-02-27 20:52 . 2008-02-27 20:52   <DIR>   d--------   C:\VundoFix Backups
2008-02-27 20:45 . 2008-02-27 20:45   3,632   --a------   C:\WINDOWS\system32\tmp.reg
2008-02-27 20:27 . 2008-02-28 15:32   <DIR>   d--------   C:\WINDOWS\LMI38.tmp
2008-02-27 20:11 . 2008-02-28 19:42   2,617,194   ---hs----   C:\WINDOWS\system32\ebiggsnr.ini
2008-02-27 19:26 . 2008-02-27 19:26   0   --a------   C:\WINDOWS\system32\wsiwevjh.tmp
2008-02-26 20:12 . 2008-02-27 19:25   2,613,179   ---hs----   C:\WINDOWS\system32\wsiwevjh.ini
2008-02-24 20:08 . 2008-02-25 17:41   2,214   ---hs----   C:\WINDOWS\system32\nuapoaxr.ini
2008-02-21 19:59 . 2008-02-24 20:08   2,949,786   ---hs----   C:\WINDOWS\system32\kqbonsod.ini
2008-02-20 19:54 . 2008-02-21 17:33   2,230,313   ---hs----   C:\WINDOWS\system32\vmovleua.ini
2008-02-18 19:53 . 2008-02-19 21:35   1,973,204   ---hs----   C:\WINDOWS\system32\pjwujcjk.ini
2008-02-14 17:22 . 2008-02-14 17:22   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Dell
2008-02-12 17:30 . 2008-02-13 07:32   1,853,495   ---hs----   C:\WINDOWS\system32\djalfxlc.ini
2008-02-12 17:24 . 2008-02-12 17:24   53,312   --a------   C:\WINDOWS\system32\gvbbmmsd.exe
2008-02-09 15:57 . 2008-02-12 17:25   2,088,007   ---hs----   C:\WINDOWS\system32\llnbfitw.ini
2008-02-09 15:51 . 2008-02-09 15:51   53,312   --a------   C:\WINDOWS\system32\dvsqyjfv.exe
2008-02-08 15:50 . 2008-02-08 15:50   53,312   --a------   C:\WINDOWS\system32\uuxwpqne.exe
2008-02-06 15:49 . 2008-02-08 15:48   1,704,439   ---hs----   C:\WINDOWS\system32\ovgnwxmf.ini
2008-02-06 15:49 . 2008-02-06 15:49   53,312   --a------   C:\WINDOWS\system32\qeyocycp.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-04 13:47   ---------   d-----w   C:\Program Files\ErrorKiller
2008-03-04 04:31   ---------   d-----w   C:\Documents and Settings\Mark Neary\Application Data\ErrorKiller
2008-03-03 07:15   ---------   d-----w   C:\Program Files\Real
2008-03-03 07:14   ---------   d-----w   C:\Program Files\Common Files\Real
2008-03-03 06:58   ---------   d-----w   C:\Program Files\Java
2008-03-03 06:48   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-02-28 02:44   ---------   d-----w   C:\Documents and Settings\Mark Neary\Application Data\SpywareBot
2008-02-26 05:09   ---------   d-----w   C:\Program Files\McAfee
2008-02-25 19:13   ---------   d-----w   C:\Documents and Settings\Michelle Neary\Application Data\ErrorKiller
2008-02-06 17:51   171,400   ----a-w   C:\WINDOWS\system32\drivers\mfehidk.sys
2008-01-30 04:59   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-01-30 04:56   ---------   d-----w   C:\Program Files\Dell Games
2008-01-30 04:55   ---------   d-----w   C:\Program Files\Eusing Free Registry Cleaner
2008-01-30 04:54   ---------   d-----w   C:\Program Files\Dell
2008-01-28 05:03   ---------   d-----w   C:\Program Files\SpywareBlaster
2008-01-14 16:32   ---------   d-----w   C:\Program Files\Lavasoft
2008-01-14 16:32   ---------   d-----w   C:\Documents and Settings\Mark Neary\Application Data\Lavasoft
2008-01-14 16:30   ---------   d-----w   C:\Program Files\PopupRadar
2008-01-13 17:58   ---------   d-----w   C:\Documents and Settings\Michelle Neary\Application Data\SpywareBot
2007-12-24 00:17   581,488   ----a-w   C:\MCPR.exe
2006-11-07 01:54   774,144   ----a-w   C:\Program Files\RngInterstitial.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 03:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-01 17:48 68856]
"SpywareStop"="C:\Program Files\SpywareStop\SpywareStop.exe" [2008-02-25 12:54 6792432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 12:01 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 22:20 339968 C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 05:56 139264]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 19:05 344064]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 14:19 53248]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 08:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 08:44 81920]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 14:34 106496]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 04:33 122941]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-02 23:14 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomkhef]
qomkhef.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Intuit\\QuickBooks 2005\\QBDBMgrN.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R0 spywarestop;spywarestop;C:\WINDOWS\system32\DRIVERS\spywarestop.sys [2008-02-21 12:10]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-03 23:36:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-04 11:30:01 C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job"
- C:\Program Files\ErrorKiller\ErrorKiller.ex
- C:\Program Files\ErrorKiller
"2007-12-24 00:34:53 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-02-01 09:00:14 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-03-04 11:00:01 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job"
- C:\Program Files\SpywareBot\SpywareBot.ex
- C:\Program Files\SpywareBot
"2008-03-06 06:27:56 C:\WINDOWS\Tasks\SpywareStop Scheduled Scan.job"
- C:\Program Files\SpywareStop\SpywareStop.ex
- C:\Program Files\SpywareStop
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-05 22:27:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-03-05 22:30:11 - machine was rebooted
ComboFix-quarantined-files.txt  2008-03-06 06:30:07
.
2007-12-13 07:23:01   --- E O F --- 

Thanks again for the detailed instructions.

trouble

#7
March 06, 2008, 10:27:22 PM
 :gwave:

I ran the spybot software and it did not detect the vundo or the conhook viruses.  Does this mean I am fixed?  If so I sure appreciate your help.

Corrine

#8
March 07, 2008, 12:25:36 AM
Ah, no, your nickname is still most suitable as you still have plenty of trouble on that machine.  We won't be finished here until you're given the "all clean" message.

In the meantime, I am researching your log and putting together the next steps for you to follow. 


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Corrine

#9
March 07, 2008, 01:24:53 AM
Hi, trouble.

Please note that it is extremely important that you follow the instructions carefully and in the order presented.  There will be additional steps after this, so be sure to post your logs and await further instructions. 

Custom CFScript

       
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:

Quote
File::
C:\WINDOWS\imsins.BAK
C:\Documents and Settings\Mark Neary\Application Data\SpywareStop
C:\WINDOWS\system32\drivers\spywarestop.sys
C:\WINDOWS\LMI38.tmp
C:\WINDOWS\system32\ebiggsnr.ini
C:\WINDOWS\system32\wsiwevjh.tmp
C:\WINDOWS\system32\wsiwevjh.ini
C:\WINDOWS\system32\nuapoaxr.ini
C:\WINDOWS\system32\kqbonsod.ini
C:\WINDOWS\system32\vmovleua.ini
C:\WINDOWS\system32\pjwujcjk.ini
C:\WINDOWS\system32\djalfxlc.ini
C:\WINDOWS\system32\gvbbmmsd.exe
C:\WINDOWS\system32\llnbfitw.ini
C:\WINDOWS\system32\dvsqyjfv.exe
C:\WINDOWS\system32\uuxwpqne.exe
C:\WINDOWS\system32\ovgnwxmf.ini
C:\WINDOWS\system32\qeyocycp.exe
C:\WINDOWS\system32\qomkhef.dll
C:\MCPR.exe
C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job
C:\WINDOWS\Tasks\SpywareStop Scheduled Scan.job

Folder::
C:\Program Files\SpywareStop

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomkhef]

Driver::
spywarestop


       
  • Save this as CFScript.txt and place it on your desktop.
  • Close any open browsers
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

         


       
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
       
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
       
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply along with a fresh HijackThis log.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.



Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

trouble

#10
March 08, 2008, 06:56:23 AM
combo fix log is as follows

ComboFix 08-03-04.2 - Mark Neary 2008-03-07 21:42:13.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.181 [GMT -8:00]
Running from: C:\Documents and Settings\Mark Neary\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mark Neary\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\Mark Neary\Application Data\SpywareStop
C:\MCPR.exe
C:\WINDOWS\imsins.BAK
C:\WINDOWS\LMI38.tmp
C:\WINDOWS\system32\djalfxlc.ini
C:\WINDOWS\system32\drivers\spywarestop.sys
C:\WINDOWS\system32\dvsqyjfv.exe
C:\WINDOWS\system32\ebiggsnr.ini
C:\WINDOWS\system32\gvbbmmsd.exe
C:\WINDOWS\system32\kqbonsod.ini
C:\WINDOWS\system32\llnbfitw.ini
C:\WINDOWS\system32\nuapoaxr.ini
C:\WINDOWS\system32\ovgnwxmf.ini
C:\WINDOWS\system32\pjwujcjk.ini
C:\WINDOWS\system32\qeyocycp.exe
C:\WINDOWS\system32\qomkhef.dll
C:\WINDOWS\system32\uuxwpqne.exe
C:\WINDOWS\system32\vmovleua.ini
C:\WINDOWS\system32\wsiwevjh.ini
C:\WINDOWS\system32\wsiwevjh.tmp
C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job
C:\WINDOWS\Tasks\SpywareStop Scheduled Scan.job
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\MCPR.exe
C:\Program Files\SpywareStop
C:\Program Files\SpywareStop\DataBase.ref
C:\Program Files\SpywareStop\Difxapi.dll
C:\Program Files\SpywareStop\FilterDrv\SpywareBot.cat
C:\Program Files\SpywareStop\FilterDrv\SpywareBot.inf
C:\Program Files\SpywareStop\FilterDrv\SpywareStop.amd64.sys
C:\Program Files\SpywareStop\FilterDrv\SpywareStop.cat
C:\Program Files\SpywareStop\FilterDrv\SpywareStop.inf
C:\Program Files\SpywareStop\FilterDrv\SpywareStop.x86.sys
C:\Program Files\SpywareStop\Launcher.exe
C:\Program Files\SpywareStop\SpyCleaner.dll
C:\Program Files\SpywareStop\SpywareStop.exe
C:\Program Files\SpywareStop\SpywareStop.url
C:\Program Files\SpywareStop\TCL.dll
C:\Program Files\SpywareStop\vistaCPtasks.xml
C:\Program Files\SpywareStop\zlib.dll
C:\WINDOWS\imsins.BAK
C:\WINDOWS\system32\djalfxlc.ini
C:\WINDOWS\system32\drivers\spywarestop.sys
C:\WINDOWS\system32\dvsqyjfv.exe
C:\WINDOWS\system32\ebiggsnr.ini
C:\WINDOWS\system32\gvbbmmsd.exe
C:\WINDOWS\system32\kqbonsod.ini
C:\WINDOWS\system32\llnbfitw.ini
C:\WINDOWS\system32\nuapoaxr.ini
C:\WINDOWS\system32\ovgnwxmf.ini
C:\WINDOWS\system32\pjwujcjk.ini
C:\WINDOWS\system32\qeyocycp.exe
C:\WINDOWS\system32\uuxwpqne.exe
C:\WINDOWS\system32\vmovleua.ini
C:\WINDOWS\system32\wsiwevjh.ini
C:\WINDOWS\system32\wsiwevjh.tmp
C:\WINDOWS\system32\zmmfqvpd.dllbox
C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job
C:\WINDOWS\Tasks\SpywareStop Scheduled Scan.job

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SPYWARESTOP
-------\spywarestop


(((((((((((((((((((((((((   Files Created from 2008-02-08 to 2008-03-08  )))))))))))))))))))))))))))))))
.

2008-03-02 23:16 . 2008-03-02 23:16   <DIR>   d--------   C:\Documents and Settings\Mark Neary\Application Data\Talkback
2008-03-02 23:15 . 2008-03-02 23:15   <DIR>   d--------   C:\Program Files\Common Files\xing shared
2008-03-02 23:15 . 2008-03-02 23:15   0   --a------   C:\WINDOWS\nsreg.dat
2008-03-02 22:58 . 2007-09-24 23:31   69,632   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-03-02 22:57 . 2008-03-02 22:57   <DIR>   d--------   C:\Program Files\Common Files\Java
2008-03-02 07:58 . 2008-03-02 07:58   <DIR>   d--------   C:\Program Files\Trend Micro
2008-02-27 21:58 . 2008-03-03 20:31   <DIR>   d--------   C:\Documents and Settings\Mark Neary\Application Data\SpywareStop
2008-02-27 20:52 . 2008-02-27 20:52   <DIR>   d--------   C:\VundoFix Backups
2008-02-27 20:45 . 2008-02-27 20:45   3,632   --a------   C:\WINDOWS\system32\tmp.reg
2008-02-27 20:27 . 2008-02-28 15:32   <DIR>   d--------   C:\WINDOWS\LMI38.tmp
2008-02-14 17:22 . 2008-02-14 17:22   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Dell

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-04 13:47   ---------   d-----w   C:\Program Files\ErrorKiller
2008-03-04 04:31   ---------   d-----w   C:\Documents and Settings\Mark Neary\Application Data\ErrorKiller
2008-03-03 07:15   ---------   d-----w   C:\Program Files\Real
2008-03-03 07:14   ---------   d-----w   C:\Program Files\Common Files\Real
2008-03-03 06:58   ---------   d-----w   C:\Program Files\Java
2008-03-03 06:48   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-02-28 02:44   ---------   d-----w   C:\Documents and Settings\Mark Neary\Application Data\SpywareBot
2008-02-26 05:09   ---------   d-----w   C:\Program Files\McAfee
2008-02-25 19:13   ---------   d-----w   C:\Documents and Settings\Michelle Neary\Application Data\ErrorKiller
2008-02-06 17:51   171,400   ----a-w   C:\WINDOWS\system32\drivers\mfehidk.sys
2008-01-30 04:59   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-01-30 04:56   ---------   d-----w   C:\Program Files\Dell Games
2008-01-30 04:55   ---------   d-----w   C:\Program Files\Eusing Free Registry Cleaner
2008-01-30 04:54   ---------   d-----w   C:\Program Files\Dell
2008-01-28 05:03   ---------   d-----w   C:\Program Files\SpywareBlaster
2008-01-14 16:32   ---------   d-----w   C:\Program Files\Lavasoft
2008-01-14 16:32   ---------   d-----w   C:\Documents and Settings\Mark Neary\Application Data\Lavasoft
2008-01-14 16:30   ---------   d-----w   C:\Program Files\PopupRadar
2008-01-13 17:58   ---------   d-----w   C:\Documents and Settings\Michelle Neary\Application Data\SpywareBot
2006-11-07 01:54   774,144   ----a-w   C:\Program Files\RngInterstitial.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 03:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-01 17:48 68856]
"SpywareStop"="C:\Program Files\SpywareStop\SpywareStop.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 12:01 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 22:20 339968 C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 05:56 139264]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 19:05 344064]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 14:19 53248]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 08:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 08:44 81920]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 14:34 106496]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 04:33 122941]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-02 23:14 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Intuit\\QuickBooks 2005\\QBDBMgrN.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-03 23:36:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-24 00:34:53 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-02-01 09:00:14 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-03-04 11:00:01 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job"
- C:\Program Files\SpywareBot\SpywareBot.ex
- C:\Program Files\SpywareBot
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-07 21:46:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-03-07 21:50:23 - machine was rebooted
ComboFix-quarantined-files.txt  2008-03-08 05:50:19
ComboFix2.txt  2008-03-06 06:30:12
.
2007-12-13 07:23:01   --- E O F --- 

The hijackthis log is as follows:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:52:17 PM, on 3/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Popup Killer - {2D58DD23-2759-4C7B-9351-D68AF7D0D868} - C:\PROGRA~1\POPUPR~1\popup.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpywareStop] C:\Program Files\SpywareStop\SpywareStop.exe -boot
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: 
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

--
End of file - 10222 bytes

I guess I picked the right sign on name.  Thank you again for the help.  I like these easy to follow directions.

Corrine

#11
March 09, 2008, 03:50:19 AM
We'll end your trouble -- but perhaps not mine.  I keep managing to close the tab when I have your instructions almost completed.  I did it the other day and again tonight.  I think that is why I missed tmp.reg.  Let's take care of that and then do a KAV scan and see how your computer is working.

Custom CFScript

       
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

Code Select
File::
C:\WINDOWS\system32\tmp.reg


       
  • Save this as CFScript.txt and place it on your desktop.
  • Close any open browsers
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


         


       
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
       
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
       
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
        • Scan Mail Bases[/color][/b]
    • Click OK & have it scan My Computer
    • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
    * Turn off the real time scanner of any existing antivirus program while performing the online scan *

    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.[/color]

    =====================

    Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

    =====================
    Logs Required
    ComboFix Log
    Kaspersky Scan Log
    Hijackthis Log





Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

trouble

#12
March 09, 2008, 07:59:10 PM
Ok looks like I still have some problems.  Attahed are all of the reports you requested.

Kaspersky report

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, March 09, 2008 11:52:23 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update:  9/03/2008
Kaspersky Anti-Virus database records: 618846
-------------------------------------------------------------------------------

Scan Settings:
   Scan using the following antivirus database: extended
   Scan Archives: true
   Scan Mail Bases: true

Scan Target - My Computer:
   C:\
   D:\
   E:\
   F:\
   G:\
   H:\
   I:\

Scan Statistics:
   Total number of scanned objects: 86355
   Number of viruses found: 6
   Number of infected objects: 41
   Number of suspicious objects: 0
   Duration of the scan process: 00:53:47

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{8700256C-A6E3-4AD3-A0EE-A9E7AB14E3EB}.log   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\247624e70eb4de53817858264d24ea48_24adf822-76f7-4481-b30b-ff1b40f8687f   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Adobe\Acrobat\6.0\AcroForm\MRUFormsList   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Adobe\Acrobat\6.0\Collab\OfflineDocs   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Adobe\Acrobat\6.0\Collab\Reviews   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Adobe\Acrobat\6.0\TMGrpPrm.sav   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Adobe\Acrobat\6.0\Updater\udstore.js   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Apple Computer\iTunes\iTunesPrefs.xml   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Apple Computer\QuickTime\QTPlayerSession.xml   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectExpert\12\Custom WP Templates\bluterra.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectExpert\12\Custom WP Templates\greenbrk.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectExpert\12\Custom WP Templates\hatch.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectExpert\12\Custom WP Templates\lace1.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectExpert\12\Custom WP Templates\lace2.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectExpert\12\Custom WP Templates\marble1.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectExpert\12\Custom WP Templates\marble2.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectExpert\12\Custom WP Templates\oil1.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectExpert\12\Custom WP Templates\oil2.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectExpert\12\Custom WP Templates\paper1.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectExpert\12\Custom WP Templates\paper2.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectExpert\12\Custom WP Templates\pine.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectExpert\12\Custom WP Templates\poly.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectExpert\12\Custom WP Templates\poplar.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectExpert\12\Custom WP Templates\qw12EN.wpt   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectExpert\12\Custom WP Templates\rock.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectExpert\12\Custom WP Templates\stucco1.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectExpert\12\Custom WP Templates\stucco2.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectExpert\12\Custom WP Templates\tile.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectExpert\12\Custom WP Templates\water.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectExpert\12\Custom WP Templates\wp12US.wpt   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectExpert\12\Custom WP Templates\wrinkle.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectExpert\12\Custom WP Templates\XML\app-a50.wpt   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectExpert\12\Custom WP Templates\XML\app-d30.wpt   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectExpert\12\Custom WP Templates\XML\docbook2.wpt   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectExpert\12\Custom WP Templates\XML\docbook3.wpt   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectExpert\12\Custom WP Templates\XML\html.wpt   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectExpert\12\Custom WP Templates\XML\html32ip.wpt   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectExpert\12\Custom WP Templates\XML\html3_2.wpt   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectExpert\12\Custom WP Templates\XML\overview.wpt   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectExpert\12\Custom WP Templates\XML\sample1.wpt   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectExpert\12\Custom WP Templates\XML\sample2.wpt   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectExpert\12\Custom WP Templates\XML\teilite.wpt   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectExpert\12\Custom WP Templates\XML\XML.wpt   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectExpert\12\Custom WP Templates\XML\xmlnews.wpt   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectExpert\12\Custom WP Templates\_autotmp.wpx   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectScript\12\WordPerfect\ABBREV.WCM   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectScript\12\WordPerfect\adrs2mrg.wcm   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectScript\12\WordPerfect\ALLFONTS.WCM   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectScript\12\WordPerfect\checkbox.wcm   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectScript\12\WordPerfect\closeall.wcm   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectScript\12\WordPerfect\CTRLM.WCM   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectScript\12\WordPerfect\cvtdocs12.wcm   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectScript\12\WordPerfect\DCConvert.wcm   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectScript\12\WordPerfect\ender01.wpg   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectScript\12\WordPerfect\ender02.wpg   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectScript\12\WordPerfect\ender03.wpg   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectScript\12\WordPerfect\ender04.wpg   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectScript\12\WordPerfect\ender05.wpg   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectScript\12\WordPerfect\ender06.wpg   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectScript\12\WordPerfect\ender07.wpg   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectScript\12\WordPerfect\ender08.wpg   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectScript\12\WordPerfect\ender09.wpg   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectScript\12\WordPerfect\ender10.wpg   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectScript\12\WordPerfect\endfoot.wcm   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectScript\12\WordPerfect\EXPNDALL.WCM   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectScript\12\WordPerfect\FILESTMP.WCM   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectScript\12\WordPerfect\flipenv.wcm   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectScript\12\WordPerfect\FONTDN.WCM   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectScript\12\WordPerfect\FONTUP.WCM   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectScript\12\WordPerfect\footend.wcm   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectScript\12\WordPerfect\LONGNAME.WCM   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectScript\12\WordPerfect\nomacro.wcm   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectScript\12\WordPerfect\PARABRK.WCM   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectScript\12\WordPerfect\pleading.wcm   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectScript\12\WordPerfect\prompts.wcm   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectScript\12\WordPerfect\reverse.wcm   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectScript\12\WordPerfect\saveall.wcm   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectScript\12\WordPerfect\SAVETOA.WCM   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectScript\12\WordPerfect\tconvert.wcm   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectScript\12\WordPerfect\uawp12EN.wcm   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectScript\12\WordPerfect\wp_org.wcm   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\PerfectScript\12\WordPerfect\wp_pr.wcm   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\WordPerfect\12\Labels\apli_eng.lab   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\WordPerfect\12\Labels\Avery Labels A4.lab   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\WordPerfect\12\Labels\Avery Labels EN.lab   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\WordPerfect\12\Labels\c-line.lab   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\WordPerfect\12\Labels\Herma_e.lab   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\WordPerfect\12\Labels\maco.lab   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\WordPerfect\12\Labels\Tower.lab   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\WordPerfect\12\Labels\WilsonJ.lab   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\WordPerfect Office 12\User Config\CdrConv.ini   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\WordPerfect Office 12\User Config\Color.ini   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\WordPerfect Office 12\User Config\CorelApp.ini   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\WordPerfect Office 12\User Config\Corelflt.ini   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\WordPerfect Office 12\User Config\corelpdf.ini   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel\WordPerfect Office 12\User Config\filters.ini   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Corel Photo Album\6\ixdb.mdb   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\desktop.ini   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\ErrorKiller\Log\2008 Feb 21 - 02_58_11 PM_937.log   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\ErrorKiller\Log\2008 Feb 21 - 02_59_05 PM_375.log   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\ErrorKiller\Log\2008 Feb 21 - 04_57_37 PM_046.log   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\gtny\88D7456F-2D0E-40AA-BDBC-7BC292A1FF1A_CONFIRM.cache   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch1\persist.cfg   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch2\persist.cfg   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch3\persist.cfg   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch4\persist.cfg   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\channels.ini   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\chdata\chdata.cfg   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\chn.pk   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\CIP\TransferAgentSetup.exe   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\CIPInfo\1157.cin   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\1004.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\1027.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\1028.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\1029.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\1030.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\1043.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\1061.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\1062.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\1064.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\1094.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\1095.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\1096.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\1097.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\1112.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\1114.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\1117.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\1118.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\1120.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\1122.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\1124.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\1125.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\1128.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\1131.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\1133.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\1134.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\1138.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\1141.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\1142.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\1145.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\1146.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\1150.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\1152.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\1157.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\1300.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\1301.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\516.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\519.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\526.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\527.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\528.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\579.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\580.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\587.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\632.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\699.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\701.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\703.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\706.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\716.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\745.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\752.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\758.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\759.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\793.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\794.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\798.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\800.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\801.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\804.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\809.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\810.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\812.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\832.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\840.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\846.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\848.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\873.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\879.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\880.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\883.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\884.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\885.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\886.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\887.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\888.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\889.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\901.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\902.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\903.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\905.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\906.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\907.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\908.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\909.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\910.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\911.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\912.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\914.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\915.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\916.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\917.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\918.ucl   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\Config\channel.cfg   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\dplugins\2.0.1.571\DiagPlugin.dll   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\config\groups.js   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\config\ocxid.js   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\diag\bios.ini   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\diag\computer_models.ini   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\diag\DAntivirus.cfg   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\diag\dell_inspiron_service_tag.ini   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\diag\dell_printers.ini   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\diag\dvd.ini   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\diag\inspiron_172X.ini   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\diag\popup.sini   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\diag\printers.ini   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\diag\trojan.ini   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\diag\vista_capbale_models.ini   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\faqs\10675121.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\faqs\10886371.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\faqs\122779.html   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\faqs\696.htm   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\faqs\697.htm   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\faqs\global.css   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\faqs\globe.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\faqs\title.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\fix\arg.ini   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\fix\DellSupportLauncher.exe   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\group_icon\security\icon.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\group_icon\system\icon.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\html\blank.htm   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\html\confirm.htm   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\html\gtagent_events.vbs   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\html\index.htm   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\html\moreinfo.htm   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\html\noitems.htm   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\html\senddata.htm   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\html\statinfo.htm   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\html\survey.htm   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\html\wait.htm   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\bg.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\but_a.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\but_b.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\close_a.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\close_b.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\close_c.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\count_bg.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\delete_a.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\delete_b.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\delete_c.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\delete_d.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\dialog_strip.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\dialog_title.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\first_a.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\first_b.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\first_c.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\first_d.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\fix_abort.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\fix_fail.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\fix_ok.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\help_a.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\help_b.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\help_c.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\last_a.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\last_b.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\last_c.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\last_d.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\left_but_a.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\left_but_b.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\min_a.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\min_b.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\min_c.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\msg_bg.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\next_a.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\next_a2.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\next_b.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\next_c.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\next_d.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\noproblems.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\prev_a.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\prev_b.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\prev_c.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\prev_d.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\right_but_a.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\right_but_b.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\settings_a.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\settings_b.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\settings_c.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\spacer.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\images\wait.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\index.htm   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\agent_infolet_exe.htm   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\ab.ppk   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\AdpUtil.js   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\Adp_GUI.js   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\Common\adpicon.ico   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\Common\button_cirlce.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\Common\button_disable.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\Common\Chimes.wav   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\Common\close_popup.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\Common\close_popup_over.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\Common\dot.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\Common\Ending_v.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\Common\Ending_x.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\Common\field_bar.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\Common\inprogress.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\Common\installing.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\Common\logo.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\Common\main_bar.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\Common\mini_logo.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\Common\mini_topbar.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\Common\Notify.wav   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\Common\progress_bg.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\Common\progress_slice.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\Common\topbar.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\De\Generic.css   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\De\global_adp_Text.xml   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\En\Generic.css   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\En\global_adp_Text.xml   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\Es\Generic.css   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\Es\global_adp_Text.xml   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\Fr\Generic.css   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\Fr\global_adp_Text.xml   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\ImgOver.js   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\Initialize.js   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\It\Generic.css   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\It\global_adp_Text.xml   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\Jp\Generic.css   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\Jp\global_adp_Text.xml   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\Ko\Generic.css   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\Ko\global_adp_Text.xml   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\main.htm   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\Nl\Generic.css   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\Nl\global_adp_Text.xml   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\popupMsg.js   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\PtB\Generic.css   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\PtB\global_adp_Text.xml   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\Query.js   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\Sv\Generic.css   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\Sv\global_adp_Text.xml   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\Wrapper.js   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\Zh\Generic.css   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\Zh\global_adp_Text.xml   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\ZhT\Generic.css   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\adpglobal\ZhT\global_adp_Text.xml   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\ccnotify.cfg   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\cybercoach.cfg   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\enginecf_ver.ini   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\glfs\default.glf   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\glfs\Dell.glf   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\LibDir\abort.trn   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\LibDir\cloak.trn   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\LibDir\De_LibText.ini   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\LibDir\En_LibText.ini   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\LibDir\errorlib.trn   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\LibDir\Es_LibText.ini   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\LibDir\Fr_LibText.ini   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\LibDir\func.trn   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\LibDir\generic.trn   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\LibDir\getmaindriver.trn   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\LibDir\It_LibText.ini   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\LibDir\Jp_LibText.ini   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\LibDir\Ko_LibText.ini   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\LibDir\mini.trn   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\LibDir\Nl_LibText.ini   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\LibDir\oeonwindows.trn   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\LibDir\outlookexpress.trn   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\LibDir\PtB_LibText.ini   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\LibDir\Sv_LibText.ini   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\LibDir\taskbarandstartmenu.trn   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\LibDir\xsystray.trn   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\LibDir\ZhT_LibText.ini   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\LibDir\Zh_LibText.ini   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\configuration\trainer.ppk   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\lessons\1.gdpb   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\lessons\DeleteTempFolder.gdpb   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\lessons\DeleteWow6432Node.gdpb   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\lessons\DisableHDAutorun.gdpb   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\lessons\Dl_DriverReset.gdpb   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\lessons\Dl_PwrMngUtil.gdpb   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\lessons\EnableAutomaticUpdates.gdpb   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\lessons\EnablePopupBlocker.gdpb   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\lessons\LimitExcelMacro.gdpb   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\lessons\LimitPwrPointMacro.gdpb   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\lessons\LimitWordMacro.gdpb   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\lessons\SetDefaultPrinter.gdpb   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\lessons\SetXPFirewall.gdpb   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\lessons\Spool_ActivateService.gdpb   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\lessons\StartupLinkage.gdpb   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\lessons\TurnOnSystemRestore.gdpb   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\lessons\UnInst_Delport.gdpb   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\lessons\UnInst_WinIK.gdpb   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\lessons\VM_SystemManagedSize.gdpb   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\lessons\VM_UserManagedSize.gdpb   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\RunGdp.exe   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\coach\RunGdpCfg.cfg   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\common\images\items_img\application.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\common\images\items_img\autorun.jpg   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\common\images\items_img\CD.jpg   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\common\images\items_img\datasafe.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\common\images\items_img\dell_recommends.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\common\images\items_img\driver.jpg   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\common\images\items_img\dsc2.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\common\images\items_img\dvd.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\common\images\items_img\extend_warranty.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\common\images\items_img\firewall.jpg   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\common\images\items_img\flash.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\common\images\items_img\internet.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\common\images\items_img\internet_security_general.jpg   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\common\images\items_img\java.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\common\images\items_img\memory.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\common\images\items_img\memory.jpg   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\common\images\items_img\monitor.gif   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\common\images\items_img\Msexcel2.jpg   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\common\images\items_img\MSpowerpoint2.jpg   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\common\images\items_img\MSword2.jpg   Object is locked   skipped
C:\Documents and Settings\Austin Neary\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\HTML\item_templ\common\images\items_img\music.jpg   Object is locked   skipped
C:\Documents and S

trouble

#13
March 09, 2008, 08:10:51 PM
I was making sure it posted and it looks like the log reports got cutt off.  Maybe they are too big so I will post one at a time

Kaspersky report

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, March 09, 2008 11:52:23 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update:  9/03/2008
Kaspersky Anti-Virus database records: 618846
-------------------------------------------------------------------------------

Scan Settings:
   Scan using the following antivirus database: extended
   Scan Archives: true
   Scan Mail Bases: true

Scan Target - My Computer:
   C:\
   D:\
   E:\
   F:\
   G:\
   H:\
   I:\

Scan Statistics:
   Total number of scanned objects: 86355
   Number of viruses found: 6
   Number of infected objects: 41
   Number of suspicious objects: 0
   Duration of the scan process: 00:53:47


{Duplicate data edited out by Corrine.}

Corrine

#14
March 09, 2008, 11:38:16 PM
Yes, the log is too large to get at one time.  I need to see the full Kaspersky log to determine if the findings are in the ComboFix quarantine, your Antivirus quarantine, etc.  Can you attach the Kaspersky log and post the ComboFix and HJT logs, please.

To attach, click Additional Options and brows to the location of the KAV log.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.
Print
Go Up Pages1 2 3 4
User actions