1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Trojan Adclicker shutting down pc!

Discussion in 'Malware and Virus Removal Archive' started by Dion, 2008/07/22.

Page 1 of 2
  1. 2008/07/22
    Dion

    Dion Inactive Thread Starter

    Joined:
    2005/01/07
    Messages:
    53
    Likes Received:
    0
    Hi all, 7/19 laptop gets trojan.adclicker per norton internet security and antivirus. plus a msg from windows in status bar saying computer is infected. norton says its deleted but everytime I reboot it says the same thing again. Can u help - I cant scan for HJT since it wont let me go on the net. Its on safe mode right now since it no longer lets norton come up on restart. Using windows 2000 build 2195 service pack 3
     
    Last edited: 2008/07/22
    Dion,
    #1
  2. 2008/07/23
    Dion

    Dion Inactive Thread Starter

    Joined:
    2005/01/07
    Messages:
    53
    Likes Received:
    0
    Norton Scan on safe mode gave xpsecuritycenter

    This so strange, I dont have XP... well, I removed it as recommended, shows adclicker, hackroot.it? deleted, but no files to fix on the register. I feel so lost. Tk goodness I have this second pc to type here. Im even afraid to go online with it for fear of getting more malware. It wont even let it complete the windows boot up now, it just shuts back down! Pls help.
     
    Dion,
    #2


  3. to hide this advert.

  4. 2008/07/23
    Dion

    Dion Inactive Thread Starter

    Joined:
    2005/01/07
    Messages:
    53
    Likes Received:
    0
    Trojans,XP Security Center viruses help remove pls

    I could not update previous tread so here I try again? I have windows 2000, norton av, internet security and found adclicker, xp security center viruses, it deleted but did not remove even on safe mode. It also mentioned hacktool. rootkit. System was not letting me reboot and i was able to delete braviax program in the processes before it shut down again, copied HJT, DSS and Mlbm on jump drive to install and run so here is the HJT log while mlbm is still running:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:54:41 AM, on 7/23/2008
    Platform: Windows 2000 SP3 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\System32\SCardSvr.exe
    C:\WINNT\System32\S24EvMon.exe
    C:\WINNT\System32\wltrysvc.exe
    C:\WINNT\System32\bcmwltry.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\system32\LEXBCES.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\LEXPPS.EXE
    C:\WINNT\System32\Ati2evxx.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINNT\system32\basfipm.exe
    C:\WINNT\System32\drivers\CDAC11BA.EXE
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINNT\System32\RegSrvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\System32\RoamMgr.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\system32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\ZCfgSvc.exe
    C:\WINNT\system32\faxsvc.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Intel\Switching\User\RoamSvc.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINNT\system32\carpserv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINNT\system32\PRPCUI.exe
    C:\WINNT\System32\DSentry.exe
    C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\WINNT\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
    C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINNT\system32\hphmon06.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Dell\QuickSet\Quickset.exe
    C:\WINNT\system32\internat.exe
    C:\Program Files\Microsoft Money\System\reminder.exe
    C:\PROGRA~1\MI3AA1~1\wcescomm.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Dynex Enhanced G Notebook Card Adapter\DynexWCUI.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\WINNT\system32\taskmgr.exe
    C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\WINNT\System32\HPZipm12.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\QConsole.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Learn about Dell's laptops, desktops, monitors, printers plus PC electronics & accessories.
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
    O4 - HKLM\..\Run: [bascstray] BascsTray.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINNT\System32\DSentry.exe
    O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe "
    O4 - HKLM\..\Run: [CMPDPSRV] C:\WINNT\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.05.0000.1009\en-us\msnappau.exe "
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\Hewlett-Packard\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
    O4 - HKLM\..\Run: [HPHmon06] C:\WINNT\system32\hphmon06.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe "
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
    O4 - HKCU\..\Run: [Internat.exe] internat.exe
    O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe "
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
    O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O4 - Startup: Launch Microsoft Outlook.lnk = C:\Program Files\Microsoft Office00\Office\OUTLOOK.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: Dynex Wireless Networking Utility.lnk = C:\Program Files\Dynex Enhanced G Notebook Card Adapter\DynexWCUI.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office00\Office\OSA9.EXE
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: wlnd.exe
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
    O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2366230bfc875458a800/netzip/RdxIE601.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca12.custhelp.com/7530-b327h/rnl/java/RntX.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4338/mcfscan.cab
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Broadcom ASF IP monitoring service v3.0.1 (BAsfIpM) - Broadcom Corp. - C:\WINNT\system32\basfipm.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINNT\system32\hpbpro.exe
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINNT\system32\hpboid.exe
    O23 - Service: Adapter Switching (IntelRoam) - Intel Corporation - C:\Program Files\Intel\Switching\User\RoamSvc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINNT\System32\RegSrvc.exe
    O23 - Service: RoamMgr - Intel Corporation - C:\WINNT\System32\RoamMgr.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINNT\System32\S24EvMon.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINNT\System32\wltrysvc.exe
    O24 - Desktop Component 0: (no name) - http://bp2.blogger.com/_aLkNPLFRQYo/Rr1h9-oozHI/AAAAAAAAACY/ckU6letc8OU/s320/Theotokos.jpg

    --
    End of file - 13952 bytes
     
    Dion,
    #3
  5. 2008/07/23
    Dion

    Dion Inactive Thread Starter

    Joined:
    2005/01/07
    Messages:
    53
    Likes Received:
    0
    Got MLBM, DSS log now

    MLBM: Malwarebytes' Anti-Malware 1.22
    Database version: 982
    Windows 5.0.2195 Service Pack 3

    5:31:21 AM 7/23/2008
    mbam-log-7-23-2008 (05-30-46).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 85208
    Time elapsed: 58 minute(s), 31 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Documents and Settings\Administrator\delself.bat (Malware.Trace) -> No action taken.

    DSS: Deckard's System Scanner v20071014.68
    Run by Administrator on 2008-07-23 05:33:46
    Computer is in Normal Mode.
    ---------

    Backed up registry hives.
    Performed disk cleanup.

    -- HijackThis (run as Administrator.exe) ----

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:40:07 AM, on 7/23/2008
    Platform: Windows 2000 SP3 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\System32\SCardSvr.exe
    C:\WINNT\System32\S24EvMon.exe
    C:\WINNT\System32\wltrysvc.exe
    C:\WINNT\System32\bcmwltry.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\system32\LEXBCES.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\LEXPPS.EXE
    C:\WINNT\System32\Ati2evxx.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINNT\system32\basfipm.exe
    C:\WINNT\System32\drivers\CDAC11BA.EXE
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINNT\System32\RegSrvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\System32\RoamMgr.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\system32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\ZCfgSvc.exe
    C:\WINNT\system32\faxsvc.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Intel\Switching\User\RoamSvc.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINNT\system32\carpserv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINNT\system32\PRPCUI.exe
    C:\WINNT\System32\DSentry.exe
    C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\WINNT\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
    C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINNT\system32\hphmon06.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Dell\QuickSet\Quickset.exe
    C:\WINNT\system32\internat.exe
    C:\PROGRA~1\MI3AA1~1\wcescomm.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Dynex Enhanced G Notebook Card Adapter\DynexWCUI.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\WINNT\System32\HPZipm12.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Administrator\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Learn about Dell's laptops, desktops, monitors, printers plus PC electronics & accessories.
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
    O4 - HKLM\..\Run: [bascstray] BascsTray.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINNT\System32\DSentry.exe
    O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe "
    O4 - HKLM\..\Run: [CMPDPSRV] C:\WINNT\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.05.0000.1009\en-us\msnappau.exe "
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\Hewlett-Packard\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
    O4 - HKLM\..\Run: [HPHmon06] C:\WINNT\system32\hphmon06.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe "
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
    O4 - HKCU\..\Run: [Internat.exe] internat.exe
    O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe "
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
    O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O4 - Startup: Launch Microsoft Outlook.lnk = C:\Program Files\Microsoft Office00\Office\OUTLOOK.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: Dynex Wireless Networking Utility.lnk = C:\Program Files\Dynex Enhanced G Notebook Card Adapter\DynexWCUI.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office00\Office\OSA9.EXE
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: wlnd.exe
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
    O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2366230bfc875458a800/netzip/RdxIE601.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca12.custhelp.com/7530-b327h/rnl/java/RntX.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4338/mcfscan.cab
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Broadcom ASF IP monitoring service v3.0.1 (BAsfIpM) - Broadcom Corp. - C:\WINNT\system32\basfipm.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINNT\system32\hpbpro.exe
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINNT\system32\hpboid.exe
    O23 - Service: Adapter Switching (IntelRoam) - Intel Corporation - C:\Program Files\Intel\Switching\User\RoamSvc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINNT\System32\RegSrvc.exe
    O23 - Service: RoamMgr - Intel Corporation - C:\WINNT\System32\RoamMgr.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINNT\System32\S24EvMon.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINNT\System32\wltrysvc.exe
    O24 - Desktop Component 0: (no name) - http://bp2.blogger.com/_aLkNPLFRQYo/Rr1h9-oozHI/AAAAAAAAACY/ckU6letc8OU/s320/Theotokos.jpg
    --
    End of file - 13790 bytes

    -- File Associations --------------
    .js - JSFile - DefaultIcon - C:\WINNT\System32\WScript.exe,3
    .js - JSFile - shell\open\command - C:\WINNT\System32\WScript.exe "%1" %*
    .reg - regfile - shell\open\command - regedit.exe "%1" %*
    .scr - scrfile - shell\open\command - "%1" %*
    .vbs - VBSFile - DefaultIcon - C:\WINNT\System32\WScript.exe,2
    .vbs - VBSFile - shell\open\command - C:\WINNT\System32\WScript.exe "%1" %*
    .vbs - VBSFile - shell\edit\command - C:\WINNT\System32\Notepad.exe %1


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------

    R1 omci (OMCI WDM Device Driver) - c:\winnt\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
    R2 CdaC15BA - c:\winnt\system32\drivers\cdac15ba.sys
    R2 PRPC - c:\winnt\system32\drivers\prpc.sys <Not Verified; Intel Corp.; Intel(R) SpeedStep(TM) technology Applet>
    R2 s24trans (WLAN Transport) - c:\winnt\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>

    S3 bvrp_pci - c:\winnt\system32\drivers\bvrp_pci.sys
    S3 PCASp50 (PCASp50 NDIS Protocol Driver) - c:\winnt\system32\drivers\pcasp50.sys (file missing)
    S3 SoC PC-Camera Service (SoC PC-Camera) - c:\winnt\system32\drivers\pfc027.sys

    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---

    R2 BAsfIpM (Broadcom ASF IP monitoring service v3.0.1) - c:\winnt\system32\basfipm.exe <Not Verified; Broadcom Corp.; Broadcom ASF IP monitoring service>
    R2 C-DillaCdaC11BA - c:\winnt\system32\drivers\cdac11ba.exe <Not Verified; Macrovision; SafeCast Windows NT>
    R2 IntelRoam (Adapter Switching) - c:\program files\intel\switching\user\roamsvc.exe <Not Verified; Intel Corporation; Intel Intelligent Roaming Technology>
    R2 RegSrvc - c:\winnt\system32\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
    R2 RoamMgr - c:\winnt\system32\roammgr.exe <Not Verified; Intel Corporation; >

    Device Manager: Disabled --------------------------

    No disabled devices found.

    Scheduled Tasks --------------------------

    2008-07-01 22:00:00 458 --ah----- C:\WINNT\Tasks\Studiopa 1094706297.job
    2008-05-18 23:25:59 260 --a------ C:\WINNT\Tasks\DFRG.job
    -- Files created between 2008-06-23 and 2008-07-23 --------

    2008-07-23 04:53:32 0 d-------- C:\Program Files\Trend Micro
    2008-07-23 04:23:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    2008-07-23 04:23:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-23 04:23:28 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-07-22 18:19:50 0 d-------- C:\WINNT\LMI48F.tmp
    2008-07-22 18:19:41 0 d-------- C:\WINNT\LMI48E.tmp


    Find3M Report ---------------------------------------------

    2008-07-23 04:25:35 0 d-------- C:\Program Files\Common Files\Symantec Shared
    2008-07-23 03:30:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
    2008-07-19 20:21:18 0 d-------- C:\Program Files\Norton Internet Security
    2008-06-25 06:49:33 0 d-------- C:\Program Files\Intuit
    2008-06-02 20:38:06 0 d-------- C:\Program Files\Symantec


    Registry Dump -----------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Synchronization Manager "= "mobsync.exe" [07/24/02 01:00p C:\WINNT\SYSTEM32\MOBSYNC.EXE]
    "Apoint "= "C:\Program Files\Apoint\Apoint.exe" [08/23/02 02:28a]
    "ATIModeChange "= "Ati2mdxx.exe" [09/04/01 11:24p C:\WINNT\SYSTEM32\Ati2mdxx.exe]
    "CARPService "= "carpserv.exe" [01/23/03 10:06p C:\WINNT\SYSTEM32\carpserv.exe]
    "ATIPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [01/04/03 12:00a]
    "PRPCMonitor "= "PRPCUI.exe" [10/07/02 10:00a C:\WINNT\SYSTEM32\prpcui.exe]
    "bascstray "= "BascsTray.exe" []
    "PRONoMgr.exe "= "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [12/18/02 09:20p]
    "DVDSentry "= "C:\WINNT\System32\DSentry.exe" [07/17/02 05:18p]
    "CreateCD50 "= "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" [12/17/02 08:14p]
    "AdaptecDirectCD "= "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [12/17/02 07:28p]
    "CMPDPSRV "= "C:\WINNT\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE" [10/31/01 01:25p]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [01/05/04 11:47p]
    "msnappau "= "C:\Program Files\MSN Apps\Updater\01.05.0000.1009\en-us\msnappau.exe" [06/09/05 02:56p]
    "HPDJ Taskbar Utility "= "C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe" [11/03/02 05:56p]
    "HPHUPD06 "= "C:\Program Files\Hewlett-Packard\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [06/06/04 11:53p]
    "HP Component Manager "= "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [05/12/04 03:18p]
    "HPHmon06 "= "C:\WINNT\system32\hphmon06.exe" [06/06/04 11:42p]
    "ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/11/08 05:22p]
    "SSC_UserPrompt "= "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [11/02/04 03:59p]
    "HP Software Update "= "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [12/15/05 11:18a]
    "Dell QuickSet "= "C:\Program Files\Dell\QuickSet\Quickset.exe" [12/18/02 03:16a]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Internat.exe "= "internat.exe" [07/24/02 01:00p C:\WINNT\SYSTEM32\INTERNAT.EXE]
    "Reminder "= "C:\Program Files\Microsoft Money\System\reminder.exe" [07/24/98 11:00p]
    "H/PC Connection Agent "= "C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [04/22/05 07:19p]
    "updateMgr "= "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/06 04:45p]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "^SetupICWDesktop "=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "internat.exe "=internat.exe

    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
    Launch Microsoft Outlook.lnk - C:\Program Files\Microsoft Office00\Office\OUTLOOK.EXE [12/16/1998 4:09:20 PM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [8/11/2003 6:19:27 AM]
    Dynex Wireless Networking Utility.lnk - C:\Program Files\Dynex Enhanced G Notebook Card Adapter\DynexWCUI.exe [11/24/2007 3:32:49 AM]
    HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [12/15/2005 11:40:44 AM]
    HP Image Zone Fast Start.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [5/28/2004 11:06:36 PM]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office00\Office\OSA9.EXE [2/17/1999 3:05:56 PM]
    QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [10/2/2007 9:03:35 PM]
    wlnd.exe [7/19/2008 8:24:56 PM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ActiveSync]
    WcesWlgn.dll 04/22/05 07:19p 7168 C:\WINNT\SYSTEM32\WcesWlgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
    C:\WINNT\System32\LgNotify.dll 01/13/03 12:17a 110592 C:\WINNT\SYSTEM32\LgNotify.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
    Domestic Security Version 4.00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
    @= "Driver "

    *Newly Created Service* - MBAMSWISSARMY



    -- End of Deckard's System Scanner: finished at 2008-07-23 05:40:52 ------------


    After DSS I saw delset icon on desktop and i deleted it. Pc is now shutdown from idle/hibernate mode and no chgs made to registry. Will I have to clean it again? I'll post dss extra file after this for size sake.
     
    Dion,
    #4
  6. 2008/07/23
    Dion

    Dion Inactive Thread Starter

    Joined:
    2005/01/07
    Messages:
    53
    Likes Received:
    0
    DSS Extra log:

    Extra:
    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    --
    System Information ------------------------------

    Microsoft Windows 2000 Professional (build 2195) SP 3.0
    Architecture: X86; Language: English

    CPU 0: Intel(R) Pentium(R) M processor 1.70GHz
    Percentage of Memory in Use: 36%
    Physical Memory (total/avail): 511.23 MiB / 323.89 MiB
    Pagefile Memory (total/avail): 1241.29 MiB / 854.17 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1973.16 MiB

    C: is Fixed (NTFS) - 37.22 GiB total, 25.16 GiB free.
    D: is CDROM (No Media)

    \\.\PHYSICALDRIVE0 - HITACHI_DK23EB-40 - 37.26 GiB - 2 partitions
    \PARTITION0 - Unknown - 31.35 MiB
    \PARTITION1 (bootable) - Installable File System - 37.22 GiB - C:

    Security Center ---------------------------------------------------------Auto Options is scheduled to auto-install.

    - Environment Variables -----------------------------------------------

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\Administrator\Application Data
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=LOVELY
    ComSpec=C:\WINNT\system32\cmd.exe
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Administrator
    LOGONSERVER=\\LOVELY
    NUMBER_OF_PROCESSORS=1
    OS=Windows_NT
    Os2LibPath=C:\WINNT\system32\os2\dll;
    Path=C:\WINNT\system32;C:\WINNT;C:\WINNT\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Adaptec Shared\System;C:\PROGRA~1\MICROS~2\Office
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 6, GenuineIntel
    PROCESSOR_LEVEL=6
    PROCESSOR_REVISION=0d06
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    SystemDrive=C:
    SystemRoot=C:\WINNT
    TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
    TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
    USERDOMAIN=LOVELY
    USERNAME=Administrator
    USERPROFILE=C:\Documents and Settings\Administrator
    windir=C:\WINNT

    User Profiles ---------------------------

    Administrator (admin)

    - Add/Remove Programs ---------------------------------

    --> C:\Program Files\Installshield Installation Information\{08082022-2a50-4196-8196-a6f86d6e8f12}\QBReplace.exe {08082022-2a50-4196-8196-a6f86d6e8f12}#{01288593-26bb-4b3a-a04e-0a4ed28cc937}
    --> MsiExec.exe /I{F543B12A-13F5-487E-9314-F7D25E1BBE3E}
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe" -l0x9 -removeonly
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 -removeonly
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 -removeonly
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 -removeonly
    --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
    Adobe Flash Player 9 ActiveX --> C:\WINNT\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
    Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
    ALPS Touch Pad Driver --> C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
    ArcSoft VideoMVP --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B1EAB8A5-9A41-4F81-8F95-520BE08654F1}\SETUP.EXE" -l0x9
    ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
    ATI Display Driver --> rundll32 C:\WINNT\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
    Broadcom Advanced Control Suite --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{468190DA-FB4C-45BA-8E40-4B165FF1A939} /l1033
    Broadcom ASF Management Applications --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{25D24E84-64A9-40D2-85CF-540B1C4A6D52} /l1033
    Brother MFC-420CN --> "C:\Program Files\Brother\MFC420CN\0IsUninst.exe" -f "C:\Program Files\Brother\MFC420CN\DeIsL2.isu" -cbruninst.dll
    Canon S630 --> C:\WINNT\System32\CNMS630.EXE -@C:\WINNT\IsUninst.exe -f "C:\BJPrinter\CNMWINNT\Canon S630 Installer\Inst\DeIsL1.isu" -pCanon S630-c "C:\BJPrinter\CNMWINNT\Canon S630 Installer\Inst\bjinst.dll
    CC_ccProxyExt --> MsiExec.exe /I{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}
    ccCommon --> MsiExec.exe /I{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}
    ccPxyCore --> MsiExec.exe /I{30738666-9805-4926-A78F-91DA33B6C437}
    Compaq IJ650 Inkjet Printer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88739060-F683-11D3-B761-00105AD153C7}\SETUP.EXE" UNINSTALL
    Conexant D480 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
    Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
    DVDSentry --> MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
    Dynex Enhanced G Wireless Notebook Card Setup --> C:\Program Files\InstallShield Installation Information\{EA230837-B676-43A0-A439-C6CAB65A76BD}\setup.exe -runfromtemp -l0x0009 -removeonly
    Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
    Handmark PocketMoney® Version 2.0.1 (English) --> "C:\Program Files\Handmark\PocketMoney for Pocket PC\unins000.exe "
    HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    HP Color LaserJet 2820/2830/2840 2.0 --> "C:\Program Files\Hewlett-Packard\Digital Imaging\{1030DCDC-2425-407d-BEE1-13558B837FCA}\setup\hpzscr01.exe" -datfile hppscr01.dat
    hp deskjet 3320 series --> rundll32 hpzcon07.dll,VendorJettison hp deskjet 3320 series
    hp deskjet 3320 series (Remove only) --> C:\Program Files\hp deskjet 3320 series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=USB009 -vproduct=3320 -huninstall
    HP Deskjet 8.0 Software --> C:\Program Files\Hewlett-Packard\Digital Imaging\{58535A90-1788-44f5-80BB-CFF62D9CE6D5}\setup\hpzscr01.exe -datfile hphscr13.dat -showdisconnect -forcereboot
    HP Image Zone 4.7 --> C:\Program Files\Hewlett-Packard\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
    HP Imaging Device Functions 6.1 --> C:\Program Files\Hewlett-Packard\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
    hp instant support --> C:\PROGRA~1\HEWLET~1\HPINST~1\Uninstall.exe CeS
    HP Photosmart Essential --> MsiExec.exe /X{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}
    HP PSC & OfficeJet 3.5 --> "C:\Program Files\Hewlett-Packard\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\setup\hpzscr01.exe" -datfile hposcr03.dat
    HP PSC & OfficeJet 6.1.A --> "C:\Program Files\Hewlett-Packard\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup\hpzscr01.exe" -datfile hposcr08.dat
    HP Software Update --> MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
    HP Solution Center and Imaging Support Tools 6.1 --> C:\Program Files\Hewlett-Packard\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
    Intel SpeedStep technology Applet --> C:\WINNT\IsUninst.exe -f "C:\WINNT\System32\Intel(R) SpeedStep(TM) technology Applet.isu "
    Intel(R) PROSet --> MsiExec.exe /I{8552A53D-5226-462B-8E7C-B3174C04E7BD}
    ItsDeductible Express --> MsiExec.exe /X{36495C59-089C-49D1-BD15-9E5BD86DC9A1}
    Lexmark Z600 Series --> C:\WINNT\system32\spool\drivers\w32x86\3\LXBCUN5C.EXE -dLexmark Z600 Series
    LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
    LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
    Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
    Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe "
    Membership Plus 6.0 for Windows --> C:\PROGRA~1\MEMBER~1\VERSIO~1\UNWISE.EXE C:\PROGRA~1\MEMBER~1\VERSIO~1\INSTALL.LOG
    Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft ActiveSync 4.0 --> MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
    Microsoft Data Access Components KB870669 --> C:\WINNT\muninst.exe C:\WINNT\INF\KB870669.inf
    Microsoft Excel 97 --> C:\Program Files\Microsoft Office\Office\Setup\AcmeXl.exe /w Excel97.stf
    Microsoft Internet Explorer 6 SP1 --> rundll32 C:\WINNT\System32\setupwbv.dll,IE6Maintenance C:\Program Files\Internet Explorer\IE Uninstall\W2KEXCP.EXE /u
    Microsoft Money 99 --> C:\Program Files\Microsoft Money\setup\setup.exe
    Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
    Microsoft Publisher 98 --> C:\Program Files\Microsoft Office\Office\Setup\Setup.exe /m
    Microsoft VGX Q833989 --> C:\WINNT\vgxuninst.exe C:\WINNT\INF\Q833989.inf
    Microsoft Works Setup Launcher --> C:\Program Files\Microsoft Works Suite 99\Setup\Launcher.exe D:\
    Microsoft XML Parser and SDK --> MsiExec.exe /I{3E908702-AF35-4611-9518-955DA24B7E07}
    Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
    MSN Messenger 7.0 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600820}
    MSN Toolbar --> C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\mtbs.exe c
    MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
    NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
    Norton AntiSpam --> MsiExec.exe /I{3B29A786-5803-4E9E-9B58-3014A5B4E519}
    Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485F-9E18-C5025306BB3F}
    Norton AntiVirus 2006 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
    Norton Internet Security --> MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
    Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
    Norton Internet Security --> MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
    Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
    Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
    Norton Internet Security 2006 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe" /X
    Norton Protection Center --> MsiExec.exe /I{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}
    Norton WMI Update --> MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}
    Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
    PC Camera --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{5383D15F-68A1-4F67-A73E-E6F94949BFEE}
    Photosmart 320,370,7400,8100,8400 Series --> C:\Program Files\Hewlett-Packard\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat
    Picture Package Music Transfer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}\setup.exe" -l0x9 -removeonly
    QuickBooks Pro 2005 --> msiexec.exe /I {F543B12A-13F5-487E-9314-F7D25E1BBE3E} UNIQUE_NAME= "pro" QBFULLNAME= "QuickBooks Pro 2005" ADDREMOVE=1
    QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9
    QuickTime --> C:\WINNT\unvise32qt.exe C:\WINNT\System32\QuickTime\Uninstall.log
    Readiris 7.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9BFFB382-0B2C-11D6-AB3E-000102B0F79A}\setup.exe" -l0x9
    SafeCast Shared Components --> C:\WINNT\CDAC13BA.EXE /uninstall
    Sony Picture Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
    Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly
    SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
    Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
    Symantec Technical Support Web Controls --> MsiExec.exe /X{20C53FA2-4307-4671-A93F-9463B29DFCF1}
    Track 'n Trade --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{908D1CD5-4B73-4FC2-AC94-B371E1865F7A}\setup.exe" -l0x9
    TurboTax ItsDeductible 2005 --> MsiExec.exe /X{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}
    TurboTax Premier 2004 --> C:\Program Files\TurboTax\Premier 2004\TaxUnst.EXE "C:\Program Files\TurboTax\Premier 2004\Uninstall.log" -NoGui
    TurboTax Premier 2005 --> C:\Program Files\TurboTax\Premier 2005\TaxUnst.EXE "C:\Program Files\TurboTax\Premier 2005\Uninstall.log" -NoGui
    TurboTax Premier Investments 2006 --> C:\Program Files\TurboTax\Premier 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Premier 2006\Uninstall.log" -NoGui
    upapp --> MsiExec.exe /I{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}
    User's Guides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
    WexTech AnswerWorks --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
    WildTangent Web Driver --> C:\WINNT\wt\updater\wcmdmgr.exe -uninstall wtwebdriver
    Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
    Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
    Windows Media Player 9 Hotfix [See KB885492 for more information] --> C:\WINNT\$NtUninstallKB885492$\spuninst\spuninst.exe
    Windows Media Player system update (9 Series) --> C:\PROGRA~1\WINDOW~2\setup_wm.exe /Uninstall
    Yahoo! Customizations --> C:\Program Files\Yahoo!\Common\unycust.exe /S
    Yahoo! Install Manager --> C:\WINNT\system32\regsvr32 /u C:\WINNT\DOWNLO~1\YINSTH~1.DLL
    Yahoo! Internet Mail --> C:\WINNT\System32\regsvr32 /u /s C:\WINNT\DOWNLO~1\ymmapi.dll
    Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
    Yahoo! Messenger Explorer Bar --> C:\WINNT\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\MESSEN~1\YHEXBM~1.DLL
    Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


    -- Application Event Log -------------------------------------------------------

    Event Record #/Type89207 / Error
    Event Submitted/Written: 07/23/2008 04:21:08 AM
    Event ID/Source: 101 / Automatic LiveUpdate Scheduler
    Event Description:
    Information Level: error

    Internet connection not detected.

    Event Record #/Type89205 / Error
    Event Submitted/Written: 07/23/2008 04:16:08 AM
    Event ID/Source: 101 / Automatic LiveUpdate Scheduler
    Event Description:
    Information Level: error

    Internet connection not detected.

    Event Record #/Type89198 / Error
    Event Submitted/Written: 07/23/2008 04:00:01 AM
    Event ID/Source: 101 / Automatic LiveUpdate Scheduler
    Event Description:
    Information Level: error

    Internet connection not detected.

    Event Record #/Type89196 / Error
    Event Submitted/Written: 07/23/2008 03:55:01 AM
    Event ID/Source: 101 / Automatic LiveUpdate Scheduler
    Event Description:
    Information Level: error

    Internet connection not detected.

    Event Record #/Type89194 / Error
    Event Submitted/Written: 07/23/2008 03:50:01 AM
    Event ID/Source: 101 / Automatic LiveUpdate Scheduler
    Event Description:
    Information Level: error

    Internet connection not detected.



    -- Security Event Log ----------------------------------------------------------

    No Errors/Warnings found.


    -- System Event Log ------------------------------------------------------------

    Event Record #/Type17246 / Error
    Event Submitted/Written: 07/23/2008 05:02:55 AM
    Event ID/Source: 7 / Disk
    Event Description:
    The device, \Device\Harddisk0\DR0, has a bad block.

    Event Record #/Type17245 / Error
    Event Submitted/Written: 07/23/2008 05:02:53 AM
    Event ID/Source: 7 / Disk
    Event Description:
    The device, \Device\Harddisk0\DR0, has a bad block.

    Event Record #/Type17244 / Error
    Event Submitted/Written: 07/23/2008 05:02:51 AM
    Event ID/Source: 7 / Disk
    Event Description:
    The device, \Device\Harddisk0\DR0, has a bad block.

    Event Record #/Type17243 / Error
    Event Submitted/Written: 07/23/2008 05:02:50 AM
    Event ID/Source: 7 / Disk
    Event Description:
    The device, \Device\Harddisk0\DR0, has a bad block.

    Event Record #/Type17242 / Error
    Event Submitted/Written: 07/23/2008 05:02:48 AM
    Event ID/Source: 7 / Disk
    Event Description:
    The device, \Device\Harddisk0\DR0, has a bad block.



    -- End of Deckard's System Scanner: finished at 2008-07-23 05:40:52 ------------

    I'll appreciate your help pls.
     
    Dion,
    #5
  7. 2008/07/23
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi Dion
    I have combined your 2 threads, Please make all post to this thread.

    Thanks
    Geri
     
    Geri,
    #6
  8. 2008/07/23
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi Dion

    Please do the following.

    ** dss.exe must be on the desktop for the following command to work. **

    Highlight and copy the bolded command below.

    "%userprofile%\desktop\dss.exe" /daft
    • Click Start>Run and paste the command in the run box, then hit enter.
    • An interface of Deckards file association fix will open.
    • Click Scan.
    • Check the box next to the following, then click Fix.
      • .js
      • .reg
      • .vbs
      • .scr
    • Exit when complete.

    Now do this,
    You did not let MBAM fix this.
    Files Infected:
    C:\Documents and Settings\Administrator\delself.bat (Malware.Trace) -> No action taken.
    Opem MBAM update and Run MBAM again. Make sure you do this part.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select 'Perform Quick Scan', then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.

    Please post a new dss log. Let me know of any change.

    Thanks
    Geri
     
    Geri,
    #7
  9. 2008/07/26
    Dion

    Dion Inactive Thread Starter

    Joined:
    2005/01/07
    Messages:
    53
    Likes Received:
    0
    Deskstop would not complete load, it just restarts

    Hi all, I could not get desktop to load before it restarts and cant do any commands. In safe mode cant do DSS? Here I am to try again, what should I do?
     
    Dion,
    #8
  10. 2008/07/26
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi Dion
    Yes do this in safe mode.

    ** dss.exe must be on the desktop for the following command to work. **

    Highlight and copy the bolded command below.

    "%userprofile%\desktop\dss.exe" /daft

    Click Start>Run and paste the command in the run box, then hit enter.
    An interface of Deckards file association fix will open.
    Click Scan.
    Check the box next to the following, then click Fix.
    .js
    .reg
    .vbs
    .scr
    Exit when complete.


    Then download this and transfer it to the infected one and run it as instructed. (Only run it in safe mode If you need to)
    Make sure you disable Norton before running it.

    Download ComboFix from Here to your Desktop.

    It's best to disable realtime protection applications as they sometimes interfere with the tool.
    Check this link for any applicable programs you may have.
    • Close all open programs and windows
    • Double click combofix.exe and follow the prompts.
    • Vista users right click Combofix.exe and select Run As Administrator.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    Note - ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

    Note - Combofix makes some changes when run to prevent autorun/autoplay of ALL CDs, floppies and USB devices, to assist with malware removal & increase security. If this is an issue or makes it difficult for you to use those devices, please ask how to reset it.

    Please post the Combofix log.
    Thanks
    Geri
     
    Geri,
    #9
  11. 2008/07/26
    Dion

    Dion Inactive Thread Starter

    Joined:
    2005/01/07
    Messages:
    53
    Likes Received:
    0
    Didnt see your post before I got to desktop

    Wow! In order to get to desktop I had to delete braviax and internat.exe from registry to get it to load. Then I still have to pull up Task Manager and delete braviax before it shuts me down again. When I came up I tried the %userprfile instruction you gave but it says: "Cannot find the file 'C:\Documents' (or one of its components), Make sure the path and filename are correct and that all required libraries are available" DSS.exe is on the desktop and if i just type the command witout the \daft it runs dss! I now have MBAM running but Norton had blocked XP security and trojan.adclicker while it started... I think I'll have to do this all over again to get it straight. Im waiting for it to finish. Here is the DSS log I got in the meantime before I deleted bravia and after:

    Deckard's System Scanner v20071014.68
    Run by Administrator on 2008-07-26 14:49:37
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as Administrator.exe) ---------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:51:23 PM, on 7/26/2008
    Platform: Windows 2000 SP3 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\System32\SCardSvr.exe
    C:\WINNT\System32\S24EvMon.exe
    C:\WINNT\System32\wltrysvc.exe
    C:\WINNT\System32\bcmwltry.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\system32\LEXBCES.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\LEXPPS.EXE
    C:\WINNT\System32\Ati2evxx.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINNT\system32\basfipm.exe
    C:\WINNT\System32\drivers\CDAC11BA.EXE
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\RegSrvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\System32\RoamMgr.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\ZCfgSvc.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\system32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\faxsvc.exe
    C:\Program Files\Intel\Switching\User\RoamSvc.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINNT\system32\carpserv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINNT\system32\PRPCUI.exe
    C:\WINNT\System32\DSentry.exe
    C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINNT\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
    C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINNT\system32\hphmon06.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Dell\QuickSet\Quickset.exe
    C:\Program Files\Microsoft Money\System\reminder.exe
    C:\PROGRA~1\MI3AA1~1\wcescomm.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Dynex Enhanced G Notebook Card Adapter\DynexWCUI.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINNT\system32\msiexec.exe
    C:\Documents and Settings\Administrator\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXE
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
    O4 - HKLM\..\Run: [bascstray] BascsTray.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINNT\System32\DSentry.exe
    O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe "
    O4 - HKLM\..\Run: [CMPDPSRV] C:\WINNT\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.05.0000.1009\en-us\msnappau.exe "
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\Hewlett-Packard\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
    O4 - HKLM\..\Run: [HPHmon06] C:\WINNT\system32\hphmon06.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe "
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
    O4 - HKLM\..\Run: [braviax] C:\WINNT\system32\braviax.exe
    O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe "
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
    O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O4 - Startup: Launch Microsoft Outlook.lnk = C:\Program Files\Microsoft Office00\Office\OUTLOOK.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: Dynex Wireless Networking Utility.lnk = C:\Program Files\Dynex Enhanced G Notebook Card Adapter\DynexWCUI.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office00\Office\OSA9.EXE
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: wlnd.exe
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
    O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2366230bfc875458a800/netzip/RdxIE601.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca12.custhelp.com/7530-b327h/rnl/java/RntX.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4338/mcfscan.cab
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Broadcom ASF IP monitoring service v3.0.1 (BAsfIpM) - Broadcom Corp. - C:\WINNT\system32\basfipm.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINNT\system32\hpbpro.exe
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINNT\system32\hpboid.exe
    O23 - Service: Adapter Switching (IntelRoam) - Intel Corporation - C:\Program Files\Intel\Switching\User\RoamSvc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINNT\System32\RegSrvc.exe
    O23 - Service: RoamMgr - Intel Corporation - C:\WINNT\System32\RoamMgr.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINNT\System32\S24EvMon.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINNT\System32\wltrysvc.exe
    O24 - Desktop Component 0: (no name) - http://bp2.blogger.com/_aLkNPLFRQYo/Rr1h9-oozHI/AAAAAAAAACY/ckU6letc8OU/s320/Theotokos.jpg

    --
    End of file - 13778 bytes

    -- Files created between 2008-06-26 and 2008-07-26 -----------------------------

    2008-07-26 14:49:04 0 --a------ C:\WINNT\system32\univrs32.dat
    2008-07-24 04:44:53 13312 --a------ C:\WINNT\system32\braviax.exe
    2008-07-24 02:57:35 206 --a------ C:\Documents and Settings\Administrator\delself.bat
    2008-07-23 05:40:44 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_9cc.dat
    2008-07-23 04:53:32 0 d-------- C:\Program Files\Trend Micro
    2008-07-23 04:23:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    2008-07-23 04:23:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-23 04:23:28 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-07-22 18:19:50 0 d-------- C:\WINNT\LMI48F.tmp
    2008-07-22 18:19:41 0 d-------- C:\WINNT\LMI48E.tmp


    -- Find3M Report ---------------------------------------------------------------

    2008-07-26 14:47:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
    2008-07-23 04:25:35 0 d-------- C:\Program Files\Common Files\Symantec Shared
    2008-07-19 20:21:18 0 d-------- C:\Program Files\Norton Internet Security
    2008-06-25 06:49:33 0 d-------- C:\Program Files\Intuit
    2008-06-02 20:38:06 0 d-------- C:\Program Files\Symantec


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Synchronization Manager "= "mobsync.exe" [07/24/02 01:00p C:\WINNT\SYSTEM32\MOBSYNC.EXE]
    "Apoint "= "C:\Program Files\Apoint\Apoint.exe" [08/23/02 02:28a]
    "ATIModeChange "= "Ati2mdxx.exe" [09/04/01 11:24p C:\WINNT\SYSTEM32\Ati2mdxx.exe]
    "CARPService "= "carpserv.exe" [01/23/03 10:06p C:\WINNT\SYSTEM32\carpserv.exe]
    "ATIPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [01/04/03 12:00a]
    "PRPCMonitor "= "PRPCUI.exe" [10/07/02 10:00a C:\WINNT\SYSTEM32\prpcui.exe]
    "bascstray "= "BascsTray.exe" []
    "PRONoMgr.exe "= "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [12/18/02 09:20p]
    "DVDSentry "= "C:\WINNT\System32\DSentry.exe" [07/17/02 05:18p]
    "CreateCD50 "= "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" [12/17/02 08:14p]
    "AdaptecDirectCD "= "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [12/17/02 07:28p]
    "CMPDPSRV "= "C:\WINNT\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE" [10/31/01 01:25p]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [01/05/04 11:47p]
    "msnappau "= "C:\Program Files\MSN Apps\Updater\01.05.0000.1009\en-us\msnappau.exe" [06/09/05 02:56p]
    "HPDJ Taskbar Utility "= "C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe" [11/03/02 05:56p]
    "HPHUPD06 "= "C:\Program Files\Hewlett-Packard\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [06/06/04 11:53p]
    "HP Component Manager "= "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [05/12/04 03:18p]
    "HPHmon06 "= "C:\WINNT\system32\hphmon06.exe" [06/06/04 11:42p]
    "ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/11/08 05:22p]
    "SSC_UserPrompt "= "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [11/02/04 03:59p]
    "HP Software Update "= "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [12/15/05 11:18a]
    "Dell QuickSet "= "C:\Program Files\Dell\QuickSet\Quickset.exe" [12/18/02 03:16a]
    "braviax "= "C:\WINNT\system32\braviax.exe" [07/24/08 04:44a]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Reminder "= "C:\Program Files\Microsoft Money\System\reminder.exe" [07/24/98 11:00p]
    "H/PC Connection Agent "= "C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [04/22/05 07:19p]
    "updateMgr "= "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/06 04:45p]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "^SetupICWDesktop "=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "internat.exe "=internat.exe

    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
    Launch Microsoft Outlook.lnk - C:\Program Files\Microsoft Office00\Office\OUTLOOK.EXE [12/16/1998 4:09:20 PM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [8/11/2003 6:19:27 AM]
    Dynex Wireless Networking Utility.lnk - C:\Program Files\Dynex Enhanced G Notebook Card Adapter\DynexWCUI.exe [11/24/2007 3:32:49 AM]
    HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [12/15/2005 11:40:44 AM]
    HP Image Zone Fast Start.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [5/28/2004 11:06:36 PM]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office00\Office\OSA9.EXE [2/17/1999 3:05:56 PM]
    QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [10/2/2007 9:03:35 PM]
    wlnd.exe [7/19/2008 8:24:56 PM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ActiveSync]
    WcesWlgn.dll 04/22/05 07:19p 7168 C:\WINNT\SYSTEM32\WcesWlgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
    C:\WINNT\System32\LgNotify.dll 01/13/03 12:17a 110592 C:\WINNT\SYSTEM32\LgNotify.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
    Domestic Security Version 4.00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
    @= "Driver "

    *Newly Created Service* - ERASERUTILDRV10741



    -- End of Deckard's System Scanner: finished at 2008-07-26 14:52:04 ------------
     
    Dion,
    #10
  12. 2008/07/26
    Dion

    Dion Inactive Thread Starter

    Joined:
    2005/01/07
    Messages:
    53
    Likes Received:
    0
    2nd dss and 1st MBAM today

    Deckard's System Scanner v20071014.68
    Run by Administrator on 2008-07-26 15:17:52
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as Administrator.exe) ---------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:18:15 PM, on 7/26/2008
    Platform: Windows 2000 SP3 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\System32\SCardSvr.exe
    C:\WINNT\System32\S24EvMon.exe
    C:\WINNT\System32\wltrysvc.exe
    C:\WINNT\System32\bcmwltry.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\system32\LEXBCES.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\LEXPPS.EXE
    C:\WINNT\System32\Ati2evxx.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINNT\system32\basfipm.exe
    C:\WINNT\System32\drivers\CDAC11BA.EXE
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\RegSrvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\System32\RoamMgr.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\ZCfgSvc.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\system32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\faxsvc.exe
    C:\Program Files\Intel\Switching\User\RoamSvc.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINNT\system32\carpserv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINNT\system32\PRPCUI.exe
    C:\WINNT\System32\DSentry.exe
    C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINNT\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
    C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINNT\system32\hphmon06.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Dell\QuickSet\Quickset.exe
    C:\Program Files\Microsoft Money\System\reminder.exe
    C:\PROGRA~1\MI3AA1~1\wcescomm.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Dynex Enhanced G Notebook Card Adapter\DynexWCUI.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Documents and Settings\Administrator\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
    O4 - HKLM\..\Run: [bascstray] BascsTray.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINNT\System32\DSentry.exe
    O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe "
    O4 - HKLM\..\Run: [CMPDPSRV] C:\WINNT\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.05.0000.1009\en-us\msnappau.exe "
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\Hewlett-Packard\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
    O4 - HKLM\..\Run: [HPHmon06] C:\WINNT\system32\hphmon06.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe "
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
    O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe "
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
    O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O4 - Startup: Launch Microsoft Outlook.lnk = C:\Program Files\Microsoft Office00\Office\OUTLOOK.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: Dynex Wireless Networking Utility.lnk = C:\Program Files\Dynex Enhanced G Notebook Card Adapter\DynexWCUI.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office00\Office\OSA9.EXE
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: wlnd.exe
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
    O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2366230bfc875458a800/netzip/RdxIE601.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca12.custhelp.com/7530-b327h/rnl/java/RntX.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4338/mcfscan.cab
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Broadcom ASF IP monitoring service v3.0.1 (BAsfIpM) - Broadcom Corp. - C:\WINNT\system32\basfipm.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINNT\system32\hpbpro.exe
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINNT\system32\hpboid.exe
    O23 - Service: Adapter Switching (IntelRoam) - Intel Corporation - C:\Program Files\Intel\Switching\User\RoamSvc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINNT\System32\RegSrvc.exe
    O23 - Service: RoamMgr - Intel Corporation - C:\WINNT\System32\RoamMgr.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINNT\System32\S24EvMon.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINNT\System32\wltrysvc.exe
    O24 - Desktop Component 0: (no name) - http://bp2.blogger.com/_aLkNPLFRQYo/Rr1h9-oozHI/AAAAAAAAACY/ckU6letc8OU/s320/Theotokos.jpg

    --
    End of file - 13612 bytes

    -- Files created between 2008-06-26 and 2008-07-26 -----------------------------

    2008-07-24 02:57:35 206 --a------ C:\Documents and Settings\Administrator\delself.bat
    2008-07-23 05:40:44 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_9cc.dat
    2008-07-23 04:53:32 0 d-------- C:\Program Files\Trend Micro
    2008-07-23 04:23:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    2008-07-23 04:23:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-23 04:23:28 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-07-22 18:19:50 0 d-------- C:\WINNT\LMI48F.tmp
    2008-07-22 18:19:41 0 d-------- C:\WINNT\LMI48E.tmp


    -- Find3M Report ---------------------------------------------------------------

    2008-07-26 14:47:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
    2008-07-23 04:25:35 0 d-------- C:\Program Files\Common Files\Symantec Shared
    2008-07-19 20:21:18 0 d-------- C:\Program Files\Norton Internet Security
    2008-06-25 06:49:33 0 d-------- C:\Program Files\Intuit
    2008-06-02 20:38:06 0 d-------- C:\Program Files\Symantec


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Synchronization Manager "= "mobsync.exe" [07/24/02 01:00p C:\WINNT\SYSTEM32\MOBSYNC.EXE]
    "Apoint "= "C:\Program Files\Apoint\Apoint.exe" [08/23/02 02:28a]
    "ATIModeChange "= "Ati2mdxx.exe" [09/04/01 11:24p C:\WINNT\SYSTEM32\Ati2mdxx.exe]
    "CARPService "= "carpserv.exe" [01/23/03 10:06p C:\WINNT\SYSTEM32\carpserv.exe]
    "ATIPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [01/04/03 12:00a]
    "PRPCMonitor "= "PRPCUI.exe" [10/07/02 10:00a C:\WINNT\SYSTEM32\prpcui.exe]
    "bascstray "= "BascsTray.exe" []
    "PRONoMgr.exe "= "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [12/18/02 09:20p]
    "DVDSentry "= "C:\WINNT\System32\DSentry.exe" [07/17/02 05:18p]
    "CreateCD50 "= "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" [12/17/02 08:14p]
    "AdaptecDirectCD "= "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [12/17/02 07:28p]
    "CMPDPSRV "= "C:\WINNT\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE" [10/31/01 01:25p]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [01/05/04 11:47p]
    "msnappau "= "C:\Program Files\MSN Apps\Updater\01.05.0000.1009\en-us\msnappau.exe" [06/09/05 02:56p]
    "HPDJ Taskbar Utility "= "C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe" [11/03/02 05:56p]
    "HPHUPD06 "= "C:\Program Files\Hewlett-Packard\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [06/06/04 11:53p]
    "HP Component Manager "= "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [05/12/04 03:18p]
    "HPHmon06 "= "C:\WINNT\system32\hphmon06.exe" [06/06/04 11:42p]
    "ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/11/08 05:22p]
    "SSC_UserPrompt "= "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [11/02/04 03:59p]
    "HP Software Update "= "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [12/15/05 11:18a]
    "Dell QuickSet "= "C:\Program Files\Dell\QuickSet\Quickset.exe" [12/18/02 03:16a]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Reminder "= "C:\Program Files\Microsoft Money\System\reminder.exe" [07/24/98 11:00p]
    "H/PC Connection Agent "= "C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [04/22/05 07:19p]
    "updateMgr "= "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/06 04:45p]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "^SetupICWDesktop "=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "internat.exe "=internat.exe

    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
    Launch Microsoft Outlook.lnk - C:\Program Files\Microsoft Office00\Office\OUTLOOK.EXE [12/16/1998 4:09:20 PM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [8/11/2003 6:19:27 AM]
    Dynex Wireless Networking Utility.lnk - C:\Program Files\Dynex Enhanced G Notebook Card Adapter\DynexWCUI.exe [11/24/2007 3:32:49 AM]
    HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [12/15/2005 11:40:44 AM]
    HP Image Zone Fast Start.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [5/28/2004 11:06:36 PM]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office00\Office\OSA9.EXE [2/17/1999 3:05:56 PM]
    QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [10/2/2007 9:03:35 PM]
    wlnd.exe [7/19/2008 8:24:56 PM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ActiveSync]
    WcesWlgn.dll 04/22/05 07:19p 7168 C:\WINNT\SYSTEM32\WcesWlgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
    C:\WINNT\System32\LgNotify.dll 01/13/03 12:17a 110592 C:\WINNT\SYSTEM32\LgNotify.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
    Domestic Security Version 4.00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
    @= "Driver "

    *Newly Created Service* - ERASERUTILDRV10741



    -- End of Deckard's System Scanner: finished at 2008-07-26 15:18:51 ------------


    Malwarebytes' Anti-Malware 1.22
    Database version: 982
    Windows 5.0.2195 Service Pack 3

    5:31:43 AM 7/23/2008
    mbam-log-7-23-2008 (05-31-43).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 85208
    Time elapsed: 58 minute(s), 31 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Documents and Settings\Administrator\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
     
    Dion,
    #11
  13. 2008/07/26
    Dion

    Dion Inactive Thread Starter

    Joined:
    2005/01/07
    Messages:
    53
    Likes Received:
    0
    Got dss /daft to run and combofix done!!

    I was missing the quotes for daft to run...! It had triple of those .vbs to delete! Im so excited! These viruses are unbelievable. Catch me it says! Here is combo fix log:
    ComboFix 08-07-26.1 - Administrator 07/26/2008 15:58:35.1 - NTFSx86
    Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINNT\system32\bszip.dll
    C:\WINNT\system32\drivers\fad.sys
    C:\WINNT\t\
    C:\WINNT\Web\default.htt

    .
    ((((((((((((((((((((((((( Files Created from 2008-06-26 to 2008-07-26 )))))))))))))))))))))))))))))))
    .

    2008-07-26 15:58 . 08-07-26 15:58 16,384 --a----t- C:\WINNT\SYSTEM32\Perflib_Perfdata_990.dat
    2008-07-23 05:40 . 08-07-23 05:40 16,384 --a----t- C:\WINNT\SYSTEM32\Perflib_Perfdata_9cc.dat
    2008-07-23 05:15 . 08-07-23 05:15 <DIR> d-------- C:\Deckard
    2008-07-23 04:53 . 08-07-23 04:53 <DIR> d-------- C:\Program Files\Trend Micro
    2008-07-23 04:23 . 08-07-23 04:23 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-07-23 04:23 . 08-07-23 04:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-23 04:23 . 08-07-23 04:23 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    2008-07-23 04:23 . 08-07-20 20:21 38,472 --a------ C:\WINNT\SYSTEM32\DRIVERS\mbamswissarmy.sys
    2008-07-23 04:23 . 08-07-20 20:21 17,144 --a------ C:\WINNT\SYSTEM32\DRIVERS\mbam.sys
    2008-07-22 18:19 . 08-07-22 18:19 <DIR> d-------- C:\WINNT\LMI48F.tmp
    2008-07-22 18:19 . 08-07-22 18:20 <DIR> d-------- C:\WINNT\LMI48E.tmp
    2008-07-20 07:05 . 08-07-20 07:05 137 --a------ C:\WINNT\SYSTEM32\MRT.INI

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-26 19:47 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AdobeUM
    2008-07-23 09:25 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-07-20 01:21 --------- d-----w C:\Program Files\Norton Internet Security
    2008-06-25 11:49 --------- d-----w C:\Program Files\Intuit
    2008-06-03 01:38 805 ----a-w C:\WINNT\system32\drivers\SYMEVENT.INF
    2008-06-03 01:38 60,800 ----a-w C:\WINNT\SYSTEM32\S32EVNT1.DLL
    2008-06-03 01:38 123,952 ----a-w C:\WINNT\system32\drivers\SYMEVENT.SYS
    2008-06-03 01:38 10,671 ----a-w C:\WINNT\system32\drivers\SYMEVENT.CAT
    2008-06-03 01:38 --------- d-----w C:\Program Files\Symantec
    2006-06-20 21:55 45,511,639 ----a-w C:\Program Files\NIS06910IE.exe
    2006-03-30 23:05 0 ----a-w C:\Program Files\error.dat
    2005-11-10 23:15 3,932 ----a-w C:\Documents and Settings\Administrator\Application Data\CMLayout.dat
    2005-11-10 23:15 268 ----a-w C:\Documents and Settings\Administrator\Application Data\CMCPaper.dat
    2003-01-22 22:08 271 ---ha-w C:\Program Files\DESKTOP.INI
    2003-01-22 22:08 21,952 ---ha-w C:\Program Files\FOLDER.HTT
    2002-07-24 18:00 32,528 ----a-w C:\WINNT\INF\WBFIRDMA.SYS
    2001-05-21 14:54 3,932 ------w C:\Documents and Settings\Default User\Application Data\CMLayout.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Reminder "= "C:\Program Files\Microsoft Money\System\reminder.exe" [98-07-24 23:00 36352]
    "H/PC Connection Agent "= "C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [05-04-22 19:19 1196032]
    "updateMgr "= "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [06-03-30 16:45 313472]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint "= "C:\Program Files\Apoint\Apoint.exe" [02-08-23 02:28 143360]
    "ATIPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03-01-04 00:00 294912]
    "PRONoMgr.exe "= "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [02-12-18 21:20 86016]
    "DVDSentry "= "C:\WINNT\System32\DSentry.exe" [02-07-17 17:18 28672]
    "CreateCD50 "= "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" [02-12-17 20:14 131157]
    "AdaptecDirectCD "= "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [02-12-17 19:28 684032]
    "CMPDPSRV "= "C:\WINNT\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE" [01-10-31 13:25 45056]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [04-01-05 23:47 98304]
    "msnappau "= "C:\Program Files\MSN Apps\Updater\01.05.0000.1009\en-us\msnappau.exe" [05-06-09 14:56 219648]
    "HPDJ Taskbar Utility "= "C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe" [02-11-03 17:56 188416]
    "HPHUPD06 "= "C:\Program Files\Hewlett-Packard\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [04-06-06 23:53 49152]
    "HP Component Manager "= "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [04-05-12 15:18 241664]
    "HPHmon06 "= "C:\WINNT\system32\hphmon06.exe" [04-06-06 23:42 659456]
    "ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08-02-11 17:22 53096]
    "SSC_UserPrompt "= "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [04-11-02 15:59 218240]
    "HP Software Update "= "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [05-12-15 11:18 49152]
    "Dell QuickSet "= "C:\Program Files\Dell\QuickSet\Quickset.exe" [02-12-18 03:16 360448]
    "Synchronization Manager "= "mobsync.exe" [02-07-24 13:00 111376 C:\WINNT\SYSTEM32\MOBSYNC.EXE]
    "ATIModeChange "= "Ati2mdxx.exe" [01-09-04 23:24 28672 C:\WINNT\SYSTEM32\Ati2mdxx.exe]
    "CARPService "= "carpserv.exe" [03-01-23 22:06 4608 C:\WINNT\SYSTEM32\carpserv.exe]
    "PRPCMonitor "= "PRPCUI.exe" [02-10-07 10:00 45568 C:\WINNT\SYSTEM32\prpcui.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "internat.exe "= "internat.exe" [02-07-24 13:00 20752 C:\WINNT\SYSTEM32\INTERNAT.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "^SetupICWDesktop "= "C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [02-07-24 13:00 186640]

    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
    Launch Microsoft Outlook.lnk - C:\Program Files\Microsoft Office00\Office\OUTLOOK.EXE [1998-12-16 16:09:20 57393]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2003-08-11 06:19:27 24576]
    Dynex Wireless Networking Utility.lnk - C:\Program Files\Dynex Enhanced G Notebook Card Adapter\DynexWCUI.exe [2007-11-24 03:32:49 1454080]
    HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2005-12-15 11:40:44 282624]
    HP Image Zone Fast Start.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2004-05-28 23:06:36 53248]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office00\Office\OSA9.EXE [1999-02-17 15:05:56 65588]
    QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-10-02 21:03:35 815104]
    wlnd.exe [2008-07-19 20:24:56 48128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
    03-01-13 00:17 110592 C:\WINNT\SYSTEM32\LgNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ActiveSync]
    05-04-22 19:19 7168 C:\WINNT\SYSTEM32\WcesWlgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux "= mmdrv.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    Domestic Security Version 4.00

    R0 fasttrak;fasttrak;C:\WINNT\system32\DRIVERS\fasttrak.sys [03-01-22 16:52 ]
    R0 Fd16_700;Fd16_700;C:\WINNT\system32\DRIVERS\fd16_700.sys [99-09-25 18:11 ]
    R0 mraid2k;mraid2k;C:\WINNT\system32\DRIVERS\mraid2k.sys [03-01-22 16:52 ]
    R1 cdudf;cdudf;C:\WINNT\system32\drivers\cdudf.sys [02-12-17 19:29 ]
    R2 PRPC;PRPC;C:\WINNT\system32\drivers\PRPC.sys [02-10-07 10:00 ]
    R3 MIPMN;Intel Adapter Switching Driver;C:\WINNT\system32\DRIVERS\mipmn2k.sys [02-11-22 21:09 ]
    R3 usbhub20;USB Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys [03-01-15 18:46 ]
    R3 w70n5;Intel(R) PRO/Wireless 7100 Adapter Driver;C:\WINNT\system32\DRIVERS\w70n5.sys [03-01-12 21:11 ]
    S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINNT\system32\Drivers\BrSerIf.sys [04-06-12 00:27 ]
    S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINNT\system32\Drivers\BrUsbSer.sys [04-01-09 23:28 ]
    S3 EL90BC;3Com EtherLink XL B/C Adapter Driver;C:\WINNT\system32\DRIVERS\el90xbc5.sys [99-10-23 19:22 ]
    S3 HPPLSBULK;HPPLSBULK;C:\WINNT\system32\drivers\hpplsbulk.sys [05-02-02 18:29 ]
    S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINNT\system32\Drivers\PCASp50.sys []
    S3 usb_rndisy;USB RNDIS Adapter;C:\WINNT\system32\DRIVERS\usb8023y.sys [05-02-28 16:45 ]

    *Newly Created Service* - CATCHME
    *Newly Created Service* - ERASERUTILDRV10741
    *Newly Created Service* - PROCEXP90
    .
    Contents of the 'Scheduled Tasks' folder
    2008-05-19 C:\WINNT\Tasks\DFRG.job - C:\WINNT\SYSTEM32\DFRG.MSC [07-04-04 09:35 ]
    2008-07-02 C:\WINNT\Tasks\Studiopa 1094706297.job - C:\Program Files\Intuit\QuickBooks Pro\AutoBackupEXE.exe [07-10-02 20:00 ]
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-bascstray - BascsTray.exe


    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.google.com
    R0 -: HKLM-Main,Start Page = hxxp://www.google.com
    R0 -: HKLM-Main,Search Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
    R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1
    R1 -: HKCU-SearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    O9 -: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm

    O16 -: DirectAnimation Java Classes - file://C:\WINNT\Java\classes\dajava.cab
    C:\WINNT\Downloaded Program Files\DirectAnimation Java Classes.osd

    O16 -: Microsoft XML Parser for Java - file://C:\WINNT\Java\classes\xmldso.cab
    C:\WINNT\Downloaded Program Files\Microsoft XML Parser for Java.osd


    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-26 16:02:01
    Windows 5.0.2195 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-07-26 16:03:33
    ComboFix-quarantined-files.txt 2008-07-26 21:03:25

    Pre-Run: 26,998,176,256 bytes free
    Post-Run: 26,994,204,160 bytes free

    152 --- E O F --- 2008-07-20 12:07:44


    After the log posted the desktop did not return... Should I restart pc? Or am I supposed to wait for something else? Pls advise. Tks!
     
    Dion,
    #12
  14. 2008/07/26
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    Yes please restart the PC and let me know what happens desktop comes back, any warnings...

    I'll go through your log and let you know the next step.

    Geri
     
    Geri,
    #13
  15. 2008/07/27
    Dion

    Dion Inactive Thread Starter

    Joined:
    2005/01/07
    Messages:
    53
    Likes Received:
    0
    Deskstop would not complete load, it just restarts

    It did it again. As if nothing was done to it! Stops at same part again. Says its saving settings on exit. I shut it off before it finished.:confused:
     
    Dion,
    #14
  16. 2008/07/27
    Dion

    Dion Inactive Thread Starter

    Joined:
    2005/01/07
    Messages:
    53
    Likes Received:
    0
    DSS log in safe mode

    Here is the DSS log in safe mode, so I could get to it! Whenever Im leaving safe mode a Unable to end program "SAMPLE" window comes up - is that ok?
    In order for it to start in normal mode I have to delete braviax and internat. I also deleted delsef.bat. They just keep coming back! Thanks for all you do!
     
    Dion,
    #15
  17. 2008/07/27
    Dion

    Dion Inactive Thread Starter

    Joined:
    2005/01/07
    Messages:
    53
    Likes Received:
    0
    Oops, here is the file

    Deckard's System Scanner v20071014.68
    Run by Administrator on 2008-07-27 03:51:11
    Computer is in Safe Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as Administrator.exe) ---------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:51:22 AM, on 7/27/2008
    Platform: Windows 2000 SP3 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Safe mode

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\ZCfgSvc.exe
    C:\WINNT\Explorer.EXE
    C:\Documents and Settings\Administrator\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINNT\System32\DSentry.exe
    O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe "
    O4 - HKLM\..\Run: [CMPDPSRV] C:\WINNT\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.05.0000.1009\en-us\msnappau.exe "
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\Hewlett-Packard\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
    O4 - HKLM\..\Run: [HPHmon06] C:\WINNT\system32\hphmon06.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe "
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
    O4 - HKLM\..\Run: [braviax] C:\WINNT\system32\braviax.exe
    O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe "
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
    O4 - HKCU\..\Run: [braviax] C:\WINNT\system32\braviax.exe
    O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O4 - Startup: Launch Microsoft Outlook.lnk = C:\Program Files\Microsoft Office00\Office\OUTLOOK.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: Dynex Wireless Networking Utility.lnk = C:\Program Files\Dynex Enhanced G Notebook Card Adapter\DynexWCUI.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office00\Office\OSA9.EXE
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: wlnd.exe
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
    O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
    O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca12.custhelp.com/7530-b327h/rnl/java/RntX.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4338/mcfscan.cab
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Broadcom ASF IP monitoring service v3.0.1 (BAsfIpM) - Broadcom Corp. - C:\WINNT\system32\basfipm.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINNT\system32\hpbpro.exe
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINNT\system32\hpboid.exe
    O23 - Service: Adapter Switching (IntelRoam) - Intel Corporation - C:\Program Files\Intel\Switching\User\RoamSvc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINNT\System32\RegSrvc.exe
    O23 - Service: RoamMgr - Intel Corporation - C:\WINNT\System32\RoamMgr.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINNT\System32\S24EvMon.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINNT\System32\wltrysvc.exe
    O24 - Desktop Component 0: (no name) - http://bp2.blogger.com/_aLkNPLFRQYo/Rr1h9-oozHI/AAAAAAAAACY/ckU6letc8OU/s320/Theotokos.jpg

    --
    End of file - 11335 bytes

    -- Files created between 2008-06-27 and 2008-07-27 -----------------------------

    2008-07-27 03:23:51 206 --a------ C:\Documents and Settings\Administrator\delself.bat
    2008-07-27 03:23:50 13312 --a------ C:\WINNT\system32\braviax.exe
    2008-07-26 16:01:53 53248 --a------ C:\WINNT\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
    2008-07-26 15:58:41 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_990.dat
    2008-07-26 15:57:32 68096 --a------ C:\WINNT\zip.exe
    2008-07-26 15:57:32 49152 --a------ C:\WINNT\VFind.exe
    2008-07-26 15:57:32 212480 --a------ C:\WINNT\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
    2008-07-26 15:57:32 136704 --a------ C:\WINNT\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
    2008-07-26 15:57:32 161792 --a------ C:\WINNT\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
    2008-07-26 15:57:32 98816 --a------ C:\WINNT\sed.exe
    2008-07-26 15:57:32 80412 --a------ C:\WINNT\grep.exe
    2008-07-26 15:57:32 89504 --a------ C:\WINNT\fdsv.exe <Not Verified; Smallfrogs Studio; >
    2008-07-23 05:40:44 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_9cc.dat
    2008-07-23 04:53:32 0 d-------- C:\Program Files\Trend Micro
    2008-07-23 04:23:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    2008-07-23 04:23:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-23 04:23:28 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-07-22 18:19:50 0 d-------- C:\WINNT\LMI48F.tmp
    2008-07-22 18:19:41 0 d-------- C:\WINNT\LMI48E.tmp


    -- Find3M Report ---------------------------------------------------------------

    2008-07-26 16:01:11 0 d-a------ C:\Program Files\Common Files
    2008-07-26 14:47:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
    2008-07-23 04:25:35 0 d-------- C:\Program Files\Common Files\Symantec Shared
    2008-07-19 20:21:18 0 d-------- C:\Program Files\Norton Internet Security
    2008-06-25 06:49:33 0 d-------- C:\Program Files\Intuit
    2008-06-02 20:38:06 0 d-------- C:\Program Files\Symantec


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Synchronization Manager "= "mobsync.exe" [07/24/02 01:00p C:\WINNT\SYSTEM32\MOBSYNC.EXE]
    "Apoint "= "C:\Program Files\Apoint\Apoint.exe" [08/23/02 02:28a]
    "ATIModeChange "= "Ati2mdxx.exe" [09/04/01 11:24p C:\WINNT\SYSTEM32\Ati2mdxx.exe]
    "CARPService "= "carpserv.exe" [01/23/03 10:06p C:\WINNT\SYSTEM32\carpserv.exe]
    "ATIPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [01/04/03 12:00a]
    "PRPCMonitor "= "PRPCUI.exe" [10/07/02 10:00a C:\WINNT\SYSTEM32\prpcui.exe]
    "PRONoMgr.exe "= "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [12/18/02 09:20p]
    "DVDSentry "= "C:\WINNT\System32\DSentry.exe" [07/17/02 05:18p]
    "CreateCD50 "= "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" [12/17/02 08:14p]
    "AdaptecDirectCD "= "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [12/17/02 07:28p]
    "CMPDPSRV "= "C:\WINNT\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE" [10/31/01 01:25p]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [01/05/04 11:47p]
    "msnappau "= "C:\Program Files\MSN Apps\Updater\01.05.0000.1009\en-us\msnappau.exe" [06/09/05 02:56p]
    "HPDJ Taskbar Utility "= "C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe" [11/03/02 05:56p]
    "HPHUPD06 "= "C:\Program Files\Hewlett-Packard\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [06/06/04 11:53p]
    "HP Component Manager "= "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [05/12/04 03:18p]
    "HPHmon06 "= "C:\WINNT\system32\hphmon06.exe" [06/06/04 11:42p]
    "ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/11/08 05:22p]
    "SSC_UserPrompt "= "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [11/02/04 03:59p]
    "HP Software Update "= "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [12/15/05 11:18a]
    "Dell QuickSet "= "C:\Program Files\Dell\QuickSet\Quickset.exe" [12/18/02 03:16a]
    "braviax "= "C:\WINNT\system32\braviax.exe" [07/27/08 03:23a]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Reminder "= "C:\Program Files\Microsoft Money\System\reminder.exe" [07/24/98 11:00p]
    "H/PC Connection Agent "= "C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [04/22/05 07:19p]
    "updateMgr "= "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/06 04:45p]
    "braviax "= "C:\WINNT\system32\braviax.exe" [07/27/08 03:23a]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "^SetupICWDesktop "=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "internat.exe "=internat.exe

    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
    Launch Microsoft Outlook.lnk - C:\Program Files\Microsoft Office00\Office\OUTLOOK.EXE [12/16/1998 4:09:20 PM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [8/11/2003 6:19:27 AM]
    Dynex Wireless Networking Utility.lnk - C:\Program Files\Dynex Enhanced G Notebook Card Adapter\DynexWCUI.exe [11/24/2007 3:32:49 AM]
    HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [12/15/2005 11:40:44 AM]
    HP Image Zone Fast Start.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [5/28/2004 11:06:36 PM]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office00\Office\OSA9.EXE [2/17/1999 3:05:56 PM]
    QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [10/2/2007 9:03:35 PM]
    wlnd.exe [7/19/2008 8:24:56 PM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools "=0 (0x0)
    "HideLegacyLogonScripts "=0 (0x0)
    "HideLogoffScripts "=0 (0x0)
    "RunLogonScriptSync "=1 (0x1)
    "RunStartupScriptSync "=0 (0x0)
    "HideStartupScripts "=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "HideLegacyLogonScripts "=0 (0x0)
    "HideLogoffScripts "=0 (0x0)
    "RunLogonScriptSync "=1 (0x1)
    "RunStartupScriptSync "=0 (0x0)
    "HideStartupScripts "=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ActiveSync]
    WcesWlgn.dll 04/22/05 07:19p 7168 C:\WINNT\SYSTEM32\WcesWlgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
    C:\WINNT\System32\LgNotify.dll 01/13/03 12:17a 110592 C:\WINNT\SYSTEM32\LgNotify.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
    @= "Driver "

    *Newly Created Service* - PRPC



    -- End of Deckard's System Scanner: finished at 2008-07-27 03:51:55 ------------
     
    Dion,
    #16
  18. 2008/07/27
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi Dion

    Please do the following.

    Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
    Click here to see how to use CFScript.txt
    Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

    Code:
    File::
C:\WINNT\system32\braviax.exe
C:\Documents and Settings\Administrator\delself.bat
C:\WINNT\LMI48F.tmp
C:\WINNT\LMI48E.tmp

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "braviax "=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "braviax "=-
    We need to have a file scanned so please do this.

    Jotti File Submission:
    • Please go to Jotti's malware scan
    • Copy and paste the following file path into the "File to upload & scan "box on the top of the page: one at a time
      • C:\Documents and Settings\All Users\Start Menu\Programs\Startup\wlnd.exe
    • Click on the submit button
    • Please post the results in your next reply.

    Please post the combofix log and the jotti results.

    Thanks
    Geri
     
    Geri,
    #17
  19. 2008/07/30
    Dion

    Dion Inactive Thread Starter

    Joined:
    2005/01/07
    Messages:
    53
    Likes Received:
    0
    Ran ComboFix script, DSS daft Safe Mode, trying to go online for Jotti

    ComboFix 08-07-26.1 - Administrator 07/30/2008 4:04:55.2 - NTFSx86 MINIMAL
    Microsoft Windows 2000 Professional 5.0.2195.3.1252.1.1033.18.408 [GMT -5:00]
    Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    C:\Documents and Settings\Administrator\delself.bat
    C:\WINNT\LMI48E.tmp
    C:\WINNT\LMI48F.tmp
    C:\WINNT\system32\braviax.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Administrator\delself.bat
    C:\WINNT\system32\braviax.exe
    C:\WINNT\t\

    .
    ((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-30 )))))))))))))))))))))))))))))))
    .

    2008-07-30 04:04 . 08-07-30 04:04 16,384 --a----t- C:\WINNT\SYSTEM32\Perflib_Perfdata_1a0.dat
    2008-07-26 15:58 . 08-07-26 15:58 16,384 --a----t- C:\WINNT\SYSTEM32\Perflib_Perfdata_990.dat
    2008-07-23 05:40 . 08-07-23 05:40 16,384 --a----t- C:\WINNT\SYSTEM32\Perflib_Perfdata_9cc.dat
    2008-07-23 05:15 . 08-07-23 05:15 <DIR> d-------- C:\Deckard
    2008-07-23 04:53 . 08-07-23 04:53 <DIR> d-------- C:\Program Files\Trend Micro
    2008-07-23 04:23 . 08-07-23 04:23 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-07-23 04:23 . 08-07-23 04:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-23 04:23 . 08-07-23 04:23 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    2008-07-23 04:23 . 08-07-20 20:21 38,472 --a------ C:\WINNT\SYSTEM32\DRIVERS\mbamswissarmy.sys
    2008-07-23 04:23 . 08-07-20 20:21 17,144 --a------ C:\WINNT\SYSTEM32\DRIVERS\mbam.sys
    2008-07-22 18:19 . 08-07-22 18:19 <DIR> d-------- C:\WINNT\LMI48F.tmp
    2008-07-22 18:19 . 08-07-22 18:20 <DIR> d-------- C:\WINNT\LMI48E.tmp
    2008-07-20 07:05 . 08-07-20 07:05 137 --a------ C:\WINNT\SYSTEM32\MRT.INI

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-26 19:47 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AdobeUM
    2008-07-23 09:25 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-07-20 01:21 --------- d-----w C:\Program Files\Norton Internet Security
    2008-06-25 11:49 --------- d-----w C:\Program Files\Intuit
    2008-06-03 01:38 805 ----a-w C:\WINNT\system32\drivers\SYMEVENT.INF
    2008-06-03 01:38 60,800 ----a-w C:\WINNT\SYSTEM32\S32EVNT1.DLL
    2008-06-03 01:38 123,952 ----a-w C:\WINNT\system32\drivers\SYMEVENT.SYS
    2008-06-03 01:38 10,671 ----a-w C:\WINNT\system32\drivers\SYMEVENT.CAT
    2008-06-03 01:38 --------- d-----w C:\Program Files\Symantec
    2006-06-20 21:55 45,511,639 ----a-w C:\Program Files\NIS06910IE.exe
    2006-03-30 23:05 0 ----a-w C:\Program Files\error.dat
    2005-11-10 23:15 3,932 ----a-w C:\Documents and Settings\Administrator\Application Data\CMLayout.dat
    2005-11-10 23:15 268 ----a-w C:\Documents and Settings\Administrator\Application Data\CMCPaper.dat
    2003-01-22 22:08 271 ---ha-w C:\Program Files\DESKTOP.INI
    2003-01-22 22:08 21,952 ---ha-w C:\Program Files\FOLDER.HTT
    2002-07-24 18:00 32,528 ----a-w C:\WINNT\INF\WBFIRDMA.SYS
    2001-05-21 14:54 3,932 ------w C:\Documents and Settings\Default User\Application Data\CMLayout.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Reminder "= "C:\Program Files\Microsoft Money\System\reminder.exe" [98-07-24 23:00 36352]
    "H/PC Connection Agent "= "C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [05-04-22 19:19 1196032]
    "updateMgr "= "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [06-03-30 16:45 313472]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint "= "C:\Program Files\Apoint\Apoint.exe" [02-08-23 02:28 143360]
    "ATIPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03-01-04 00:00 294912]
    "PRONoMgr.exe "= "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [02-12-18 21:20 86016]
    "DVDSentry "= "C:\WINNT\System32\DSentry.exe" [02-07-17 17:18 28672]
    "CreateCD50 "= "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" [02-12-17 20:14 131157]
    "AdaptecDirectCD "= "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [02-12-17 19:28 684032]
    "CMPDPSRV "= "C:\WINNT\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE" [01-10-31 13:25 45056]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [04-01-05 23:47 98304]
    "msnappau "= "C:\Program Files\MSN Apps\Updater\01.05.0000.1009\en-us\msnappau.exe" [05-06-09 14:56 219648]
    "HPDJ Taskbar Utility "= "C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb07.exe" [02-11-03 17:56 188416]
    "HPHUPD06 "= "C:\Program Files\Hewlett-Packard\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [04-06-06 23:53 49152]
    "HP Component Manager "= "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [04-05-12 15:18 241664]
    "HPHmon06 "= "C:\WINNT\system32\hphmon06.exe" [04-06-06 23:42 659456]
    "ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08-02-11 17:22 53096]
    "SSC_UserPrompt "= "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [04-11-02 15:59 218240]
    "HP Software Update "= "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [05-12-15 11:18 49152]
    "Dell QuickSet "= "C:\Program Files\Dell\QuickSet\Quickset.exe" [02-12-18 03:16 360448]
    "Synchronization Manager "= "mobsync.exe" [02-07-24 13:00 111376 C:\WINNT\SYSTEM32\MOBSYNC.EXE]
    "ATIModeChange "= "Ati2mdxx.exe" [01-09-04 23:24 28672 C:\WINNT\SYSTEM32\Ati2mdxx.exe]
    "CARPService "= "carpserv.exe" [03-01-23 22:06 4608 C:\WINNT\SYSTEM32\carpserv.exe]
    "PRPCMonitor "= "PRPCUI.exe" [02-10-07 10:00 45568 C:\WINNT\SYSTEM32\prpcui.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "^SetupICWDesktop "= "C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [02-07-24 13:00 186640]

    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
    Launch Microsoft Outlook.lnk - C:\Program Files\Microsoft Office00\Office\OUTLOOK.EXE [1998-12-16 16:09:20 57393]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2003-08-11 06:19:27 24576]
    Dynex Wireless Networking Utility.lnk - C:\Program Files\Dynex Enhanced G Notebook Card Adapter\DynexWCUI.exe [2007-11-24 03:32:49 1454080]
    HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2005-12-15 11:40:44 282624]
    HP Image Zone Fast Start.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2004-05-28 23:06:36 53248]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office00\Office\OSA9.EXE [1999-02-17 15:05:56 65588]
    QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-10-02 21:03:35 815104]
    wlnd.exe [2008-07-19 20:24:56 48128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
    03-01-13 00:17 110592 C:\WINNT\SYSTEM32\LgNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ActiveSync]
    05-04-22 19:19 7168 C:\WINNT\SYSTEM32\WcesWlgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux "= mmdrv.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    Domestic Security Version 4.00

    R0 fasttrak;fasttrak;C:\WINNT\system32\DRIVERS\fasttrak.sys [03-01-22 16:52 ]
    R0 Fd16_700;Fd16_700;C:\WINNT\system32\DRIVERS\fd16_700.sys [99-09-25 18:11 ]
    R0 mraid2k;mraid2k;C:\WINNT\system32\DRIVERS\mraid2k.sys [03-01-22 16:52 ]
    R3 usbhub20;USB Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys [03-01-15 18:46 ]
    S1 cdudf;cdudf;C:\WINNT\system32\drivers\cdudf.sys [02-12-17 19:29 ]
    S2 PRPC;PRPC;C:\WINNT\system32\drivers\PRPC.sys [02-10-07 10:00 ]
    S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINNT\system32\Drivers\BrSerIf.sys [04-06-12 00:27 ]
    S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINNT\system32\Drivers\BrUsbSer.sys [04-01-09 23:28 ]
    S3 EL90BC;3Com EtherLink XL B/C Adapter Driver;C:\WINNT\system32\DRIVERS\el90xbc5.sys [99-10-23 19:22 ]
    S3 HPPLSBULK;HPPLSBULK;C:\WINNT\system32\drivers\hpplsbulk.sys [05-02-02 18:29 ]
    S3 MIPMN;Intel Adapter Switching Driver;C:\WINNT\system32\DRIVERS\mipmn2k.sys [02-11-22 21:09 ]
    S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINNT\system32\Drivers\PCASp50.sys []
    S3 usb_rndisy;USB RNDIS Adapter;C:\WINNT\system32\DRIVERS\usb8023y.sys [05-02-28 16:45 ]
    S3 w70n5;Intel(R) PRO/Wireless 7100 Adapter Driver;C:\WINNT\system32\DRIVERS\w70n5.sys [03-01-12 21:11 ]

    *Newly Created Service* - PRPC
    .
    Contents of the 'Scheduled Tasks' folder
    2008-05-19 C:\WINNT\Tasks\DFRG.job - C:\WINNT\SYSTEM32\DFRG.MSC [07-04-04 09:35 ]
    2008-07-02 C:\WINNT\Tasks\Studiopa 1094706297.job - C:\Program Files\Intuit\QuickBooks Pro\AutoBackupEXE.exe [07-10-02 20:00 ]
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-30 04:08:50
    Windows 5.0.2195 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-07-30 4:10:32
    ComboFix-quarantined-files.txt 2008-07-30 09:10:16
    ComboFix2.txt 2008-07-26 21:03:34

    Pre-Run: 27,542,331,904 bytes free
    Post-Run: 27,535,341,568 bytes free

    141 --- E O F --- 2008-07-20 12:07:44

    DSS daft Log:
    DAFT Log saved on 2008-07-30 04:23:32
    -----------------------------------------------------------------------
    .cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
     
    Dion,
    #18
  20. 2008/07/30
    Dion

    Dion Inactive Thread Starter

    Joined:
    2005/01/07
    Messages:
    53
    Likes Received:
    0
    PC shut down again and restarting again

    Unreal. After combo fix deleted the files, i restarted but it did not complete to desktop, get outlook.dll could not execute msg and restarts. That is why I have to run the progams in safe mode. Alsom Sample program still runs on exit of safe mode. Could i copy the Wlnd file to jump drive and scan it on this PC? I hope im not infecting this one with all this back and forth! Help!! Pls advise.
     
    Dion,
    #19
  21. 2008/07/30
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    No, do not do that.

    Lets delete it with Combofix, if it is needed we can always restore it.

    Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
    Click here to see how to use CFScript.txt
    Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and another fresh HijackThis log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

    Please do this.
    File::
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\wlnd.exe[/code]

    Please post the combofix log.

    Thanks
    Geri
     
    Geri,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...