Another bloodhound.packed.jmp issue - Gladiator Security Forum

Welcome Guest ( Log In | Register )

Gladiator Security Forum > Malware Help Forum > HELP! Think you are Infected?

Forum Rules

Greetings,

Before you post in this forum,please read and follow the instructions in this post: Guidelines for Posting in This Forum

Failure to follow these instructions will only result in delays of the cleaning and removal process.

If you ran other AntiVirus and/or AntiSpyware programs and have the logs available, please post them as well.

Our goal is to help you clean your PC and restore it to pre-infection condition wherever possible.

Thank You

Another bloodhound.packed.jmp issue, Cannot access hidden files and hard drive must be navigated by using a

Options

kwyjibo View Member Profile	Apr 2 2008, 04:25 PM Post #1
New Member Group: Member Posts: 7 Joined: 2-April 08 Member No.: 24105	Coincidentally, my computer [somehow] got this yesterday. I noticed something was strange when I accessed HP_Pavilion and a new window popped up. No big deal, though. There was nothing corrupted (per se), but I found it strange that the contents of the hard drive would pop up in a separate window instead of appearing on the SAME WINDOW I was navigating. At the same time, Norton detected bloodhound.packed.jmp, but nothing's completely back to normal. Here's the issue (just as the poster in the other topic had mentioned)...I cannot access hidden files now! I'm assuming it has to do with the window popping up and such, but...before coming here I searched around a little and it had said to try going to CONTROL PANEL-->SYSTEM--->and then deactivating SYSTEM RESTORE. I made things a little worse, since now I have to open my hard drive contents using a BROWSER. Like for example, I want to access my separate documents in HP Pavilion so I double click HP Pavilion, and it asks me with which program I want to open it with...and I have no choice but to navigate my contents by using a browser. Anyway, I hope you guys can help out a little...nice site here! Here are the log contents from Ad-ware: Listing of Running Processes • C:\WINDOWS\SYSTEM32\SMSS.EXE o c:\windows\system32\smss.exe o c:\windows\system32\ntdll.dll • C:\WINDOWS\SYSTEM32\CSRSS.EXE o c:\windows\system32\csrss.exe o c:\windows\system32\ntdll.dll o c:\windows\system32\csrsrv.dll o c:\windows\system32\basesrv.dll o c:\windows\system32\winsrv.dll o c:\windows\system32\gdi32.dll o c:\windows\system32\kernel32.dll o c:\windows\system32\user32.dll o c:\windows\system32\sxs.dll o c:\windows\system32\advapi32.dll o c:\windows\system32\rpcrt4.dll • C:\WINDOWS\SYSTEM32\WINLOGON.EXE o c:\windows\system32\winlogon.exe o c:\windows\system32\ntdll.dll o c:\windows\system32\kernel32.dll o c:\windows\system32\advapi32.dll o c:\windows\system32\rpcrt4.dll o c:\windows\system32\authz.dll o c:\windows\system32\msvcrt.dll o c:\windows\system32\crypt32.dll o c:\windows\system32\user32.dll o c:\windows\system32\gdi32.dll o c:\windows\system32\msasn1.dll o c:\windows\system32\nddeapi.dll o c:\windows\system32\profmap.dll o c:\windows\system32\netapi32.dll o c:\windows\system32\userenv.dll o c:\windows\system32\psapi.dll o c:\windows\system32\regapi.dll o c:\windows\system32\secur32.dll o c:\windows\system32\setupapi.dll o c:\windows\system32\version.dll o c:\windows\system32\winsta.dll o c:\windows\system32\wintrust.dll o c:\windows\system32\imagehlp.dll o c:\windows\system32\ws2_32.dll o c:\windows\system32\ws2help.dll o c:\windows\system32\imm32.dll o c:\windows\system32\msgina.dll o c:\windows\system32\shell32.dll o c:\windows\system32\shlwapi.dll o c:\windows\system32\comctl32.dll o c:\windows\system32\odbc32.dll o c:\windows\system32\comdlg32.dll o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll o c:\windows\system32\odbcint.dll o c:\windows\system32\shsvcs.dll o c:\windows\system32\sfc.dll o c:\windows\system32\sfc_os.dll o c:\windows\system32\ole32.dll o c:\windows\system32\apphelp.dll o c:\windows\system32\msctfime.ime o c:\windows\system32\winscard.dll o c:\windows\system32\wtsapi32.dll o c:\windows\system32\winmm.dll o c:\windows\system32\uxtheme.dll o c:\windows\system32\cscdll.dll o c:\windows\system32\wlnotify.dll o c:\windows\system32\winspool.drv o c:\windows\system32\mpr.dll o c:\windows\system32\rsaenh.dll o c:\windows\system32\wgalogon.dll o c:\windows\system32\oleaut32.dll o c:\windows\system32\ntmarta.dll o c:\windows\system32\wldap32.dll o c:\windows\system32\samlib.dll o c:\windows\system32\clbcatq.dll o c:\windows\system32\comres.dll o c:\windows\system32\sxs.dll o c:\windows\system32\msv1_0.dll o c:\windows\system32\iphlpapi.dll o c:\windows\system32\cscui.dll o c:\windows\system32\xpsp2res.dll o c:\windows\system32\wdmaud.drv o c:\windows\system32\msacm32.drv o c:\windows\system32\msacm32.dll o c:\windows\system32\midimap.dll • C:\WINDOWS\SYSTEM32\SERVICES.EXE o c:\windows\system32\services.exe o c:\windows\system32\ntdll.dll o c:\windows\system32\kernel32.dll o c:\windows\system32\msvcrt.dll o c:\windows\system32\advapi32.dll o c:\windows\system32\rpcrt4.dll o c:\windows\system32\user32.dll o c:\windows\system32\gdi32.dll o c:\windows\system32\userenv.dll o c:\windows\system32\scesrv.dll o c:\windows\system32\authz.dll o c:\windows\system32\umpnpmgr.dll o c:\windows\system32\winsta.dll o c:\windows\system32\netapi32.dll o c:\windows\system32\ncobjapi.dll o c:\windows\system32\msvcp60.dll o c:\windows\system32\shimeng.dll o c:\windows\apppatch\acgenral.dll o c:\windows\system32\winmm.dll o c:\windows\system32\ole32.dll o c:\windows\system32\oleaut32.dll o c:\windows\system32\msacm32.dll o c:\windows\system32\version.dll o c:\windows\system32\shell32.dll o c:\windows\system32\shlwapi.dll o c:\windows\system32\uxtheme.dll o c:\windows\system32\imm32.dll o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll o c:\windows\system32\comctl32.dll o c:\windows\system32\secur32.dll o c:\windows\system32\apphelp.dll o c:\windows\system32\eventlog.dll o c:\windows\system32\ws2_32.dll o c:\windows\system32\ws2help.dll o c:\windows\system32\psapi.dll o c:\windows\system32\wtsapi32.dll • C:\WINDOWS\SYSTEM32\LSASS.EXE o c:\windows\system32\lsass.exe o c:\windows\system32\ntdll.dll o c:\windows\system32\kernel32.dll o c:\windows\system32\advapi32.dll o c:\windows\system32\rpcrt4.dll o c:\windows\system32\lsasrv.dll o c:\windows\system32\mpr.dll o c:\windows\system32\user32.dll o c:\windows\system32\gdi32.dll o c:\windows\system32\msasn1.dll o c:\windows\system32\msvcrt.dll o c:\windows\system32\netapi32.dll o c:\windows\system32\ntdsapi.dll o c:\windows\system32\dnsapi.dll o c:\windows\system32\ws2_32.dll o c:\windows\system32\ws2help.dll o c:\windows\system32\wldap32.dll o c:\windows\system32\secur32.dll o c:\windows\system32\samlib.dll o c:\windows\system32\samsrv.dll o c:\windows\system32\cryptdll.dll o c:\windows\system32\shimeng.dll o c:\windows\apppatch\acgenral.dll o c:\windows\system32\winmm.dll o c:\windows\system32\ole32.dll o c:\windows\system32\oleaut32.dll o c:\windows\system32\msacm32.dll o c:\windows\system32\version.dll o c:\windows\system32\shell32.dll o c:\windows\system32\shlwapi.dll o c:\windows\system32\userenv.dll o c:\windows\system32\uxtheme.dll o c:\windows\system32\imm32.dll o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll o c:\windows\system32\comctl32.dll o c:\windows\system32\msprivs.dll o c:\windows\system32\kerberos.dll o c:\windows\system32\msv1_0.dll o c:\windows\system32\iphlpapi.dll o c:\windows\system32\netlogon.dll o c:\windows\system32\w32time.dll o c:\windows\system32\msvcp60.dll o c:\windows\system32\schannel.dll o c:\windows\system32\crypt32.dll o c:\windows\system32\wdigest.dll o c:\windows\system32\rsaenh.dll o c:\windows\system32\setupapi.dll o c:\windows\system32\scecli.dll o c:\windows\system32\ipsecsvc.dll o c:\windows\system32\authz.dll o c:\windows\system32\oakley.dll o c:\windows\system32\winipsec.dll o c:\windows\system32\pstorsvc.dll o c:\windows\system32\mswsock.dll o c:\windows\system32\hnetcfg.dll o c:\windows\system32\wshtcpip.dll o c:\windows\system32\psbase.dll o c:\windows\system32\dssenh.dll • C:\WINDOWS\SYSTEM32\SVCHOST.EXE o c:\windows\system32\svchost.exe o c:\windows\system32\ntdll.dll o c:\windows\system32\kernel32.dll o c:\windows\system32\advapi32.dll o c:\windows\system32\rpcrt4.dll o c:\windows\system32\shimeng.dll o c:\windows\apppatch\acgenral.dll o c:\windows\system32\user32.dll o c:\windows\system32\gdi32.dll o c:\windows\system32\winmm.dll o c:\windows\system32\ole32.dll o c:\windows\system32\msvcrt.dll o c:\windows\system32\oleaut32.dll o c:\windows\system32\msacm32.dll o c:\windows\system32\version.dll o c:\windows\system32\shell32.dll o c:\windows\system32\shlwapi.dll o c:\windows\system32\userenv.dll o c:\windows\system32\uxtheme.dll o c:\windows\system32\imm32.dll o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll o c:\windows\system32\comctl32.dll o c:\windows\system32\ntmarta.dll o c:\windows\system32\wldap32.dll o c:\windows\system32\samlib.dll o c:\windows\system32\rpcss.dll o c:\windows\system32\secur32.dll o c:\windows\system32\ws2_32.dll o c:\windows\system32\ws2help.dll o c:\windows\system32\xpsp2res.dll o c:\windows\system32\clbcatq.dll o c:\windows\system32\comres.dll o c:\windows\system32\termsrv.dll o c:\windows\system32\icaapi.dll o c:\windows\system32\setupapi.dll o c:\windows\system32\wintrust.dll o c:\windows\system32\crypt32.dll o c:\windows\system32\msasn1.dll o c:\windows\system32\imagehlp.dll o c:\windows\system32\authz.dll o c:\windows\system32\mstlsapi.dll o c:\windows\system32\activeds.dll o c:\windows\system32\adsldpc.dll o c:\windows\system32\netapi32.dll o c:\windows\system32\atl.dll o c:\windows\system32\regapi.dll o c:\windows\system32\rsaenh.dll o c:\windows\system32\wtsapi32.dll o c:\windows\system32\winsta.dll o c:\windows\system32\msv1_0.dll o c:\windows\system32\iphlpapi.dll o c:\windows\system32\apphelp.dll o c:\windows\system32\svchost.exe o c:\windows\system32\ntdll.dll o c:\windows\system32\kernel32.dll o c:\windows\system32\advapi32.dll o c:\windows\system32\rpcrt4.dll o c:\windows\system32\shimeng.dll o c:\windows\apppatch\acgenral.dll o c:\windows\system32\user32.dll o c:\windows\system32\gdi32.dll o c:\windows\system32\winmm.dll o c:\windows\system32\ole32.dll o c:\windows\system32\msvcrt.dll o c:\windows\system32\oleaut32.dll o c:\windows\system32\msacm32.dll o c:\windows\system32\version.dll o c:\windows\system32\shell32.dll o c:\windows\system32\shlwapi.dll o c:\windows\system32\userenv.dll o c:\windows\system32\uxtheme.dll o c:\windows\system32\imm32.dll o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll o c:\windows\system32\comctl32.dll o c:\windows\system32\rpcss.dll o c:\windows\system32\secur32.dll o c:\windows\system32\ws2_32.dll o c:\windows\system32\ws2help.dll o c:\windows\system32\xpsp2res.dll o c:\windows\system32\rsaenh.dll o c:\windows\system32\mswsock.dll o c:\windows\system32\hnetcfg.dll o c:\windows\system32\wshtcpip.dll o c:\windows\system32\dnsapi.dll o c:\windows\system32\iphlpapi.dll o c:\windows\system32\winrnr.dll o c:\windows\system32\wldap32.dll o c:\program files\bonjour\mdnsnsp.dll o c:\windows\system32\rasadhlp.dll o c:\windows\system32\clbcatq.dll o c:\windows\system32\comres.dll o c:\windows\system32\msi.dll o c:\windows\system32\svchost.exe o c:\windows\system32\ntdll.dll o c:\windows\system32\kernel32.dll o c:\windows\system32\advapi32.dll o c:\windows\system32\rpcrt4.dll o c:\windows\system32\shimeng.dll o c:\windows\apppatch\acgenral.dll o c:\windows\system32\user32.dll o c:\windows\system32\gdi32.dll o c:\windows\system32\winmm.dll o c:\windows\system32\ole32.dll o c:\windows\system32\msvcrt.dll o c:\windows\system32\oleaut32.dll o c:\windows\system32\msacm32.dll o c:\windows\system32\version.dll o c:\windows\system32\shell32.dll o c:\windows\system32\shlwapi.dll o c:\windows\system32\userenv.dll o c:\windows\system32\uxtheme.dll o c:\windows\system32\imm32.dll o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll o c:\windows\system32\comctl32.dll o c:\windows\system32\ntmarta.dll o c:\windows\system32\wldap32.dll o c:\windows\system32\samlib.dll o c:\windows\system32\xpsp2res.dll o c:\windows\system32\shsvcs.dll o c:\windows\system32\winsta.dll o c:\windows\system32\netapi32.dll o c:\windows\system32\rsaenh.dll o c:\windows\system32\dhcpcsvc.dll o c:\windows\system32\dnsapi.dll o c:\windows\system32\ws2_32.dll o c:\windows\system32\ws2help.dll o c:\windows\system32\iphlpapi.dll o c:\windows\system32\secur32.dll o c:\windows\system32\wzcsvc.dll o c:\windows\system32\rtutils.dll o c:\windows\system32\wmi.dll o c:\windows\system32\crypt32.dll o c:\windows\system32\msasn1.dll o c:\windows\system32\wtsapi32.dll o c:\windows\system32\esent.dll o c:\windows\system32\atl.dll o c:\windows\system32\rastls.dll o c:\windows\system32\cryptui.dll o c:\windows\system32\wintrust.dll o c:\windows\system32\imagehlp.dll o c:\windows\system32\wininet.dll o c:\windows\system32\normaliz.dll o c:\windows\system32\iertutil.dll o c:\windows\system32\mprapi.dll o c:\windows\system32\activeds.dll o c:\windows\system32\adsldpc.dll o c:\windows\system32\setupapi.dll o c:\windows\system32\rasapi32.dll o c:\windows\system32\rasman.dll o c:\windows\system32\tapi32.dll o c:\windows\system32\schannel.dll o c:\windows\system32\winscard.dll o c:\windows\system32\raschap.dll o c:\windows\system32\msv1_0.dll o c:\windows\system32\clbcatq.dll o c:\windows\system32\comres.dll o c:\windows\system32\schedsvc.dll o c:\windows\system32\ntdsapi.dll o c:\windows\system32\msidle.dll o c:\windows\system32\audiosrv.dll o c:\windows\system32\wkssvc.dll o c:\windows\system32\qmgr.dll o c:\windows\system32\mpr.dll o c:\windows\system32\shfolder.dll o c:\windows\system32\winhttp.dll o c:\windows\system32\dmserver.dll o c:\windows\system32\mswsock.dll o c:\windows\system32\cryptsvc.dll o c:\windows\system32\certcli.dll o c:\windows\system32\srvsvc.dll o c:\windows\system32\hnetcfg.dll o c:\windows\system32\wshtcpip.dll o c:\windows\pchealth\helpctr\binaries\pchsvc.dll o c:\windows\system32\es.dll o c:\windows\system32\ersvc.dll o c:\windows\system32\netman.dll o c:\windows\system32\netshell.dll o c:\windows\system32\credui.dll o c:\windows\system32\wzcsapi.dll o c:\windows\system32\seclogon.dll o c:\windows\system32\trkwks.dll o c:\windows\system32\srsvc.dll o c:\windows\system32\powrprof.dll o c:\windows\system32\sens.dll o c:\windows\system32\w32time.dll o c:\windows\system32\msvcp60.dll o c:\windows\system32\wbem\wmisvc.dll o c:\windows\system32\vssapi.dll o c:\windows\system32\browser.dll o c:\windows\system32\wuauserv.dll o c:\windows\system32\ipnathlp.dll o c:\windows\system32\authz.dll o c:\windows\system32\wuaueng.dll o c:\windows\system32\winspool.drv o c:\windows\system32\cabinet.dll o c:\windows\system32\mspatcha.dll o c:\windows\system32\sxs.dll o c:\windows\system32\comsvcs.dll o c:\windows\system32\colbact.dll o c:\windows\system32\mtxclu.dll o c:\windows\system32\wsock32.dll o c:\windows\system32\clusapi.dll o c:\windows\system32\resutils.dll o c:\windows\system32\sfc.dll o c:\windows\system32\sfc_os.dll o c:\windows\system32\rasadhlp.dll o c:\windows\system32\wbem\wbemcomn.dll o c:\windows\system32\wbem\wbemcore.dll o c:\windows\system32\wbem\esscli.dll o c:\windows\system32\wbem\fastprox.dll o c:\windows\system32\wbem\wbemsvc.dll o c:\windows\system32\wbem\wmiutils.dll o c:\windows\system32\wbem\repdrvfs.dll o c:\windows\system32\upnp.dll o c:\windows\system32\ssdpapi.dll o c:\windows\system32\wbem\wmiprvsd.dll o c:\windows\system32\ncobjapi.dll o c:\windows\system32\netcfgx.dll o c:\windows\system32\msi.dll o c:\windows\system32\rasmans.dll o c:\windows\system32\winipsec.dll o c:\windows\system32\wbem\wbemess.dll o c:\windows\system32\tapisrv.dll o c:\windows\system32\psapi.dll o c:\windows\system32\rastapi.dll o c:\windows\system32\unimdm.tsp o c:\windows\system32\uniplat.dll o c:\windows\system32\unimdmat.dll o c:\windows\system32\modemui.dll o c:\windows\system32\kmddsp.tsp o c:\windows\system32\ndptsp.tsp o c:\windows\system32\ipconf.tsp o c:\windows\system32\msxml3.dll o c:\windows\system32\h323.tsp o c:\windows\system32\hidphone.tsp o c:\windows\system32\hid.dll o c:\windows\system32\rasppp.dll o c:\windows\system32\ntlsapi.dll o c:\windows\system32\kerberos.dll o c:\windows\system32\cryptdll.dll o c:\windows\system32\apphelp.dll o c:\windows\system32\rasdlg.dll o c:\windows\system32\wbem\ncprov.dll o c:\windows\system32\dssenh.dll o c:\windows\system32\winrnr.dll o c:\program files\bonjour\mdnsnsp.dll o c:\windows\system32\advpack.dll o c:\windows\system32\catsrvut.dll o c:\windows\system32\catsrv.dll o c:\windows\system32\mfcsubs.dll o c:\windows\system32\urlmon.dll o c:\windows\system32\wbem\wbemcons.dll o c:\windows\system32\svchost.exe o c:\windows\system32\ntdll.dll o c:\windows\system32\kernel32.dll o c:\windows\system32\advapi32.dll o c:\windows\system32\rpcrt4.dll o c:\windows\system32\shimeng.dll o c:\windows\apppatch\acgenral.dll o c:\windows\system32\user32.dll o c:\windows\system32\gdi32.dll o c:\windows\system32\winmm.dll o c:\windows\system32\ole32.dll o c:\windows\system32\msvcrt.dll o c:\windows\system32\oleaut32.dll o c:\windows\system32\msacm32.dll o c:\windows\system32\version.dll o c:\windows\system32\shell32.dll o c:\windows\system32\shlwapi.dll o c:\windows\system32\userenv.dll o c:\windows\system32\uxtheme.dll o c:\windows\system32\imm32.dll o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll o c:\windows\system32\comctl32.dll o c:\windows\system32\dnsrslvr.dll o c:\windows\system32\dnsapi.dll o c:\windows\system32\ws2_32.dll o c:\windows\system32\ws2help.dll o c:\windows\system32\iphlpapi.dll o c:\windows\system32\mswsock.dll o c:\windows\system32\hnetcfg.dll o c:\windows\system32\wshtcpip.dll o c:\windows\system32\svchost.exe o c:\windows\system32\ntdll.dll o c:\windows\system32\kernel32.dll o c:\windows\system32\advapi32.dll o c:\windows\system32\rpcrt4.dll o c:\windows\system32\shimeng.dll o c:\windows\apppatch\acgenral.dll o c:\windows\system32\user32.dll o c:\windows\system32\gdi32.dll o c:\windows\system32\winmm.dll o c:\windows\system32\ole32.dll o c:\windows\system32\msvcrt.dll o c:\windows\system32\oleaut32.dll o c:\windows\system32\msacm32.dll o c:\windows\system32\version.dll o c:\windows\system32\shell32.dll o c:\windows\system32\shlwapi.dll o c:\windows\system32\userenv.dll o c:\windows\system32\uxtheme.dll o c:\windows\system32\imm32.dll o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll o c:\windows\system32\comctl32.dll o c:\windows\system32\ntmarta.dll o c:\windows\system32\wldap32.dll o c:\windows\system32\samlib.dll o c:\windows\system32\xpsp2res.dll o c:\windows\system32\lmhsvc.dll o c:\windows\system32\iphlpapi.dll o c:\windows\system32\ws2_32.dll o c:\windows\system32\ws2help.dll o c:\windows\system32\webclnt.dll o c:\windows\system32\wininet.dll o c:\windows\system32\normaliz.dll o c:\windows\system32\iertutil.dll o c:\windows\system32\secur32.dll o c:\windows\system32\regsvc.dll o c:\windows\system32\ssdpsrv.dll o c:\windows\system32\hnetcfg.dll o c:\windows\system32\clbcatq.dll o c:\windows\system32\comres.dll o c:\windows\system32\mswsock.dll o c:\windows\system32\wshtcpip.dll • C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSVCHST.EXE o c:\program files\common files\symantec shared\ccsvchst.exe o c:\windows\system32\ntdll.dll o c:\windows\system32\kernel32.dll o c:\windows\system32\ole32.dll o c:\windows\system32\advapi32.dll o c:\windows\system32\rpcrt4.dll o c:\windows\system32\gdi32.dll o c:\windows\system32\user32.dll o c:\windows\system32\msvcrt.dll o c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll o c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll o c:\program files\common files\symantec shared\ccl70u.dll o c:\windows\system32\oleaut32.dll o c:\windows\system32\imm32.dll o c:\windows\system32\ws2_32.dll o c:\windows\system32\ws2help.dll o c:\windows\system32\dbghelp.dll o c:\windows\system32\version.dll o c:\windows\system32\xpsp2res.dll o c:\windows\system32\shlwapi.dll o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll o c:\program files\common files\symantec shared\ccvrtrst.dll o c:\windows\system32\setupapi.dll o c:\windows\system32\wsock32.dll o c:\windows\system32\crypt32.dll o c:\windows\system32\msasn1.dll o c:\windows\system32\wintrust.dll o c:\windows\system32\imagehlp.dll o c:\program files\common files\symantec shared\ccsvc.dll o c:\program files\common files\symantec shared\ccipc.dll o c:\windows\system32\secur32.dll o c:\program files\common files\symantec shared\ccset.dll o c:\progra~1\common~1\symant~1\ccsetplg.dll o c:\progra~1\norton~1\norton~1\avpsvc32.dll o c:\program files\norton internet security\norton antivirus\avsubmit.dll o c:\progra~1\common~1\symant~1\ccsubeng.dll o c:\progra~1\common~1\symant~1\homenet\hncore.dll o c:\progra~1\norton~1\isdatasv.dll o c:\progra~1\common~1\symant~1\sndsvc.dll o c:\windows\system32\iphlpapi.dll o c:\windows\system32\shell32.dll o c:\program files\common files\symantec shared\ccl70.dll o c:\progra~1\common~1\symant~1\spbbc\tprocplg.dll o c:\windows\system32\msi.dll o c:\progra~1\common~1\symant~1\npc\2.0\wmimontr.dll o c:\windows\system32\rasapi32.dll o c:\windows\system32\rasman.dll o c:\windows\system32\netapi32.dll o c:\windows\system32\tapi32.dll o c:\windows\system32\rtutils.dll o c:\windows\system32\winmm.dll o c:\windows\system32\clbcatq.dll o c:\windows\system32\comres.dll o c:\windows\system32\wbem\wbemprox.dll o c:\windows\system32\wbem\wbemcomn.dll o c:\progra~1\common~1\symant~1\ccevtplg.dll o c:\progra~1\common~1\symant~1\appcore\appplg32.dll o c:\progra~1\common~1\symant~1\htec\htec.dll o c:\windows\system32\winhttp.dll o c:\windows\system32\netman.dll o c:\windows\system32\mprapi.dll o c:\windows\system32\activeds.dll o c:\windows\system32\adsldpc.dll o c:\windows\system32\wldap32.dll o c:\windows\system32\atl.dll o c:\windows\system32\samlib.dll o c:\windows\system32\netshell.dll o c:\windows\system32\credui.dll o c:\windows\system32\wininet.dll o c:\windows\system32\normaliz.dll o c:\windows\system32\iertutil.dll o c:\windows\system32\wzcsapi.dll o c:\windows\system32\wzcsvc.dll o c:\windows\system32\wmi.dll o c:\windows\system32\dhcpcsvc.dll o c:\windows\system32\dnsapi.dll o c:\windows\system32\wtsapi32.dll o c:\windows\system32\winsta.dll o c:\windows\system32\esent.dll o c:\program files\common files\symantec shared\appcore\appmgr32.dll o c:\progra~1\common~1\symant~1\ids\ipsplug.dll o c:\progra~1\common~1\symant~1\ncwhypex\ncwhypex.dll o c:\windows\system32\psapi.dll o c:\windows\system32\symneti.dll o c:\windows\system32\userenv.dll o c:\program files\common files\symantec shared\appcore\appset32.dll o c:\progra~1\common~1\symant~1\pif\{96e26~1\pifeng.dll o c:\program files\common files\symantec shared\antivirus\avscan.dll o c:\program files\common files\symantec shared\antivirus\avdefmgr.dll o c:\program files\common files\symantec shared\ccevtcli.dll o c:\progra~1\common~1\symant~1\firewall\fwagent.dll o c:\progra~1\common~1\symant~1\spbbc\spbbcevt.dll o c:\program files\common files\symantec shared\antivirus\avmodule.dll o c:\windows\system32\uxtheme.dll o c:\progra~1\common~1\symant~1\srtsp\srtsp32.dll o c:\progra~1\common~1\symant~1\ccsetevt.dll o c:\windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\atl80.dll o c:\progra~1\norton~1\norton~1\navevent.dll o c:\program files\common files\symantec shared\ccprosub.dll o c:\program files\norton internet security\setevthp.dll o c:\windows\system32\msjetoledb40.dll o c:\windows\system32\msjet40.dll o c:\windows\system32\mswstr10.dll o c:\windows\system32\msjter40.dll o c:\windows\system32\msjint40.dll o c:\windows\system32\rsaenh.dll o c:\program files\common files\system\ole db\oledb32.dll o c:\windows\system32\msdart.dll o c:\windows\system32\comdlg32.dll o c:\program files\common files\system\ole db\oledb32r.dll o c:\program files\common files\symantec shared\qbackup.dll o c:\windows\system32\msjtes40.dll o c:\windows\system32\vbajet32.dll o c:\windows\system32\expsrv.dll o c:\program files\common files\symantec shared\spbbc\cctrstpc.dll o c:\windows\system32\sfc.dll o c:\windows\system32\sfc_os.dll o c:\program files\norton internet security\isdatacl.dll o c:\program files\common files\symantec shared\firewall\fwhelper.dll o c:\program files\common files\symantec shared\antivirus\avifc.dll o c:\program files\norton internet security\fwplugin.dll o c:\program files\norton internet security\fwevent.dll o c:\progra~1\common~1\symant~1\opc\{c86ea~1\cltnetcn.dll o c:\docume~1\alluse~1\applic~1\symantec\syknapps\syknapps.dll o c:\program files\common files\symantec shared\spbbc\spbbccli.dll o c:\windows\system32\wbem\wbemsvc.dll o c:\windows\system32\wbem\fastprox.dll o c:\windows\system32\msvcp60.dll o c:\windows\system32\ntdsapi.dll o c:\program files\common files\symantec shared\coshared\wa\2.0\nppccwkr.dll o c:\program files\common files\symantec shared\coshared\wa\2.0\nppdsmgr.dll o c:\program files\common files\symantec shared\coshared\browser\2.0\coregmon.dll o c:\program files\common files\symantec shared\coshared\cw\2.0\cwbb.dll o c:\program files\norton internet security\imcfg.dll o c:\program files\common files\symantec shared\col\bbif.dll o c:\windows\system32\winspool.drv o c:\program files\common files\symantec shared\coshared\cw\2.0\cwcon.dll o c:\program files\common files\symantec shared\spbbc\bbrgen.dll o c:\windows\system32\mswsock.dll o c:\windows\system32\winrnr.dll o c:\program files\bonjour\mdnsnsp.dll o c:\windows\system32\rasadhlp.dll o c:\windows\system32\hnetcfg.dll o c:\windows\system32\wshtcpip.dll o c:\progra~1\common~1\symant~1\pif\{96e26~1\pollmgr.dll o c:\program files\common files\symantec shared\ccsebind.dll o c:\program files\common files\symantec shared\htec\htecsub.dll o c:\program files\common files\symantec shared\coshared\cw\2.0\cosubmit.dll o c:\program files\common files\symantec shared\coshared\cw\2.0\cosubxlt.dll o c:\program files\common files\symantec shared\ccscanw.dll o c:\program files\common files\symantec shared\ecmldr32.dll o c:\program files\common files\symantec shared\msl\msl.dll o c:\progra~1\common~1\symant~1\virusd~1\20080401.040\cceraser.dll o c:\windows\system32\mscoree.dll o c:\windows\microsoft.net\framework\v1.1.4322\fusion.dll o c:\windows\microsoft.net\framework\v1.1.4322\msvcr71.dll o c:\windows\system32\sxs.dll • C:\WINDOWS\EXPLORER.EXE o c:\windows\explorer.exe o c:\windows\system32\ntdll.dll o c:\windows\system32\kernel32.dll o c:\windows\system32\advapi32.dll o c:\windows\system32\rpcrt4.dll o c:\windows\system32\browseui.dll o c:\windows\system32\gdi32.dll o c:\windows\system32\user32.dll o c:\windows\system32\msvcrt.dll o c:\windows\system32\ole32.dll o c:\windows\system32\shlwapi.dll o c:\windows\system32\oleaut32.dll o c:\windows\system32\shdocvw.dll o c:\windows\system32\crypt32.dll o c:\windows\system32\msasn1.dll o c:\windows\system32\cryptui.dll o c:\windows\system32\wintrust.dll o c:\windows\system32\imagehlp.dll o c:\windows\system32\netapi32.dll o c:\windows\system32\wininet.dll o c:\windows\system32\normaliz.dll o c:\windows\system32\iertutil.dll o c:\windows\system32\wldap32.dll o c:\windows\system32\version.dll o c:\windows\system32\shell32.dll o c:\windows\system32\uxtheme.dll o c:\windows\system32\shimeng.dll o c:\windows\apppatch\acgenral.dll o c:\windows\system32\winmm.dll o c:\windows\system32\msacm32.dll o c:\windows\system32\userenv.dll o c:\windows\system32\imm32.dll o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll o c:\windows\system32\comctl32.dll o c:\windows\system32\msctfime.ime o c:\windows\system32\apphelp.dll o c:\windows\system32\clbcatq.dll o c:\windows\system32\comres.dll o c:\windows\system32\cscui.dll o c:\windows\system32\cscdll.dll o c:\windows\system32\themeui.dll o c:\windows\system32\secur32.dll o c:\windows\system32\msimg32.dll o c:\windows\system32\xpsp2res.dll o c:\progra~1\window~1\wmpband.dll o c:\windows\system32\mpr.dll o c:\program files\itunes\itunesminiplayer.dll o c:\program files\itunes\itunesminiplayer.resources\en.lproj\itunesminiplayerlocalized.dll o c:\program files\itunes\itunesminiplayer.resources\itunesminiplayer.dll o c:\windows\system32\samlib.dll o c:\windows\system32\setupapi.dll o c:\windows\system32\linkinfo.dll o c:\windows\system32\ntshrui.dll o c:\windows\system32\atl.dll o c:\windows\system32\ieframe.dll o c:\windows\system32\psapi.dll o c:\windows\system32\msi.dll o c:\windows\system32\urlmon.dll o c:\windows\system32\winsta.dll o c:\windows\system32\webcheck.dll o c:\windows\system32\stobject.dll o c:\windows\system32\batmeter.dll o c:\windows\system32\powrprof.dll o c:\windows\system32\wtsapi32.dll o c:\windows\system32\upnpui.dll o c:\windows\system32\netshell.dll o c:\windows\system32\rtutils.dll o c:\windows\system32\credui.dll o c:\windows\system32\ws2_32.dll o c:\windows\system32\ws2help.dll o c:\windows\system32\iphlpapi.dll o c:\windows\system32\upnp.dll o c:\windows\system32\winhttp.dll o c:\windows\system32\ssdpapi.dll o c:\windows\system32\hnetcfg.dll o c:\windows\system32\mswsock.dll o c:\windows\system32\wshtcpip.dll o c:\windows\system32\wdmaud.drv o c:\windows\system32\msacm32.drv o c:\windows\system32\midimap.dll o c:\windows\system32\mlang.dll o c:\windows\system32\msctf.dll o c:\windows\system32\rsaenh.dll o c:\windows\system32\drprov.dll o c:\windows\system32\ntlanman.dll o c:\windows\system32\netui0.dll o c:\windows\system32\netui1.dll o c:\windows\system32\netrap.dll o c:\windows\system32\davclnt.dll o c:\windows\system32\fxsst.dll o c:\windows\system32\winspool.drv o c:\windows\system32\fxsapi.dll o c:\windows\system32\ntmarta.dll o c:\program files\common files\symantec shared\npc\2.0\npcext.dll o c:\windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\atl80.dll o c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll o c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll o c:\program files\common files\symantec shared\ccl70u.dll o c:\windows\system32\mslbui.dll o c:\windows\system32\sxs.dll o c:\windows\system32\browselc.dll o c:\windows\system32\rasapi32.dll o c:\windows\system32\rasman.dll o c:\windows\system32\tapi32.dll o c:\windows\system32\dnsapi.dll o c:\windows\system32\winrnr.dll o c:\program files\bonjour\mdnsnsp.dll o c:\windows\system32\rasadhlp.dll o c:\windows\system32\msgina.dll o c:\windows\system32\odbc32.dll o c:\windows\system32\comdlg32.dll o c:\windows\system32\odbcint.dll o c:\windows\system32\duser.dll o c:\windows\system32\sti.dll o c:\windows\system32\cfgmgr32.dll o c:\windows\system32\mydocs.dll o c:\windows\system32\shdoclc.dll o c:\windows\system32\wzcsapi.dll • C:\WINDOWS\SYSTEM32\LEXBCES.EXE o c:\windows\system32\lexbces.exe o c:\windows\system32\ntdll.dll o c:\windows\system32\kernel32.dll o c:\windows\system32\user32.dll o c:\windows\system32\gdi32.dll o c:\windows\system32\advapi32.dll o c:\windows\system32\rpcrt4.dll o c:\windows\system32\winspool.drv o c:\windows\system32\msvcrt.dll o c:\windows\system32\mpr.dll o c:\windows\system32\version.dll o c:\windows\system32\imm32.dll o c:\windows\system32\lexp2p32.dll o c:\windows\system32\wsock32.dll o c:\windows\system32\ws2_32.dll o c:\windows\system32\ws2help.dll o c:\windows\system32\comctl32.dll o c:\windows\system32\shell32.dll o c:\windows\system32\shlwapi.dll o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll o c:\windows\system32\lex2kusb.dll o c:\windows\system32\setupapi.dll o c:\windows\system32\wintrust.dll o c:\windows\system32\crypt32.dll o c:\windows\system32\msasn1.dll o c:\windows\system32\imagehlp.dll • C:\WINDOWS\SYSTEM32\LEXPPS.EXE o c:\windows\system32\lexpps.exe o c:\windows\system32\ntdll.dll o c:\windows\system32\kernel32.dll o c:\windows\system32\comctl32.dll o c:\windows\system32\advapi32.dll o c:\windows\system32\rpcrt4.dll o c:\windows\system32\gdi32.dll o c:\windows\system32\user32.dll o c:\windows\system32\winspool.drv o c:\windows\system32\msvcrt.dll o c:\windows\system32\shell32.dll o c:\windows\system32\shlwapi.dll o c:\windows\system32\imm32.dll o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll o c:\windows\system32\uxtheme.dll o c:\windows\system32\msctfime.ime o c:\windows\system32\ole32.dll o c:\windows\system32\mswsock.dll o c:\windows\system32\ws2_32.dll o c:\windows\system32\ws2help.dll o c:\windows\system32\hnetcfg.dll o c:\windows\system32\wshtcpip.dll o c:\windows\system32\lexbce.dll • C:\WINDOWS\SYSTEM32\SPOOLSV.EXE o c:\windows\system32\spoolsv.exe o c:\windows\system32\ntdll.dll o c:\windows\system32\kernel32.dll o c:\windows\system32\advapi32.dll o c:\windows\system32\rpcrt4.dll o c:\windows\system32\gdi32.dll o c:\windows\system32\user32.dll o c:\windows\system32\msvcrt.dll o c:\windows\system32\shimeng.dll o c:\windows\apppatch\acgenral.dll o c:\windows\system32\winmm.dll o c:\windows\system32\ole32.dll o c:\windows\system32\oleaut32.dll o c:\windows\system32\msacm32.dll o c:\windows\system32\version.dll o c:\windows\system32\shell32.dll o c:\windows\system32\shlwapi.dll o c:\windows\system32\userenv.dll o c:\windows\system32\uxtheme.dll o c:\windows\system32\imm32.dll o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll o c:\windows\system32\comctl32.dll o c:\windows\system32\spoolss.dll o c:\windows\system32\ws2_32.dll o c:\windows\system32\ws2help.dll o c:\windows\system32\dnsapi.dll o c:\windows\system32\rasadhlp.dll o c:\windows\system32\localspl.dll o c:\windows\system32\secur32.dll o c:\windows\system32\sfc_os.dll o c:\windows\system32\wintrust.dll o c:\windows\system32\crypt32.dll o c:\windows\system32\msasn1.dll o c:\windows\system32\imagehlp.dll o c:\windows\system32\winspool.drv o c:\windows\system32\netapi32.dll o c:\windows\system32\cnbjmon.dll o c:\windows\system32\hpzlnt12.dll o c:\windows\system32\lexlmpm.dll o c:\windows\system32\msctfime.ime o c:\windows\system32\lexbce.dll o c:\windows\system32\mdimon.dll o c:\windows\system32\msi.dll o c:\windows\system32\fxsmon.dll o c:\windows\system32\fxsevent.dll o c:\windows\system32\pjlmon.dll o c:\windows\system32\tcpmon.dll o c:\windows\system32\usbmon.dll o c:\windows\system32\spool\prtprocs\w32x86\lxbkpp5c.dll o c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll o c:\windows\system32\mswsock.dll o c:\windows\system32\winrnr.dll o c:\windows\system32\wldap32.dll o c:\program files\bonjour\mdnsnsp.dll o c:\windows\system32\iphlpapi.dll o c:\windows\system32\win32spl.dll o c:\windows\system32\netrap.dll o c:\windows\system32\ntdsapi.dll o c:\windows\system32\clbcatq.dll o c:\windows\system32\comres.dll o c:\windows\system32\inetpp.dll o c:\windows\system32\xpsp2res.dll o c:\windows\system32\lxbkpwr.dll • C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE o c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe o c:\windows\system32\ntdll.dll o c:\windows\system32\kernel32.dll o c:\windows\system32\wsock32.dll o c:\windows\system32\ws2_32.dll o c:\windows\system32\msvcrt.dll o c:\windows\system32\ws2help.dll o c:\windows\system32\advapi32.dll o c:\windows\system32\rpcrt4.dll o c:\windows\system32\setupapi.dll o c:\windows\system32\gdi32.dll o c:\windows\system32\user32.dll o c:\windows\system32\imm32.dll o c:\windows\system32\mswsock.dll o c:\windows\system32\hnetcfg.dll o c:\windows\system32\wshtcpip.dll o c:\windows\system32\wintrust.dll o c:\windows\system32\crypt32.dll o c:\windows\system32\msasn1.dll o c:\windows\system32\imagehlp.dll • C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE o c:\program files\symantec\liveupdate\aluschedulersvc.exe o c:\windows\system32\ntdll.dll o c:\windows\system32\kernel32.dll o c:\windows\system32\ws2_32.dll o c:\windows\system32\msvcrt.dll o c:\windows\system32\ws2help.dll o c:\windows\system32\advapi32.dll o c:\windows\system32\rpcrt4.dll o c:\windows\system32\user32.dll o c:\windows\system32\gdi32.dll o c:\windows\system32\shell32.dll o c:\windows\system32\shlwapi.dll o c:\windows\system32\ole32.dll o c:\windows\system32\oleaut32.dll o c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll o c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll o c:\windows\system32\imm32.dll o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll o c:\windows\system32\comctl32.dll o c:\windows\system32\uxtheme.dll o c:\program files\common files\symantec shared\ccvrtrst.dll o c:\windows\system32\setupapi.dll o c:\windows\system32\wsock32.dll o c:\program files\common files\symantec shared\ccl70u.dll o c:\windows\system32\crypt32.dll o c:\windows\system32\msasn1.dll o c:\windows\system32\wintrust.dll o c:\windows\system32\imagehlp.dll o c:\windows\system32\rsaenh.dll o c:\windows\system32\xpsp2res.dll o c:\windows\system32\userenv.dll o c:\windows\system32\version.dll o c:\windows\system32\secur32.dll o c:\windows\system32\netapi32.dll o c:\windows\system32\clbcatq.dll o c:\windows\system32\comres.dll o c:\windows\system32\msi.dll o c:\windows\system32\sxs.dll o c:\windows\system32\dnsapi.dll o c:\windows\system32\rasadhlp.dll • C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE o c:\program files\bonjour\mdnsresponder.exe o c:\windows\system32\ntdll.dll o c:\windows\system32\kernel32.dll o c:\windows\system32\ws2_32.dll o c:\windows\system32\msvcrt.dll o c:\windows\system32\ws2help.dll o c:\windows\system32\advapi32.dll o c:\windows\system32\rpcrt4.dll o c:\windows\system32\iphlpapi.dll o c:\windows\system32\user32.dll o c:\windows\system32\gdi32.dll o c:\windows\system32\ole32.dll o c:\windows\system32\oleaut32.dll o c:\windows\system32\imm32.dll o c:\windows\system32\mswsock.dll o c:\windows\system32\hnetcfg.dll o c:\windows\system32\wshtcpip.dll o c:\windows\system32\mprapi.dll o c:\windows\system32\activeds.dll o c:\windows\system32\adsldpc.dll o c:\windows\system32\netapi32.dll o c:\windows\system32\wldap32.dll o c:\windows\system32\atl.dll o c:\windows\system32\rtutils.dll o c:\windows\system32\samlib.dll o c:\windows\system32\setupapi.dll • C:\WINDOWS\EHOME\EHRECVR.EXE o c:\windows\ehome\ehrecvr.exe o c:\windows\system32\ntdll.dll o c:\windows\system32\kernel32.dll o c:\windows\system32\msvcrt.dll o c:\windows\system32\atl.dll o c:\windows\system32\user32.dll o c:\windows\system32\gdi32.dll o c:\windows\system32\advapi32.dll o c:\windows\system32\rpcrt4.dll o c:\windows\system32\ole32.dll o c:\windows\system32\oleaut32.dll o c:\windows\system32\imm32.dll o c:\windows\system32\uxtheme.dll o c:\windows\system32\xpsp2res.dll o c:\windows\system32\ntmarta.dll o c:\windows\system32\wldap32.dll o c:\windows\system32\samlib.dll o c:\windows\system32\clbcatq.dll o c:\windows\system32\comres.dll o c:\windows\system32\version.dll o c:\windows\system32\sbe.dll o c:\windows\system32\winmm.dll o c:\windows\system32\msvidctl.dll o c:\windows\system32\quartz.dll o c:\windows\system32\shell32.dll o c:\windows\system32\shlwapi.dll o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll o c:\windows\system32\comctl32.dll o c:\windows\system32\devenum.dll o c:\windows\system32\setupapi.dll o c:\windows\system32\wintrust.dll o c:\windows\system32\crypt32.dll o c:\windows\system32\msasn1.dll o c:\windows\system32\imagehlp.dll o c:\windows\system32\msdmo.dll • C:\WINDOWS\EHOME\EHSCHED.EXE o c:\windows\ehome\ehsched.exe o c:\windows\system32\ntdll.dll o c:\windows\system32\kernel32.dll o c:\windows\system32\msvcrt.dll o c:\windows\system32\atl.dll o c:\windows\system32\user32.dll o c:\windows\system32\gdi32.dll o c:\windows\system32\advapi32.dll o c:\windows\system32\rpcrt4.dll o c:\windows\system32\ole32.dll o c:\windows\system32\oleaut32.dll o c:\windows\system32\imm32.dll o c:\windows\system32\uxtheme.dll o c:\windows\system32\xpsp2res.dll o c:\windows\system32\clbcatq.dll o c:\windows\system32\comres.dll o c:\windows\system32\version.dll o c:\windows\system32\msi.dll o c:\windows\ehome\ehproxy.dll o c:\windows\system32\sxs.dll • C:\PROGRAM FILES\COMMON FILES\LIGHTSCRIBE\LSSRVC.EXE o c:\program files\common files\lightscribe\lssrvc.exe o c:\windows\system32\ntdll.dll o c:\windows\system32\kernel32.dll o c:\windows\system32\user32.dll o c:\windows\system32\gdi32.dll o c:\windows\system32\advapi32.dll o c:\windows\system32\rpcrt4.dll o c:\program files\common files\lightscribe\msvcr71.dll o c:\program files\common files\lightscribe\msvcp71.dll o c:\windows\system32\imm32.dll • C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE o c:\program files\common files\microsoft shared\vs7debug\mdm.exe o c:\windows\system32\ntdll.dll o c:\windows\system32\kernel32.dll o c:\windows\system32\advapi32.dll o c:\windows\system32\rpcrt4.dll o c:\windows\system32\ole32.dll o c:\windows\system32\gdi32.dll o c:\windows\system32\user32.dll o c:\windows\system32\msvcrt.dll o c:\windows\system32\oleaut32.dll o c:\windows\system32\shell32.dll o c:\windows\system32\shlwapi.dll o c:\windows\system32\version.dll o c:\windows\system32\imm32.dll o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll o c:\windows\system32\comctl32.dll o c:\windows\system32\psapi.dll o c:\windows\system32\xpsp2res.dll o c:\windows\system32\clbcatq.dll o c:\windows\system32\comres.dll o c:\program files\common files\microsoft shared\vs7debug\msdbg2.dll • C:\WINDOWS\SYSTEM32\SVCHOST.EXE o c:\windows\system32\svchost.exe o c:\windows\system32\ntdll.dll o c:\windows\system32\kernel32.dll o c:\windows\system32\advapi32.dll o c:\windows\system32\rpcrt4.dll

kwyjibo View Member Profile	Apr 2 2008, 04:26 PM Post #2
New Member Group: Member Posts: 7 Joined: 2-April 08 Member No.: 24105	And from HiJackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:26:11 PM, on 4/2/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\hkcmd.exe C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\hphmon06.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Crazy Browser\Crazy Browser.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll O2 - BHO: (no name) - ¨¨8-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: (no name) - °AB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file) O2 - BHO: (no name) - àA886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file) O2 - BHO: (no name) - €AA6170-7264-4D0F-BEAE-D42A53123C75} - (no file) O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Microsoft] C:\WINDOWS\wuauclt.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunOnce: [SpybotDeletingA6519] command /c del "C:\WINDOWS\wt\webdriver.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingC4893] cmd /c del "C:\WINDOWS\wt\webdriver.dll" O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [SpybotDeletingB2862] command /c del "C:\WINDOWS\wt\webdriver.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD141] cmd /c del "C:\WINDOWS\wt\webdriver.dll" O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Search - ?p=ZSzim029YYUS O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {54579C3D-A58D-4623-B5B5-465552BDA45B} - http://scripts.downloadv3.com/binaries/EGD...2_ASPIV4_XP.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ES-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downloadv3.com/binaries/IA/...svc32_ES_XP.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zango/ie/b...84e4a5f1f490789 O16 - DPF: {EFB23983-5803-4914-ADA3-C0EA2CFBDC37} - http://scripts.downloadv3.com/binaries/EGD...ESS_1072_XP.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{BEEA420B-172D-4682-86B8-6BE4B3CABBA4}: NameServer = 192.168.0.1,192.168.1.1 O21 - SSODL: rdihost - {2F6FDD59-59D4-425B-A21D-71A3E4D12B17} - rdihost.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 13696 bytes

kwyjibo View Member Profile	Apr 2 2008, 06:38 PM Post #3
New Member Group: Member Posts: 7 Joined: 2-April 08 Member No.: 24105	Used combofix as was directed in another topic. I now await further instructions from the administrators. I would enormously appreciate any help of some kind. Thanks in advance! I'll be checking! :) ComboFix 08-04-01.2 - HP_Administrator 2008-04-02 15:15:40.1 - NTFSx86 Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol C:\toolbar.exe C:\WINDOWS\Downloaded Program Files\egdaccess.inf C:\WINDOWS\Downloaded Program Files\egdaccess_aspiv4.inf C:\WINDOWS\system32\amvo0.dll C:\WINDOWS\system32\amvo1.dll C:\WINDOWS\system32\fbuwnkczxp.dat C:\WINDOWS\system32\fbuwnkczxp_nav.dat C:\WINDOWS\system32\fbuwnkczxp_navps.dat . ((((((((((((((((((((((((( Files Created from 2008-03-02 to 2008-04-02 ))))))))))))))))))))))))))))))) . 2008-04-02 12:32 . 2008-04-02 12:32 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-04-02 12:32 . 2008-04-02 13:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-04-02 10:59 . 2008-04-02 10:59 <DIR> d-------- C:\Program Files\Lavasoft 2008-04-02 10:59 . 2008-04-02 11:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-04-02 10:57 . 2008-04-02 10:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-04-01 01:07 . 2008-03-22 20:38 100,883 -r-hs---- C:\cb.bat 2008-04-01 01:07 . 2008-04-02 07:29 446 -r-hs---- C:\autorun.inf 2008-03-27 22:52 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS 2008-03-27 22:52 . 2001-08-17 13:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys 2008-03-25 17:15 . 2008-03-25 17:16 <DIR> d-------- C:\Program Files\LimeWire 2008-03-17 00:34 . 2008-03-17 00:34 31,744 --ahs---- C:\Thumbs.db 2008-03-12 21:23 . 2008-03-12 21:23 439,081 --a------ C:\Cemex.jpg 2008-03-08 00:38 . 2008-03-08 00:38 427,043 --a------ C:\LinguisticsPAGE6.jpg 2008-03-08 00:35 . 2008-03-08 00:35 188,736 --a------ C:\LinguisticsPAGE5.jpg 2008-03-08 00:33 . 2008-03-08 00:33 186,681 --a------ C:\LinguisticsPAGE4.jpg 2008-03-08 00:31 . 2008-03-08 00:31 210,673 --a------ C:\LinguisticsPAGE3.jpg 2008-03-08 00:29 . 2008-03-08 00:29 233,657 --a------ C:\LinguisticsPAGE2.jpg 2008-03-08 00:27 . 2008-03-08 00:27 419,051 --a------ C:\LinguisticsPAGE1.jpg 2008-03-03 22:42 . 2008-04-02 10:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-03 22:42 . 2008-03-03 22:42 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-03 22:40 . 2008-03-03 22:41 <DIR> d-------- C:\Program Files\iTunes 2008-03-03 22:40 . 2008-03-03 22:40 <DIR> d-------- C:\Program Files\iPod 2008-03-03 18:38 . 2008-03-03 18:38 <DIR> d-------- C:\Program Files\Bonjour 2008-03-03 18:36 . 2008-03-03 18:38 <DIR> d-------- C:\Program Files\QuickTime 2008-03-03 18:35 . 2008-03-03 18:35 <DIR> d-------- C:\Program Files\Apple Software Update 2008-03-03 18:34 . 2008-03-03 18:34 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-03-03 18:34 . 2008-03-03 18:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-03-03 18:34 . 2008-02-18 12:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-02 18:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-04-02 18:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-04-02 16:08 --------- d-----w C:\Program Files\Trend Micro 2008-04-01 01:21 --------- d-----w C:\Program Files\StepMania CVS 2008-03-26 02:02 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\.purple 2008-03-25 10:55 --------- d-----w C:\Program Files\Lexmark X1100 Series 2008-03-17 19:29 --------- d-----w C:\Program Files\Yahoo! 2008-03-17 19:29 --------- d-----w C:\Program Files\Common Files\Scanner 2008-03-10 21:15 --------- d-----w C:\Program Files\MSN Messenger 2008-03-07 00:32 706 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.inf 2008-03-07 00:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys 2008-03-07 00:32 10,537 -c--a-w C:\WINDOWS\system32\drivers\coh_mon.cat 2008-03-03 21:44 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer 2008-03-03 21:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-02-24 21:31 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\U3 2008-02-17 00:48 --------- d-----w C:\Program Files\SopCast 2008-02-13 11:38 --------- d-----w C:\Program Files\Common Files\Adobe 2008-01-21 16:38 4,761,171 ----a-w C:\avicvtpo.exe 2007-05-09 03:51 882 -c--a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat 2006-12-07 01:07 245 -c--a-w C:\Program Files\urlswmr.txt 2006-12-07 00:31 362 -c--a-w C:\Program Files\Adapters.txt 2006-12-07 00:31 246 -c--a-w C:\Program Files\Adapter.txt 2006-12-07 00:30 119 -c--a-w C:\Program Files\urlsrmr.txt 2006-12-07 00:30 119 -c--a-w C:\Program Files\urlsquick.txt 2006-12-07 00:26 75,491 -c--a-w C:\Program Files\Uninstal.exe 2006-12-07 00:26 100 -c--a-w C:\Program Files\Setup.ini 2006-12-07 00:26 1,494 -c--a-w C:\Program Files\SavedReg.txt 2006-12-07 00:26 1,058 -c--a-w C:\Program Files\SavedWmpReg.txt 2006-11-20 02:43 1,002,496 -c--a-w C:\Program Files\WmrPro.exe 2006-11-20 02:41 404,992 -c--a-w C:\Program Files\wmrurl.exe 2006-11-20 01:59 136,704 -c--a-w C:\Program Files\wrestore.exe 2006-11-18 20:00 210,944 -c--a-w C:\Program Files\wmrp.exe 2006-11-15 21:00 505,856 -c--a-w C:\Program Files\rmrp.exe 2006-11-15 20:09 12,027 -c--a-w C:\Program Files\Install.iip 2006-11-01 22:54 161,280 -c--a-w C:\Program Files\interface.exe 2006-10-30 17:12 275,456 -c--a-w C:\Program Files\wmrwmp.exe 2006-10-15 16:29 422 -c--a-w C:\Program Files\About.rtf 2006-10-15 15:38 297,984 -c--a-w C:\Program Files\YTRecorder.exe 2006-10-15 02:46 1,200 -c--a-w C:\Program Files\iFavorites.txt 2006-10-11 20:29 36,922 -c--a-w C:\Program Files\itv.txt 2006-08-31 01:03 143,360 -c--a-w C:\Program Files\Stream1.dll 2006-08-02 02:20 594 -c--a-w C:\Program Files\Demo.rtf 2006-07-20 19:43 1,887 -c--a-w C:\Program Files\iradio.txt 2006-07-17 03:04 2,349 -c--a-w C:\Program Files\ivideoaudio.txt 2006-07-01 16:31 447 -c--a-w C:\Program Files\Registration.rtf 2006-06-01 23:22 409 -c--a-w C:\Program Files\Allow.rtf 2006-06-01 23:06 0 -c--a-w C:\Program Files\scheduled.txt 2006-05-01 15:54 48 -c--a-w C:\Program Files\set_up.txt 2006-04-21 16:26 41,984 -c--a-w C:\Program Files\WParseUrl.exe 2006-03-05 17:08 101,980 -c--a-w C:\Program Files\sound2.wav 2006-03-05 16:44 67,832 -c--a-w C:\Program Files\sound3.wav 2006-03-05 14:59 121,344 -c--a-w C:\Program Files\Rmfix.dll 2006-02-17 02:51 26,688 -c--a-w C:\Program Files\sound21.wav 2006-02-04 02:53 19,676 -c--a-w C:\Program Files\sound1.wav 2006-01-28 16:01 467,181 -c--a-w C:\Program Files\WinPcap_3_1.exe 2005-12-30 16:49 159,232 -c--a-w C:\Program Files\RxTx.exe 2005-12-12 00:18 528 -c--a-w C:\Program Files\NetShow.reg 2005-12-12 00:18 1,578 -c--a-w C:\Program Files\MediaPlayer.reg 2005-10-22 15:23 1,155,839 -c--a-w C:\Program Files\FLVPlayer.exe 2004-08-10 04:00 5,212 -c--a-w C:\Program Files\soring.wav . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] 2007-08-25 00:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] 2008-01-31 08:51 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-25 00:51 316784] [HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 00:51 316784] [HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 01:00 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 19:03 68856] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "SpybotDeletingB2862"="command /c del C:\WINDOWS\wt\webdriver.dll" [ ] "SpybotDeletingD141"="cmd /c del C:\WINDOWS\wt\webdriver.dll" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 08:04 59392] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-12-01 07:55 126976] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 10:54 253952] "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 08:42 659456] "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 07:43 57344] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-06-15 17:47 180269] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 14:15 51048] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-25 01:53 714608] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-12-16 15:32 77824] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 23:28:24 258048] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "rdihost"= {2F6FDD59-59D4-425B-A21D-71A3E4D12B17} - rdihost.dll [ ] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk backup=C:\WINDOWS\pss\Trend Micro Anti-Spyware.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Debug amen] C:\DOCUME~1\HP_ADM~1\APPLIC~1\THIRDD~1\Lite phone sect.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] --a--c--- 2004-03-17 20:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp] --a--c--- 2005-02-25 19:34 245760 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2005-06-15 17:47 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= R3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32] R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 21:27] S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 21:27] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14781a96-ae49-11db-8524-0013d4329e90}] \Shell\Auto\command - sxs.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1490d1e8-a312-11da-a2ad-0013d4329e90}] \Shell\AutoRun\command - K:\ie.exe \Shell\explore\Command - K:\ie.exe \Shell\open\Command - K:\ie.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36e980d5-3559-11dc-86c1-0013d4329e90}] \Shell\AutoRun\command - K:\xn1i9x.com \Shell\explore\Command - K:\xn1i9x.com \Shell\open\Command - K:\xn1i9x.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4296a4a3-855a-11db-849d-0013d4329e90}] \Shell\AutoRun\command - K:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4296a4a4-855a-11db-849d-0013d4329e90}] \Shell\AutoRun\command - setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49802660-684c-11db-8422-0013d4329e90}] \Shell\Auto\command - sxs.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59b28b98-183c-11dc-8674-0013d4329e90}] \Shell\Auto\command - sxs.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aea44126-dde4-11db-85c0-0013d4329e90}] \Shell\Auto\command - sxs.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb0cbbce-cd91-11db-8591-0013d4329e90}] \Shell\Auto\command - sxs.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c155553d-026a-11dc-862f-0013d4329e90}] \Shell\AutoRun\command - K:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cce353f1-53f7-11dc-8716-0013d4329e90}] \Shell\AutoRun\command - G:\cb.bat \Shell\explore\Command - G:\cb.bat \Shell\open\Command - G:\cb.bat Newly Created Service - AAWSERVICE Newly Created Service - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-04-02 18:00:00 C:\WINDOWS\Tasks\A9634BD59180C3C5.job" - c:\docume~1\hp_adm~1\applic~1\thirdd~1\dentoozedart.exe "2008-03-25 19:43:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-03-22 02:00:02 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - HP_Administrator.job" - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK: . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-02 15:18:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-04-02 15:21:29 ComboFix-quarantined-files.txt 2008-04-02 18:21:19 Pre-Run: 129,577,312,256 bytes free Post-Run: 129,688,346,624 bytes free . 2008-03-20 23:51:09 --- E O F ---

kwyjibo View Member Profile	Apr 2 2008, 06:59 PM Post #4
New Member Group: Member Posts: 7 Joined: 2-April 08 Member No.: 24105	Update: And I apologize for the consistent messages, just trying to keep up informed. After combofix ended, everything disappeared. Task bar/desktop icons, etc. There was nothing except the wallpaper. Restarted it and now everything is working fine again. I don't know why, though. But Combofix seemed to have been involved. Right now, I'm kind of hesitant on inserting my jumpdrive into the hard-drive because I think it might've been the problem (I only use my jumpdrive at University computers) Nevertheless, if within the log posted above the administrators manage to locate what it was that was making (or could've been making) the computer act funny I would like to know, as to avoid another scare like that. So relieved right now, but on edge since I don't know where the problem originated from.

teacup61 View Member Profile	Apr 3 2008, 01:54 PM Post #5
Is GSF inventory Group: Charter Members Posts: 1558 Joined: 18-May 06 Member No.: 18711	Hello kwyjibo, If you're finished replying to yourself, please post a new HijackThis log so I can see where you are now. A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use. Regards, tea

kwyjibo View Member Profile	Apr 3 2008, 05:44 PM Post #6
New Member Group: Member Posts: 7 Joined: 2-April 08 Member No.: 24105	I followed the procedures as specified when running combofix...I downloaded a new batch (batch...?) of Windows XP Home Edition, dragged the icon into the Combofix desktop icon (as instructed in a link page before running the tool). I also disabled all anti-virus/anti-spyware/anti-spam programs before activating Combofix. Added note: My computer is running MUCH better than it did before and the computer now SHOWS hidden files. Spybot/Ad-Aware/Combofix...excellent! I deleted Combofix, but kept the rest of the programs (Ad-aware, Spybot and HiJackThis). BTW, is Avira a good anti-virus? My professor was talking about it in class and said that it's a good free anti-virus... Anyway, here's the new hijack log... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:33:26 PM, on 4/3/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\hkcmd.exe C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe C:\WINDOWS\system32\hphmon06.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTBSDK.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll O2 - BHO: (no name) - ¨¨8-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: (no name) - °AB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file) O2 - BHO: (no name) - àA886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file) O2 - BHO: (no name) - €AA6170-7264-4D0F-BEAE-D42A53123C75} - (no file) O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKLM\..\Run: [Microsoft] C:\WINDOWS\wuauclt.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Search - ?p=ZSzim029YYUS O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {54579C3D-A58D-4623-B5B5-465552BDA45B} - O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ES-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zango/ie/b...84e4a5f1f490789 O16 - DPF: {EFB23983-5803-4914-ADA3-C0EA2CFBDC37} - O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{BEEA420B-172D-4682-86B8-6BE4B3CABBA4}: NameServer = 192.168.0.1,192.168.1.1 O21 - SSODL: rdihost - {2F6FDD59-59D4-425B-A21D-71A3E4D12B17} - rdihost.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 12815 bytes

teacup61 View Member Profile	Apr 4 2008, 06:44 PM Post #7
Is GSF inventory Group: Charter Members Posts: 1558 Joined: 18-May 06 Member No.: 18711	Hello, Did I read that right? You downloaded a new pirated and illegal version of XP??

kwyjibo View Member Profile	Apr 5 2008, 04:57 AM Post #8
New Member Group: Member Posts: 7 Joined: 2-April 08 Member No.: 24105	LOL Of course not. I don't know what it was...it was a (I think) recovery console(?). It's something you drag to the combofix desktop icon before running it...that specific desktop icon (windows) looks like a basket full of papers. The site stated that the step should be done incase complications arise when running Combofix. Regardless of how close I probably came to obliterating my computer, I sure won't try it again. :S

teacup61 View Member Profile	Apr 5 2008, 06:24 PM Post #9
Is GSF inventory Group: Charter Members Posts: 1558 Joined: 18-May 06 Member No.: 18711	Wow.....you scared me! Thank you so much for clearing that up. Yes, ComboFix suggests Recovery Console now. Sometimes malware is so bad that the only way to recover from it is to use Recovery Console. Please run HijackThis! and click "Scan." Place checks next to the following entries, if present: O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - ¨¨8-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: (no name) - °AB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file) O2 - BHO: (no name) - àA886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file) O2 - BHO: (no name) - €AA6170-7264-4D0F-BEAE-D42A53123C75} - (no file) O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKLM\..\Run: [Microsoft] C:\WINDOWS\wuauclt.exe O16 - DPF: {54579C3D-A58D-4623-B5B5-465552BDA45B} - O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zango/ie/b...84e4a5f1f490789 O16 - DPF: {EFB23983-5803-4914-ADA3-C0EA2CFBDC37} - O21 - SSODL: rdihost - {2F6FDD59-59D4-425B-A21D-71A3E4D12B17} - rdihost.dll (file missing) Close all browsers and other windows except for HijackThis!, and click "Fix checked". Navigate to and delete the following folders (if they exist): C:\Program Files\RXToolBar C:\Program Files\Zango Reboot your computer. Now please run ComboFix again and post the report, along with a new HijackThis log. Still running all right? Thanks, tea

« Next Oldest · HELP! Think you are Infected? · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 21st November 2009 - 12:05 AM

Licensed to: Gladiator-Antivirus-Forums

Design by: Skins IPB & Web Browsers