Help - Search - Members - Calendar
Full Version: Another bloodhound.packed.jmp issue
Gladiator Security Forum > Malware Help Forum > HELP! Think you are Infected?
kwyjibo
Apr 2 2008, 04:25 PM
Coincidentally, my computer [somehow] got this yesterday. I noticed something was strange when I accessed HP_Pavilion and a new window popped up. No big deal, though. There was nothing corrupted (per se), but I found it strange that the contents of the hard drive would pop up in a separate window instead of appearing on the SAME WINDOW I was navigating. At the same time, Norton detected bloodhound.packed.jmp, but nothing's completely back to normal. Here's the issue (just as the poster in the other topic had mentioned)...I cannot access hidden files now! I'm assuming it has to do with the window popping up and such, but...before coming here I searched around a little and it had said to try going to CONTROL PANEL-->SYSTEM--->and then deactivating SYSTEM RESTORE.

I made things a little worse, since now I have to open my hard drive contents using a BROWSER. Like for example, I want to access my separate documents in HP Pavilion so I double click HP Pavilion, and it asks me with which program I want to open it with...and I have no choice but to navigate my contents by using a browser.

Anyway, I hope you guys can help out a little...nice site here!

Here are the log contents from Ad-ware:

Listing of Running Processes
• C:\WINDOWS\SYSTEM32\SMSS.EXE
o c:\windows\system32\smss.exe
o c:\windows\system32\ntdll.dll
• C:\WINDOWS\SYSTEM32\CSRSS.EXE
o c:\windows\system32\csrss.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\csrsrv.dll
o c:\windows\system32\basesrv.dll
o c:\windows\system32\winsrv.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\sxs.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
• C:\WINDOWS\SYSTEM32\WINLOGON.EXE
o c:\windows\system32\winlogon.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\authz.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\crypt32.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\msasn1.dll
o c:\windows\system32\nddeapi.dll
o c:\windows\system32\profmap.dll
o c:\windows\system32\netapi32.dll
o c:\windows\system32\userenv.dll
o c:\windows\system32\psapi.dll
o c:\windows\system32\regapi.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\setupapi.dll
o c:\windows\system32\version.dll
o c:\windows\system32\winsta.dll
o c:\windows\system32\wintrust.dll
o c:\windows\system32\imagehlp.dll
o c:\windows\system32\ws2_32.dll
o c:\windows\system32\ws2help.dll
o c:\windows\system32\imm32.dll
o c:\windows\system32\msgina.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\comctl32.dll
o c:\windows\system32\odbc32.dll
o c:\windows\system32\comdlg32.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\odbcint.dll
o c:\windows\system32\shsvcs.dll
o c:\windows\system32\sfc.dll
o c:\windows\system32\sfc_os.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\apphelp.dll
o c:\windows\system32\msctfime.ime
o c:\windows\system32\winscard.dll
o c:\windows\system32\wtsapi32.dll
o c:\windows\system32\winmm.dll
o c:\windows\system32\uxtheme.dll
o c:\windows\system32\cscdll.dll
o c:\windows\system32\wlnotify.dll
o c:\windows\system32\winspool.drv
o c:\windows\system32\mpr.dll
o c:\windows\system32\rsaenh.dll
o c:\windows\system32\wgalogon.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\ntmarta.dll
o c:\windows\system32\wldap32.dll
o c:\windows\system32\samlib.dll
o c:\windows\system32\clbcatq.dll
o c:\windows\system32\comres.dll
o c:\windows\system32\sxs.dll
o c:\windows\system32\msv1_0.dll
o c:\windows\system32\iphlpapi.dll
o c:\windows\system32\cscui.dll
o c:\windows\system32\xpsp2res.dll
o c:\windows\system32\wdmaud.drv
o c:\windows\system32\msacm32.drv
o c:\windows\system32\msacm32.dll
o c:\windows\system32\midimap.dll
• C:\WINDOWS\SYSTEM32\SERVICES.EXE
o c:\windows\system32\services.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\userenv.dll
o c:\windows\system32\scesrv.dll
o c:\windows\system32\authz.dll
o c:\windows\system32\umpnpmgr.dll
o c:\windows\system32\winsta.dll
o c:\windows\system32\netapi32.dll
o c:\windows\system32\ncobjapi.dll
o c:\windows\system32\msvcp60.dll
o c:\windows\system32\shimeng.dll
o c:\windows\apppatch\acgenral.dll
o c:\windows\system32\winmm.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\msacm32.dll
o c:\windows\system32\version.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\uxtheme.dll
o c:\windows\system32\imm32.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\comctl32.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\apphelp.dll
o c:\windows\system32\eventlog.dll
o c:\windows\system32\ws2_32.dll
o c:\windows\system32\ws2help.dll
o c:\windows\system32\psapi.dll
o c:\windows\system32\wtsapi32.dll
• C:\WINDOWS\SYSTEM32\LSASS.EXE
o c:\windows\system32\lsass.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\lsasrv.dll
o c:\windows\system32\mpr.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\msasn1.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\netapi32.dll
o c:\windows\system32\ntdsapi.dll
o c:\windows\system32\dnsapi.dll
o c:\windows\system32\ws2_32.dll
o c:\windows\system32\ws2help.dll
o c:\windows\system32\wldap32.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\samlib.dll
o c:\windows\system32\samsrv.dll
o c:\windows\system32\cryptdll.dll
o c:\windows\system32\shimeng.dll
o c:\windows\apppatch\acgenral.dll
o c:\windows\system32\winmm.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\msacm32.dll
o c:\windows\system32\version.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\userenv.dll
o c:\windows\system32\uxtheme.dll
o c:\windows\system32\imm32.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\comctl32.dll
o c:\windows\system32\msprivs.dll
o c:\windows\system32\kerberos.dll
o c:\windows\system32\msv1_0.dll
o c:\windows\system32\iphlpapi.dll
o c:\windows\system32\netlogon.dll
o c:\windows\system32\w32time.dll
o c:\windows\system32\msvcp60.dll
o c:\windows\system32\schannel.dll
o c:\windows\system32\crypt32.dll
o c:\windows\system32\wdigest.dll
o c:\windows\system32\rsaenh.dll
o c:\windows\system32\setupapi.dll
o c:\windows\system32\scecli.dll
o c:\windows\system32\ipsecsvc.dll
o c:\windows\system32\authz.dll
o c:\windows\system32\oakley.dll
o c:\windows\system32\winipsec.dll
o c:\windows\system32\pstorsvc.dll
o c:\windows\system32\mswsock.dll
o c:\windows\system32\hnetcfg.dll
o c:\windows\system32\wshtcpip.dll
o c:\windows\system32\psbase.dll
o c:\windows\system32\dssenh.dll
• C:\WINDOWS\SYSTEM32\SVCHOST.EXE
o c:\windows\system32\svchost.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\shimeng.dll
o c:\windows\apppatch\acgenral.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\winmm.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\msacm32.dll
o c:\windows\system32\version.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\userenv.dll
o c:\windows\system32\uxtheme.dll
o c:\windows\system32\imm32.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\comctl32.dll
o c:\windows\system32\ntmarta.dll
o c:\windows\system32\wldap32.dll
o c:\windows\system32\samlib.dll
o c:\windows\system32\rpcss.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\ws2_32.dll
o c:\windows\system32\ws2help.dll
o c:\windows\system32\xpsp2res.dll
o c:\windows\system32\clbcatq.dll
o c:\windows\system32\comres.dll
o c:\windows\system32\termsrv.dll
o c:\windows\system32\icaapi.dll
o c:\windows\system32\setupapi.dll
o c:\windows\system32\wintrust.dll
o c:\windows\system32\crypt32.dll
o c:\windows\system32\msasn1.dll
o c:\windows\system32\imagehlp.dll
o c:\windows\system32\authz.dll
o c:\windows\system32\mstlsapi.dll
o c:\windows\system32\activeds.dll
o c:\windows\system32\adsldpc.dll
o c:\windows\system32\netapi32.dll
o c:\windows\system32\atl.dll
o c:\windows\system32\regapi.dll
o c:\windows\system32\rsaenh.dll
o c:\windows\system32\wtsapi32.dll
o c:\windows\system32\winsta.dll
o c:\windows\system32\msv1_0.dll
o c:\windows\system32\iphlpapi.dll
o c:\windows\system32\apphelp.dll
o c:\windows\system32\svchost.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\shimeng.dll
o c:\windows\apppatch\acgenral.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\winmm.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\msacm32.dll
o c:\windows\system32\version.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\userenv.dll
o c:\windows\system32\uxtheme.dll
o c:\windows\system32\imm32.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\comctl32.dll
o c:\windows\system32\rpcss.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\ws2_32.dll
o c:\windows\system32\ws2help.dll
o c:\windows\system32\xpsp2res.dll
o c:\windows\system32\rsaenh.dll
o c:\windows\system32\mswsock.dll
o c:\windows\system32\hnetcfg.dll
o c:\windows\system32\wshtcpip.dll
o c:\windows\system32\dnsapi.dll
o c:\windows\system32\iphlpapi.dll
o c:\windows\system32\winrnr.dll
o c:\windows\system32\wldap32.dll
o c:\program files\bonjour\mdnsnsp.dll
o c:\windows\system32\rasadhlp.dll
o c:\windows\system32\clbcatq.dll
o c:\windows\system32\comres.dll
o c:\windows\system32\msi.dll
o c:\windows\system32\svchost.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\shimeng.dll
o c:\windows\apppatch\acgenral.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\winmm.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\msacm32.dll
o c:\windows\system32\version.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\userenv.dll
o c:\windows\system32\uxtheme.dll
o c:\windows\system32\imm32.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\comctl32.dll
o c:\windows\system32\ntmarta.dll
o c:\windows\system32\wldap32.dll
o c:\windows\system32\samlib.dll
o c:\windows\system32\xpsp2res.dll
o c:\windows\system32\shsvcs.dll
o c:\windows\system32\winsta.dll
o c:\windows\system32\netapi32.dll
o c:\windows\system32\rsaenh.dll
o c:\windows\system32\dhcpcsvc.dll
o c:\windows\system32\dnsapi.dll
o c:\windows\system32\ws2_32.dll
o c:\windows\system32\ws2help.dll
o c:\windows\system32\iphlpapi.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\wzcsvc.dll
o c:\windows\system32\rtutils.dll
o c:\windows\system32\wmi.dll
o c:\windows\system32\crypt32.dll
o c:\windows\system32\msasn1.dll
o c:\windows\system32\wtsapi32.dll
o c:\windows\system32\esent.dll
o c:\windows\system32\atl.dll
o c:\windows\system32\rastls.dll
o c:\windows\system32\cryptui.dll
o c:\windows\system32\wintrust.dll
o c:\windows\system32\imagehlp.dll
o c:\windows\system32\wininet.dll
o c:\windows\system32\normaliz.dll
o c:\windows\system32\iertutil.dll
o c:\windows\system32\mprapi.dll
o c:\windows\system32\activeds.dll
o c:\windows\system32\adsldpc.dll
o c:\windows\system32\setupapi.dll
o c:\windows\system32\rasapi32.dll
o c:\windows\system32\rasman.dll
o c:\windows\system32\tapi32.dll
o c:\windows\system32\schannel.dll
o c:\windows\system32\winscard.dll
o c:\windows\system32\raschap.dll
o c:\windows\system32\msv1_0.dll
o c:\windows\system32\clbcatq.dll
o c:\windows\system32\comres.dll
o c:\windows\system32\schedsvc.dll
o c:\windows\system32\ntdsapi.dll
o c:\windows\system32\msidle.dll
o c:\windows\system32\audiosrv.dll
o c:\windows\system32\wkssvc.dll
o c:\windows\system32\qmgr.dll
o c:\windows\system32\mpr.dll
o c:\windows\system32\shfolder.dll
o c:\windows\system32\winhttp.dll
o c:\windows\system32\dmserver.dll
o c:\windows\system32\mswsock.dll
o c:\windows\system32\cryptsvc.dll
o c:\windows\system32\certcli.dll
o c:\windows\system32\srvsvc.dll
o c:\windows\system32\hnetcfg.dll
o c:\windows\system32\wshtcpip.dll
o c:\windows\pchealth\helpctr\binaries\pchsvc.dll
o c:\windows\system32\es.dll
o c:\windows\system32\ersvc.dll
o c:\windows\system32\netman.dll
o c:\windows\system32\netshell.dll
o c:\windows\system32\credui.dll
o c:\windows\system32\wzcsapi.dll
o c:\windows\system32\seclogon.dll
o c:\windows\system32\trkwks.dll
o c:\windows\system32\srsvc.dll
o c:\windows\system32\powrprof.dll
o c:\windows\system32\sens.dll
o c:\windows\system32\w32time.dll
o c:\windows\system32\msvcp60.dll
o c:\windows\system32\wbem\wmisvc.dll
o c:\windows\system32\vssapi.dll
o c:\windows\system32\browser.dll
o c:\windows\system32\wuauserv.dll
o c:\windows\system32\ipnathlp.dll
o c:\windows\system32\authz.dll
o c:\windows\system32\wuaueng.dll
o c:\windows\system32\winspool.drv
o c:\windows\system32\cabinet.dll
o c:\windows\system32\mspatcha.dll
o c:\windows\system32\sxs.dll
o c:\windows\system32\comsvcs.dll
o c:\windows\system32\colbact.dll
o c:\windows\system32\mtxclu.dll
o c:\windows\system32\wsock32.dll
o c:\windows\system32\clusapi.dll
o c:\windows\system32\resutils.dll
o c:\windows\system32\sfc.dll
o c:\windows\system32\sfc_os.dll
o c:\windows\system32\rasadhlp.dll
o c:\windows\system32\wbem\wbemcomn.dll
o c:\windows\system32\wbem\wbemcore.dll
o c:\windows\system32\wbem\esscli.dll
o c:\windows\system32\wbem\fastprox.dll
o c:\windows\system32\wbem\wbemsvc.dll
o c:\windows\system32\wbem\wmiutils.dll
o c:\windows\system32\wbem\repdrvfs.dll
o c:\windows\system32\upnp.dll
o c:\windows\system32\ssdpapi.dll
o c:\windows\system32\wbem\wmiprvsd.dll
o c:\windows\system32\ncobjapi.dll
o c:\windows\system32\netcfgx.dll
o c:\windows\system32\msi.dll
o c:\windows\system32\rasmans.dll
o c:\windows\system32\winipsec.dll
o c:\windows\system32\wbem\wbemess.dll
o c:\windows\system32\tapisrv.dll
o c:\windows\system32\psapi.dll
o c:\windows\system32\rastapi.dll
o c:\windows\system32\unimdm.tsp
o c:\windows\system32\uniplat.dll
o c:\windows\system32\unimdmat.dll
o c:\windows\system32\modemui.dll
o c:\windows\system32\kmddsp.tsp
o c:\windows\system32\ndptsp.tsp
o c:\windows\system32\ipconf.tsp
o c:\windows\system32\msxml3.dll
o c:\windows\system32\h323.tsp
o c:\windows\system32\hidphone.tsp
o c:\windows\system32\hid.dll
o c:\windows\system32\rasppp.dll
o c:\windows\system32\ntlsapi.dll
o c:\windows\system32\kerberos.dll
o c:\windows\system32\cryptdll.dll
o c:\windows\system32\apphelp.dll
o c:\windows\system32\rasdlg.dll
o c:\windows\system32\wbem\ncprov.dll
o c:\windows\system32\dssenh.dll
o c:\windows\system32\winrnr.dll
o c:\program files\bonjour\mdnsnsp.dll
o c:\windows\system32\advpack.dll
o c:\windows\system32\catsrvut.dll
o c:\windows\system32\catsrv.dll
o c:\windows\system32\mfcsubs.dll
o c:\windows\system32\urlmon.dll
o c:\windows\system32\wbem\wbemcons.dll
o c:\windows\system32\svchost.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\shimeng.dll
o c:\windows\apppatch\acgenral.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\winmm.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\msacm32.dll
o c:\windows\system32\version.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\userenv.dll
o c:\windows\system32\uxtheme.dll
o c:\windows\system32\imm32.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\comctl32.dll
o c:\windows\system32\dnsrslvr.dll
o c:\windows\system32\dnsapi.dll
o c:\windows\system32\ws2_32.dll
o c:\windows\system32\ws2help.dll
o c:\windows\system32\iphlpapi.dll
o c:\windows\system32\mswsock.dll
o c:\windows\system32\hnetcfg.dll
o c:\windows\system32\wshtcpip.dll
o c:\windows\system32\svchost.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\shimeng.dll
o c:\windows\apppatch\acgenral.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\winmm.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\msacm32.dll
o c:\windows\system32\version.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\userenv.dll
o c:\windows\system32\uxtheme.dll
o c:\windows\system32\imm32.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\comctl32.dll
o c:\windows\system32\ntmarta.dll
o c:\windows\system32\wldap32.dll
o c:\windows\system32\samlib.dll
o c:\windows\system32\xpsp2res.dll
o c:\windows\system32\lmhsvc.dll
o c:\windows\system32\iphlpapi.dll
o c:\windows\system32\ws2_32.dll
o c:\windows\system32\ws2help.dll
o c:\windows\system32\webclnt.dll
o c:\windows\system32\wininet.dll
o c:\windows\system32\normaliz.dll
o c:\windows\system32\iertutil.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\regsvc.dll
o c:\windows\system32\ssdpsrv.dll
o c:\windows\system32\hnetcfg.dll
o c:\windows\system32\clbcatq.dll
o c:\windows\system32\comres.dll
o c:\windows\system32\mswsock.dll
o c:\windows\system32\wshtcpip.dll
• C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSVCHST.EXE
o c:\program files\common files\symantec shared\ccsvchst.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
o c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
o c:\program files\common files\symantec shared\ccl70u.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\imm32.dll
o c:\windows\system32\ws2_32.dll
o c:\windows\system32\ws2help.dll
o c:\windows\system32\dbghelp.dll
o c:\windows\system32\version.dll
o c:\windows\system32\xpsp2res.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\program files\common files\symantec shared\ccvrtrst.dll
o c:\windows\system32\setupapi.dll
o c:\windows\system32\wsock32.dll
o c:\windows\system32\crypt32.dll
o c:\windows\system32\msasn1.dll
o c:\windows\system32\wintrust.dll
o c:\windows\system32\imagehlp.dll
o c:\program files\common files\symantec shared\ccsvc.dll
o c:\program files\common files\symantec shared\ccipc.dll
o c:\windows\system32\secur32.dll
o c:\program files\common files\symantec shared\ccset.dll
o c:\progra~1\common~1\symant~1\ccsetplg.dll
o c:\progra~1\norton~1\norton~1\avpsvc32.dll
o c:\program files\norton internet security\norton antivirus\avsubmit.dll
o c:\progra~1\common~1\symant~1\ccsubeng.dll
o c:\progra~1\common~1\symant~1\homenet\hncore.dll
o c:\progra~1\norton~1\isdatasv.dll
o c:\progra~1\common~1\symant~1\sndsvc.dll
o c:\windows\system32\iphlpapi.dll
o c:\windows\system32\shell32.dll
o c:\program files\common files\symantec shared\ccl70.dll
o c:\progra~1\common~1\symant~1\spbbc\tprocplg.dll
o c:\windows\system32\msi.dll
o c:\progra~1\common~1\symant~1\npc\2.0\wmimontr.dll
o c:\windows\system32\rasapi32.dll
o c:\windows\system32\rasman.dll
o c:\windows\system32\netapi32.dll
o c:\windows\system32\tapi32.dll
o c:\windows\system32\rtutils.dll
o c:\windows\system32\winmm.dll
o c:\windows\system32\clbcatq.dll
o c:\windows\system32\comres.dll
o c:\windows\system32\wbem\wbemprox.dll
o c:\windows\system32\wbem\wbemcomn.dll
o c:\progra~1\common~1\symant~1\ccevtplg.dll
o c:\progra~1\common~1\symant~1\appcore\appplg32.dll
o c:\progra~1\common~1\symant~1\htec\htec.dll
o c:\windows\system32\winhttp.dll
o c:\windows\system32\netman.dll
o c:\windows\system32\mprapi.dll
o c:\windows\system32\activeds.dll
o c:\windows\system32\adsldpc.dll
o c:\windows\system32\wldap32.dll
o c:\windows\system32\atl.dll
o c:\windows\system32\samlib.dll
o c:\windows\system32\netshell.dll
o c:\windows\system32\credui.dll
o c:\windows\system32\wininet.dll
o c:\windows\system32\normaliz.dll
o c:\windows\system32\iertutil.dll
o c:\windows\system32\wzcsapi.dll
o c:\windows\system32\wzcsvc.dll
o c:\windows\system32\wmi.dll
o c:\windows\system32\dhcpcsvc.dll
o c:\windows\system32\dnsapi.dll
o c:\windows\system32\wtsapi32.dll
o c:\windows\system32\winsta.dll
o c:\windows\system32\esent.dll
o c:\program files\common files\symantec shared\appcore\appmgr32.dll
o c:\progra~1\common~1\symant~1\ids\ipsplug.dll
o c:\progra~1\common~1\symant~1\ncwhypex\ncwhypex.dll
o c:\windows\system32\psapi.dll
o c:\windows\system32\symneti.dll
o c:\windows\system32\userenv.dll
o c:\program files\common files\symantec shared\appcore\appset32.dll
o c:\progra~1\common~1\symant~1\pif\{96e26~1\pifeng.dll
o c:\program files\common files\symantec shared\antivirus\avscan.dll
o c:\program files\common files\symantec shared\antivirus\avdefmgr.dll
o c:\program files\common files\symantec shared\ccevtcli.dll
o c:\progra~1\common~1\symant~1\firewall\fwagent.dll
o c:\progra~1\common~1\symant~1\spbbc\spbbcevt.dll
o c:\program files\common files\symantec shared\antivirus\avmodule.dll
o c:\windows\system32\uxtheme.dll
o c:\progra~1\common~1\symant~1\srtsp\srtsp32.dll
o c:\progra~1\common~1\symant~1\ccsetevt.dll
o c:\windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\atl80.dll
o c:\progra~1\norton~1\norton~1\navevent.dll
o c:\program files\common files\symantec shared\ccprosub.dll
o c:\program files\norton internet security\setevthp.dll
o c:\windows\system32\msjetoledb40.dll
o c:\windows\system32\msjet40.dll
o c:\windows\system32\mswstr10.dll
o c:\windows\system32\msjter40.dll
o c:\windows\system32\msjint40.dll
o c:\windows\system32\rsaenh.dll
o c:\program files\common files\system\ole db\oledb32.dll
o c:\windows\system32\msdart.dll
o c:\windows\system32\comdlg32.dll
o c:\program files\common files\system\ole db\oledb32r.dll
o c:\program files\common files\symantec shared\qbackup.dll
o c:\windows\system32\msjtes40.dll
o c:\windows\system32\vbajet32.dll
o c:\windows\system32\expsrv.dll
o c:\program files\common files\symantec shared\spbbc\cctrstpc.dll
o c:\windows\system32\sfc.dll
o c:\windows\system32\sfc_os.dll
o c:\program files\norton internet security\isdatacl.dll
o c:\program files\common files\symantec shared\firewall\fwhelper.dll
o c:\program files\common files\symantec shared\antivirus\avifc.dll
o c:\program files\norton internet security\fwplugin.dll
o c:\program files\norton internet security\fwevent.dll
o c:\progra~1\common~1\symant~1\opc\{c86ea~1\cltnetcn.dll
o c:\docume~1\alluse~1\applic~1\symantec\syknapps\syknapps.dll
o c:\program files\common files\symantec shared\spbbc\spbbccli.dll
o c:\windows\system32\wbem\wbemsvc.dll
o c:\windows\system32\wbem\fastprox.dll
o c:\windows\system32\msvcp60.dll
o c:\windows\system32\ntdsapi.dll
o c:\program files\common files\symantec shared\coshared\wa\2.0\nppccwkr.dll
o c:\program files\common files\symantec shared\coshared\wa\2.0\nppdsmgr.dll
o c:\program files\common files\symantec shared\coshared\browser\2.0\coregmon.dll
o c:\program files\common files\symantec shared\coshared\cw\2.0\cwbb.dll
o c:\program files\norton internet security\imcfg.dll
o c:\program files\common files\symantec shared\col\bbif.dll
o c:\windows\system32\winspool.drv
o c:\program files\common files\symantec shared\coshared\cw\2.0\cwcon.dll
o c:\program files\common files\symantec shared\spbbc\bbrgen.dll
o c:\windows\system32\mswsock.dll
o c:\windows\system32\winrnr.dll
o c:\program files\bonjour\mdnsnsp.dll
o c:\windows\system32\rasadhlp.dll
o c:\windows\system32\hnetcfg.dll
o c:\windows\system32\wshtcpip.dll
o c:\progra~1\common~1\symant~1\pif\{96e26~1\pollmgr.dll
o c:\program files\common files\symantec shared\ccsebind.dll
o c:\program files\common files\symantec shared\htec\htecsub.dll
o c:\program files\common files\symantec shared\coshared\cw\2.0\cosubmit.dll
o c:\program files\common files\symantec shared\coshared\cw\2.0\cosubxlt.dll
o c:\program files\common files\symantec shared\ccscanw.dll
o c:\program files\common files\symantec shared\ecmldr32.dll
o c:\program files\common files\symantec shared\msl\msl.dll
o c:\progra~1\common~1\symant~1\virusd~1\20080401.040\cceraser.dll
o c:\windows\system32\mscoree.dll
o c:\windows\microsoft.net\framework\v1.1.4322\fusion.dll
o c:\windows\microsoft.net\framework\v1.1.4322\msvcr71.dll
o c:\windows\system32\sxs.dll
• C:\WINDOWS\EXPLORER.EXE
o c:\windows\explorer.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\browseui.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\shdocvw.dll
o c:\windows\system32\crypt32.dll
o c:\windows\system32\msasn1.dll
o c:\windows\system32\cryptui.dll
o c:\windows\system32\wintrust.dll
o c:\windows\system32\imagehlp.dll
o c:\windows\system32\netapi32.dll
o c:\windows\system32\wininet.dll
o c:\windows\system32\normaliz.dll
o c:\windows\system32\iertutil.dll
o c:\windows\system32\wldap32.dll
o c:\windows\system32\version.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\uxtheme.dll
o c:\windows\system32\shimeng.dll
o c:\windows\apppatch\acgenral.dll
o c:\windows\system32\winmm.dll
o c:\windows\system32\msacm32.dll
o c:\windows\system32\userenv.dll
o c:\windows\system32\imm32.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\comctl32.dll
o c:\windows\system32\msctfime.ime
o c:\windows\system32\apphelp.dll
o c:\windows\system32\clbcatq.dll
o c:\windows\system32\comres.dll
o c:\windows\system32\cscui.dll
o c:\windows\system32\cscdll.dll
o c:\windows\system32\themeui.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\msimg32.dll
o c:\windows\system32\xpsp2res.dll
o c:\progra~1\window~1\wmpband.dll
o c:\windows\system32\mpr.dll
o c:\program files\itunes\itunesminiplayer.dll
o c:\program files\itunes\itunesminiplayer.resources\en.lproj\itunesminiplayerlocalized.dll
o c:\program files\itunes\itunesminiplayer.resources\itunesminiplayer.dll
o c:\windows\system32\samlib.dll
o c:\windows\system32\setupapi.dll
o c:\windows\system32\linkinfo.dll
o c:\windows\system32\ntshrui.dll
o c:\windows\system32\atl.dll
o c:\windows\system32\ieframe.dll
o c:\windows\system32\psapi.dll
o c:\windows\system32\msi.dll
o c:\windows\system32\urlmon.dll
o c:\windows\system32\winsta.dll
o c:\windows\system32\webcheck.dll
o c:\windows\system32\stobject.dll
o c:\windows\system32\batmeter.dll
o c:\windows\system32\powrprof.dll
o c:\windows\system32\wtsapi32.dll
o c:\windows\system32\upnpui.dll
o c:\windows\system32\netshell.dll
o c:\windows\system32\rtutils.dll
o c:\windows\system32\credui.dll
o c:\windows\system32\ws2_32.dll
o c:\windows\system32\ws2help.dll
o c:\windows\system32\iphlpapi.dll
o c:\windows\system32\upnp.dll
o c:\windows\system32\winhttp.dll
o c:\windows\system32\ssdpapi.dll
o c:\windows\system32\hnetcfg.dll
o c:\windows\system32\mswsock.dll
o c:\windows\system32\wshtcpip.dll
o c:\windows\system32\wdmaud.drv
o c:\windows\system32\msacm32.drv
o c:\windows\system32\midimap.dll
o c:\windows\system32\mlang.dll
o c:\windows\system32\msctf.dll
o c:\windows\system32\rsaenh.dll
o c:\windows\system32\drprov.dll
o c:\windows\system32\ntlanman.dll
o c:\windows\system32\netui0.dll
o c:\windows\system32\netui1.dll
o c:\windows\system32\netrap.dll
o c:\windows\system32\davclnt.dll
o c:\windows\system32\fxsst.dll
o c:\windows\system32\winspool.drv
o c:\windows\system32\fxsapi.dll
o c:\windows\system32\ntmarta.dll
o c:\program files\common files\symantec shared\npc\2.0\npcext.dll
o c:\windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\atl80.dll
o c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
o c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
o c:\program files\common files\symantec shared\ccl70u.dll
o c:\windows\system32\mslbui.dll
o c:\windows\system32\sxs.dll
o c:\windows\system32\browselc.dll
o c:\windows\system32\rasapi32.dll
o c:\windows\system32\rasman.dll
o c:\windows\system32\tapi32.dll
o c:\windows\system32\dnsapi.dll
o c:\windows\system32\winrnr.dll
o c:\program files\bonjour\mdnsnsp.dll
o c:\windows\system32\rasadhlp.dll
o c:\windows\system32\msgina.dll
o c:\windows\system32\odbc32.dll
o c:\windows\system32\comdlg32.dll
o c:\windows\system32\odbcint.dll
o c:\windows\system32\duser.dll
o c:\windows\system32\sti.dll
o c:\windows\system32\cfgmgr32.dll
o c:\windows\system32\mydocs.dll
o c:\windows\system32\shdoclc.dll
o c:\windows\system32\wzcsapi.dll
• C:\WINDOWS\SYSTEM32\LEXBCES.EXE
o c:\windows\system32\lexbces.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\winspool.drv
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\mpr.dll
o c:\windows\system32\version.dll
o c:\windows\system32\imm32.dll
o c:\windows\system32\lexp2p32.dll
o c:\windows\system32\wsock32.dll
o c:\windows\system32\ws2_32.dll
o c:\windows\system32\ws2help.dll
o c:\windows\system32\comctl32.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\lex2kusb.dll
o c:\windows\system32\setupapi.dll
o c:\windows\system32\wintrust.dll
o c:\windows\system32\crypt32.dll
o c:\windows\system32\msasn1.dll
o c:\windows\system32\imagehlp.dll
• C:\WINDOWS\SYSTEM32\LEXPPS.EXE
o c:\windows\system32\lexpps.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\comctl32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\winspool.drv
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\imm32.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\uxtheme.dll
o c:\windows\system32\msctfime.ime
o c:\windows\system32\ole32.dll
o c:\windows\system32\mswsock.dll
o c:\windows\system32\ws2_32.dll
o c:\windows\system32\ws2help.dll
o c:\windows\system32\hnetcfg.dll
o c:\windows\system32\wshtcpip.dll
o c:\windows\system32\lexbce.dll
• C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
o c:\windows\system32\spoolsv.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\shimeng.dll
o c:\windows\apppatch\acgenral.dll
o c:\windows\system32\winmm.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\msacm32.dll
o c:\windows\system32\version.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\userenv.dll
o c:\windows\system32\uxtheme.dll
o c:\windows\system32\imm32.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\comctl32.dll
o c:\windows\system32\spoolss.dll
o c:\windows\system32\ws2_32.dll
o c:\windows\system32\ws2help.dll
o c:\windows\system32\dnsapi.dll
o c:\windows\system32\rasadhlp.dll
o c:\windows\system32\localspl.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\sfc_os.dll
o c:\windows\system32\wintrust.dll
o c:\windows\system32\crypt32.dll
o c:\windows\system32\msasn1.dll
o c:\windows\system32\imagehlp.dll
o c:\windows\system32\winspool.drv
o c:\windows\system32\netapi32.dll
o c:\windows\system32\cnbjmon.dll
o c:\windows\system32\hpzlnt12.dll
o c:\windows\system32\lexlmpm.dll
o c:\windows\system32\msctfime.ime
o c:\windows\system32\lexbce.dll
o c:\windows\system32\mdimon.dll
o c:\windows\system32\msi.dll
o c:\windows\system32\fxsmon.dll
o c:\windows\system32\fxsevent.dll
o c:\windows\system32\pjlmon.dll
o c:\windows\system32\tcpmon.dll
o c:\windows\system32\usbmon.dll
o c:\windows\system32\spool\prtprocs\w32x86\lxbkpp5c.dll
o c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
o c:\windows\system32\mswsock.dll
o c:\windows\system32\winrnr.dll
o c:\windows\system32\wldap32.dll
o c:\program files\bonjour\mdnsnsp.dll
o c:\windows\system32\iphlpapi.dll
o c:\windows\system32\win32spl.dll
o c:\windows\system32\netrap.dll
o c:\windows\system32\ntdsapi.dll
o c:\windows\system32\clbcatq.dll
o c:\windows\system32\comres.dll
o c:\windows\system32\inetpp.dll
o c:\windows\system32\xpsp2res.dll
o c:\windows\system32\lxbkpwr.dll
• C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
o c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\wsock32.dll
o c:\windows\system32\ws2_32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\ws2help.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\setupapi.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\imm32.dll
o c:\windows\system32\mswsock.dll
o c:\windows\system32\hnetcfg.dll
o c:\windows\system32\wshtcpip.dll
o c:\windows\system32\wintrust.dll
o c:\windows\system32\crypt32.dll
o c:\windows\system32\msasn1.dll
o c:\windows\system32\imagehlp.dll
• C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE
o c:\program files\symantec\liveupdate\aluschedulersvc.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\ws2_32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\ws2help.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
o c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
o c:\windows\system32\imm32.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\comctl32.dll
o c:\windows\system32\uxtheme.dll
o c:\program files\common files\symantec shared\ccvrtrst.dll
o c:\windows\system32\setupapi.dll
o c:\windows\system32\wsock32.dll
o c:\program files\common files\symantec shared\ccl70u.dll
o c:\windows\system32\crypt32.dll
o c:\windows\system32\msasn1.dll
o c:\windows\system32\wintrust.dll
o c:\windows\system32\imagehlp.dll
o c:\windows\system32\rsaenh.dll
o c:\windows\system32\xpsp2res.dll
o c:\windows\system32\userenv.dll
o c:\windows\system32\version.dll
o c:\windows\system32\secur32.dll
o c:\windows\system32\netapi32.dll
o c:\windows\system32\clbcatq.dll
o c:\windows\system32\comres.dll
o c:\windows\system32\msi.dll
o c:\windows\system32\sxs.dll
o c:\windows\system32\dnsapi.dll
o c:\windows\system32\rasadhlp.dll
• C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE
o c:\program files\bonjour\mdnsresponder.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\ws2_32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\ws2help.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\iphlpapi.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\imm32.dll
o c:\windows\system32\mswsock.dll
o c:\windows\system32\hnetcfg.dll
o c:\windows\system32\wshtcpip.dll
o c:\windows\system32\mprapi.dll
o c:\windows\system32\activeds.dll
o c:\windows\system32\adsldpc.dll
o c:\windows\system32\netapi32.dll
o c:\windows\system32\wldap32.dll
o c:\windows\system32\atl.dll
o c:\windows\system32\rtutils.dll
o c:\windows\system32\samlib.dll
o c:\windows\system32\setupapi.dll
• C:\WINDOWS\EHOME\EHRECVR.EXE
o c:\windows\ehome\ehrecvr.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\atl.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\imm32.dll
o c:\windows\system32\uxtheme.dll
o c:\windows\system32\xpsp2res.dll
o c:\windows\system32\ntmarta.dll
o c:\windows\system32\wldap32.dll
o c:\windows\system32\samlib.dll
o c:\windows\system32\clbcatq.dll
o c:\windows\system32\comres.dll
o c:\windows\system32\version.dll
o c:\windows\system32\sbe.dll
o c:\windows\system32\winmm.dll
o c:\windows\system32\msvidctl.dll
o c:\windows\system32\quartz.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\comctl32.dll
o c:\windows\system32\devenum.dll
o c:\windows\system32\setupapi.dll
o c:\windows\system32\wintrust.dll
o c:\windows\system32\crypt32.dll
o c:\windows\system32\msasn1.dll
o c:\windows\system32\imagehlp.dll
o c:\windows\system32\msdmo.dll
• C:\WINDOWS\EHOME\EHSCHED.EXE
o c:\windows\ehome\ehsched.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\atl.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\imm32.dll
o c:\windows\system32\uxtheme.dll
o c:\windows\system32\xpsp2res.dll
o c:\windows\system32\clbcatq.dll
o c:\windows\system32\comres.dll
o c:\windows\system32\version.dll
o c:\windows\system32\msi.dll
o c:\windows\ehome\ehproxy.dll
o c:\windows\system32\sxs.dll
• C:\PROGRAM FILES\COMMON FILES\LIGHTSCRIBE\LSSRVC.EXE
o c:\program files\common files\lightscribe\lssrvc.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\program files\common files\lightscribe\msvcr71.dll
o c:\program files\common files\lightscribe\msvcp71.dll
o c:\windows\system32\imm32.dll
• C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
o c:\program files\common files\microsoft shared\vs7debug\mdm.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
o c:\windows\system32\ole32.dll
o c:\windows\system32\gdi32.dll
o c:\windows\system32\user32.dll
o c:\windows\system32\msvcrt.dll
o c:\windows\system32\oleaut32.dll
o c:\windows\system32\shell32.dll
o c:\windows\system32\shlwapi.dll
o c:\windows\system32\version.dll
o c:\windows\system32\imm32.dll
o c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
o c:\windows\system32\comctl32.dll
o c:\windows\system32\psapi.dll
o c:\windows\system32\xpsp2res.dll
o c:\windows\system32\clbcatq.dll
o c:\windows\system32\comres.dll
o c:\program files\common files\microsoft shared\vs7debug\msdbg2.dll
• C:\WINDOWS\SYSTEM32\SVCHOST.EXE
o c:\windows\system32\svchost.exe
o c:\windows\system32\ntdll.dll
o c:\windows\system32\kernel32.dll
o c:\windows\system32\advapi32.dll
o c:\windows\system32\rpcrt4.dll
kwyjibo
Apr 2 2008, 04:26 PM
And from HiJackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:26:11 PM, on 4/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: (no name) - ¨ť¨ť8-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - °AťB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: (no name) - ŕAť886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
O2 - BHO: (no name) - €AťA6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft] C:\WINDOWS\wuauclt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6519] command /c del "C:\WINDOWS\wt\webdriver.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4893] cmd /c del "C:\WINDOWS\wt\webdriver.dll"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB2862] command /c del "C:\WINDOWS\wt\webdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD141] cmd /c del "C:\WINDOWS\wt\webdriver.dll"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Search - ?p=ZSzim029YYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {54579C3D-A58D-4623-B5B5-465552BDA45B} - http://scripts.downloadv3.com/binaries/EGD...2_ASPIV4_XP.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ES-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downloadv3.com/binaries/IA/...svc32_ES_XP.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zango/ie/b...84e4a5f1f490789
O16 - DPF: {EFB23983-5803-4914-ADA3-C0EA2CFBDC37} - http://scripts.downloadv3.com/binaries/EGD...ESS_1072_XP.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BEEA420B-172D-4682-86B8-6BE4B3CABBA4}: NameServer = 192.168.0.1,192.168.1.1
O21 - SSODL: rdihost - {2F6FDD59-59D4-425B-A21D-71A3E4D12B17} - rdihost.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 13696 bytes
kwyjibo
Apr 2 2008, 06:38 PM
Used combofix as was directed in another topic. I now await further instructions from the administrators. I would enormously appreciate any help of some kind. Thanks in advance! I'll be checking! :)

ComboFix 08-04-01.2 - HP_Administrator 2008-04-02 15:15:40.1 - NTFSx86
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\toolbar.exe
C:\WINDOWS\Downloaded Program Files\egdaccess.inf
C:\WINDOWS\Downloaded Program Files\egdaccess_aspiv4.inf
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll
C:\WINDOWS\system32\fbuwnkczxp.dat
C:\WINDOWS\system32\fbuwnkczxp_nav.dat
C:\WINDOWS\system32\fbuwnkczxp_navps.dat

.
((((((((((((((((((((((((( Files Created from 2008-03-02 to 2008-04-02 )))))))))))))))))))))))))))))))
.

2008-04-02 12:32 . 2008-04-02 12:32 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-02 12:32 . 2008-04-02 13:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-02 10:59 . 2008-04-02 10:59 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-02 10:59 . 2008-04-02 11:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-02 10:57 . 2008-04-02 10:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-01 01:07 . 2008-03-22 20:38 100,883 -r-hs---- C:\cb.bat
2008-04-01 01:07 . 2008-04-02 07:29 446 -r-hs---- C:\autorun.inf
2008-03-27 22:52 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2008-03-27 22:52 . 2001-08-17 13:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-03-25 17:15 . 2008-03-25 17:16 <DIR> d-------- C:\Program Files\LimeWire
2008-03-17 00:34 . 2008-03-17 00:34 31,744 --ahs---- C:\Thumbs.db
2008-03-12 21:23 . 2008-03-12 21:23 439,081 --a------ C:\Cemex.jpg
2008-03-08 00:38 . 2008-03-08 00:38 427,043 --a------ C:\LinguisticsPAGE6.jpg
2008-03-08 00:35 . 2008-03-08 00:35 188,736 --a------ C:\LinguisticsPAGE5.jpg
2008-03-08 00:33 . 2008-03-08 00:33 186,681 --a------ C:\LinguisticsPAGE4.jpg
2008-03-08 00:31 . 2008-03-08 00:31 210,673 --a------ C:\LinguisticsPAGE3.jpg
2008-03-08 00:29 . 2008-03-08 00:29 233,657 --a------ C:\LinguisticsPAGE2.jpg
2008-03-08 00:27 . 2008-03-08 00:27 419,051 --a------ C:\LinguisticsPAGE1.jpg
2008-03-03 22:42 . 2008-04-02 10:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-03 22:42 . 2008-03-03 22:42 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-03 22:40 . 2008-03-03 22:41 <DIR> d-------- C:\Program Files\iTunes
2008-03-03 22:40 . 2008-03-03 22:40 <DIR> d-------- C:\Program Files\iPod
2008-03-03 18:38 . 2008-03-03 18:38 <DIR> d-------- C:\Program Files\Bonjour
2008-03-03 18:36 . 2008-03-03 18:38 <DIR> d-------- C:\Program Files\QuickTime
2008-03-03 18:35 . 2008-03-03 18:35 <DIR> d-------- C:\Program Files\Apple Software Update
2008-03-03 18:34 . 2008-03-03 18:34 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-03-03 18:34 . 2008-03-03 18:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-03-03 18:34 . 2008-02-18 12:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-02 18:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-02 18:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-02 16:08 --------- d-----w C:\Program Files\Trend Micro
2008-04-01 01:21 --------- d-----w C:\Program Files\StepMania CVS
2008-03-26 02:02 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\.purple
2008-03-25 10:55 --------- d-----w C:\Program Files\Lexmark X1100 Series
2008-03-17 19:29 --------- d-----w C:\Program Files\Yahoo!
2008-03-17 19:29 --------- d-----w C:\Program Files\Common Files\Scanner
2008-03-10 21:15 --------- d-----w C:\Program Files\MSN Messenger
2008-03-07 00:32 706 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-07 00:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-07 00:32 10,537 -c--a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-03-03 21:44 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer
2008-03-03 21:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-24 21:31 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\U3
2008-02-17 00:48 --------- d-----w C:\Program Files\SopCast
2008-02-13 11:38 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-21 16:38 4,761,171 ----a-w C:\avicvtpo.exe
2007-05-09 03:51 882 -c--a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2006-12-07 01:07 245 -c--a-w C:\Program Files\urlswmr.txt
2006-12-07 00:31 362 -c--a-w C:\Program Files\Adapters.txt
2006-12-07 00:31 246 -c--a-w C:\Program Files\Adapter.txt
2006-12-07 00:30 119 -c--a-w C:\Program Files\urlsrmr.txt
2006-12-07 00:30 119 -c--a-w C:\Program Files\urlsquick.txt
2006-12-07 00:26 75,491 -c--a-w C:\Program Files\Uninstal.exe
2006-12-07 00:26 100 -c--a-w C:\Program Files\Setup.ini
2006-12-07 00:26 1,494 -c--a-w C:\Program Files\SavedReg.txt
2006-12-07 00:26 1,058 -c--a-w C:\Program Files\SavedWmpReg.txt
2006-11-20 02:43 1,002,496 -c--a-w C:\Program Files\WmrPro.exe
2006-11-20 02:41 404,992 -c--a-w C:\Program Files\wmrurl.exe
2006-11-20 01:59 136,704 -c--a-w C:\Program Files\wrestore.exe
2006-11-18 20:00 210,944 -c--a-w C:\Program Files\wmrp.exe
2006-11-15 21:00 505,856 -c--a-w C:\Program Files\rmrp.exe
2006-11-15 20:09 12,027 -c--a-w C:\Program Files\Install.iip
2006-11-01 22:54 161,280 -c--a-w C:\Program Files\interface.exe
2006-10-30 17:12 275,456 -c--a-w C:\Program Files\wmrwmp.exe
2006-10-15 16:29 422 -c--a-w C:\Program Files\About.rtf
2006-10-15 15:38 297,984 -c--a-w C:\Program Files\YTRecorder.exe
2006-10-15 02:46 1,200 -c--a-w C:\Program Files\iFavorites.txt
2006-10-11 20:29 36,922 -c--a-w C:\Program Files\itv.txt
2006-08-31 01:03 143,360 -c--a-w C:\Program Files\Stream1.dll
2006-08-02 02:20 594 -c--a-w C:\Program Files\Demo.rtf
2006-07-20 19:43 1,887 -c--a-w C:\Program Files\iradio.txt
2006-07-17 03:04 2,349 -c--a-w C:\Program Files\ivideoaudio.txt
2006-07-01 16:31 447 -c--a-w C:\Program Files\Registration.rtf
2006-06-01 23:22 409 -c--a-w C:\Program Files\Allow.rtf
2006-06-01 23:06 0 -c--a-w C:\Program Files\scheduled.txt
2006-05-01 15:54 48 -c--a-w C:\Program Files\set_up.txt
2006-04-21 16:26 41,984 -c--a-w C:\Program Files\WParseUrl.exe
2006-03-05 17:08 101,980 -c--a-w C:\Program Files\sound2.wav
2006-03-05 16:44 67,832 -c--a-w C:\Program Files\sound3.wav
2006-03-05 14:59 121,344 -c--a-w C:\Program Files\Rmfix.dll
2006-02-17 02:51 26,688 -c--a-w C:\Program Files\sound21.wav
2006-02-04 02:53 19,676 -c--a-w C:\Program Files\sound1.wav
2006-01-28 16:01 467,181 -c--a-w C:\Program Files\WinPcap_3_1.exe
2005-12-30 16:49 159,232 -c--a-w C:\Program Files\RxTx.exe
2005-12-12 00:18 528 -c--a-w C:\Program Files\NetShow.reg
2005-12-12 00:18 1,578 -c--a-w C:\Program Files\MediaPlayer.reg
2005-10-22 15:23 1,155,839 -c--a-w C:\Program Files\FLVPlayer.exe
2004-08-10 04:00 5,212 -c--a-w C:\Program Files\soring.wav
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-25 00:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-31 08:51 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-25 00:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 00:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 01:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 19:03 68856]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB2862"="command /c del C:\WINDOWS\wt\webdriver.dll" [ ]
"SpybotDeletingD141"="cmd /c del C:\WINDOWS\wt\webdriver.dll" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 08:04 59392]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-12-01 07:55 126976]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 10:54 253952]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 08:42 659456]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 07:43 57344]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-06-15 17:47 180269]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 14:15 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-25 01:53 714608]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-12-16 15:32 77824]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 23:28:24 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"rdihost"= {2F6FDD59-59D4-425B-A21D-71A3E4D12B17} - rdihost.dll [ ]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk
backup=C:\WINDOWS\pss\Trend Micro Anti-Spyware.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Debug amen]
C:\DOCUME~1\HP_ADM~1\APPLIC~1\THIRDD~1\Lite phone sect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a--c--- 2004-03-17 20:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
--a--c--- 2005-02-25 19:34 245760 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-06-15 17:47 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

R3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 21:27]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 21:27]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14781a96-ae49-11db-8524-0013d4329e90}]
\Shell\Auto\command - sxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1490d1e8-a312-11da-a2ad-0013d4329e90}]
\Shell\AutoRun\command - K:\ie.exe
\Shell\explore\Command - K:\ie.exe
\Shell\open\Command - K:\ie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36e980d5-3559-11dc-86c1-0013d4329e90}]
\Shell\AutoRun\command - K:\xn1i9x.com
\Shell\explore\Command - K:\xn1i9x.com
\Shell\open\Command - K:\xn1i9x.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4296a4a3-855a-11db-849d-0013d4329e90}]
\Shell\AutoRun\command - K:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4296a4a4-855a-11db-849d-0013d4329e90}]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49802660-684c-11db-8422-0013d4329e90}]
\Shell\Auto\command - sxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59b28b98-183c-11dc-8674-0013d4329e90}]
\Shell\Auto\command - sxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aea44126-dde4-11db-85c0-0013d4329e90}]
\Shell\Auto\command - sxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb0cbbce-cd91-11db-8591-0013d4329e90}]
\Shell\Auto\command - sxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c155553d-026a-11dc-862f-0013d4329e90}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cce353f1-53f7-11dc-8716-0013d4329e90}]
\Shell\AutoRun\command - G:\cb.bat
\Shell\explore\Command - G:\cb.bat
\Shell\open\Command - G:\cb.bat

*Newly Created Service* - AAWSERVICE
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-04-02 18:00:00 C:\WINDOWS\Tasks\A9634BD59180C3C5.job"
- c:\docume~1\hp_adm~1\applic~1\thirdd~1\dentoozedart.exe
"2008-03-25 19:43:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-22 02:00:02 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - HP_Administrator.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-02 15:18:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-02 15:21:29
ComboFix-quarantined-files.txt 2008-04-02 18:21:19
Pre-Run: 129,577,312,256 bytes free
Post-Run: 129,688,346,624 bytes free
.
2008-03-20 23:51:09 --- E O F ---
kwyjibo
Apr 2 2008, 06:59 PM
Update: And I apologize for the consistent messages, just trying to keep up informed.

After combofix ended, everything disappeared. Task bar/desktop icons, etc. There was nothing except the wallpaper. Restarted it and now everything is working fine again. I don't know why, though. But Combofix seemed to have been involved.

Right now, I'm kind of hesitant on inserting my jumpdrive into the hard-drive because I think it might've been the problem (I only use my jumpdrive at University computers)

Nevertheless, if within the log posted above the administrators manage to locate what it was that was making (or could've been making) the computer act funny I would like to know, as to avoid another scare like that.

So relieved right now, but on edge since I don't know where the problem originated from.
teacup61
Apr 3 2008, 01:54 PM
Hello kwyjibo,

If you're finished replying to yourself, please post a new HijackThis log so I can see where you are now.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.

Regards,
tea
kwyjibo
Apr 3 2008, 05:44 PM
I followed the procedures as specified when running combofix...I downloaded a new batch (batch...?) of Windows XP Home Edition, dragged the icon into the Combofix desktop icon (as instructed in a link page before running the tool). I also disabled all anti-virus/anti-spyware/anti-spam programs before activating Combofix.

Added note: My computer is running MUCH better than it did before and the computer now SHOWS hidden files. Spybot/Ad-Aware/Combofix...excellent! I deleted Combofix, but kept the rest of the programs (Ad-aware, Spybot and HiJackThis).

BTW, is Avira a good anti-virus? My professor was talking about it in class and said that it's a good free anti-virus...

Anyway, here's the new hijack log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:33:26 PM, on 4/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTBSDK.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: (no name) - ¨ť¨ť8-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - °AťB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: (no name) - ŕAť886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
O2 - BHO: (no name) - €AťA6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [Microsoft] C:\WINDOWS\wuauclt.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Search - ?p=ZSzim029YYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {54579C3D-A58D-4623-B5B5-465552BDA45B} -
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ES-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} -
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zango/ie/b...84e4a5f1f490789
O16 - DPF: {EFB23983-5803-4914-ADA3-C0EA2CFBDC37} -
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BEEA420B-172D-4682-86B8-6BE4B3CABBA4}: NameServer = 192.168.0.1,192.168.1.1
O21 - SSODL: rdihost - {2F6FDD59-59D4-425B-A21D-71A3E4D12B17} - rdihost.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12815 bytes
teacup61
Apr 4 2008, 06:44 PM
Hello,

Did I read that right? You downloaded a new pirated and illegal version of XP?? uhm.gif
kwyjibo
Apr 5 2008, 04:57 AM
LOL

Of course not. I don't know what it was...it was a (I think) recovery console(?). It's something you drag to the combofix desktop icon before running it...that specific desktop icon (windows) looks like a basket full of papers. The site stated that the step should be done incase complications arise when running Combofix.

Regardless of how close I probably came to obliterating my computer, I sure won't try it again. :S
teacup61
Apr 5 2008, 06:24 PM
Wow.....you scared me! z7shysterical.gif Thank you so much for clearing that up. ahah.gif

Yes, ComboFix suggests Recovery Console now. Sometimes malware is so bad that the only way to recover from it is to use Recovery Console.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - ¨ť¨ť8-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - °AťB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: (no name) - ŕAť886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
O2 - BHO: (no name) - €AťA6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [Microsoft] C:\WINDOWS\wuauclt.exe
O16 - DPF: {54579C3D-A58D-4623-B5B5-465552BDA45B} -
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} -
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Zango/ie/b...84e4a5f1f490789
O16 - DPF: {EFB23983-5803-4914-ADA3-C0EA2CFBDC37} -
O21 - SSODL: rdihost - {2F6FDD59-59D4-425B-A21D-71A3E4D12B17} - rdihost.dll (file missing)

Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Navigate to and delete the following folders (if they exist):

C:\Program Files\RXToolBar
C:\Program Files\Zango

Reboot your computer.

Now please run ComboFix again and post the report, along with a new HijackThis log. Still running all right? hello.gif

Thanks,
tea
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.