1)Save it to the desktop 2) Rt Click->>Extract all->.Extract it to your Desktop 3) Double Click Killbox.exe to run it 4)Select " Delete on Reboot", and then select "All files". 5) Copy the file names below to the clipboard by highlighting them and pressing Control-C:
6) Return to Killbox, go to the File menu, and choose " Paste from Clipboard". 7) Click the red-and-white " Delete File" button. Click " Yes" at the Delete on Reboot prompt.
2. Rerun Hijackthis (scan only) and place checks beside the following entries
i had a hard time following your instructions. I still can not access this forum on the infected computer (no java can not click links) (no adobe flash that lets me see the cool new dell forem drop down menu.) yet still i have prevailed. here is my new hijack this log.
one thing that happened while i was using KillBox. I had to manually type the files in no cut and paste because i could not get to the post to cut and paste and when i clicked the red and white remove file button i pop up came up that read:
PendingFileRenameOperation Registry Data has been Removed by External Process!
I had to exit and reboot manually.
do you think that meanes it did not work?
Logfile of HijackThis v1.99.1
Scan saved at 8:36:57 PM, on 11/7/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
I don't see anything in your log that would cause the kind of problem you are describing. Let's see what this turns up.
Please download Combofix and save to your desktop:
Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the contents of the C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause the program to freeze/hang.
omboFix 07-11-08.3 - Kelly Odom 2007-11-11 9:18:47.1 - NTFSx86
Running from: C:\Documents and Settings\Kelly Odom\Local Settings\Temporary Internet Files\Content.IE5\KP29CNGT\ComboFix[1].exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\fad.sys
.
((((((((((((((((((((((((( Files Created from 2007-10-11 to 2007-11-11 )))))))))))))))))))))))))))))))
.
There are some things that need to be addressed, but in order to use Combofix it must be saved and run directly from the Desktop. You are running it from a temp download location.
Move Combofix to your Desktop and rerun it and post a fresh Combofix log.
1. Open
NotePad (not wordpad). Copy and paste the following into Notepad
File:: C:\WINDOWS\Tasks\A89DF83B916269E7.job c:\docume~1\kellyo~1\applic~1\dupemo~1\ball stop does.exe C:\windows\system32\eliterrn32.exe C:\Documents and Settings\All Users\Application Data\idol sect list axis\KNOB TONS.exe C:\WINDOWS\etb\pokapoka62.exe C:\WINDOWS\System32\erkholo.exe
Folder:: C:\Documents and Settings\All Users\Application Data\idol sect list axis
Save the File as
CFScript(exactly as shown no spaces) ->> Save it to your
Desktop
Using the Image as a reference, drag
CFScript into
ComboFix.exe
You will be prompted to run Combofix again, Do so Following the same rules as indicated in my first post Then post the contents of the C:\ComboFix.txt log in your reply
i ran into trouble. i can't rerun combo fix it says that the copy is out dated to redownload. I tried that. Remember i have to manually type the url to the download because i can not click on links i am guessing that this is from no java. I redownloaded and still it says it is outdated. I do not under stand that.
what now? I can not go back to your earlier post and click the link. I can not even get to the forem from that computer. I have to use the good computer at work and then print off what i need. all my work on the logs i save to a cd and bring to work and post from here that is why there is such a lag between my posts. I am off for the next four days but i will have access to another computer to relay stuff thru.
Yes Combofix is offline for the time being. Let's do this
Go HERE and Download System Repair Engine by smallfrogs
Save it to your Desktop Rt Click sreng2.zip->>Extract all->>Extract it to your desktop Open the sreng folder Double click SREng->>Click Run At the main Window, in the left Pane,Select Smart Scan At the next window make sure all of the boxes are checked and Select Scan When the scan is complete Select Save reports Save it to your desktop and Close the tool Double Click SREngLog.txt copy and paste that log as a reply to this thread
Do not run any other options with this tool unless instructed to do so.
i manually typed in the above link (which was what the properties of your "here" in your message.) it would not download. it took me to the page but then i had to click a button to download and that computer will not do that. I just click and nothing happens. Any Ideas?
==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
bamajim
10.4K Posts
0
November 7th, 2007 11:00
1. Please download the Killbox.
2) Rt Click->>Extract all->.Extract it to your Desktop
3) Double Click Killbox.exe to run it
4)Select " Delete on Reboot", and then select "All files".
5) Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\etb\pokapoka62.exe
6) Return to Killbox, go to the File menu, and choose " Paste from Clipboard".
7) Click the red-and-white " Delete File" button. Click " Yes" at the Delete on Reboot prompt.
2. Rerun Hijackthis (scan only) and place checks beside the following entries
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
Close all other open windows except Hijackthis and Select " Fix checked"
Close Hijackthis ->> Reboot your PC ->> Rerun Hijackthis and post a fresh Hijackthis log
"The world is what you make of it"
lkod
33 Posts
0
November 8th, 2007 00:00
Scan saved at 8:36:57 PM, on 11/7/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\CfgWzSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\mrtMngr.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Sabine Internet
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA2ACC6F-DA9E-4365-97BD-E364F8C4F57C}: NameServer = 12.156.164.30 12.156.164.31
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Client Firewall Configuration (CfgWzSvc) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\CfgWzSvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
bamajim
10.4K Posts
0
November 9th, 2007 12:00
I don't see anything in your log that would cause the kind of problem you are describing. Let's see what this turns up.
Please download Combofix and save to your desktop:
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the contents of the C:\ComboFix.txt into your next reply.
Note: Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.
lkod
33 Posts
0
November 11th, 2007 13:00
Running from: C:\Documents and Settings\Kelly Odom\Local Settings\Temporary Internet Files\Content.IE5\KP29CNGT\ComboFix[1].exe
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2007-10-11 to 2007-11-11 )))))))))))))))))))))))))))))))
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-11 14:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-06 12:38 --------- d-----w C:\Program Files\AIM
2003-04-24 02:22 207,759 ----a-w C:\Program Files\INSTALL.LOG
1999-07-07 00:00:00 6 --sh--r C:\WINDOWS\@@desktop.dat
1999-07-07 00:00:00 6 --sh--r C:\WINDOWS\@desktop@.dat
.
.
.
*Note* empty entries & legit default entries are not shown
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-11-13 17:28]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 03:50 C:\WINDOWS\LOGI_MWX.EXE]
"QAGENT"="C:\Program Files\QUICKENW\QAGENT.EXE" [2001-08-01 11:30]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-01-13 13:07]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-01-13 12:53]
"Dell AIO Printer A940"="C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe" [2003-02-17 16:00]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 03:59 C:\WINDOWS\BCMSMMSG.exe]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 11:28]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 15:44]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [2004-03-12 14:18]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"AIM"="C:\PROGRA~1\AIM\aim.exe" [2004-09-01 10:26]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-03 10:29]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2005-04-27 12:04]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
C:\windows\system32\eliterrn32.exe
C:\Documents and Settings\All Users\Application Data\idol sect list axis\KNOB TONS.exe
C:\WINDOWS\etb\pokapoka62.exe
"BCMSMMSG"=BCMSMMSG.exe
"hqnmdrcnmcufl"=C:\WINDOWS\System32\erkholo.exe
"sr1exe"="C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe"
"DwlClient"=C:\Program Files\Common Files\Dell\EUSW\Support.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-11-11 15:00:00 C:\WINDOWS\Tasks\A89DF83B916269E7.job"
- c:\docume~1\kellyo~1\applic~1\dupemo~1\ball stop does.exe
"2007-11-10 02:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.exe
.
**************************************************************************
Rootkit scan 2007-11-11 09:23:02
Windows 5.1.2600 Service Pack 1 NTFS
.
Completion time: 2007-11-11 9:24:41
.
--- E O F ---
bamajim
10.4K Posts
0
November 12th, 2007 12:00
"The world is what you make of it"
lkod
33 Posts
0
November 13th, 2007 02:00
new combofix log from the desk top this time
ComboFix 07-11-08.3 - Kelly Odom 2007-11-12 20:55:01.2 - NTFSx86
Running from: C:\Documents and Settings\Kelly Odom\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-10-13 to 2007-11-13 )))))))))))))))))))))))))))))))
.
2007-11-11 09:16 51,200 --a------ C:\WINDOWS\NirCmd.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-11 14:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-06 12:38 --------- d-----w C:\Program Files\AIM
2003-04-24 02:22 207,759 ----a-w C:\Program Files\INSTALL.LOG
1999-07-07 00:00:00 6 --sh--r C:\WINDOWS\@@desktop.dat
1999-07-07 00:00:00 6 --sh--r C:\WINDOWS\@desktop@.dat
.
((((((((((((((((((((((((((((( snapshot@2007-11-11_ 9.23.13.89 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-11 15:18:21 262,144 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\ntuser.dat
+ 2007-11-13 02:54:41 262,144 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28CAEFF3-0F18-4036-B504-51D73BD81C3A} REG_SZ ]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28CAEFF3-0F18-4036-B504-51D73BD81ABC} REG_SZ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-11-13 17:28]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 03:50 C:\WINDOWS\LOGI_MWX.EXE]
"QAGENT"="C:\Program Files\QUICKENW\QAGENT.EXE" [2001-08-01 11:30]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-01-13 13:07]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-01-13 12:53]
"Dell AIO Printer A940"="C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe" [2003-02-17 16:00]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 03:59 C:\WINDOWS\BCMSMMSG.exe]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 11:28]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 15:44]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [2004-03-12 14:18]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\PROGRA~1\AIM\aim.exe" [2004-09-01 10:26]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-03 10:29]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2005-04-27 12:04]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\checkrun]
C:\windows\system32\eliterrn32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ListAxisBlueHold]
C:\Documents and Settings\All Users\Application Data\idol sect list axis\KNOB TONS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System service62]
C:\WINDOWS\etb\pokapoka62.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"BCMSMMSG"=BCMSMMSG.exe
"hqnmdrcnmcufl"=C:\WINDOWS\System32\erkholo.exe
"sr1exe"="C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe"
"DwlClient"=C:\Program Files\Common Files\Dell\EUSW\Support.exe
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-11-13 02:00:00 C:\WINDOWS\Tasks\A89DF83B916269E7.job"
- c:\docume~1\kellyo~1\applic~1\dupemo~1\ball stop does.exe
"2007-11-10 02:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-12 20:58:18
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-11-12 21:00:12
C:\ComboFix2.txt ... 2007-11-11 09:24
.
--- E O F ---
bamajim
10.4K Posts
0
November 13th, 2007 13:00
Good job.
1. Open NotePad (not wordpad). Copy and paste the following into Notepad
File::
C:\WINDOWS\Tasks\A89DF83B916269E7.job
c:\docume~1\kellyo~1\applic~1\dupemo~1\ball stop does.exe
C:\windows\system32\eliterrn32.exe
C:\Documents and Settings\All Users\Application Data\idol sect list axis\KNOB TONS.exe
C:\WINDOWS\etb\pokapoka62.exe
C:\WINDOWS\System32\erkholo.exe
Folder::
C:\Documents and Settings\All Users\Application Data\idol sect list axis
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\checkrun]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ListAxisBlueHold]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System service62]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"hqnmdrcnmcufl"=-
Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop
Using the Image as a reference, drag CFScript into ComboFix.exe
Following the same rules as indicated in my first post
Then post the contents of the C:\ComboFix.txt log in your reply
"The world is what you make of it"
lkod
33 Posts
0
November 15th, 2007 23:00
Running from: C:\Documents and Settings\Kelly Odom\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-11 14:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-06 12:38 --------- d-----w C:\Program Files\AIM
2003-04-24 02:22 207,759 ----a-w C:\Program Files\INSTALL.LOG
1999-07-07 00:00:00 6 --sh--r C:\WINDOWS\@@desktop.dat
1999-07-07 00:00:00 6 --sh--r C:\WINDOWS\@desktop@.dat
.
.
- 2007-11-11 15:18:21 262,144 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\ntuser.dat
+ 2007-11-13 02:54:41 262,144 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-11-13 17:28]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 03:50 C:\WINDOWS\LOGI_MWX.EXE]
"QAGENT"="C:\Program Files\QUICKENW\QAGENT.EXE" [2001-08-01 11:30]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-01-13 13:07]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-01-13 12:53]
"Dell AIO Printer A940"="C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe" [2003-02-17 16:00]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 03:59 C:\WINDOWS\BCMSMMSG.exe]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 11:28]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 15:44]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [2004-03-12 14:18]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"AIM"="C:\PROGRA~1\AIM\aim.exe" [2004-09-01 10:26]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-03 10:29]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2005-04-27 12:04]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
C:\windows\system32\eliterrn32.exe
C:\Documents and Settings\All Users\Application Data\idol sect list axis\KNOB TONS.exe
C:\WINDOWS\etb\pokapoka62.exe
"BCMSMMSG"=BCMSMMSG.exe
"hqnmdrcnmcufl"=C:\WINDOWS\System32\erkholo.exe
"sr1exe"="C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe"
"DwlClient"=C:\Program Files\Common Files\Dell\EUSW\Support.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-11-13 02:00:00 C:\WINDOWS\Tasks\A89DF83B916269E7.job"
- c:\docume~1\kellyo~1\applic~1\dupemo~1\ball stop does.exe
"2007-11-10 02:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.exe
.
**************************************************************************
Rootkit scan 2007-11-12 20:58:18
Windows 5.1.2600 Service Pack 1 NTFS
.
Completion time: 2007-11-12 21:00:12
C:\ComboFix2.txt ... 2007-11-11 09:24
.
--- E O F ---
bamajim
10.4K Posts
0
November 18th, 2007 13:00
Sorry for the delay.
The last combofix log you posted was the same as the previous, it is not the most current.+
ComboFix 07-11-08.3 - Kelly Odom 2007-11-12 20:55:01.2 - NTFSx86
So please rerun Combofix and p[ost a fresh Combofix log so I can see if the last fixed worked correctly.
"The world is what you make of it"
lkod
33 Posts
0
November 21st, 2007 12:00
bamajim
10.4K Posts
0
November 21st, 2007 13:00
Yes Combofix is offline for the time being. Let's do this
Go HERE and Download System Repair Engine by smallfrogs
Rt Click sreng2.zip->>Extract all->>Extract it to your desktop
Open the sreng folder
Double click SREng->>Click Run
At the main Window, in the left Pane,Select Smart Scan
At the next window make sure all of the boxes are checked and Select Scan
When the scan is complete Select Save reports
Save it to your desktop and Close the tool
Double Click SREngLog.txt copy and paste that log as a reply to this thread
Do not run any other options with this tool unless instructed to do so.
"The world is what you make of it"
lkod
33 Posts
0
November 26th, 2007 16:00
bamajim
10.4K Posts
0
November 26th, 2007 17:00
"The world is what you make of it"
lkod
33 Posts
0
November 27th, 2007 00:00
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
Winsock Provider
N/A
Autorun.Inf
N/A
HOSTS File
127.0.0.1 localhost
Process Privileges Scan
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3176, C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MMTASK.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3904, C:\PROGRAM FILES\QUICKENW\QAGENT.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3700, C:\PROGRAM FILES\DELL AIO PRINTER A940\DLBABMGR.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2732, C:\PROGRAM FILES\ROXIO\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1444, C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3968, C:\WINDOWS\SYSTEM32\MRTMNGR.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1108, C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 492, C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2264, C:\PROGRAM FILES\GAMEHOUSE\MAHJONG\MAHJONG.EXE]
API HOOK
N/A
Hidden Process
N/A
[/CODE]
lkod
33 Posts
0
November 27th, 2007 00:00
==================================
Browser Add-ons
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
[Java Plug-in 1.6.0_02]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
[&Research]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}
[AIM]
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[Real.com]
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683}
[&Radio]
{8E718888-423F-11D2-876E-00A0C9082467}
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700}
[Java Plug-in 1.6.0_02]
{8AD9C840-044E-11D1-B3E9-00805F499D93}
[Java Plug-in 1.6.0_02]
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[Java Plug-in 1.6.0_02]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000}
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000}
Running Processes
[PID: 572 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 636 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 660 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\NavLogon.dll] [Symantec Corporation, 9.0.0.338]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3,0,0,2023]
[C:\WINDOWS\System32\hccutils.DLL] [Intel Corporation, 3,0,0,2023]
[PID: 704 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 716 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 872 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 968 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1008 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\wups.dll] [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[PID: 1120 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1140 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1232 / SYSTEM][C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe] [Symantec Corporation, 2.2.0.577]
[C:\WINDOWS\System32\MSVCP70.dll] [Microsoft Corporation, 7.00.9466.0]
[C:\WINDOWS\System32\MSVCR70.dll] [Microsoft Corporation, 7.00.9466.0]
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 2.2.0.577]
[C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] [Symantec Corporation, 2.2.0.577]
[PID: 1252 / SYSTEM][C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe] [Symantec Corporation, 2.2.0.577]
[C:\WINDOWS\System32\MSVCP70.dll] [Microsoft Corporation, 7.00.9466.0]
[C:\WINDOWS\System32\MSVCR70.dll] [Microsoft Corporation, 7.00.9466.0]
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 2.2.0.577]
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCLOGIN.DLL] [Symantec Corporation, 2.2.0.577]
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCPXYEVT.DLL] [Symantec Corporation, 2.2.0.577]
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL] [Symantec Corporation, 2.2.0.577]
[C:\PROGRA~1\SYMANT~1\SYMANT~1\LOGFWDER.DLL] [Symantec Corporation, 7.1.0.98]
[C:\WINDOWS\System32\SymNeti.DLL] [Symantec Corporation, 5.3.0.46]
[C:\Program Files\Common Files\Symantec Shared\ccSet.dll] [Symantec Corporation, 2.2.0.577]
[C:\Program Files\Symantec Client Security\Symantec Client Firewall\NisEvt.dll] [Symantec Corporation, 7.1.0.98]
[C:\Program Files\Symantec Client Security\Symantec AntiVirus\Cliproxy.dll] [Symantec Corporation, 9.0.0.338]
[C:\Program Files\Symantec Client Security\Symantec AntiVirus\NAVNTUTL.DLL] [Symantec Corporation, 9.0.0.338]
[C:\Program Files\Symantec Client Security\Symantec Client Firewall\SNLog.dll] [Symantec Corporation, 7.1.0.98]
[PID: 1384 / SYSTEM][C:\WINDOWS\system32\LEXBCES.EXE] [Lexmark International, Inc., 8.14]
[C:\WINDOWS\system32\lexp2p32.dll] [Lexmark International, Inc., 8.14]
[C:\WINDOWS\system32\lex2kusb.dll] [Lexmark International, Inc., 8.14]
[PID: 1408 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\system32\LEXLMPM.DLL] [Lexmark International, Inc., 8.14]
[C:\WINDOWS\system32\LexBce.dll] [Lexmark International, Inc., 8.14]
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.1897.0]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\DLBAPP5C.dll] [, 1.0.0.0]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.1897.0]
[PID: 1560 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 1576 / SYSTEM][C:\Program Files\Common Files\Symantec Shared\ccProxy.exe] [Symantec Corporation, 2.2.0.577]
[C:\WINDOWS\System32\SYMREDIR.dll] [Symantec Corporation, 5.3.0.46]
[C:\WINDOWS\System32\SymNeti.DLL] [Symantec Corporation, 5.3.0.46]
[C:\WINDOWS\System32\MSVCP70.dll] [Microsoft Corporation, 7.00.9466.0]
[C:\WINDOWS\System32\MSVCR70.dll] [Microsoft Corporation, 7.00.9466.0]
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 2.2.0.577]
[C:\Program Files\Common Files\Symantec Shared\ccSet.dll] [Symantec Corporation, 2.2.0.577]
[C:\Program Files\Common Files\Symantec Shared\DPHTML.dll] [Symantec Corporation, 2.2.0.577]
[C:\Program Files\Common Files\Symantec Shared\SymIConv.dll] [Symantec Corporation, 2.2.0.577]
[C:\Program Files\Common Files\Symantec Shared\DPJS.dll] [Symantec Corporation, 2.2.0.577]
[C:\Program Files\Common Files\Symantec Shared\DPVBS.dll] [Symantec Corporation, 2.2.0.577]
[C:\Program Files\Common Files\Symantec Shared\PFAdBlk.dll] [Symantec Corporation, 2.2.0.577]
[C:\Program Files\Common Files\Symantec Shared\PFMisc.dll] [Symantec Corporation, 2.2.0.577]
[C:\Program Files\Common Files\Symantec Shared\PFPriv.dll] [Symantec Corporation, 2.2.0.577]
[C:\Program Files\Common Files\Symantec Shared\StrmFilt.dll] [Symantec Corporation, 2.2.0.577]
[C:\Program Files\Common Files\Symantec Shared\PFSec.dll] [Symantec Corporation, 2.2.0.577]
[C:\Program Files\Common Files\Symantec Shared\PxyHTTP.dll] [Symantec Corporation, 2.2.0.577]
[C:\Program Files\Common Files\Symantec Shared\DPHTTP.dll] [Symantec Corporation, 2.2.0.577]
[C:\Program Files\Common Files\Symantec Shared\PxyIM.dll] [Symantec Corporation, 2.2.0.577]
[C:\Program Files\Common Files\Symantec Shared\PxyNNTP.dll] [Symantec Corporation, 2.2.0.577]
[C:\Program Files\Common Files\Symantec Shared\ccProSub.dll] [Symantec Corporation, 2.2.0.577]
[C:\Program Files\Common Files\Symantec Shared\ccPxyEvt.dll] [Symantec Corporation, 2.2.0.577]
[C:\Program Files\Common Files\Symantec Shared\ccLogin.dll] [Symantec Corporation, 2.2.0.577]
[C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] [Symantec Corporation, 2.2.0.577]
[PID: 1624 / SYSTEM][C:\Program Files\Symantec Client Security\Symantec Client Firewall\CfgWzSvc.exe] [Symantec Corporation, 7.1.0.98]
[PID: 1648 / SYSTEM][C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe] [Symantec Corporation, 9.0.0.338]
[PID: 1684 / SYSTEM][C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe] [Microsoft Corporation, 7.00.9466]
[PID: 1712 / SYSTEM][C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE] [Symantec Corporation, 16.00.0.22]
[C:\Program Files\Norton SystemWorks\Norton Utilities\S32KRNLL.DLL] [Symantec Corporation, 20.0.0.181]
[C:\Program Files\Norton SystemWorks\Norton Utilities\NUMISC.DLL] [Symantec Corporation, 16.00.0.22]
[C:\Program Files\Norton SystemWorks\Norton Utilities\S32UTILL.DLL] [Symantec Corporation, 20.0.0.181]
[C:\PROGRA~1\NORTON~1\NORTON~3\NPComSvr.DLL] [Symantec Corporation, 16.00.0.22]
[PID: 1872 / SYSTEM][C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe] [Symantec Corporation, 5.3.0.46]
[C:\WINDOWS\System32\SymNeti.DLL] [Symantec Corporation, 5.3.0.46]
[PID: 1888 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1928 / SYSTEM][C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe] [Symantec Corporation, 9.0.0.338]
[C:\WINDOWS\System32\CBA.DLL] [Intel® Corporation, 6.12.0.112 E]
[C:\WINDOWS\System32\MsgSys.dll] [Intel® Corporation, 6.12.0.112 E]
[C:\WINDOWS\System32\NTS.dll] [Intel® Corporation, 6.12.0.112 E]
[C:\WINDOWS\System32\PDS.DLL] [Intel® Corporation, 6.12.0.112 E]
[C:\Program Files\Symantec Client Security\Symantec AntiVirus\NAVLU.dll] [Symantec Corporation, 9.0.0.338]
[C:\Program Files\Symantec Client Security\Symantec AntiVirus\I2ldvp3.dll] [Symantec Corporation, 9.0.0.338]
[C:\Program Files\Symantec Client Security\Symantec AntiVirus\ecmldr32.DLL] [Symantec Corp., 1.1.0.3]
[C:\Program Files\Symantec Client Security\Symantec AntiVirus\SAVRT32.DLL] [Symantec Corporation, 9.3.0.28]
[C:\Program Files\Symantec Client Security\Symantec AntiVirus\NAVNTUTL.DLL] [Symantec Corporation, 9.0.0.338]
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070914.008\ecmsvr32.dll] [Symantec Corporation, 71.3.0.25]
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070914.008\NAVEX32a.DLL] [Symantec Corporation, 20071.3.0.24]
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070914.008\NAVENG32.DLL] [Symantec Corporation, 20071.3.0.24]
[C:\Program Files\Symantec Client Security\Symantec AntiVirus\IMail.dll] [Symantec Corporation, 9.0.0.338]
[C:\Program Files\Symantec Client Security\Symantec AntiVirus\NotesExt.dll] [Symantec Corporation, 9.0.0.338]
[C:\Program Files\Symantec Client Security\Symantec AntiVirus\vpmsece.dll] [Symantec Corporation, 9.0.0.338]
[C:\Program Files\Symantec Client Security\Symantec AntiVirus\DecSDK.dll] [Symantec Corporation, 3.02.11.32]
[C:\Program Files\Symantec Client Security\Symantec AntiVirus\Dec2.dll] [Symantec Corporation, 3.02.11.32]
[C:\Program Files\Symantec Client Security\Symantec AntiVirus\Dec2ID.dll] [Symantec Corporation, 3.02.11.32]
[C:\Program Files\Symantec Client Security\Symantec AntiVirus\Dec2ZIP.dll] [Symantec Corporation, 3.02.11.32]
[C:\Program Files\Symantec Client Security\Symantec AntiVirus\Dec2SS.dll] [Symantec Corporation, 3.02.11.32]
[C:\Program Files\Symantec Client Security\Symantec AntiVirus\Dec2GZIP.dll] [Symantec Corporation, 3.02.11.32]
[C:\Program Files\Symantec Client Security\Symantec AntiVirus\Dec2CAB.dll] [Symantec Corporation, 3.02.11.32]
[C:\Program Files\Symantec Client Security\Symantec AntiVirus\Dec2LHA.dll] [Symantec Corporation, 3.02.11.32]
[C:\Program Files\Symantec Client Security\Symantec AntiVirus\Dec2ARJ.dll] [Symantec Corporation, 3.02.11.32]
[C:\Program Files\Symantec Client Security\Symantec AntiVirus\Dec2TNEF.dll] [Symantec Corporation, 3.02.11.32]
[C:\Program Files\Symantec Client Security\Symantec AntiVirus\Dec2LZ.dll] [Symantec Corporation, 3.02.11.32]
[C:\Program Files\Symantec Client Security\Symantec AntiVirus\Dec2AMG.dll] [Symantec Corporation, 3.02.11.32]
[C:\Program Files\Symantec Client Security\Symantec AntiVirus\Dec2TAR.dll] [Symantec Corporation, 3.02.11.32]
[C:\Program Files\Symantec Client Security\Symantec AntiVirus\Dec2RTF.dll] [Symantec Corporation, 3.02.11.32]
[C:\Program Files\Symantec Client Security\Symantec AntiVirus\Dec2Text.dll] [Symantec Corporation, 3.02.11.32]
[C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll] [Symantec Corporation, 9.0.0.338]