Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Well I think I got a Virus or two.
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 06-25-2009, 07:56 PM   #1 (permalink)
Registered User
 
Join Date: Jun 2009
Posts: 5
OS: windows xp


Well I think I got a Virus or two.
Ok lets see. In detail I seem to have some sort of Google redirect Virus. I've nicknamed it "Jumper" because the IE window says "Jumping" right before it takes me to one of those fake search sites. I also suspect I have the Virtumonde virus that a friend of mine got a while back. I've run spy-bot and another anti-virus program with no luck so I figured I'd come to you guys since you took care of her really well. I'm going to attach the files requested In your how to start getting help tutorial. Hope you guys can help. My name is Jason by the way.


DDS (Ver_09-05-14.01) - NTFSx86
Run by Jason at 10:08:02.17 on Thu 06/25/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1374 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdnserv.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\Allume\StuffIt\MXTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\svchost.exe -k sys
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\Allume\StuffIt\mxtask.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files\Lexmark 2600 Series\ezprint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\pp10.exe
C:\windows\mstre19.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Jason\Desktop\SHORT CUTS\utorrent.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jason\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = http=localhost:8080
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {a1450971-8dad-c128-c95c-cd57d58120a7} - c:\windows\system32\sopk.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: {bfc14857-82c0-8e4d-cb7a-aac86a8b29c5} - c:\windows\system32\pflwgjz.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [µTorrent] "c:\documents and settings\jason\desktop\utorrent.exe"
uRun: [Aim6]
uRun: [uTorrent] "c:\documents and settings\jason\desktop\short cuts\utorrent.exe"
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\RegistryBooster.exe /S
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [cOp] c:\documents and settings\jason\local settings\temp\cOp.exe
mRun: [q3Ef34V] defmeng.exe
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [Iz6h0MSX] c:\documents and settings\jason\local settings\temp\Iz6h0MSX.exe
mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [<NO NAME>]
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [EPSON Stylus C88 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB001" /M "Stylus C88"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 2600 series\ezprint.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [pp] c:\windows\pp10.exe
mRun: [sysmstray] c:\windows\mstre19.exe
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
mExplorerRun: [Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\%s] c:\program files\video activex object\isamonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\adobe acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe
uPolicies-explorer: SpecifyDefaultButtons = 0 (0x0)
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: aintitcool.com\www
Trusted Zone: cinescape.com\www
Trusted Zone: turbotax.com
DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/install/00/alttiff.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jason\applic~1\mozilla\firefox\profiles\default.mu9\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.earthlink.net/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\documents and settings\jason\application data\mozilla\firefox\profiles\default.mu9\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwinamp.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 55024]
R1 sysdrv;sysdrv;c:\program files\sys\sys.sys [2009-6-24 9344]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\cyberlink\powerdvd\000.fcl [2006-11-2 13560]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2009-1-23 98984]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-5-28 1174152]
R2 sys;sys;c:\windows\system32\svchost.exe -k sys [2002-8-29 14336]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-11 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2007-4-7 106808]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S2 gupdate1c9b47866f1d12e;Google Update Service (gupdate1c9b47866f1d12e);c:\program files\google\update\GoogleUpdate.exe [2009-4-3 133104]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\bw2ndis5.sys --> c:\windows\system32\drivers\BW2NDIS5.sys [?]
S3 ProtoWall;ProtoWall Network Service;c:\windows\system32\drivers\protowall.sys --> c:\windows\system32\drivers\ProtoWall.sys [?]
S3 SaiH8000;SaiH8000;c:\windows\system32\drivers\SaiH8000.sys [2006-1-14 56576]
S3 SaiHFF0C;SaiHFF0C;c:\windows\system32\drivers\SaiHFF0C.sys [2006-1-14 56576]
S3 SaiUFF0C;SaiUFF0C;c:\windows\system32\drivers\saiuFF0C.sys [2006-1-14 19584]
S4 Tcddtubrigi;Tcddtubrigi; [x]

=============== Created Last 30 ================

2009-06-24 17:15 <DIR> --d----- c:\program files\sys
2009-06-24 17:15 1 a------- c:\windows\934fdfg34fgjf23
2009-06-24 17:15 14,848 ----h--- c:\windows\pp10.exe
2009-06-24 17:15 2 a------- c:\windows\010112010146118114.dat
2009-06-24 17:15 2 a------- c:\windows\0101120101465749.dat
2009-06-24 17:15 32,256 ----h--- c:\windows\mstre19.exe
2009-06-24 17:15 1 ----h--- c:\windows\jmmark2.dat
2009-06-05 07:50 <DIR> --d----- c:\program files\iTunes
2009-05-26 17:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-05-26 17:18 57,344 a------- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2009-06-25 07:36 34,638 a------- c:\windows\system32\tablet.dat
2009-05-29 13:36 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-05-29 13:36 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2004-11-30 21:05 56 ---shr-- c:\windows\system32\AB831A40EF.sys

============= FINISH: 10:09:14.31 ===============
Attached Files
File Type: zip Attach.zip (5.1 KB, 1 views)
Last edited by Gatsu3; 06-25-2009 at 08:22 PM. Reason: Forgot to attach files!
Gatsu3 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 06-26-2009, 07:06 PM   #2 (permalink)
Analyst, Security Team ; Rangemaster, TSF Academy
 
Clark76's Avatar
 
Join Date: Jun 2006
Location: Cleveland, Ohio
Posts: 1,694
OS: XP Pro, Vista, Ubuntu 8.10


Re: Well I think I got a Virus or two.
Hello and welcome to TSF

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

-------------------------------------

I see you have P2P software (uTorrent) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

-------------------------

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
See this link for instructions on how to do this:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Please include the C:\ComboFix.txt in your next reply for further review.
__________________
Proud Member of ASAP
Proud Member of UNITE

If you feel we've helped you, Please Donate to the Forum
Clark76 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-26-2009, 08:37 PM   #3 (permalink)
Registered User
 
Join Date: Jun 2009
Posts: 5
OS: windows xp


Re: Well I think I got a Virus or two.
Hi Clark. Thanks for the help my friend. Anyway I ran ComboFix and here are the results.

ComboFix 09-06-26.02 - Jason 06/26/2009 21:59.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1691 [GMT -4:00]
Running from: c:\documents and settings\Jason\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\sys
c:\program files\sys\sys.dll
c:\program files\sys\sys.sys
c:\windows\mstre19.exe
c:\windows\pp10.exe
c:\windows\system32\comrepl.exe
c:\windows\system32\ICON.ico
c:\windows\system32\Nx.exe
c:\windows\system32\uninstall.exe
c:\windows\system32\vmss

----- BITS: Possible infected sites -----

hxxp://download.esd.intuit.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYS
-------\Legacy_SYSDRV
-------\Legacy_ZESOFT
-------\Service_sys
-------\Service_sysdrv


((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-06-27 )))))))))))))))))))))))))))))))
.

2009-06-24 21:15 . 2009-06-24 21:15 2 ----a-w- c:\windows\010112010146118114.dat
2009-06-24 21:15 . 2009-06-24 21:15 2 ----a-w- c:\windows\0101120101465749.dat
2009-06-24 21:15 . 2009-06-24 21:15 1 ---h--w- c:\windows\jmmark2.dat
2009-06-05 11:50 . 2009-06-05 11:51 -------- d-----w- c:\program files\iTunes
2009-06-05 11:47 . 2009-06-05 11:48 -------- d-----w- c:\program files\QuickTime
2009-06-05 11:39 . 2009-06-05 11:39 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-27 02:08 . 2004-07-24 18:50 34638 ----a-w- c:\windows\system32\tablet.dat
2009-06-26 03:52 . 2005-12-17 15:12 -------- d-----w- c:\documents and settings\Jason\Application Data\uTorrent
2009-06-26 02:44 . 2009-04-03 16:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-25 06:33 . 2004-05-31 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-25 06:33 . 2007-05-06 05:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-25 05:25 . 2004-05-31 19:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-07 03:27 . 2007-07-12 13:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-05 11:51 . 2005-12-18 18:00 -------- d-----w- c:\program files\iPod
2009-06-05 11:50 . 2007-07-12 13:26 -------- d-----w- c:\program files\Common Files\Apple
2009-05-29 17:36 . 2009-03-13 04:14 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-29 17:36 . 2007-11-12 16:45 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-28 10:15 . 2004-05-13 05:36 -------- d-----w- c:\program files\Java
2009-05-28 10:14 . 2009-04-18 03:06 152576 ----a-w- c:\documents and settings\Jason\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-15 20:32 . 2005-10-24 03:57 -------- d-----w- c:\program files\Google
2009-05-15 11:55 . 2008-03-24 14:34 -------- d-----w- c:\program files\Safari
2009-05-09 23:06 . 2006-06-02 22:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-05 03:04 . 2009-05-05 03:04 -------- d-----w- c:\documents and settings\Jason\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
2009-05-05 03:04 . 2009-05-05 03:04 -------- d-----w- c:\program files\TweetDeck
2009-05-05 03:04 . 2009-05-05 03:04 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-05 03:03 . 2009-05-05 03:04 38208 ----a-w- c:\documents and settings\Jason\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-04-20 13:14 . 2004-05-17 20:09 105392 -c--a-w- c:\documents and settings\Jason\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-05 01:20 . 2009-04-05 01:20 625808 ----a-w- c:\documents and settings\All Users\SPL8B3.tmp
2004-12-01 01:05 . 2004-12-01 00:54 56 --sh--r- c:\windows\SYSTEM32\AB831A40EF.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"uTorrent"="c:\documents and settings\Jason\Desktop\SHORT CUTS\utorrent.exe" [2009-02-10 270128]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-25 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-25 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-06-01 86016]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2008-03-27 660136]
"EzPrint"="c:\program files\Lexmark 2600 Series\ezprint.exe" [2008-03-27 107176]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2006-06-01 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-7-24 110592]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
TabUserW.exe.lnk - c:\windows\SYSTEM32\WTablet\TabUserW.exe [2004-7-24 114688]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-09-21 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-06-25 06:33 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Alias SketchBook Snapshot.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Alias SketchBook Snapshot.lnk
backup=c:\windows\pss\Alias SketchBook Snapshot.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalStart.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PalStart.lnk
backup=c:\windows\pss\PalStart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jason^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=c:\documents and settings\Jason\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\j2re1.4.2\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpnsvr.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Documents and Settings\\Jason\\Desktop\\downloaded stuff\\junk\\sysreset\\sysreset\\mirc.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\SYSTEM32\\lxdncoms.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdnpswx.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdntime.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdnjswx.exe"=
"c:\\Documents and Settings\\Jason\\Desktop\\SHORT CUTS\\utorrent.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdnwbgw.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
"8085:TCP"= 8085:TCP:sys

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 2:53 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 1:39 PM 55024]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdnserv.exe [1/23/2009 8:16 PM 98984]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/11/2007 3:41 AM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [4/7/2007 4:47 PM 106808]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 6:51 PM 4096]
S2 gupdate1c9b47866f1d12e;Google Update Service (gupdate1c9b47866f1d12e);c:\program files\Google\Update\GoogleUpdate.exe [4/3/2009 12:22 PM 133104]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
S3 ProtoWall;ProtoWall Network Service;c:\windows\system32\DRIVERS\ProtoWall.sys --> c:\windows\system32\DRIVERS\ProtoWall.sys [?]
S3 SaiH8000;SaiH8000;c:\windows\SYSTEM32\DRIVERS\SaiH8000.sys [1/14/2006 2:55 PM 56576]
S3 SaiHFF0C;SaiHFF0C;c:\windows\SYSTEM32\DRIVERS\SaiHFF0C.sys [1/14/2006 3:01 PM 56576]
S3 SaiUFF0C;SaiUFF0C;c:\windows\SYSTEM32\DRIVERS\saiuFF0C.sys [1/14/2006 3:02 PM 19584]
S4 Tcddtubrigi;Tcddtubrigi; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-06-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

2009-06-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-02 16:21]

2009-06-27 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-03 16:22]
.
- - - - ORPHANS REMOVED - - - -

BHO-{A1450971-8DAD-C128-C95C-CD57D58120A7} - c:\windows\System32\sopk.dll
BHO-{BFC14857-82C0-8E4D-CB7A-AAC86A8B29C5} - c:\windows\system32\pflwgjz.dll
HKCU-Run-µTorrent - c:\documents and settings\Jason\Desktop\utorrent.exe
HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-EPSON Stylus C88 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE
HKLM-Run-q3Ef34V - defmeng.exe
HKLM-Explorer_Run-Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\%s - c:\program files\Video ActiveX Object\isamonitor.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = http=localhost:8080
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: aintitcool.com\www
Trusted Zone: cinescape.com\www
Trusted Zone: turbotax.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\default.mu9\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.earthlink.net/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\default.mu9\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwinamp.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-26 22:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-675346501-1902649665-3199300156-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(2652)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\LEXBCES.EXE
c:\windows\SYSTEM32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SYSTEM32\lxdncoms.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\SYSTEM32\HPZipm12.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\progra~1\Allume\StuffIt\MXTask.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\SYSTEM32\Tablet.exe
c:\windows\SYSTEM32\UAService7.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\progra~1\Allume\StuffIt\MXTask.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-06-27 22:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-27 02:31

Pre-Run: 11,316,764,672 bytes free
Post-Run: 11,710,468,096 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

291 --- E O F --- 2008-01-09 07:07
Gatsu3 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-26-2009, 09:13 PM   #4 (permalink)
Analyst, Security Team ; Rangemaster, TSF Academy
 
Clark76's Avatar
 
Join Date: Jun 2006
Location: Cleveland, Ohio
Posts: 1,694
OS: XP Pro, Vista, Ubuntu 8.10


Re: Well I think I got a Virus or two.
Hello again

I see no evidence of an AntiVirus program on your system. This must be resolved. Connecting to the Internet without antivirus protection is a "Welcome" doormat for malware. It can take as little as eight seconds to infect an unprotected computer.

Here are a few very good free Antivirus products which are available:Select one of these, or another of your choice. Do not install more than one antivirus program because they will conflict with each other. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

Install, update definitions, and run a full system scan with the Anti-Virus of your choice.

-----------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Code:
File::
c:\windows\pss\PowerReg Scheduler V3.exeStartup
c:\documents and settings\Jason\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe

Registry::
[-HKLM\~\startupfolder\C:^Documents and Settings^Jason^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]

driver::
Tcddtubrigi
Save this as "CFScript"




Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

----------------------------

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 14. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
  • Click the "Download" button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: " I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

---------------------------------

Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.
Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

--------------------------------------

Please provide the following logs with your next post:

C:\ComboFix.txt
Kaspersky Report

Also include an update on how your system is running
__________________
Proud Member of ASAP
Proud Member of UNITE

If you feel we've helped you, Please Donate to the Forum
Clark76 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-30-2009, 07:01 PM   #5 (permalink)
Analyst, Security Team ; Rangemaster, TSF Academy
 
Clark76's Avatar
 
Join Date: Jun 2006
Location: Cleveland, Ohio
Posts: 1,694
OS: XP Pro, Vista, Ubuntu 8.10


Re: Well I think I got a Virus or two.
Still with me, Gatsu3?

I generally unsubscribe from threads after 7 days of inactivity. If I don't receive a reply from you within 3 days of this post, this topic will be closed.
__________________
Proud Member of ASAP
Proud Member of UNITE

If you feel we've helped you, Please Donate to the Forum
Clark76 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-01-2009, 07:53 PM   #6 (permalink)
Registered User
 
Join Date: Jun 2009
Posts: 5
OS: windows xp


Re: Well I think I got a Virus or two.
Sorry Clark a family emergency kept me away for the past few days. I apologize for the absence. I ran the ComboFix like you said and got a new anit-virus program. Anyway here are the results.


ComboFix 09-06-26.02 - Jason 06/26/2009 21:59.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1691 [GMT -4:00]
Running from: c:\documents and settings\Jason\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\sys
c:\program files\sys\sys.dll
c:\program files\sys\sys.sys
c:\windows\mstre19.exe
c:\windows\pp10.exe
c:\windows\system32\comrepl.exe
c:\windows\system32\ICON.ico
c:\windows\system32\Nx.exe
c:\windows\system32\uninstall.exe
c:\windows\system32\vmss

----- BITS: Possible infected sites -----

hxxp://download.esd.intuit.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYS
-------\Legacy_SYSDRV
-------\Legacy_ZESOFT
-------\Service_sys
-------\Service_sysdrv


((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-06-27 )))))))))))))))))))))))))))))))
.

2009-06-24 21:15 . 2009-06-24 21:15 2 ----a-w- c:\windows\010112010146118114.dat
2009-06-24 21:15 . 2009-06-24 21:15 2 ----a-w- c:\windows\0101120101465749.dat
2009-06-24 21:15 . 2009-06-24 21:15 1 ---h--w- c:\windows\jmmark2.dat
2009-06-05 11:50 . 2009-06-05 11:51 -------- d-----w- c:\program files\iTunes
2009-06-05 11:47 . 2009-06-05 11:48 -------- d-----w- c:\program files\QuickTime
2009-06-05 11:39 . 2009-06-05 11:39 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-27 02:08 . 2004-07-24 18:50 34638 ----a-w- c:\windows\system32\tablet.dat
2009-06-26 03:52 . 2005-12-17 15:12 -------- d-----w- c:\documents and settings\Jason\Application Data\uTorrent
2009-06-26 02:44 . 2009-04-03 16:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-25 06:33 . 2004-05-31 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-25 06:33 . 2007-05-06 05:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-25 05:25 . 2004-05-31 19:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-07 03:27 . 2007-07-12 13:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-05 11:51 . 2005-12-18 18:00 -------- d-----w- c:\program files\iPod
2009-06-05 11:50 . 2007-07-12 13:26 -------- d-----w- c:\program files\Common Files\Apple
2009-05-29 17:36 . 2009-03-13 04:14 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-29 17:36 . 2007-11-12 16:45 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-28 10:15 . 2004-05-13 05:36 -------- d-----w- c:\program files\Java
2009-05-28 10:14 . 2009-04-18 03:06 152576 ----a-w- c:\documents and settings\Jason\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-15 20:32 . 2005-10-24 03:57 -------- d-----w- c:\program files\Google
2009-05-15 11:55 . 2008-03-24 14:34 -------- d-----w- c:\program files\Safari
2009-05-09 23:06 . 2006-06-02 22:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-05 03:04 . 2009-05-05 03:04 -------- d-----w- c:\documents and settings\Jason\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
2009-05-05 03:04 . 2009-05-05 03:04 -------- d-----w- c:\program files\TweetDeck
2009-05-05 03:04 . 2009-05-05 03:04 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-05 03:03 . 2009-05-05 03:04 38208 ----a-w- c:\documents and settings\Jason\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-04-20 13:14 . 2004-05-17 20:09 105392 -c--a-w- c:\documents and settings\Jason\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-05 01:20 . 2009-04-05 01:20 625808 ----a-w- c:\documents and settings\All Users\SPL8B3.tmp
2004-12-01 01:05 . 2004-12-01 00:54 56 --sh--r- c:\windows\SYSTEM32\AB831A40EF.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"uTorrent"="c:\documents and settings\Jason\Desktop\SHORT CUTS\utorrent.exe" [2009-02-10 270128]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-25 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-25 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-06-01 86016]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2008-03-27 660136]
"EzPrint"="c:\program files\Lexmark 2600 Series\ezprint.exe" [2008-03-27 107176]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2006-06-01 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-7-24 110592]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
TabUserW.exe.lnk - c:\windows\SYSTEM32\WTablet\TabUserW.exe [2004-7-24 114688]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-09-21 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-06-25 06:33 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Alias SketchBook Snapshot.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Alias SketchBook Snapshot.lnk
backup=c:\windows\pss\Alias SketchBook Snapshot.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalStart.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PalStart.lnk
backup=c:\windows\pss\PalStart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jason^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=c:\documents and settings\Jason\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\j2re1.4.2\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpnsvr.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Documents and Settings\\Jason\\Desktop\\downloaded stuff\\junk\\sysreset\\sysreset\\mirc.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\SYSTEM32\\lxdncoms.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdnpswx.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdntime.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdnjswx.exe"=
"c:\\Documents and Settings\\Jason\\Desktop\\SHORT CUTS\\utorrent.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdnwbgw.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
"8085:TCP"= 8085:TCP:sys

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 2:53 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 1:39 PM 55024]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdnserv.exe [1/23/2009 8:16 PM 98984]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/11/2007 3:41 AM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [4/7/2007 4:47 PM 106808]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 6:51 PM 4096]
S2 gupdate1c9b47866f1d12e;Google Update Service (gupdate1c9b47866f1d12e);c:\program files\Google\Update\GoogleUpdate.exe [4/3/2009 12:22 PM 133104]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
S3 ProtoWall;ProtoWall Network Service;c:\windows\system32\DRIVERS\ProtoWall.sys --> c:\windows\system32\DRIVERS\ProtoWall.sys [?]
S3 SaiH8000;SaiH8000;c:\windows\SYSTEM32\DRIVERS\SaiH8000.sys [1/14/2006 2:55 PM 56576]
S3 SaiHFF0C;SaiHFF0C;c:\windows\SYSTEM32\DRIVERS\SaiHFF0C.sys [1/14/2006 3:01 PM 56576]
S3 SaiUFF0C;SaiUFF0C;c:\windows\SYSTEM32\DRIVERS\saiuFF0C.sys [1/14/2006 3:02 PM 19584]
S4 Tcddtubrigi;Tcddtubrigi; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-06-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

2009-06-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-02 16:21]

2009-06-27 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-03 16:22]
.
- - - - ORPHANS REMOVED - - - -

BHO-{A1450971-8DAD-C128-C95C-CD57D58120A7} - c:\windows\System32\sopk.dll
BHO-{BFC14857-82C0-8E4D-CB7A-AAC86A8B29C5} - c:\windows\system32\pflwgjz.dll
HKCU-Run-µTorrent - c:\documents and settings\Jason\Desktop\utorrent.exe
HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-EPSON Stylus C88 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE
HKLM-Run-q3Ef34V - defmeng.exe
HKLM-Explorer_Run-Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\%s - c:\program files\Video ActiveX Object\isamonitor.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = http=localhost:8080
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: aintitcool.com\www
Trusted Zone: cinescape.com\www
Trusted Zone: turbotax.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\default.mu9\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.earthlink.net/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\default.mu9\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwinamp.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-26 22:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-675346501-1902649665-3199300156-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(2652)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\LEXBCES.EXE
c:\windows\SYSTEM32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SYSTEM32\lxdncoms.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\SYSTEM32\HPZipm12.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\progra~1\Allume\StuffIt\MXTask.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\SYSTEM32\Tablet.exe
c:\windows\SYSTEM32\UAService7.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\progra~1\Allume\StuffIt\MXTask.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-06-27 22:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-27 02:31

Pre-Run: 11,316,764,672 bytes free
Post-Run: 11,710,468,096 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

291 --- E O F --- 2008-01-09 07:07



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, June 30, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, June 30, 2009 03:38:35
Records in database: 2403678
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 169128
Threat name: 98
Infected objects: 428
Suspicious objects: 1
Duration of the scan: 03:34:47


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\000114A5 Infected: Trojan-Downloader.Win32.Apropo.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00894D6E Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00DF3A46 Infected: not-a-virus:AdWare.Win32.PowerScan.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01604A76 Infected: Trojan-Downloader.Win32.Dyfuca.bw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01C6407D Infected: Trojan-Downloader.Win32.Dyfuca.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01FE29D8 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\02C86978 Infected: Backdoor.Win32.VB.nb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0395305C Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\043042B3 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05F64A54 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\065C405C Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06A81F43 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06C23663 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07282C6B Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\079B12C6.exe Infected: Trojan-Downloader.Win32.TSUpdate.i 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\079B12C6.exe Infected: Trojan-Downloader.Win32.TSUpdate.g 3
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\079B12C6.exe Infected: Trojan-Downloader.Win32.TSUpdate.h 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\090B6F07 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AFD7ACA.tmp Infected: not-a-virus:AdWare.Win32.GoWebSite 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B0024C6.tmp Infected: not-a-virus:AdWare.Win32.GoWebSite 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B5114AF Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CB141FF Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CF00675 Infected: not-a-virus:AdWare.Win32.ClearSearch.f 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D603220 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D672D6F Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DC8713F Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E5B2A66 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F1840AF Infected: Trojan-Downloader.Win32.Dyfuca.bq 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10584729 Infected: Trojan-Downloader.Win32.Dyfuca.cj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\108D4342 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11860653 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11ED7C5B Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12537262 Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\127166AB Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12B9686A Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\131D3458 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13642EF6.tmp Infected: not-a-virus:AdWare.Win32.GoWebSite 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13CB2479 Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14E8433B Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1501210D Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15671714 Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16340323 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\163912AB Infected: Trojan-Downloader.Win32.IstBar.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\169A792B Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16C176AE.tmp Infected: Trojan.Java.ClassLoader.h 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16D51862 Infected: Trojan-Dropper.Win32.Delf.z 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\18814273 Infected: Trojan-Downloader.Win32.Dyfuca.cj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\18D86FEB Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\198826B1 Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\199138A7 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A8F35CA.tmp Infected: not-a-virus:AdWare.Win32.GoWebSite 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C081537 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C2509C9 Infected: Trojan-Downloader.Win32.Small.go 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C6B737F Infected: Backdoor.Win32.VB.oq 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C803BBA Infected: Trojan-Downloader.Win32.Dyfuca.bq 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D174252 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D6B7578 Infected: Trojan-Downloader.Win32.Apropo.u 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D75736E Infected: Trojan-Downloader.Win32.Apropo.bd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D781D6A Infected: not-a-virus:AdWare.Win32.Cydoor 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D7B4766 Infected: Backdoor.Win32.VB.nb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D7D3859 Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D7F7163 Infected: Backdoor.Win32.VB.oq 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D821B5F Infected: not-a-virus:AdWare.Win32.BadBar.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D85455C Infected: Backdoor.Win32.VB.nb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D9A5E0C.exe Infected: P2P-Worm.Win32.Tibick.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DE32E61 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E3A2E12 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E492468 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E6A1DC5.tmp Infected: not-a-virus:AdWare.Win32.180Solutions.ao 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E6D47C1.exe Infected: not-a-virus:AdWare.Win32.Altnet.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F4528E9 Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\20134D0C Infected: Trojan-Downloader.Win32.Apropo.u 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\20B20AA3 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\215E491B Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\223C45D1 Infected: not-a-virus:AdWare.Win32.Bymoh.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23296733 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\234C259A.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.l 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\234C259A.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n 5
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\234C259A.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\234C259A.exe Infected: Trojan-Clicker.Win32.VB.ex 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\234C259A.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.y 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23537993.dll Infected: not-a-virus:AdWare.Win32.Midadle.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23537993.exe Infected: not-a-virus:AdWare.Win32.WebRebates.g 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23537993.exe Infected: not-a-virus:AdWare.Win32.WebRebates.d 2
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23537993.exe Infected: not-a-virus:AdWare.Win32.WebRebates.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23D1687C Infected: Trojan-Downloader.Win32.Agent.ac 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23D1687C Infected: Trojan-Downloader.Win32.Turown.h 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23D1687C Infected: Trojan-Downloader.Win32.Turown.g 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23D1687C Infected: Trojan-Downloader.Win32.VB.cw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25022B20 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\255B000E Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25B11B41 Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\27D25C9E Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\28A77E50 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\290D7458 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29736A5F Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29D96067 Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A49392E Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A493933.exe Infected: Trojan-Downloader.Win32.Peerat.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2AEC52A7.exe Infected: not-a-virus:AdWare.Win32.PurityScan.v 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2B2E6D17 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2B4E7308 Infected: Backdoor.Win32.VB.nb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2BBC2303 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2C7B520A Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2CEE0519 Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2CF31BEB Infected: Backdoor.Win32.Ruledor.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2DBA7128 Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2EF22E9A Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F2361DC.exe Infected: Trojan-Downloader.Win32.Zlob.bqd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\312B1FB1 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31D90FD2 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31E425DE.tmp Infected: not-a-virus:AdWare.Win32.GoWebSite 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\32291CDE Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\32887FF3 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\339B2406 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\34032793 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\34373A4F Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\343A7156 Infected: Trojan-Clicker.Win32.Delf.r 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\343D1B53 Infected: Trojan-Downloader.Win32.Agent.ae 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\349E3056 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3504265E Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\356A1C66 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36120096 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\364D0DF7.exe Infected: not-a-virus:AdWare.Win32.F1Organizer.h 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\365037F4.exe Infected: not-a-virus:AdWare.Win32.MediaTickets.h 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\365037F4.exe Infected: not-a-virus:AdWare.Win32.PurityScan.v 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\365361F0.exe Infected: not-a-virus:AdWare.Win32.WinComm 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36560BEC.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\365A35E9.exe Infected: not-a-virus:AdWare.Win32.WinAD.f 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\367E68EC.EXE Infected: not-a-virus:AdWare.Win32.PurityScan.bv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\368112E9.dll Infected: not-a-virus:AdWare.Win32.BiSpy.s 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\368112E9.exe Infected: not-a-virus:AdWare.Win32.PurityScan.bv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36A639BD Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36A63C45.dll Infected: not-a-virus:AdWare.Win32.BiSpy.s 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3796120A Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38517496 Infected: Trojan-Dropper.Win32.Delf.z 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\388357E9 Infected: Trojan-Downloader.Win32.VB.cw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38E5371F Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\391D164D Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\394B2D27 Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\397A3A4A Infected: Trojan-Downloader.Win32.Apropo.u 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\397D6447 Infected: Trojan-Downloader.Win32.Apropo.bd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39800E43 Infected: Backdoor.Win32.VB.nb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3ABC7602 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B175C47 Infected: Trojan-Downloader.Win32.IstBar.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B216C95 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3D200C84 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3D335292 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3DC92828 Infected: not-a-virus:AdWare.Win32.BetterInternet 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E832202 Infected: Trojan.Win32.SecondThought.l 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3FFC6951.dll Infected: Hoax.Win32.Renos.eu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\402E6C55 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\403E1A28.tmp Infected: not-a-virus:AdWare.Win32.GoWebSite 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4094625D Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\40FA5864 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41590D06 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41604E6C Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41630AFB Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\416A5EF4 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\416D08F0 Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\417032ED Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41735CE9 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\417706E6 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\417A30E2 Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\418104DB Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41842ED7 Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\418A02D0 Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\418E2CCC Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\419156C9 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\419400C5 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41972AC2 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\419B54BE Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\419E7EBA Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41A128B7 Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41A452B3 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41A87CB0 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41AB26AC Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41AE50A8 Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41B524A1 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41BB789A Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41BF2296 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41C5768F Infected: Backdoor.Win32.IRCBot.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41C8208C Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41CC4A88 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41CF7484 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41D21E81 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41D334C6.exe Infected: not-a-virus:AdWare.Win32.MediaTickets.h 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41D5487D Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41D9727A Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41DC47FD Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41DD0541.dll Infected: Hoax.Win32.Renos.eu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41DF4673 Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41E2706F Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41E94468 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41EC6E64 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41F01861 Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41F3425D Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41F66C59 Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41F91656 Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42006A4F Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4203144B Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42063E47 Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\420A6844 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42103C3D Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\421A3A32 Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42210E2B Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42243827 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42276223 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\422A0C20 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\422E361C Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42316019 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42340A15 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42373411 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4248017C Infected: Trojan-Downloader.Win32.Small.kl 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4248017C Infected: not-a-virus:AdWare.Win32.SaveNow.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4248017C Infected: not-a-virus:AdWare.Win32.SaveNow.af 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4248017C Infected: not-a-virus:AdWare.Win32.SaveNow.l 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\43431107 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\43D674C6.tmp Infected: Hoax.Win32.Renos.ex 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\440F7D16 Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\441413E8 Infected: Backdoor.Win32.VB.oq 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4453248E Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45220540.exe Infected: P2P-Worm.Win32.Tibick.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\456022FC.exe Infected: P2P-Worm.Win32.Tibick.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45D35315.dll Infected: not-a-virus:AdWare.Win32.Visua.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\478106A3.exe Infected: P2P-Worm.Win32.Tibick.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48733E4A.tmp Infected: not-a-virus:FraudTool.Win32.WorldSecurityOnline.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48FC19F9 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD96914 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4B737689 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BBE2854 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4C1C77D3 Infected: Backdoor.Win32.VB.nb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4C241E5B Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4C717F35.exe Infected: Email-Worm.Win32.NetSky.ghc 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4C8B1463 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4CBC44E2.exe Infected: Virus.Win32.Parite.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4CF10A6A Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4D485247.exe Infected: Trojan-GameThief.Win32.OnLineGames.fyn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4D5F782E.exe Infected: Virus.Win32.Parite.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4D6370C5.exe Infected: not-a-virus:AdWare.Win32.WinAD.f 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4D867003.exe Infected: Trojan-GameThief.Win32.OnLineGames.fyn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DA50F65 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4F1B4646.exe Infected: Trojan.Win32.Agent.cji 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4F261BB0.exe Infected: not-a-virus:AdWare.Win32.PurityScan.w 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4F9F3915 Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4FCB4A8A Infected: Trojan-Downloader.VBS.Psyme.y 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4FE77B2B Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\501C6BF5 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50694E9F.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\506F2298.EXE Infected: not-a-virus:AdWare.Win32.PurityScan.bs 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\507943FE.exe Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50966B4C Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50E416BC.tmp Infected: not-a-virus:AdWare.Win32.Visua.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\518E4394.exe Infected: P2P-Worm.Win32.Tibick.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5270149C.exe Infected: P2P-Worm.Win32.Tibick.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52934885 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52B96474 Infected: Trojan-Downloader.Win32.IstBar.er 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\536078FC.dll Infected: not-a-virus:AdWare.Win32.ProtectionBar.g 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\541F3AC1.exe Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\54535A88.exe Infected: Trojan.Win32.Agent.cji 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\54C66161 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57015DA5 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\573D3DF1 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\574F6452 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57B55A5A Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\581B5061 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\58814669 Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A630905 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5AC97F0C Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BE6335D Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C106FBC Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5CBE5FDD Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5E492072 Infected: Trojan-Downloader.Win32.Dyfuca.cl 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5E5D0FED Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5EF04914 Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F1A6A1A Infected: Trojan.Win32.SecondThought.l 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\601F2D6B.tmp Infected: Net-Worm.Win32.Bobic.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60307F59.tmp Infected: Net-Worm.Win32.Bobic.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60437B43.tmp Infected: Net-Worm.Win32.Bobic.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60714711.tmp Infected: Email-Worm.Win32.Bagle.bq 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\609B03EC Infected: Trojan-Downloader.Win32.IstBar.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60AA2166.wmf Suspicious: Exploit.Win32.IMG-WMF 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61114070 Infected: not-a-virus:AdWare.Win32.BetterInternet 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\615A4F68.tmp Infected: Trojan.Java.ClassLoader.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\62037357.tmp Infected: Trojan-Downloader.Java.OpenStream.w 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\627B6215 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\62DF2051 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63060558 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\632A5236 Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63451659 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63AB0C60 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\64110268 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\642B3189.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\657D61E9 Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\65F44503 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\667304A5 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66762EA1 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\667A589D Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\667D029A Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66802C96 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66835693 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6687008F Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\668A2A8B Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\668D5488 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66907E84 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66942881 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6697527D Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\669A7C7A Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\669D2676 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66A15072 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66A47A6F Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66A7246B Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66AB4E68 Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66AE7864 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66B12260 Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66B44C5D Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66B87659 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66BB2056 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66BE4A52 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66C03112 Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66C1744E Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66C51E4B Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66C84847 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66CB7244 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66CE1C40 Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66CE3159 Infected: Trojan-Downloader.Win32.Dyfuca.cj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66D2463C Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66D57039 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66D81A35 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66DC4432 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66DF6E2E Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66E2182A Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66E54227 Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66E96C23 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66EC1620 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66EF401C Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66F26A18 Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66F61415 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66F93E11 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66FC680E Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66FF120A Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6726271A Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\678C1D21 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\67B31744 Infected: not-a-virus:AdWare.Win32.BetterInternet 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\67B375B5 Infected: Trojan-Downloader.Win32.Apropo.u 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\67B64141 Infected: Trojan-Downloader.Win32.VB.cw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\67C01DA6 Infected: Trojan-Downloader.Win32.Apropo.bd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\67F21329 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\684333EB Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68B1652B Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68E7546E Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\69B03523 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\69DE3CD2 Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\69F80CB6 Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\69F80CB6 Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\69F80CB6 Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\69F80CB6 Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6A265754 Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C9E33E4 Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6D4542BD Infected: Backdoor.Win32.VB.oq 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E6F5C50 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EA456A6 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6ED55257 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F3C485F Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F5246C6 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FA23E66 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71472950 Infected: Backdoor.Win32.IRCBot.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\718065B0.tmp Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71830FAD.tmp Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\72A804DA Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\730B71FE.tmp Infected: Trojan-Downloader.Java.OpenStream.t 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\731C5920 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\732206D4 Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\732206D4 Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\732206D4 Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\732206D4 Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\732530D0 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\73BE05E0 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\740726EF.exe Infected: not-a-virus:AdWare.Win32.Visua.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74513F07 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\746058DE Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\750F48FE Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\753C3426.dll Infected: Trojan-Downloader.Win32.Zlob.amj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75F01EBC Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\77090589 Infected: not-a-virus:AdWare.Win32.PowerScan.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\77364354.tmp Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\77A414B1 Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78014A28 Infected: Trojan-Downloader.Win32.IstBar.er 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78677B4C Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78B619B7 Infected: not-a-virus:AdWare.Win32.PowerScan.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78CD0B25.exe Infected: Hoax.Win32.Renos.fh 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78D7091A.exe Infected: Hoax.Win32.Renos.fh 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78DD5D13.exe Infected: Hoax.Win32.Renos.fh 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78FA3473 Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\792F3375 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\796E374E Infected: Trojan-Downloader.Win32.Turown.g 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79A334A1 Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A660E56 Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A9A03D6 Infected: Trojan-Downloader.Win32.Dyfuca.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7ABE51AE Infected: Trojan-Downloader.Win32.VB.ca 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7ABE51AE Infected: Trojan.Win32.Revop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7AC27BAB Infected: Trojan-Downloader.Win32.Dyfuca.bw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7AC525A7 Infected: Trojan.Win32.Revop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7AC84FA4 Infected: Trojan-Downloader.Win32.IstBar.er 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7ACB79A0 Infected: Trojan.Win32.SecondThought.l 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7ACC045D Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7ACF239C Infected: Trojan-Downloader.Win32.Dyfuca.bx 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7AD24D99 Infected: Trojan-Downloader.Win32.IstBar.er 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7ADE57DC Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7AEA2D58.exe Infected: not-a-virus:AdWare.Win32.Visua.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B327A65 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B711103 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B7B3B57 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D1070B7 Infected: P2P-Worm.Win32.SdDrop.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E471F17 Infected: P2P-Worm.Win32.SdDrop.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E4C35E9 Infected: not-a-virus:AdWare.Win32.SaveNow.v 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F784FBF.dll Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F784FBF.tmp Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.i 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F7B79BC.ocx Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F874D48 Infected: P2P-Worm.Win32.SdDrop.c 1
C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\6.0\3\785b6d83-2cca607e Infected: Exploit.Java.Gimsh.a 1
C:\Documents and Settings\Jason\Desktop\downloaded stuff\junk\sysreset\sysreset\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1

The selected area was scanned.
Gatsu3 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-02-2009, 03:45 AM   #7 (permalink)
Analyst, Security Team ; Rangemaster, TSF Academy
 
Clark76's Avatar
 
Join Date: Jun 2006
Location: Cleveland, Ohio
Posts: 1,694
OS: XP Pro, Vista, Ubuntu 8.10


Re: Well I think I got a Virus or two.
Hope everything is now ok with the family.

---------------

Please delete your current copy of combofix.exe from your desktop and then download a fresh copy from one of the following links:

Link 1
Link 2
Link 3

Don't run it yet! We will be using it in a just a little bit.

----------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Code:
Driver::
Tcddtubrigi
Save this as "CFScript"




Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

------------------------

1. Open Norton AntiVirus by double clicking the 'Shield' icon located in the right hand bottom corner of your computer screen.
2. Double click the 'View' folder. It is located on the left side of the Norton AntiVirus window. This will expand the folder and display the contents.
3. Click on the 'Quarantine' icon. The right side of the Norton AntiVirus window will now list the contents of your quarantine folder.
4. Select the item you wish to remove and click on RED 'X' icon to delete it.
5. This will open the 'Take Action' window. Click the 'Start Delete' button to remove the infected file from your computer.
6. Repeat for any other quarantined files.
7. When you are done removing files, click the 'Exit' button in the bottom left hand corner of the Norton AntiVirus window.

-----------------------------

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

--------------------------

Post back with C:\ComboFix.txt and let me know how your system is running.
__________________
Proud Member of ASAP
Proud Member of UNITE

If you feel we've helped you, Please Donate to the Forum
Clark76 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-02-2009, 09:15 AM   #8 (permalink)
Registered User
 
Join Date: Jun 2009
Posts: 5
OS: windows xp


Re: Well I think I got a Virus or two.
Well my system seems to be running ok at the moment. I ran my Anti-Virus doohickey and came up with no infected files. Which seems suspect to me but hey I'm the paranoid type. Anyway here is the Combofix text.

ComboFix 09-07-01.04 - Jason 07/02/2009 7:32.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1448 [GMT -4:00]
Running from: c:\documents and settings\Jason\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jason\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090701-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\010112010146118114.dat
c:\windows\Installer\17e157.msp
c:\windows\Installer\1baf47.msp
c:\windows\Installer\1baf50.msp
c:\windows\Installer\1baf63.msp
c:\windows\Installer\1baf6c.msp
c:\windows\Installer\1baf75.msp
c:\windows\Installer\1baf95.msp
c:\windows\Installer\1baf9b.msp
c:\windows\Installer\1bafa3.msp
c:\windows\Installer\33905b.msi
c:\windows\Installer\35a7e5a.msp
c:\windows\Installer\4562b.msi
c:\windows\Installer\47dfd1.msi
c:\windows\Installer\50c9ef9.msi
c:\windows\Installer\72eff3.msp
c:\windows\Installer\896c38.msi
c:\windows\Installer\e717ef.msi
c:\windows\system32\mlfcache.dat

.
((((((((((((((((((((((((( Files Created from 2009-06-02 to 2009-07-02 )))))))))))))))))))))))))))))))
.

2009-06-28 18:34 . 2009-06-28 18:34 152576 ----a-w- c:\documents and settings\Jason\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-27 05:15 . 2009-06-27 05:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-06-27 05:07 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-06-27 05:07 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-06-27 05:07 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-06-27 05:07 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-06-27 05:07 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-06-27 05:07 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-06-27 05:07 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-06-27 05:07 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-06-27 05:06 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-06-27 05:06 . 2009-06-27 05:06 -------- d-----w- c:\program files\Alwil Software
2009-06-24 21:15 . 2009-06-24 21:15 2 ----a-w- c:\windows\0101120101465749.dat
2009-06-24 21:15 . 2009-06-24 21:15 1 ---h--w- c:\windows\jmmark2.dat
2009-06-05 11:50 . 2009-06-05 11:51 -------- d-----w- c:\program files\iTunes
2009-06-05 11:47 . 2009-06-05 11:48 -------- d-----w- c:\program files\QuickTime
2009-06-05 11:39 . 2009-06-05 11:39 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-02 11:24 . 2005-12-17 15:12 -------- d-----w- c:\documents and settings\Jason\Application Data\uTorrent
2009-07-02 08:50 . 2009-04-03 16:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-28 18:58 . 2004-07-24 18:50 34638 ----a-w- c:\windows\system32\tablet.dat
2009-06-28 18:52 . 2004-05-13 05:36 -------- d-----w- c:\program files\Java
2009-06-25 06:33 . 2004-05-31 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-25 06:33 . 2007-05-06 05:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-25 05:25 . 2004-05-31 19:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-07 03:27 . 2007-07-12 13:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-05 11:51 . 2005-12-18 18:00 -------- d-----w- c:\program files\iPod
2009-06-05 11:50 . 2007-07-12 13:26 -------- d-----w- c:\program files\Common Files\Apple
2009-05-29 17:36 . 2009-03-13 04:14 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-29 17:36 . 2007-11-12 16:45 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-28 10:14 . 2009-04-18 03:06 152576 ----a-w- c:\documents and settings\Jason\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-21 15:33 . 2009-01-08 06:16 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-15 20:32 . 2005-10-24 03:57 -------- d-----w- c:\program files\Google
2009-05-15 11:55 . 2008-03-24 14:34 -------- d-----w- c:\program files\Safari
2009-05-09 23:06 . 2006-06-02 22:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-05 03:04 . 2009-05-05 03:04 -------- d-----w- c:\documents and settings\Jason\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
2009-05-05 03:04 . 2009-05-05 03:04 -------- d-----w- c:\program files\TweetDeck
2009-05-05 03:04 . 2009-05-05 03:04 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-05 03:03 . 2009-05-05 03:04 38208 ----a-w- c:\documents and settings\Jason\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-04-20 13:14 . 2004-05-17 20:09 105392 -c--a-w- c:\documents and settings\Jason\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-05 01:20 . 2009-04-05 01:20 625808 ----a-w- c:\documents and settings\All Users\SPL8B3.tmp
2004-12-01 01:05 . 2004-12-01 00:54 56 --sh--r- c:\windows\SYSTEM32\AB831A40EF.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-06-27_02.11.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-28 18:57 . 2009-06-28 18:57 16384 c:\windows\Temp\Perflib_Perfdata_638.dat
+ 2009-06-28 18:58 . 2009-06-28 18:58 16384 c:\windows\Temp\Perflib_Perfdata_454.dat
+ 2009-01-25 02:20 . 2009-01-25 02:20 48128 c:\windows\Installer\c594b2f8.msi
+ 2009-04-23 01:07 . 2009-04-23 01:07 24064 c:\windows\Installer\b4cffa.msi
+ 2009-06-30 19:11 . 2009-06-30 19:11 22528 c:\windows\Installer\a5a2bcd.msi
+ 2009-04-15 01:39 . 2009-04-15 01:39 25088 c:\windows\Installer\9227f3b.msi
+ 2009-03-20 02:35 . 2009-03-20 02:35 19456 c:\windows\Installer\8f33247.msp
+ 2009-04-15 00:34 . 2009-04-15 00:34 20992 c:\windows\Installer\8e3e957.msi
+ 2009-04-15 00:34 . 2009-04-15 00:34 52736 c:\windows\Installer\8e3e953.msi
+ 2009-04-15 00:33 . 2009-04-15 00:33 60928 c:\windows\Installer\8e3e94f.msi
+ 2009-04-15 00:33 . 2009-04-15 00:33 32256 c:\windows\Installer\8e3e94b.msi
+ 2009-04-15 00:31 . 2009-04-15 00:31 22528 c:\windows\Installer\8e3e940.msi
+ 2009-04-14 15:17 . 2009-04-14 15:17 86528 c:\windows\Installer\6e6d592.msi
+ 2006-01-18 03:09 . 2006-01-18 03:09 84992 c:\windows\Installer\49e2879.msi
+ 2009-05-05 03:04 . 2009-05-05 03:04 22016 c:\windows\Installer\3eea1dd1.msi
+ 2009-05-05 03:04 . 2009-05-05 03:04 26624 c:\windows\Installer\3eea1dcb.msi
+ 2007-07-15 03:08 . 2007-07-15 03:08 29696 c:\windows\Installer\28663ca.msi
+ 2008-11-30 21:32 . 2008-11-30 21:32 20992 c:\windows\Installer\1762f6f9.msi
- 2009-05-28 10:15 . 2009-03-09 09:19 148888 c:\windows\SYSTEM32\javaws.exe
+ 2009-06-28 18:35 . 2009-05-21 15:34 148888 c:\windows\SYSTEM32\javaws.exe
- 2009-05-28 10:15 . 2009-03-09 09:19 144792 c:\windows\SYSTEM32\javaw.exe
+ 2009-06-28 18:35 . 2009-05-21 15:34 144792 c:\windows\SYSTEM32\javaw.exe
- 2009-05-28 10:15 . 2009-03-09 09:19 144792 c:\windows\SYSTEM32\java.exe
+ 2009-06-28 18:35 . 2009-05-21 15:34 144792 c:\windows\SYSTEM32\java.exe
+ 2009-01-25 02:22 . 2009-01-25 02:22 501248 c:\windows\Installer\c594b32b.msi
+ 2009-01-25 02:21 . 2009-01-25 02:21 501248 c:\windows\Installer\c594b313.msi
+ 2009-01-25 02:21 . 2009-01-25 02:21 506880 c:\windows\Installer\c594b30d.msi
+ 2009-01-25 02:21 . 2009-01-25 02:21 516608 c:\windows\Installer\c594b305.msi
+ 2009-01-25 02:21 . 2009-01-25 02:21 513024 c:\windows\Installer\c594b2fe.msi
+ 2009-01-25 02:19 . 2009-01-25 02:19 501248 c:\windows\Installer\c594b2dc.msi
+ 2009-03-21 05:45 . 2009-03-21 05:45 598016 c:\windows\Installer\aae9c.msi
+ 2009-03-24 22:22 . 2009-03-24 22:22 325120 c:\windows\Installer\8f33259.msp
+ 2009-03-20 02:35 . 2009-03-20 02:35 141312 c:\windows\Installer\8f3323e.msp
+ 2009-04-15 00:35 . 2009-04-15 00:35 201728 c:\windows\Installer\8e3e95b.msi
+ 2007-07-15 03:33 . 2007-07-15 03:33 863232 c:\windows\Installer\85479.msi
+ 2006-03-21 11:34 . 2006-03-21 11:34 915968 c:\windows\Installer\8445e43f.msi
+ 2006-03-21 11:30 . 2006-03-21 11:30 589312 c:\windows\Installer\8445e386.msi
+ 2006-11-19 17:02 . 2006-11-19 17:02 428544 c:\windows\Installer\7efea4e.msi
+ 2005-03-05 18:33 . 2005-03-05 18:33 389120 c:\windows\Installer\726ea.msi
+ 2007-11-07 19:07 . 2007-11-07 19:07 999936 c:\windows\Installer\6e6d59b.msp
+ 2007-11-07 18:56 . 2007-11-07 18:56 553472 c:\windows\Installer\6e6d598.msp
+ 2007-11-07 18:58 . 2007-11-07 18:58 908800 c:\windows\Installer\6e6d594.msp
+ 2007-11-07 18:54 . 2007-11-07 18:54 507392 c:\windows\Installer\6e6d593.msp
+ 2006-09-17 14:17 . 2006-09-17 14:17 258048 c:\windows\Installer\6e351ee.msi
+ 2006-01-18 03:09 . 2006-01-18 03:09 129536 c:\windows\Installer\49e288d.msi
+ 2006-01-18 03:09 . 2006-01-18 03:09 131584 c:\windows\Installer\49e2888.msi
+ 2006-01-18 03:09 . 2006-01-18 03:09 203776 c:\windows\Installer\49e2883.msi
+ 2006-01-18 03:08 . 2006-01-18 03:08 363008 c:\windows\Installer\49e286e.msi
+ 2006-01-18 03:08 . 2006-01-18 03:08 514048 c:\windows\Installer\49e2869.msi
+ 2006-01-18 03:08 . 2006-01-18 03:08 255488 c:\windows\Installer\49e2860.msi
+ 2006-01-18 03:08 . 2006-01-18 03:08 290304 c:\windows\Installer\49e285a.msi
+ 2006-01-18 03:08 . 2006-01-18 03:08 129536 c:\windows\Installer\49e2855.msi
+ 2006-01-18 03:08 . 2006-01-18 03:08 197120 c:\windows\Installer\49e2850.msi
+ 2006-01-18 03:08 . 2006-01-18 03:08 287744 c:\windows\Installer\49e284a.msi
+ 2006-01-18 03:08 . 2006-01-18 03:08 698880 c:\windows\Installer\49e2842.msi
+ 2006-01-18 03:08 . 2006-01-18 03:08 342016 c:\windows\Installer\49e2833.msi
+ 2006-01-18 03:07 . 2006-01-18 03:07 390656 c:\windows\Installer\49e282a.msi
+ 2006-01-18 03:07 . 2006-01-18 03:07 268800 c:\windows\Installer\49e281d.msi
+ 2006-01-18 03:07 . 2006-01-18 03:07 269824 c:\windows\Installer\49e2817.msi
+ 2006-01-18 03:07 . 2006-01-18 03:07 287232 c:\windows\Installer\49e2812.msi
+ 2006-01-18 03:07 . 2006-01-18 03:07 135168 c:\windows\Installer\49e280d.msi
+ 2006-01-18 03:07 . 2006-01-18 03:07 259584 c:\windows\Installer\49e2808.msi
+ 2004-05-13 05:50 . 2004-05-13 05:50 171008 c:\windows\Installer\4564d.msi
+ 2004-09-20 15:15 . 2004-09-20 15:15 738304 c:\windows\Installer\455fa1b.msi
+ 2004-09-20 15:15 . 2004-09-20 15:15 280576 c:\windows\Installer\455fa12.msi
+ 2004-09-20 15:15 . 2004-09-20 15:15 196096 c:\windows\Installer\455f98e.msi
+ 2004-09-20 15:15 . 2004-09-20 15:15 330240 c:\windows\Installer\455f962.msi
+ 2004-05-13 05:45 . 2004-05-13 05:45 266240 c:\windows\Installer\455cf.msi
+ 2004-05-13 05:42 . 2004-05-13 05:42 147968 c:\windows\Installer\455c7.msi
+ 2004-05-13 05:41 . 2004-05-13 05:41 460800 c:\windows\Installer\455bb.msi
+ 2004-05-13 05:40 . 2004-05-13 05:40 562176 c:\windows\Installer\455a5.msi
+ 2004-05-13 05:36 . 2004-05-13 05:36 616448 c:\windows\Installer\45593.msi
+ 2005-07-16 15:03 . 2005-07-16 15:03 687616 c:\windows\Installer\3af1fe.msi
+ 2004-07-25 23:27 . 2004-07-25 23:27 243712 c:\windows\Installer\32f8f8.msi
+ 2004-01-22 21:59 . 2004-01-22 21:59 331264 c:\windows\Installer\2F66E.MSI
+ 2004-01-22 21:58 . 2004-01-22 21:58 558592 c:\windows\Installer\2F65C.MSI
+ 2005-09-25 12:04 . 2005-09-25 12:04 559104 c:\windows\Installer\2d43436e.msi
+ 2007-08-15 17:01 . 2007-08-15 17:01 431104 c:\windows\Installer\180a3e4a.msi
+ 2007-09-14 16:52 . 2007-09-14 16:52 331776 c:\windows\Installer\1417b82c.msi
+ 2002-09-03 07:06 . 2002-09-03 07:06 264704 c:\windows\Installer\1128E.MSI
+ 2005-12-18 17:59 . 2005-04-04 07:07 982016 c:\windows\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\ISScript11.Msi
+ 2006-03-21 11:35 . 2005-04-04 06:07 982016 c:\windows\Downloaded Installations\{59C4F14F-7590-45FC-BE9F-A67AB3590709}\ISScript11.Msi
+ 2006-07-22 02:47 . 2005-04-04 06:07 982016 c:\windows\Downloaded Installations\{54C0D94A-F467-4ABC-9D02-6E58748668D4}\ISScript11.Msi
+ 2006-01-23 15:55 . 2005-04-04 06:07 982016 c:\windows\Downloaded Installations\{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5}\ISScript11.Msi
+ 2002-08-29 10:00 . 2004-07-17 18:35 1326080 c:\windows\SYSTEM32\webfldrs.msi
+ 2004-05-17 20:04 . 2004-05-13 05:36 9121792 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142000}\Java 2 Runtime Environment, SE v1.4.2.msi
+ 2004-07-17 18:35 . 2004-07-17 18:35 1326080 c:\windows\ServicePackFiles\i386\webfldrs.msi
+ 2007-05-25 17:08 . 2007-05-25 17:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp
+ 2005-10-25 01:07 . 2005-10-25 01:07 2054656 c:\windows\Installer\f627f94.msi
+ 2006-01-21 18:51 . 2006-01-21 18:51 8979968 c:\windows\Installer\e5a0f2d.msi
+ 2009-01-25 02:22 . 2009-01-25 02:22 1652736 c:\windows\Installer\c594b325.msi
+ 2009-01-25 02:21 . 2009-01-25 02:21 1652736 c:\windows\Installer\c594b31f.msi
+ 2009-01-25 02:21 . 2009-01-25 02:21 1652736 c:\windows\Installer\c594b319.msi
+ 2009-01-25 02:20 . 2009-01-25 02:20 1640960 c:\windows\Installer\c594b2ee.msi
+ 2009-01-25 02:20 . 2009-01-25 02:20 2022912 c:\windows\Installer\c594b2e8.msi
+ 2009-01-25 02:19 . 2009-01-25 02:19 1713152 c:\windows\Installer\c594b2e2.msi
+ 2009-01-25 02:18 . 2009-01-25 02:18 2397184 c:\windows\Installer\c594b2d6.msi
+ 2006-01-24 15:54 . 2006-01-24 15:54 4733440 c:\windows\Installer\c4a06e7.msi
+ 2006-01-24 15:53 . 2006-01-24 15:53 1401344 c:\windows\Installer\c4a06e2.msi
+ 2006-06-15 15:31 . 2006-06-15 15:31 1778688 c:\windows\Installer\9cb88.msi
+ 2009-01-16 13:42 . 2009-01-16 13:42 1659392 c:\windows\Installer\99aa69b8.msi
+ 2009-03-24 22:20 . 2009-03-24 22:20 6987776 c:\windows\Installer\8f3371f.msp
+ 2009-03-20 02:32 . 2009-03-20 02:32 4800512 c:\windows\Installer\8f335ef.msp
+ 2009-03-20 02:33 . 2009-03-20 02:33 5171712 c:\windows\Installer\8f33339.msp
+ 2009-04-15 00:32 . 2009-04-15 00:32 2335744 c:\windows\Installer\8e3e947.msi
+ 2007-07-15 03:33 . 2007-07-15 03:33 1485312 c:\windows\Installer\85481.msi
+ 2006-12-10 06:52 . 2006-12-10 06:52 2253312 c:\windows\Installer\7dde508.msi
+ 2007-11-07 18:50 . 2007-11-07 18:50 6055936 c:\windows\Installer\6e6d59a.msp
+ 2007-11-07 19:00 . 2007-11-07 19:00 3407360 c:\windows\Installer\6e6d599.msp
+ 2007-11-07 18:46 . 2007-11-07 18:46 3010560 c:\windows\Installer\6e6d597.msp
+ 2007-11-07 19:02 . 2007-11-07 19:02 6473216 c:\windows\Installer\6e6d596.msp
+ 2007-11-07 19:12 . 2007-11-07 19:12 2533376 c:\windows\Installer\6e6d595.msp
+ 2007-05-13 16:38 . 2007-05-13 16:38 9368064 c:\windows\Installer\691c8.msi
+ 2009-03-10 06:22 . 2009-03-10 06:22 8584192 c:\windows\Installer\669742.msi
+ 2006-06-16 13:56 . 2006-06-16 13:56 4337664 c:\windows\Installer\4dafc6c.msi
+ 2008-11-26 08:30 . 2008-11-26 08:30 2428416 c:\windows\Installer\4d99a1e9.msi
+ 2008-11-26 08:27 . 2008-11-26 08:27 1780224 c:\windows\Installer\4d99a1e2.msi
+ 2008-11-26 08:26 . 2008-11-26 08:26 1718272 c:\windows\Installer\4d99a1dc.msi
+ 2008-11-26 08:26 . 2008-11-26 08:26 1725952 c:\windows\Installer\4d99a1d6.msi
+ 2008-11-26 08:25 . 2008-11-26 08:25 1954304 c:\windows\Installer\4d99a1d0.msi
+ 2008-11-26 08:24 . 2008-11-26 08:24 1826816 c:\windows\Installer\4d99a1ca.msi
+ 2008-11-26 08:24 . 2008-11-26 08:24 1726976 c:\windows\Installer\4d99a1c4.msi
+ 2008-11-26 08:23 . 2008-11-26 08:23 1879040 c:\windows\Installer\4d99a1be.msi
+ 2008-11-26 08:22 . 2008-11-26 08:22 1730048 c:\windows\Installer\4d99a1b8.msi
+ 2008-11-26 08:21 . 2008-11-26 08:21 1761792 c:\windows\Installer\4d99a1b2.msi
+ 2008-11-26 08:21 . 2008-11-26 08:21 1735680 c:\windows\Installer\4d99a1ac.msi
+ 2008-11-26 08:20 . 2008-11-26 08:20 1744384 c:\windows\Installer\4d99a1a6.msi
+ 2008-11-26 08:18 . 2008-11-26 08:18 2159104 c:\windows\Installer\4d99a199.msi
+ 2008-11-26 08:17 . 2008-11-26 08:17 1715712 c:\windows\Installer\4d99a193.msi
+ 2008-11-26 08:16 . 2008-11-26 08:16 1715712 c:\windows\Installer\4d99a18c.msi
+ 2008-11-26 08:15 . 2008-11-26 08:15 1716736 c:\windows\Installer\4d99a185.msi
+ 2008-11-26 08:15 . 2008-11-26 08:15 1715712 c:\windows\Installer\4d99a17e.msi
+ 2008-11-26 08:14 . 2008-11-26 08:14 1718272 c:\windows\Installer\4d99a171.msi
+ 2008-11-26 08:13 . 2008-11-26 08:13 1761792 c:\windows\Installer\4d99a16a.msi
+ 2008-11-26 08:12 . 2008-11-26 08:12 1753088 c:\windows\Installer\4d99a164.msi
+ 2008-11-26 08:12 . 2008-11-26 08:12 1720832 c:\windows\Installer\4d99a15e.msi
+ 2008-11-26 08:11 . 2008-11-26 08:11 2595840 c:\windows\Installer\4d99a158.msi
+ 2008-11-26 08:07 . 2008-11-26 08:07 1826304 c:\windows\Installer\4d99a152.msi
+ 2008-11-26 08:06 . 2008-11-26 08:06 1716736 c:\windows\Installer\4d99a14c.msi
+ 2008-11-26 08:05 . 2008-11-26 08:05 1767424 c:\windows\Installer\4d99a146.msi
+ 2006-01-18 03:09 . 2006-01-18 03:09 3459584 c:\windows\Installer\49e287e.msi
+ 2009-05-07 04:10 . 2009-05-07 04:10 3938816 c:\windows\Installer\4970bccb.msi
+ 2009-05-15 20:32 . 2009-05-15 20:32 1401344 c:\windows\Installer\4922c6f.msi
+ 2004-08-09 05:14 . 2004-08-09 05:14 2951680 c:\windows\Installer\45fd24.msi
+ 2004-05-13 05:48 . 2004-05-13 05:48 1989632 c:\windows\Installer\455df.msi
+ 2004-05-13 05:42 . 2004-05-13 05:42 2778112 c:\windows\Installer\455cb.msi
+ 2004-05-13 05:41 . 2004-05-13 05:41 1264128 c:\windows\Installer\455b0.msi
+ 2004-05-13 05:41 . 2004-05-13 05:41 2303488 c:\windows\Installer\455a9.msi
+ 2004-05-13 05:40 . 2004-05-13 05:40 3443712 c:\windows\Installer\45598.msi
+ 2005-06-27 01:04 . 2005-06-27 01:04 1851392 c:\windows\Installer\448e232.msi
+ 2005-03-29 04:05 . 2005-03-29 04:05 5864960 c:\windows\Installer\3148ac.msp
+ 2004-01-22 22:00 . 2004-01-22 22:00 1340928 c:\windows\Installer\2F673.MSI
+ 2004-01-22 21:59 . 2004-01-22 21:59 2186752 c:\windows\Installer\2F667.MSI
+ 2004-01-22 21:58 . 2004-01-22 21:58 9017344 c:\windows\Installer\2F654.MSI
+ 2004-01-22 21:57 . 2004-01-22 21:57 2120192 c:\windows\Installer\2F64B.MSI
+ 2009-05-15 11:55 . 2009-05-15 11:55 2330624 c:\windows\Installer\2b99f76.msi
+ 2006-06-08 11:53 . 2006-06-08 11:53 3035648 c:\windows\Installer\29dd361d.msi
+ 2009-06-05 11:51 . 2009-06-05 11:51 4074496 c:\windows\Installer\298fc54e.msi
+ 2009-06-05 11:49 . 2009-06-05 11:49 1665024 c:\windows\Installer\298fc214.msi
+ 2009-06-05 11:48 . 2009-06-05 11:48 8992256 c:\windows\Installer\298fc1df.msi
+ 2009-06-05 11:45 . 2009-06-05 11:45 3295232 c:\windows\Installer\298fbf4b.msi
+ 2007-07-25 15:10 . 2007-07-25 15:10 3485184 c:\windows\Installer\231af57.msi
+ 2005-12-25 20:08 . 2005-12-25 20:08 7417344 c:\windows\Installer\203d7950.msi
+ 2004-07-24 18:07 . 2008-11-30 21:23 3817472 c:\windows\Installer\1b8117.msi
+ 2006-05-01 12:05 . 2006-05-01 12:05 5260800 c:\windows\Installer\18e35066.msp
+ 2008-08-06 13:07 . 2008-08-06 13:07 1549312 c:\windows\Installer\1564d203.msi
+ 2008-11-26 14:42 . 2008-11-26 14:42 1769984 c:\windows\Installer\14b7138.msi
+ 2008-11-26 14:41 . 2008-11-26 14:41 1767424 c:\windows\Installer\14b712c.msi
+ 2008-11-26 14:35 . 2008-11-26 14:35 1840640 c:\windows\Installer\14b7126.msi
+ 2008-11-26 14:34 . 2008-11-26 14:34 1768448 c:\windows\Installer\14b70c6.msi
+ 2007-04-16 13:32 . 2007-04-16 13:32 9472512 c:\windows\Installer\13d34230.msi
+ 2007-05-06 05:05 . 2007-05-06 05:05 1077248 c:\windows\Installer\100e10c5.msi
+ 2006-03-21 11:29 . 2006-03-21 11:29 2220544 c:\windows\Hewlett-Packard\Setup Files\HP Software Update\{BB4EE741-CA46-4345-A3B7-1AECBFAB0AFE}\HP Software Update.msi
+ 2006-12-25 07:42 . 2006-12-26 05:27 9650176 c:\windows\Downloaded Installations\{C32ACEF8-937B-40BC-84B0-FB81EE655AB4}\Sunbelt CounterSpy.msi
+ 2005-12-18 17:59 . 2005-10-18 18:01 9935872 c:\windows\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\iTunes.msi
+ 2006-03-21 11:35 . 2006-02-23 21:42 9934848 c:\windows\Downloaded Installations\{59C4F14F-7590-45FC-BE9F-A67AB3590709}\iTunes.msi
+ 2006-07-22 02:47 . 2006-06-19 20:04 9934848 c:\windows\Downloaded Installations\{54C0D94A-F467-4ABC-9D02-6E58748668D4}\iTunes.msi
+ 2006-01-23 15:55 . 2005-12-21 16:57 9934848 c:\windows\Downloaded Installations\{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5}\iTunes.msi
+ 2005-03-29 01:49 . 2002-08-29 10:00 1325568 c:\windows\$NtServicePackUninstall$\webfldrs.msi
+ 2007-07-15 03:07 . 2007-01-19 18:20 16633344 c:\windows\Installer\MSN Messenger 8.1.0178\MsnMsgs.Msi
+ 2009-01-25 02:28 . 2009-01-25 02:29 12836352 c:\windows\Installer\c594b36b.msi
+ 2006-06-16 13:59 . 2006-06-16 13:59 12388864 c:\windows\Installer\4dafc6f.msi
+ 2004-05-13 05:47 . 2004-05-13 05:47 12298240 c:\windows\Installer\455db.msi
+ 2004-01-22 21:59 . 2004-01-22 21:59 12825088 c:\windows\Installer\2F663.MSI
+ 2007-07-11 17:00 . 2007-07-11 17:00 15256576 c:\windows\Installer\2e2e4b3.msp
+ 2005-03-29 01:08 . 2005-03-29 01:08 19210240 c:\windows\Installer\17e19f.msp
+ 2005-08-30 20:18 . 2005-08-30 20:18 68164096 c:\windows\Downloaded Installations\Macromedia Dreamweaver 8\Macromedia_Dreamweaver_8.msi
+ 2005-12-25 20:02 . 2005-12-25 20:02 35885568 c:\windows\Downloaded Installations\{B9C0ED57-3C59-4B31-9AE9-50E12D0357DD}\iPod for Windows 2005-09-23.msi
+ 2006-01-24 15:53 . 2006-01-24 15:53 11293696 c:\windows\Downloaded Installations\{8AE21A64-5B8C-42D5-AA0F-0E86DEA37A22}\ACDSee 8 Media Support Package.msi
+ 2006-01-24 15:49 . 2006-01-24 15:49 12475392 c:\windows\Downloaded Installations\{015363C3-0256-4F1B-95E5-304040BF9C4D}\ACDSee 8.msi
+ 2006-01-21 18:50 . 2006-01-21 18:50 33979904 c:\windows\Downloaded Installations\{00C2E789-F948-4BE1-8167-6E6447DC4CE2}\iPod for Windows 2006-01-10.msi
+ 2004-05-24 03:27 . 2004-05-24 03:27 104132608 c:\windows\Downloaded Installations\{0E890DBE-344D-4D6C-AFC0-97AC9B582444}\Broderbund Home Design 5.1.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"uTorrent"="c:\documents and settings\Jason\Desktop\SHORT CUTS\utorrent.exe" [2009-02-10 270128]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-25 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-25 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-06-01 86016]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2008-03-27 660136]
"EzPrint"="c:\program files\Lexmark 2600 Series\ezprint.exe" [2008-03-27 107176]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2006-06-01 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-7-24 110592]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
TabUserW.exe.lnk - c:\windows\SYSTEM32\WTablet\TabUserW.exe [2004-7-24 114688]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-09-21 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-06-25 06:33 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Alias SketchBook Snapshot.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Alias SketchBook Snapshot.lnk
backup=c:\windows\pss\Alias SketchBook Snapshot.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalStart.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PalStart.lnk
backup=c:\windows\pss\PalStart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\j2re1.4.2\\bin\\javaw.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpnsvr.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Documents and Settings\\Jason\\Desktop\\downloaded stuff\\junk\\sysreset\\sysreset\\mirc.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\SYSTEM32\\lxdncoms.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdnpswx.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdntime.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdnjswx.exe"=
"c:\\Documents and Settings\\Jason\\Desktop\\SHORT CUTS\\utorrent.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdnwbgw.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
"8085:TCP"= 8085:TCP:sys

R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [6/27/2009 1:07 AM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 2:53 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 1:39 PM 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [6/27/2009 1:07 AM 20560]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdnserv.exe [1/23/2009 8:16 PM 98984]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/11/2007 3:41 AM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [4/7/2007 4:47 PM 106808]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 6:51 PM 4096]
S2 gupdate1c9b47866f1d12e;Google Update Service (gupdate1c9b47866f1d12e);c:\program files\Google\Update\GoogleUpdate.exe [4/3/2009 12:22 PM 133104]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
S3 ProtoWall;ProtoWall Network Service;c:\windows\system32\DRIVERS\ProtoWall.sys --> c:\windows\system32\DRIVERS\ProtoWall.sys [?]
S3 SaiH8000;SaiH8000;c:\windows\SYSTEM32\DRIVERS\SaiH8000.sys [1/14/2006 2:55 PM 56576]
S3 SaiHFF0C;SaiHFF0C;c:\windows\SYSTEM32\DRIVERS\SaiHFF0C.sys [1/14/2006 3:01 PM 56576]
S3 SaiUFF0C;SaiUFF0C;c:\windows\SYSTEM32\DRIVERS\saiuFF0C.sys [1/14/2006 3:02 PM 19584]
.
Contents of the 'Scheduled Tasks' folder

2009-06-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

2009-07-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-02 16:21]

2009-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-03 16:22]

2009-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-03 16:22]
.
- - - - ORPHANS REMOVED - - - -

BHO-{A1450971-8DAD-C128-C95C-CD57D58120A7} - (no file)
BHO-{BFC14857-82C0-8E4D-CB7A-AAC86A8B29C5} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = http=localhost:8080
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: aintitcool.com\www
Trusted Zone: cinescape.com\www
Trusted Zone: turbotax.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\default.mu9\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.earthlink.net/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\default.mu9\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwinamp.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-02 07:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-675346501-1902649665-3199300156-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2009-07-02 7:54
ComboFix-quarantined-files.txt 2009-07-02 11:53
ComboFix2.txt 2009-06-28 18:21
ComboFix3.txt 2009-06-27 02:32

Pre-Run: 10,600,030,208 bytes free
Post-Run: 10,617,634,816 bytes free

457 --- E O F --- 2008-01-09 07:07
Gatsu3 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-02-2009, 02:31 PM   #9 (permalink)
Analyst, Security Team ; Rangemaster, TSF Academy
 
Clark76's Avatar
 
Join Date: Jun 2006
Location: Cleveland, Ohio
Posts: 1,694
OS: XP Pro, Vista, Ubuntu 8.10


Re: Well I think I got a Virus or two.
Well done, your logs are clean!

Go to -> Run -> copy/paste in the following single line command & click OK

combofix /u



This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.

-----------------------

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and look into the following free programs:
  • Microsoft Windows Update - http://www.windowsupdate.com
    Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • SpywareBlaster to help prevent spyware from installing in the first place.
    • Install & update SpywareBlaster with the latest definitions.
      After you have updated, click the button - enable protection for all unprotected items
  • Winpatrol

    Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

    You can get a free copy of Winpatrol or use the Plus version for more features.

    You can read Winpatrol's FAQ if you run into problems.

  • MVPS HOST FILE
    The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
    • Download Host.zip to your desktop.
    • From your Desktop right-click (hosts.zip) and select:
      Extract All from the menu.
    • Click Next, click Next, select the option:
      "Show Extracted files", click Finish
    • This will open the newly created hosts folder on your Desktop.
    • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
    • Once updated you should see another prompt that the task was completed.

Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

Here are some additional utilities that will further enhance your safety.
  • http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. While Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.

  • http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.

  • http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP//Vista. It's made up of two parts - ERUNT & NTREGOPT.

    ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

    NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.


In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles
If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Proud Member of ASAP
Proud Member of UNITE

If you feel we've helped you, Please Donate to the Forum
Clark76 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-02-2009, 09:07 PM   #10 (permalink)
Registered User
 
Join Date: Jun 2009
Posts: 5
OS: windows xp


Re: Well I think I got a Virus or two.
Hey thanks for all the help Clark. And once again I apologize for dropping of the map there for a few. Hope to not need you in the future! lol
Gatsu3 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-03-2009, 06:31 AM   #11 (permalink)
Analyst, Security Team ; Rangemaster, TSF Academy
 
Clark76's Avatar
 
Join Date: Jun 2006
Location: Cleveland, Ohio
Posts: 1,694
OS: XP Pro, Vista, Ubuntu 8.10


Re: Well I think I got a Virus or two.
Don't worry about your temporary disappearance.

Safe and happy surfing.
__________________
Proud Member of ASAP
Proud Member of UNITE

If you feel we've helped you, Please Donate to the Forum
Clark76 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 08:43 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85