DaniWeb Forum Index &gt; Hardware and Software &gt; Microsoft Windows &gt; Viruses, Spyware and...

Offline

Newbie Poster

Re: POS.tmp file and red X problem

#11

Feb 20th, 2008

ComboFix 08-02-17.2 - Joe 2008-02-16 22:57:50.1 - NTFSx86
Running from: C:\Documents and Settings\Joe\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Starware
C:\Documents and Settings\All Users\Application Data\Starware\buttons\cursorcafe.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\cursorcafeA.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\games.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\gamesA.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\moviesA.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\recipes.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\recipes.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\recipes_over.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\recipes_over.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\Reference.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\ReferenceHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\referencehotxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\referencexp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\Weather.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\weatherhotxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\weatherxp.png
C:\Documents and Settings\All Users\Application Data\Starware\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware\contexts\related.xml
C:\Documents and Settings\All Users\Application Data\Starware\contexts\travel.xml
C:\Documents and Settings\All Users\Application Data\Starware\images\walertXP.bmp
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\Joe\Application Data\ASKS~1
C:\Documents and Settings\Joe\Application Data\FNTS~1
C:\Documents and Settings\Joe\Application Data\ICROSO~1.NET
C:\Documents and Settings\Joe\Application Data\PPATCH~1
C:\Documents and Settings\Joe\Application Data\STEM~1
C:\Documents and Settings\Joe\Application Data\YSTEM3~1
C:\Program Files\asks~1
C:\Program Files\Common Files\stem~1
C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe
C:\Program Files\curity~1
C:\Program Files\inetget2
C:\Program Files\kernel
C:\Program Files\kernel\kernel.exe
C:\Program Files\MyWay
C:\Program Files\Router
C:\Program Files\Temporary
C:\Temp\isgTi19
C:\WINDOWS\b122.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\crosof~1
C:\WINDOWS\Downloaded Program Files\USYP_0001_N76M2004NetInstaller.exe
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\sstem3~1
C:\WINDOWS\system32\appatc~1
C:\WINDOWS\system32\asembl~1
C:\WINDOWS\SYSTEM32\cbtkxhfa.ini
C:\WINDOWS\SYSTEM32\cccdd.ini
C:\WINDOWS\SYSTEM32\cccdd.ini2
C:\WINDOWS\SYSTEM32\eagpheuj.ini
C:\WINDOWS\SYSTEM32\jjllm.ini
C:\WINDOWS\SYSTEM32\jjllm.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\SYSTEM32\ootynvak.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\SYSTEM32\qkumdjnn.ini
C:\WINDOWS\system32\stera.job
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\wcptr.exe
C:\WINDOWS\system32\zavhuwbp.dllbox

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
-------\DomainService

((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
.

2008-02-16 22:47 . 2008-02-16 22:47 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\ErrorKiller
2008-02-16 22:46 . 2008-02-16 22:51 <DIR> d-------- C:\Program Files\ErrorKiller
2008-02-16 14:11 . 2008-02-16 14:56 <DIR> d----c--- C:\VundoFix Backups
2008-02-11 19:17 . 2008-02-11 19:17 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\acccore
2008-02-11 19:12 . 2008-02-11 19:12 <DIR> d-------- C:\Program Files\Viewpoint
2008-02-11 19:11 . 2008-02-11 19:12 <DIR> d-------- C:\Program Files\AIM6
2008-02-11 19:11 . 2008-02-11 19:14 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-02-11 18:30 . 2004-08-04 03:56 116,224 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwiadr.dll
2008-02-11 18:30 . 2001-08-17 22:37 99,865 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xlog.exe
2008-02-11 18:30 . 2001-08-17 22:37 27,648 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxftplt.exe
2008-02-11 18:30 . 2001-08-17 22:36 23,040 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwbtmp.dll
2008-02-11 18:30 . 2001-08-17 22:36 17,408 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxscnui.dll
2008-02-11 18:30 . 2001-08-17 12:11 16,970 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xem336n5.sys
2008-02-11 18:30 . 2004-08-04 03:56 8,192 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wshirda.dll
2008-02-11 18:30 . 2001-08-17 22:37 4,608 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxflnch.exe
2008-02-11 18:28 . 2001-08-17 22:36 525,568 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\tridxp.dll
2008-02-11 18:27 . 2001-08-17 22:36 495,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\sblfx.dll
2008-02-11 18:26 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\r2mdkxga.sys
2008-02-11 18:25 . 2001-08-17 14:05 351,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ovcodek2.sys
2008-02-11 18:24 . 2002-08-29 05:00 1,875,968 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\msir3jp.lex
2008-02-11 18:23 . 2002-08-29 05:00 1,158,818 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\korwbrkr.lex
2008-02-11 18:22 . 2002-08-29 05:00 471,102 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\imskdic.dll
2008-02-11 18:21 . 2002-08-29 05:00 13,463,552 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hwxjpn.dll
2008-02-11 18:20 . 2001-08-17 14:56 1,733,120 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\g400d.dll
2008-02-11 18:19 . 2001-08-17 13:28 634,134 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\el656ct5.sys
2008-02-11 18:18 . 2001-08-17 12:20 334,208 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ds1wdm.sys
2008-02-11 18:18 . 2004-08-04 01:58 207,360 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4.sys
2008-02-11 18:18 . 2001-08-17 12:11 29,696 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dm9pci5.sys
2008-02-11 18:18 . 2001-08-17 12:12 28,062 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dp83820.sys
2008-02-11 18:18 . 2001-08-17 13:47 23,808 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4usb.sys
2008-02-11 18:18 . 2004-08-04 03:56 20,992 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dshowext.ax
2008-02-11 18:18 . 2001-08-17 13:47 12,928 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4prt.sys
2008-02-11 18:18 . 2001-08-17 13:47 8,704 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4scan.sys
2008-02-11 18:16 . 2002-08-29 05:00 1,677,824 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\chsbrkr.dll
2008-02-11 18:15 . 2001-08-17 13:28 871,388 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\bcmdm.sys
2008-02-11 18:14 . 2001-08-17 14:56 66,048 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\s3legacy.dll
2008-02-10 21:41 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\SYSTEM32\d3dx9_26.dll
2008-02-10 21:12 . 2008-02-16 23:11 6,567 --a--c--- C:\logfile
2008-02-10 21:02 . 2008-02-10 21:02 <DIR> d-------- C:\Program Files\Disney
2008-02-09 22:38 . 2008-02-09 22:38 <DIR> d-------- C:\Program Files\Windows Defender
2008-02-07 06:55 . 2008-02-07 06:55 <DIR> d-------- C:\Program Files\Drmupgds
2008-02-03 23:37 . 2008-02-03 23:37 <DIR> d-------- C:\Program Files\WinSCP
2008-01-20 10:56 . 2008-01-20 10:56 <DIR> d-------- C:\Program Files\Common Files\xing shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 04:06 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-02-12 00:12 --------- dc----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-12 00:12 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-12 00:06 --------- d-----w C:\Program Files\VideoLAN
2008-02-11 23:27 --------- d-----w C:\Program Files\AIM
2008-02-11 23:26 --------- d-----w C:\Documents and Settings\Joe\Application Data\Aim
2008-02-09 23:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-01 01:56 --------- d-----w C:\Documents and Settings\Joe\Application Data\AdobeUM
2008-01-27 05:31 --------- d-----w C:\Program Files\DivX
2008-01-20 15:55 --------- d-----w C:\Program Files\Real
2008-01-20 15:55 --------- d-----w C:\Program Files\Common Files\Real
2008-01-15 23:19 --------- d-----w C:\Documents and Settings\Joe\Application Data\vlc
2008-01-11 01:26 --------- d-----w C:\Program Files\QuickTime
2008-01-11 01:24 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-01-11 01:24 --------- d-----w C:\Program Files\iTunes
2008-01-11 01:24 --------- d-----w C:\Program Files\Dell AIO Printer A920
2008-01-11 01:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-08 03:37 --------- d-----w C:\Documents and Settings\Joe\Application Data\Apple Computer
2008-01-08 03:26 --------- d-----w C:\Program Files\Google
2008-01-08 03:21 --------- d-----w C:\Program Files\iPod
2008-01-08 01:58 --------- d-----w C:\Program Files\Full Tilt Poker
2008-01-08 01:55 --------- d-----w C:\Program Files\AIM+
2008-01-08 01:42 --------- d-----w C:\Program Files\Apple Software Update
2008-01-08 01:17 --------- d-----w C:\Program Files\Analog Devices
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2004-08-04 07:56 73,728 -csha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
2006-03-06 12:56 567,958 --sha-w C:\WINDOWS\SYSTEM32\qtutv.bak1
2006-03-07 12:57 569,769 --sha-w C:\WINDOWS\SYSTEM32\qtutv.bak2
2006-03-07 20:25 572,447 --sha-w C:\WINDOWS\SYSTEM32\qtutv.ini2
2006-07-31 07:02 1,270,079 --sha-w C:\WINDOWS\SYSTEM32\vyadd.bak1
2006-07-31 20:18 1,097,190 --sha-w C:\WINDOWS\SYSTEM32\vyadd.bak2
2006-08-01 18:06 1,104,698 --sha-w C:\WINDOWS\SYSTEM32\vyadd.ini2
2005-07-29 21:24 472 --sha-r C:\WINDOWS\V2FsdGVyIEJyYWluZXJk\pZIPx3pVKHLVsq5RtrL4.vbs
.

Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster

<pre>
-c--a-w            61,440 2008-01-11 01:25:38  C:\DELL\bldbubg .exe
----a-w            57,344 2008-01-11 01:25:40  C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe
----a-w            67,160 2008-01-12 02:49:12  C:\Program Files\AIM\aim .exe
----a-w            50,760 2008-01-11 01:25:38  C:\Program Files\Common Files\AOL\1124400053\ee\AOLSoftware .exe
----a-w           124,520 2008-01-11 01:25:50  C:\Program Files\Common Files\AOL\IPHSend\IPHSend .exe
----a-w           110,592 2008-01-11 01:25:38  C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
----a-w            67,184 2008-01-11 01:25:50  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w           204,800 2008-01-11 01:25:28  C:\Program Files\Dell\Media Experience\PCMService .exe
----a-w           270,336 2008-01-11 01:25:38  C:\Program Files\Dell AIO Printer A920\dlbkbmgr .exe
----a-w           221,184 2008-01-11 01:25:27  C:\Program Files\Intel\Modem Event Monitor\IntelMEM .exe
----a-w           267,048 2008-01-11 01:26:13  C:\Program Files\iTunes\iTunesHelper .exe
----a-w           217,088 2008-01-11 01:26:01  C:\Program Files\Microsoft IntelliPoint\point32 .exe
----a-w           286,720 2008-01-11 01:26:03  C:\Program Files\QuickTime\QTTask     .exe
----a-w           286,720 2008-01-12 05:27:28  C:\Program Files\QuickTime\QTTask    .exe
----a-w           286,720 2008-01-12 05:27:29  C:\Program Files\QuickTime\QTTask   .exe
----a-w           286,720 2008-01-12 05:27:31  C:\Program Files\QuickTime\QTTask  .exe
----a-w           286,720 2008-01-12 05:27:32  C:\Program Files\QuickTime\QTTask .exe
----a-w           120,640 2008-01-11 01:25:51  C:\Program Files\Symantec AntiVirus\VPTray .exe
----a-w            28,672 2008-01-11 01:25:27  C:\WINDOWS\SYSTEM32\DSentry .exe
----a-w           114,688 2008-01-11 01:26:03  C:\WINDOWS\SYSTEM32\hkcmd .exe
----a-w           155,648 2008-01-11 01:26:07  C:\WINDOWS\SYSTEM32\igfxtray .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85594F16-82D4-D770-D545-FA1DF64740E6}]
C:\WINDOWS\system32\cdbwufmd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95AEAB16-6382-300E-D826-3BE671F50894}]
C:\WINDOWS\system32\ndsioc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5f563a5-3d8d-4fda-aa15-7052bddd37a2}]
C:\WINDOWS\system32\uefhmbhl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF09D2D8-F92D-4B4D-BA44-0B4061C84DEB}]
C:\WINDOWS\system32\ddccc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F53C2057-5043-4E19-97E8-11B918C1958A}]
C:\WINDOWS\system32\mlljj.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Router"="C:\Program Files\Router\Router.exe" [ ]
"Ajcfo"="C:\Documents and Settings\Joe\Application Data\?icrosoft.NET\s?chost.exe" [ ]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 11:15 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2008-01-11 22:25 221184]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2008-01-11 22:25 28672]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2008-01-11 22:25 204800]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2008-01-11 22:25 110592]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [ ]
"BuildBU"="c:\dell\bldbubg.exe" [2008-01-11 22:25 61440]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2008-01-11 22:25 270336]
"AOL Messenger"="aolmsngr.exe" []
"sysmtd32"="C:\WINDOWS\system32\sysmtd32.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2008-01-11 22:25 57344]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-11 22:25 67184]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2008-01-11 22:25 120640]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2008-01-11 22:25 124520]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2008-01-11 22:25 217088]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-01-11 22:25 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-01-11 22:25 114688]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [2008-01-10 20:26 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-11 22:25 267048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-20 10:55 185896]
"300e90f6"="C:\WINDOWS\system32\juehpgae.dll" [ ]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"AOL Messenger"="aolmsngr.exe" []
"ICQ Messenger"="ICQLite.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 22:56:14 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddayv]
C:\WINDOWS\system32\ddayv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmkkl]
pmnmkkl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtutqol]
vtutqol.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zavhuwbp]
zavhuwbp.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AceGain LiveUpdate]
C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdTools Service]
C:\Program Files\AdTools Service\AdTools.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida]
C:\Program Files\rdso\eetu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a--c--- 2004-03-15 01:04 122933 C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\g396di86]
C:\WINDOWS\system32\g396di86.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2008-01-11 22:25 114688 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\I/O Controllers]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Messenger]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2008-01-11 22:25 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pqx]
C:\WINDOWS\pqx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Preview AdService]
C:\Program Files\Preview AdService\PrevAdServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\q76g3EW]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tkgtp]
--a------ 2004-08-04 02:56 24576 C:\WINDOWS\system32\??erinit.exe

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R3 Belkin700F;Belkin Wireless G Desktop Card Service v7;C:\WINDOWS\system32\DRIVERS\BLKWGDv7.sys [2006-10-19 04:44]
S2 DP1112;DP1112;C:\WINDOWS\system32\Drivers\DP.sys []
S2 DVC150;DVC 150B;C:\WINDOWS\system32\Drivers\dvc150b.sys [2003-11-04 15:56]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-12 04:30:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-16 18:16:18 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt _RegistrationOffer@16
"2008-02-17 03:47:16 C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job"
- C:\Program Files\ErrorKiller\ErrorKiller.ex
- C:\Program Files\ErrorKiller
"2008-02-17 04:09:31 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 23:10:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
AOL Messenger = aolmsngr.exe?
ICQ Messenger = ICQLite.exe?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Common Files\AOL\1124400053\ee\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-02-16 23:15:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-17 04:15:20
.
2008-02-14 21:16:39 --- E O F ---

•

Join Date: Feb 2004

Posts: 10,034

Reputation: crunchie is a splendid one to behold

Solved Threads: 761

crunchie

Offline

Spyware Killer

Re: POS.tmp file and red X problem

#12

Feb 20th, 2008

•

Originally Posted by crunchie

==

Go here and do a scan and post back the results here please.

And this?

•

Join Date: Feb 2008

Posts: 21

Reputation: Serakus is an unknown quantity at this point

Solved Threads: 0

Offline

Newbie Poster

Re: POS.tmp file and red X problem

#13

Feb 20th, 2008

sorry about that i didnt see that part but im running it right now...its scanning Critical Areas? was that the right one to do? I'll get back to you when it's done.

•

Join Date: Feb 2008

Posts: 21

Reputation: Serakus is an unknown quantity at this point

Solved Threads: 0

Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster

Offline

Newbie Poster

Re: POS.tmp file and red X problem

#14

Feb 20th, 2008

KASPERSKY ONLINE SCANNER REPORT
2008-02-19 18:06
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/02/2008
Kaspersky Anti-Virus database records: 574000
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~1\Joe\LOCALS~1\Temp\
Scan Statistics
Total number of scanned objects 24253
Number of viruses found 3
Number of infected objects 3
Number of suspicious objects 0
Duration of the scan process 00:37:13

Infected Object Name Virus Name Last Action
C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\shlwapi.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\sxs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\gsda.dll Infected: not-a-virus

ownloader.Win32.SpyGame skipped
C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus

ownloader.Win32.PopCap.b skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{633FD7EF-E04A-4494-8035-5A5934CD1D19}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\8mqq5l1p.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

not sure if this is what you wanted but this is what i got

•

Join Date: Feb 2004

Posts: 10,034

Reputation: crunchie is a splendid one to behold

Solved Threads: 761

crunchie

Offline

Spyware Killer

Re: POS.tmp file and red X problem

#15

Feb 21st, 2008

•

Originally Posted by Serakus

sorry about that i didnt see that part but im running it right now...its scanning Critical Areas? was that the right one to do? I'll get back to you when it's done.

No. You need to have it scan My Computer

•

Join Date: Feb 2008

Posts: 21

Reputation: Serakus is an unknown quantity at this point

Solved Threads: 0

Offline

Newbie Poster

Re: POS.tmp file and red X problem

#16

Feb 21st, 2008

KASPERSKY ONLINE SCANNER REPORT
2008-02-20 18:32
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/02/2008
Kaspersky Anti-Virus database records: 574000
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
Scan Statistics
Total number of scanned objects 70319
Number of viruses found 44
Number of infected objects 389
Number of suspicious objects 0
Duration of the scan process 01:21:41

Infected Object Name Virus Name Last Action
C:\d3301012839f3d1b6f75e6d8\$shtdwn$.req Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\common\Eula.txt Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\common\spcustom.dll Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\common\spmsg.dll Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\common\spuninst.exe Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\common\update.exe Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\sp1\sysmain.sdb Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\sp1\update\KB824141.cat Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\sp1\update\update.inf Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\sp1\update\update.ver Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\sp1\user32.dll Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\sp1\win32k.sys Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\sp2\spmsg.dll Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\sp2\spuninst.exe Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\sp2\update\eula.txt Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\sp2\update\KB824141.cat Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\sp2\update\spcustom.dll Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\sp2\update\update.exe Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\sp2\update\update.inf Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\sp2\update\update.ver Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\sp2\user32.dll Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\sp2\win32k.sys Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\xpsp1hfm.exe Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\56f855871738f6d01033cc34126549a7_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ce389825b659e3a42a3efa93cc41e364_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-02092008-223834.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00BC0000.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00BC0001.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00BC0002.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00BC0003.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00BC0004.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00BC0005.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\080C0000.VBN Infected: Trojan.Win32.Crypt.t skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\080C0001.VBN Infected: Trojan.Win32.Crypt.t skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\080C0002.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\080C0003.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\080C0004.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\080C0005.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\080C0006.VBN Infected: Trojan-Downloader.Win32.VB.cgu skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\080C0007.VBN Infected: not-a-virus

ownloader.Win32.WinFixer.dz skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\080C0008.VBN Infected: not-a-virus

ownloader.Win32.WinFixer.dz skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\080C0009.VBN Infected: Trojan-Downloader.Win32.VB.cgu skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\080C000A.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\080C000B.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\080C000C.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08400000.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08400001.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08400002.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08400003.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08400004.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08400005.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08400006.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08740000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.am skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08740001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.am skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08740002.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.am skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08740003.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.am skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08740004.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.am skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08740005.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.am skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08740006.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.am skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08740007.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.am skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08740008.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.am skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08740009.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.am skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09040000.VBN Infected: Trojan-Downloader.Win32.Agent.fjn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09040001.VBN Infected: Trojan-Downloader.Win32.Agent.ezc skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09040002.VBN Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09040003.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09040004.VBN Infected: Trojan-Downloader.Win32.VB.chy skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09040005.VBN/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09040005.VBN NSIS: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09040005.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09040006.VBN Infected: not-a-virus:AdWare.Win32.Rond.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0904000B.VBN Infected: not-a-virus:AdWare.Win32.Rond.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0904000C.VBN Infected: Trojan-Downloader.Win32.Agent.fjn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0904000D.VBN Infected: Trojan-Downloader.Win32.Agent.ezc skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0904000E.VBN Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180000.VBN Infected: not-virus:Hoax.Win32.Renos.aun skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180001.VBN Infected: not-virus:Hoax.Win32.Renos.aun skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180002.VBN Infected: not-virus:Hoax.Win32.Renos.aun skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180003.VBN Infected: not-virus:Hoax.Win32.Renos.aun skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180004.VBN Infected: Trojan-Downloader.Win32.Agent.idv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180005.VBN Infected: Trojan-Downloader.Win32.Agent.idv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180006.VBN/mrofinu.exe Infected: Trojan-Downloader.Win32.Agent.iug skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180006.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180006.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180007.VBN/mrofinu.exe Infected: Trojan-Downloader.Win32.Agent.iug skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180007.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180007.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180008.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180009.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0918000C.VBN Infected: Trojan-Downloader.Win32.Agent.idv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0918000D.VBN Infected: Trojan-Downloader.Win32.Agent.idv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0918000E.VBN Infected: Trojan-Downloader.Win32.Agent.idv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0918000F.VBN Infected: Trojan-Downloader.Win32.Agent.idv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180010.VBN Infected: Trojan-Downloader.Win32.Agent.idv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180011.VBN Infected: Trojan-Downloader.Win32.Agent.idv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180012.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180013.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180014.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180015.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180016.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180017.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0918001A.VBN Infected: Trojan-Downloader.Win32.Agent.iug skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0918001B.VBN Infected: Trojan-Downloader.Win32.Agent.iug skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0918001C.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0918001D.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0918001E.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0918001F.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180020.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180021.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09300000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09300001.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gt skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09300002.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09300003.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gt skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09300004.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09300005.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gt skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09300006.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09300007.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gt skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09300008.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09300009.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gt skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0930000A.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0930000B.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gt skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0930000C.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0930000D.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gt skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0930000E.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0930000F.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09300010.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09300011.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09300012.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09300013.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09300014.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09300015.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09300016.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09E80000.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gt skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09E80001.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09E80002.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gt skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09E80003.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09E80004.VBN Infected: Trojan-Downloader.Win32.Agent.gwh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09E80005.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0000.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0001.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0002.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0003.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0004.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0005.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0006.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0007.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0008.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0009.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C000A.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C000B.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C000C.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C000D.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B8C0000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B980000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BA40000.VBN Infected: Trojan-Spy.Win32.VBStat.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BA40001.VBN Infected: Trojan-Spy.Win32.VBStat.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BC40000.VBN Infected: Trojan-Spy.Win32.VBStat.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BE40000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BE40001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BF40000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BF40001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C040000.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C0C0000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.am skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C0C0001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.am skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CB80000.VBN Infected: Trojan-Downloader.Java.OpenStream.y skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CB80001.VBN Infected: Trojan-Downloader.Java.OpenStream.y skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD40000.VBN Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD40001.VBN Infected: not-a-virus:AdWare.Win32.Rond.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD80000.VBN Infected: not-a-virus

ownloader.Win32.WinFixer.ba skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440000.VBN/b103.exe Infected: not-a-virus:AdWare.Win32.Rond.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440000.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440000.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440001.VBN/b103.exe Infected: not-a-virus:AdWare.Win32.Rond.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440001.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440001.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440004.VBN/b151.exe Infected: Trojan-Downloader.Win32.Agent.fjn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440004.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440004.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440005.VBN/b151.exe Infected: Trojan-Downloader.Win32.Agent.fjn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440005.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440005.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D44000A.VBN/b116.exe Infected: Trojan-Downloader.Win32.Agent.ezc skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D44000A.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D44000A.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D44000B.VBN/b116.exe Infected: Trojan-Downloader.Win32.Agent.ezc skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D44000B.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D44000B.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D44000C.VBN/b138.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D44000C.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D44000C.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D44000D.VBN/b138.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D44000D.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D44000D.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB40000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB40001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB40002.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DD80000.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DD80002.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DD80004.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DD80006.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DD80007.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DD80008.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DD80009.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DD8000A.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DD8000B.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DD8000C.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DD8000D.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DD8000E.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DD80010.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DD80012.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C0000.VBN Infected: Trojan-Downloader.Win32.Adload.pn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C0001.VBN Infected: Trojan-Downloader.Win32.Adload.pn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C0002.VBN Infected: Trojan-Downloader.Win32.Agent.gwh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C0003.VBN Infected: Trojan-Downloader.Win32.Agent.gwh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C0004.VBN Infected: Backdoor.Win32.Agent.dbm skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C0005.VBN Infected: Backdoor.Win32.Agent.dbm skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C0006.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C0007.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C0008.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C0009.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C000A.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C000B.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C000C.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C000D.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C000E.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C000F.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C0010.VBN Infected: Trojan-Downloader.Win32.Agent.ezc skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C0011.VBN Infected: Trojan-Downloader.Win32.Agent.ezc skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C0012.VBN Infected: Trojan-Downloader.Win32.Agent.fjn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C0013.VBN Infected: Trojan-Downloader.Win32.Agent.fjn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C0014.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C0015.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C0016.VBN Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C0017.VBN Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700002.VBN Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700003.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700004.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700005.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700006.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700007.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700008.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700009.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70000A.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70000B.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70000C.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70000D.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70000E.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70000F.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700010.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700011.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700012.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700013.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700014.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700015.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700016.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700017.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700018.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gq skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700019.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70001A.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70001B.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70001C.VBN Infected: Trojan-Downloader.Win32.PurityScan.fg skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70001D.VBN Infected: Trojan-Downloader.Win32.Adload.pn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70001E.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70001F.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700020.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700021.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700022.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700023.VBN Infected: Trojan-Downloader.Win32.Agent.gdi skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700024.VBN Infected: Trojan-Downloader.Win32.Delf.dlk skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700025.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700026.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700027.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700028.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700029.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70002A.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70002B.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70002C.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70002D.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70002E.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70002F.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700030.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700031.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700032.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700033.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700034.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700035.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700036.VBN Infected: Trojan-Downloader.Win32.Agent.gwh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700037.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700038.VBN Infected: Trojan-Downloader.Win32.Adload.pn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700039.VBN Infected: Trojan-Downloader.Win32.Agent.gdi skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70003A.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70003B.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70003C.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70003D.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70003E.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70003F.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700040.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700041.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700042.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700043.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700044.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700045.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700046.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700047.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700048.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700049.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70004A.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70004B.VBN Infected: Trojan-Downloader.Win32.Agent.gwh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70004C.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70004D.VBN Infected: Trojan-Downloader.Win32.Adload.pn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70004E.VBN Infected: Trojan-Downloader.Win32.Agent.gdi skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70004F.VBN Infected: Trojan-Downloader.Win32.Agent.gwh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700050.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700051.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700052.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700053.VBN Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700054.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700055.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700056.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700057.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700058.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700059.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70005A.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70005B.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70005C.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70005D.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70005E.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70005F.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700060.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700061.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700062.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700063.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700064.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700065.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700066.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700067.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gq skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700068.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700069.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70006A.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70006B.VBN Infected: Trojan-Downloader.Win32.PurityScan.fg skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70006C.VBN Infected: Trojan-Downloader.Win32.Adload.pn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70006D.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70006E.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70006F.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700070.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700071.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700072.VBN Infected: Trojan-Downloader.Win32.Agent.gdi skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700073.VBN Infected: Trojan-Downloader.Win32.Delf.dlk skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700074.VBN Infected: Trojan-Downloader.Win32.Agent.ezc skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700075.VBN Infected: Trojan-Downloader.Win32.Agent.fjn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700076.VBN Infected: not-a-virus

ownloader.Win32.WinFixer.au skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700077.VBN Infected: Trojan-Downloader.Win32.Agent.gwh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700078.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700079.VBN Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EE80000.VBN Infected: Trojan-Downloader.Java.OpenStream.y skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EE80001.VBN Infected: Trojan-Downloader.Java.OpenStream.y skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F000000.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F380000.VBN Infected: Trojan-Downloader.Win32.Agent.iug skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F380001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F380002.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F380004.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FC40000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FC40001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FC40002.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD00000.VBN/b103.exe Infected: not-a-virus:AdWare.Win32.Rond.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD00000.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD00000.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD00001.VBN/b103.exe Infected: not-a-virus:AdWare.Win32.Rond.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD00001.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD00001.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FDC0000.VBN Infected: Trojan.Win32.Crypt.t skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FDC0001.VBN Infected: Trojan.Win32.Crypt.t skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FDC0002.VBN Infected: Trojan.Win32.Crypt.t skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FDC0003.VBN Infected: Trojan.Win32.Crypt.t skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FDC0004.VBN Infected: Trojan-Downloader.Win32.Agent.haq skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FDC0005.VBN Infected: Trojan-Downloader.Win32.Agent.haq skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FDC0006.VBN Infected: Trojan.Win32.Crypt.t skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FDC0007.VBN Infected: Trojan.Win32.Crypt.t skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FDC0008.VBN Infected: Trojan.Win32.Crypt.t skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FDC0009.VBN Infected: Trojan.Win32.Crypt.t skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FDC000A.VBN Infected: Trojan-Downloader.Win32.Agent.haq skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FDC000B.VBN Infected: Trojan-Downloader.Win32.Agent.haq skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FF00000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FF00001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FF00002.VBN Infected: Trojan-Downloader.Win32.Agent.gwh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FF00003.VBN Infected: Trojan-Downloader.Win32.Agent.gwh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FF00004.VBN Infected: Trojan.Win32.Zapchast.dt skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FF00005.VBN Infected: Trojan.Win32.Zapchast.dt skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FF00006.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FF00007.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FF00008.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\137C0000.VBN/b138.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\137C0000.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\137C0000.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\137C0001.VBN/b138.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\137C0001.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\137C0001.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Documents\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\AlbumArtSmall.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\AlbumArt_{79D3A434-2D93-4194-AD18-F79744B5CF43}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\AlbumArt_{79D3A434-2D93-4194-AD18-F79744B5CF43}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Folder.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\MUSIC.ASX Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\MUSIC.BMP Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\MUSIC.WMA Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\My Playlists\joey.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\My Playlists\kaylin.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\My Playlists\NONAME.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\My Playlists\Search Results.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\My Playlists\Send To Playlist.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArtSmall.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{08115859-E625-4BCD-83A8-57E01873B42F}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{08115859-E625-4BCD-83A8-57E01873B42F}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{EFFDEB51-C913-4EE1-8B2A-C80112057955}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{EFFDEB51-C913-4EE1-8B2A-C80112057955}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Folder.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\001A45A5\Favorites -- 4 and 5 star rated.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\001A45A5\Favorites -- Have not heard recently.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\001A45A5\Favorites -- Listen to late at night.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\001A45A5\Favorites -- Listen to on Weekdays.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\001A45A5\Favorites -- Listen to on Weekends.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\001A45A5\Favorites -- One Audio CD worth.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\001A45A5\Favorites -- One Data CD-R worth.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\001A45A5\Fresh tracks -- yet to be played.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\001A45A5\Fresh tracks -- yet to be rated.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\001A45A5\Fresh tracks.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\001A45A5\High bitrate media in my library.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\001A45A5\Low bitrate media in my library.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\001A45A5\Music tracks I dislike.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\001A45A5\Music tracks I have not rated.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\001A45A5\Music tracks with content protection.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\0029460A\01_Music_auto_rated_at_5_stars.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\0029460A\02_Music_added_in_the_last_month.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\0029460A\03_Music_rated_at_4_or_5_stars.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\0029460A\04_Music_played_in_the_last_month.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\0029460A\05_Pictures_taken_in_the_last_month.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\0029460A\06_Pictures_rated_4_or_5_stars.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\0029460A\07_TV_recorded_in_the_last_week.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\0029460A\08_Video_rated_at_4_or_5_stars.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\0029460A\09_Music_played_the_most.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\0029460A\10_All_Music.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\0029460A\11_All_Pictures.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\0029460A\12_All_Video.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Videos\Desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\Pinnacle Studio\Captured Video\PhotoShoot.mpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\Pinnacle Studio\Captured Video\Photoshoot.mpg.scn Object is locked skipped
C:\Documents and Settings\All Users\Documents\Pinnacle Studio\Captured Video\Video 1.avi Object is locked skipped
C:\Documents and Settings\All Users\Documents\Pinnacle Studio\Captured Video\Video 1.scn Object is locked skipped
C:\Documents and Settings\All Users\Documents\Pinnacle Studio\Captured Video\Video 2.avi Object is locked skipped
C:\Documents and Settings\All Users\Documents\Pinnacle Studio\Captured Video\Video 2.scn Object is locked skipped
C:\Documents and Settings\All Users\Documents\Pinnacle Studio\Captured Video\Video 3.avi Object is locked skipped
C:\Documents and Settings\All Users\Documents\Pinnacle Studio\Captured Video\Video 3.scn Object is locked skipped
C:\Documents and Settings\All Users\Documents\Pinnacle Studio\Captured Video\Video 4.avi Object is locked skipped
C:\Documents and Settings\All Users\Documents\Pinnacle Studio\Captured Video\Video 4.scn Object is locked skipped
C:\Documents and Settings\Joe\Application Data\acccore\nss\cert8.db Object is locked skipped
C:\Documents and Settings\Joe\Application Data\acccore\nss\key3.db Object is locked skipped
C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\w0ogmrhf.default\cert8.db Object is locked skipped
C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\w0ogmrhf.default\history.dat Object is locked skipped
C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\w0ogmrhf.default\key3.db Object is locked skipped
C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\w0ogmrhf.default\parent.lock Object is locked skipped
C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\w0ogmrhf.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\w0ogmrhf.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Joe\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\alt.bainaries.pictures.erotica.lolita.dbx/[From mickyletts@yahoo.com][Date Wed, 28 Dec 2005 17:21:03 GMT]/maryteen.wmv Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\alt.bainaries.pictures.erotica.lolita.dbx Mail MS Outlook 5: infected - 1 skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\alt.binaries.erotica.pictures.cheerleaders.dbx/[From marco@comcast.net][Date Fri, 29 Oct 2004 19:29:37 GMT]/pic45.scr Infected: Backdoor.Win32.Loony.m skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\alt.binaries.erotica.pictures.cheerleaders.dbx Mail MS Outlook 5: infected - 1 skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\alt.sex.masterbation.pictures.female.teen.dbx/[From zkcghq@midsouth.rr.com][Date Thu, 23 Dec 2004 01:12:50 GMT]/MasterbatingSis9.scr Infected: Backdoor.Win32.Hackarmy.gen skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\alt.sex.masterbation.pictures.female.teen.dbx Mail MS Outlook 5: infected - 1 skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Joe\ntuser.dat Object is locked skipped
C:\Documents and Settings\Joe\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Downloads\JEOPARDY!_Setup-dm[1].exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\Program Files\Drmupgds\Drmupgds.exe Infected: Trojan-Downloader.Win32.Adload.qy skipped
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.me Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.mm Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1560OinUninstaller.exe.vir/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1560OinUninstaller.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\Program Files\kernel\kernel.exe.vir Infected: Trojan-Downloader.Win32.Adload.pn skipped
C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir Infected: Trojan-Downloader.Win32.Agent.haq skipped
C:\QooBox\Quarantine\C\WINDOWS\Downloaded Program Files\USYP_0001_N76M2004NetInstaller.exe.vir Infected: not-a-virus

ownloader.Win32.WinFixer.i skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\shlwapi.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\sxs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\gsda.dll Infected: not-a-virus

ownloader.Win32.SpyGame skipped
C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus

ownloader.Win32.PopCap.b skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\8mqq5l1p.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

•

Join Date: Feb 2004

Posts: 10,034

Reputation: crunchie is a splendid one to behold

Solved Threads: 761

crunchie

Offline

Spyware Killer

Re: POS.tmp file and red X problem

#17

Feb 22nd, 2008

Open notepad and copy/paste the text in the codebox below into it:

regedit /a look2.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons" 
start notepad look2.txt

Save this as look.bat Choose to "Save type as - All Files"
It should look like this: http://i230.photobucket.com/albums/e...or/tsf/bat.gif
Double click on look.bat & allow it to run

=================

Did you run any scanners or anti malware tools before posting here?
Do you still have the red 'X' icon?

=================

Get rid of all these emails;

Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster

C:\Documents and Settings\Joe\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\alt.bainaries.pictures.erotica.lolita.dbx/[From mickyletts@yahoo.com][Date Wed, 28 Dec 2005 17:21:03 GMT]/maryteen.wmv Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\alt.bainaries.pictures.erotica.lolita.dbx Mail MS Outlook 5: infected - 1 skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\alt.binaries.erotica.pictures.cheerleaders.dbx/[From marco@comcast.net][Date Fri, 29 Oct 2004 19:29:37 GMT]/pic45.scr Infected: Backdoor.Win32.Loony.m skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\alt.binaries.erotica.pictures.cheerleaders.dbx Mail MS Outlook 5: infected - 1 skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\alt.sex.masterbation.pictures.female.teen.dbx/[From zkcghq@midsouth.rr.com][Date Thu, 23 Dec 2004 01:12:50 GMT]/MasterbatingSis9.scr Infected: Backdoor.Win32.Hackarmy.gen skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\alt.sex.masterbation.pictures.female.teen.dbx Mail MS Outlook 5: infected

================

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

•

KillAll::

File::
C:\Downloads\JEOPARDY!_Setup-dm[1].exe
C:\WINDOWS\Downloaded Program Files\gsda.dll
C:\WINDOWS\Downloaded Program Files\popcaploader.dll
C:\WINDOWS\SYSTEM32\8mqq5l1p.ini
C:\WINDOWS\SYSTEM32\qtutv.bak1
C:\WINDOWS\SYSTEM32\qtutv.bak2
C:\WINDOWS\SYSTEM32\qtutv.ini2
C:\WINDOWS\SYSTEM32\vyadd.bak1
C:\WINDOWS\SYSTEM32\vyadd.bak2
C:\WINDOWS\SYSTEM32\vyadd.ini2

Folder::
C:\Program Files\Drmupgds
C:\VundoFix Backups
C:\WINDOWS\V2FsdGVyIEJyYWluZXJk

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

http://i5.photobucket.com/albums/y15...1/CFScript.gif

7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

Combofix.txt
A new HijackThis log.

Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

•

Join Date: Feb 2008

Posts: 21

Reputation: Serakus is an unknown quantity at this point

Solved Threads: 0

Offline

Newbie Poster

Re: POS.tmp file and red X problem

#18

Feb 22nd, 2008

No i dont recall running any other things and the red X is still there. Did you want the Look2 text? if so im posting it at the bottom.

ComboFix 08-02-17.2 - Joe 2008-02-21 9:56:56.5 - NTFSx86

Running from: C:\Documents and Settings\Joe\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Joe\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Downloads\JEOPARDY!_Setup-dm[1].exe
C:\WINDOWS\Downloaded Program Files\gsda.dll
C:\WINDOWS\Downloaded Program Files\popcaploader.dll
C:\WINDOWS\SYSTEM32\8mqq5l1p.ini
C:\WINDOWS\SYSTEM32\qtutv.bak1
C:\WINDOWS\SYSTEM32\qtutv.bak2
C:\WINDOWS\SYSTEM32\qtutv.ini2
C:\WINDOWS\SYSTEM32\vyadd.bak1
C:\WINDOWS\SYSTEM32\vyadd.bak2
C:\WINDOWS\SYSTEM32\vyadd.ini2
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Downloads\JEOPARDY!_Setup-dm[1].exe
C:\Program Files\Drmupgds
C:\Program Files\Drmupgds\Drmupgds.exe
C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\WINDOWS\Downloaded Program Files\gsda.dll
C:\WINDOWS\Downloaded Program Files\popcaploader.dll
C:\WINDOWS\SYSTEM32\8mqq5l1p.ini

.
((((((((((((((((((((((((( Files Created from 2008-01-21 to 2008-02-21 )))))))))))))))))))))))))))))))
.

2008-02-19 16:52 . 2008-02-19 16:52 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2008-02-19 16:52 . 2008-02-19 16:52 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-19 16:22 . 2007-12-06 21:21 6,066,176 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2008-02-19 16:22 . 2007-06-30 22:31 2,455,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dat
2008-02-19 16:22 . 2007-06-30 22:36 991,232 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll.mui
2008-02-19 16:22 . 2007-12-06 21:21 459,264 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2008-02-19 16:22 . 2007-12-06 21:21 383,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2008-02-19 16:22 . 2007-12-06 21:21 267,776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2008-02-19 16:22 . 2007-12-06 21:21 63,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2008-02-19 16:22 . 2007-12-06 21:21 52,224 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2008-02-19 16:22 . 2007-12-06 06:00 13,824 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-02-16 22:47 . 2008-02-16 22:47 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\ErrorKiller
2008-02-16 22:46 . 2008-02-16 22:51 <DIR> d-------- C:\Program Files\ErrorKiller
2008-02-11 19:17 . 2008-02-11 19:17 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\acccore
2008-02-11 19:12 . 2008-02-11 19:12 <DIR> d-------- C:\Program Files\Viewpoint
2008-02-11 19:11 . 2008-02-11 19:12 <DIR> d-------- C:\Program Files\AIM6
2008-02-11 19:11 . 2008-02-11 19:14 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-02-11 18:30 . 2004-08-04 03:56 116,224 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwiadr.dll
2008-02-11 18:30 . 2001-08-17 22:37 99,865 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xlog.exe
2008-02-11 18:30 . 2001-08-17 22:37 27,648 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxftplt.exe
2008-02-11 18:30 . 2001-08-17 22:36 23,040 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwbtmp.dll
2008-02-11 18:30 . 2001-08-17 22:36 17,408 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxscnui.dll
2008-02-11 18:30 . 2001-08-17 12:11 16,970 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xem336n5.sys
2008-02-11 18:30 . 2004-08-04 03:56 8,192 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wshirda.dll
2008-02-11 18:30 . 2001-08-17 22:37 4,608 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxflnch.exe
2008-02-11 18:28 . 2001-08-17 22:36 525,568 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\tridxp.dll
2008-02-11 18:27 . 2001-08-17 22:36 495,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\sblfx.dll
2008-02-11 18:26 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\r2mdkxga.sys
2008-02-11 18:25 . 2001-08-17 14:05 351,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ovcodek2.sys
2008-02-11 18:24 . 2002-08-29 05:00 1,875,968 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\msir3jp.lex
2008-02-11 18:23 . 2002-08-29 05:00 1,158,818 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\korwbrkr.lex
2008-02-11 18:22 . 2002-08-29 05:00 471,102 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\imskdic.dll
2008-02-11 18:21 . 2002-08-29 05:00 13,463,552 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hwxjpn.dll
2008-02-11 18:20 . 2001-08-17 14:56 1,733,120 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\g400d.dll
2008-02-11 18:19 . 2001-08-17 13:28 634,134 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\el656ct5.sys
2008-02-11 18:18 . 2001-08-17 12:20 334,208 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ds1wdm.sys
2008-02-11 18:18 . 2004-08-04 01:58 207,360 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4.sys
2008-02-11 18:18 . 2001-08-17 12:11 29,696 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dm9pci5.sys
2008-02-11 18:18 . 2001-08-17 12:12 28,062 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dp83820.sys
2008-02-11 18:18 . 2001-08-17 13:47 23,808 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4usb.sys
2008-02-11 18:18 . 2004-08-04 03:56 20,992 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dshowext.ax
2008-02-11 18:18 . 2001-08-17 13:47 12,928 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4prt.sys
2008-02-11 18:18 . 2001-08-17 13:47 8,704 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4scan.sys
2008-02-11 18:16 . 2002-08-29 05:00 1,677,824 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\chsbrkr.dll
2008-02-11 18:15 . 2001-08-17 13:28 871,388 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\bcmdm.sys
2008-02-11 18:14 . 2001-08-17 14:56 66,048 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\s3legacy.dll
2008-02-10 21:41 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\SYSTEM32\d3dx9_26.dll
2008-02-10 21:12 . 2008-02-19 16:54 14,867 --a--c--- C:\logfile
2008-02-10 21:02 . 2008-02-10 21:02 <DIR> d-------- C:\Program Files\Disney
2008-02-09 22:38 . 2008-02-09 22:38 <DIR> d-------- C:\Program Files\Windows Defender
2008-02-03 23:37 . 2008-02-03 23:37 <DIR> d-------- C:\Program Files\WinSCP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-21 15:04 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-02-12 00:12 --------- dc----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-12 00:12 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-12 00:06 --------- d-----w C:\Program Files\VideoLAN
2008-02-11 23:27 --------- d-----w C:\Program Files\AIM
2008-02-11 23:26 --------- d-----w C:\Documents and Settings\Joe\Application Data\Aim
2008-02-09 23:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-01 01:56 --------- d-----w C:\Documents and Settings\Joe\Application Data\AdobeUM
2008-01-27 05:31 --------- d-----w C:\Program Files\DivX
2008-01-20 15:56 --------- d-----w C:\Program Files\Common Files\xing shared
2008-01-20 15:55 348,160 ----a-w C:\WINDOWS\SYSTEM32\msvcr71.dll
2008-01-20 15:55 --------- d-----w C:\Program Files\Real
2008-01-20 15:55 --------- d-----w C:\Program Files\Common Files\Real
2008-01-15 23:19 --------- d-----w C:\Documents and Settings\Joe\Application Data\vlc
2008-01-12 03:25 28,672 ----a-w C:\WINDOWS\SYSTEM32\DSentry.exe
2008-01-12 03:25 155,648 ----a-w C:\WINDOWS\SYSTEM32\igfxtray.exe
2008-01-12 03:25 114,688 ----a-w C:\WINDOWS\SYSTEM32\hkcmd.exe
2008-01-11 01:26 155,648 ----a-w C:\WINDOWS\SYSTEM32\igfxtray .exe
2008-01-11 01:26 114,688 ----a-w C:\WINDOWS\SYSTEM32\hkcmd .exe
2008-01-11 01:26 --------- d-----w C:\Program Files\QuickTime
2008-01-11 01:25 28,672 ----a-w C:\WINDOWS\SYSTEM32\DSentry .exe
2008-01-11 01:24 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-01-11 01:24 --------- d-----w C:\Program Files\iTunes
2008-01-11 01:24 --------- d-----w C:\Program Files\Dell AIO Printer A920
2008-01-11 01:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-08 03:37 --------- d-----w C:\Documents and Settings\Joe\Application Data\Apple Computer
2008-01-08 03:26 --------- d-----w C:\Program Files\Google
2008-01-08 03:21 --------- d-----w C:\Program Files\iPod
2008-01-08 01:58 --------- d-----w C:\Program Files\Full Tilt Poker
2008-01-08 01:55 --------- d-----w C:\Program Files\AIM+
2008-01-08 01:42 --------- d-----w C:\Program Files\Apple Software Update
2008-01-08 01:17 --------- d-----w C:\Program Files\Analog Devices
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\SYSTEM32\oleaut32.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\SYSTEM32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\SYSTEM32\libdivx.dll
2004-08-04 07:56 73,728 -csha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.

<pre>
----a-w            67,160 2008-01-12 02:49:12  C:\Program Files\AIM\aim .exe
----a-w            50,760 2008-01-11 01:25:38  C:\Program Files\Common Files\AOL\1124400053\ee\AOLSoftware .exe
----a-w           124,520 2008-01-11 01:25:50  C:\Program Files\Common Files\AOL\IPHSend\IPHSend .exe
----a-w           110,592 2008-01-11 01:25:38  C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
----a-w            67,184 2008-01-11 01:25:50  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w           204,800 2008-01-11 01:25:28  C:\Program Files\Dell\Media Experience\PCMService .exe
----a-w           270,336 2008-01-11 01:25:38  C:\Program Files\Dell AIO Printer A920\dlbkbmgr .exe
----a-w           221,184 2008-01-11 01:25:27  C:\Program Files\Intel\Modem Event Monitor\IntelMEM .exe
----a-w           267,048 2008-01-11 01:26:13  C:\Program Files\iTunes\iTunesHelper .exe
----a-w           217,088 2008-01-11 01:26:01  C:\Program Files\Microsoft IntelliPoint\point32 .exe
----a-w           286,720 2008-01-11 01:26:03  C:\Program Files\QuickTime\QTTask     .exe
----a-w           286,720 2008-01-12 05:27:28  C:\Program Files\QuickTime\QTTask    .exe
----a-w           286,720 2008-01-12 05:27:29  C:\Program Files\QuickTime\QTTask   .exe
----a-w           286,720 2008-01-12 05:27:31  C:\Program Files\QuickTime\QTTask  .exe
----a-w           286,720 2008-01-12 05:27:32  C:\Program Files\QuickTime\QTTask .exe
----a-w           120,640 2008-01-11 01:25:51  C:\Program Files\Symantec AntiVirus\VPTray .exe
----a-w            28,672 2008-01-11 01:25:27  C:\WINDOWS\SYSTEM32\DSentry .exe
----a-w           114,688 2008-01-11 01:26:03  C:\WINDOWS\SYSTEM32\hkcmd .exe
----a-w           155,648 2008-01-11 01:26:07  C:\WINDOWS\SYSTEM32\igfxtray .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tkgtp"="C:\WINDOWS\system32\??erinit.exe" [2004-08-04 02:56 24576]
"Router"="C:\Program Files\Router\Router.exe" [ ]
"I/O Controllers"="svcnet.exe" []
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 11:15 50528]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2008-01-11 22:25 120640]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [ ]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2008-01-11 22:25 110592]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-20 10:55 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [2008-01-10 20:26 286720]
"q76g3EW"="p2pxpph(3).exe" []
"Preview AdService"="C:\Program Files\Preview AdService\PrevAdServ.exe" [ ]
"pqx"="C:\WINDOWS\pqx.exe" [ ]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2008-01-11 22:25 204800]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-11 22:25 267048]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2008-01-11 22:25 124520]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2008-01-11 22:25 221184]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2008-01-11 22:25 217088]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-01-11 22:25 155648]
"ICQ Messenger"="ICQLite.exe" []
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-01-11 22:25 114688]
"g396di86"="C:\WINDOWS\system32\g396di86.exe" [ ]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2008-01-11 22:25 28672]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 01:04 122933]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2008-01-11 22:25 270336]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-11 22:25 67184]
"BuildBU"="c:\dell\bldbubg.exe" [2008-01-10 20:25 61440]
"AdTools Service"="C:\Program Files\AdTools Service\AdTools.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2008-01-10 20:25 57344]
"AceGain LiveUpdate"="C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"ICQ Messenger"="ICQLite.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2004-06-30 03:33:04 36953]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 22:56:14 282624]

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R3 Belkin700F;Belkin Wireless G Desktop Card Service v7;C:\WINDOWS\system32\DRIVERS\BLKWGDv7.sys [2006-10-19 04:44]
S2 DP1112;DP1112;C:\WINDOWS\system32\Drivers\DP.sys []
S2 DVC150;DVC 150B;C:\WINDOWS\system32\Drivers\dvc150b.sys [2003-11-04 15:56]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-19 04:30:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-16 18:16:18 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt _RegistrationOffer@16
"2008-02-21 08:30:00 C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job"
- C:\Program Files\ErrorKiller\ErrorKiller.ex
- C:\Program Files\ErrorKiller
"2008-02-21 15:07:07 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-21 10:03:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
ICQ Messenger = ICQLite.exe?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\AOL\1124400053\ee\aolsoftware.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-02-21 10:13:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-21 15:13:36
ComboFix2.txt 2008-02-18 05:37:20
ComboFix3.txt 2008-02-17 20:30:24
ComboFix4.txt 2008-02-17 16:05:54
ComboFix5.txt 2008-02-17 04:15:26
.
2008-02-20 08:01:52 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:17, on 2008-02-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\AOL\1124400053\ee\aolsoftware.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Joe\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...lash/index.cfm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [q76g3EW] p2pxpph(3).exe
O4 - HKLM\..\Run: [Preview AdService] C:\Program Files\Preview AdService\PrevAdServ.exe
O4 - HKLM\..\Run: [pqx] C:\WINDOWS\pqx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ICQ Messenger] ICQLite.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [g396di86] C:\WINDOWS\system32\g396di86.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\RunServices: [ICQ Messenger] ICQLite.exe
O4 - HKCU\..\Run: [Tkgtp] C:\WINDOWS\system32\??erinit.exe
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [I/O Controllers] svcnet.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://24.123.151.50:8081/VatDec.cab
O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures05.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.thefirst4.com/images/algonquin_cup.jpg

--
End of file - 8847 bytes

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\c]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\c\DefaultIcon]
@="%SystemRoot%\\system32\\shell32.dll,131"

•

Join Date: Jul 2007

Posts: 127

Reputation: MoralTerror is an unknown quantity at this point

Solved Threads: 10

MoralTerror MoralTerror is offline

Offline

Junior Poster

Re: POS.tmp file and red X problem

#19

Feb 24th, 2008

Hi Serakus

I'm afraid crunchie has fallen ill and he has asked me to continue with your fix until he is feeling better.

@crunchie get well soon

Please use Symantec's guide to remove the Norton Quarantine files.

---------------------------------------

Some of your programs have been infected with a file infector, while the necessary repairs have been done it may be wise to uninstall/reinstall your Norton AntiVirus to ensure full functionality.

---------------------------------------

Scan with HijackThis and check the following entries (If they still exist)

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab

Remember to close all other windows and click Fix Checked

---------------------------------------

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

Proud member of TSF Security Team
Proud member of ASAP (Alliance of Security Analysis Professionals)
Proud member of UNITE (Unified Network of Instructors and Trained Eliminators)

RenV::
C:\Program Files\QuickTime\QTTask     .exe
File::
C:\WINDOWS\system32\??erinit.exe
C:\Program Files\QuickTime\QTTask    .exe
C:\Program Files\QuickTime\QTTask   .exe
C:\Program Files\QuickTime\QTTask  .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\Symantec AntiVirus\VPTray .exe
C:\WINDOWS\SYSTEM32\DSentry .exe
C:\WINDOWS\SYSTEM32\hkcmd .exe
C:\WINDOWS\SYSTEM32\igfxtray .exe
C:\Program Files\Microsoft IntelliPoint\point32 .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM .exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr .exe
C:\Program Files\Dell\Media Experience\PCMService .exe
C:\Program Files\Common Files\Symantec Shared\ccApp .exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
C:\Program Files\Common Files\AOL\IPHSend\IPHSend .exe
C:\Program Files\Common Files\AOL\1124400053\ee\AOLSoftware .exe
C:\Program Files\AIM\aim .exe
Folder::
C:\Program Files\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tkgtp"=-
Router"=-
"I/O Controllers"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"URLLSTCK.exe"=-
"q76g3EW"=-
"Preview AdService"=-
"pqx"=-
"g396di86"=-
"AdTools Service"=-
"AceGain LiveUpdate"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons]
Driver::
DP1112
"Viewpoint Manager Service"

Save this as CFScript.txt, in the same location as ComboFix.exe

Name: CFScript.gif
Views: 13
Size: 27.1 KB

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

---------------------------------------

Please go to the following link ESET Online Scanner Link
Tick the box YES, I accept the Terms Of Use
Click the Start button
Now click the Install button
Click Start

The scanner engine will initialise and update
Do Not tick the box Remove found threats
Click the Scan button

The scan will now run, please be patient
When the scan finishes click the Details tab
Copy and paste the contents of the %ProgramFiles%\EsetOnlineScanner\log.txt back here.

---------------------------------------
Required Logs

c:\ComboFix.txt
%ProgramFiles%\EsetOnlineScanner\log.txt
new HijackThis log <<< taken after the online scan

Please also provide an update on system behaviour

Last edited by crunchie; Feb 25th, 2008 at 8:16 am.

•

Join Date: Feb 2008

Posts: 21

Reputation: Serakus is an unknown quantity at this point

Solved Threads: 0