Computing.Net > Forums > Security and Virus > gnida[1].swf downloader virus found

Specialty Forums
Security and Virus
General Hardware
CPUs/Overclocking
Networking
Digital Photo/Video
Office Software
PC Gaming
Console Gaming
Programming
Database
Web Development
Digital Home

General Forums
Windows XP
Windows Vista
Windows 95/98
Windows Me
Windows NT
Windows 2000
Win Server 2008
Win Server 2003
Windows 3.1
Linux
PDAs
BeOS
Novell Netware
OpenVMS
Solaris
Disk Op. System
Unix
Mac
OS/2

The Lounge

Drivers
Driver Scan
Driver Forum

Software
Automatic Updates

BIOS Updates

My Computing.Net

Howtos

Site Search

Message Find

Data Recovery

About

gnida[1].swf downloader virus found

Reply to Message Icon
Original Message
Name: Andaroo
Date: January 21, 2008 at 16:49:41 Pacific
Subject: gnida[1].swf downloader virus found
OS: Windows XP Media Center
CPU/Ram: 3.00GHz/0.99GB
Comment:

[reposted from XP section] My Norton Antivirus found a Downloader named gnida[1].swf that it can not remove. Help is appreciated!


Report Offensive Message For Removal


Response Number 1
Name: jabuck
Date: January 21, 2008 at 18:51:06 Pacific
Reply: (edit)

Please download and install the latest version of HijackThis v2.0.2:


Download the "HijackThis" Installer from this link:
Hijack This


1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.


Report Offensive Follow Up For Removal

Response Number 2
Name: makinu1der2
Date: January 21, 2008 at 19:46:42 Pacific
Reply: (edit)

Take a look at this previous post it may help.

http://computing.net/security/wwwbo...


Report Offensive Follow Up For Removal

Response Number 3
Name: Andaroo
Date: January 21, 2008 at 22:14:46 Pacific
Reply: (edit)

I just ran a A-squared scan and it found a trojan in my lsass.exe process, which I quarantined. I'm not sure if that is the right virus. Here is the HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:22 PM, on 1/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxcqcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Lexmark 9300 Series\lxcqmon.exe
C:\Program Files\Lexmark 9300 Series\ezprint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\lsass.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [lxcqmon.exe] "C:\Program Files\Lexmark 9300 Series\lxcqmon.exe"
O4 - HKLM\..\Run: [Lexmark 9300 Series Fax Server] "C:\Program Files\Lexmark 9300 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 9300 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/c...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/...
O16 - DPF: {640373B0-6978-4FA5-A9FC-420ECBBC61C7} (Web Viewer Class) - http://www.tekla.com/go/webviewer/s...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://dcmguest.earthcam.net/viewer...
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/M...
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{33A3518C-70AF-4EE1-9C50-2F511478CED7}: NameServer = 64.59.144.18,64.59.144.19
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcq_device - - C:\WINDOWS\system32\lxcqcoms.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 17016 bytes


Report Offensive Follow Up For Removal

Response Number 4
Name: jabuck
Date: January 22, 2008 at 14:27:30 Pacific
Reply: (edit)

Run Hijack This, close all windows and browsers except Hijack This, place a check to the left of the following items and press "fix checked":

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\lsass.exe

Now while still in Hijack This, click the "Config" button in the bottom right corner
Then click the "Misc Tools" button (top right)
Under "System Tools", click "Open process manager"

Set up the computer to view hidden files:
To show hidden files do the following:
Click Start > My Computer
On the Tools menu, click Folder Options.
Click the View tab.
Uncheck Hide file extensions for known file types.
Uncheck Hide protected operating system files.
Under the Hidden files folder, locate and check Show hidden files and folders.
If you see a warning message, click Yes.
Click Apply > OK.

Navigate to and delete this file if found:

C:\WINDOWS\Config\lsass.exe

Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.


Report Offensive Follow Up For Removal

Response Number 5
Name: Andaroo
Date: January 22, 2008 at 16:17:49 Pacific
Reply: (edit)

ComboFix 08-01-23.1 - Andrew 2008-01-22 15:54:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.408 [GMT -8:00]
Running from: C:\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\8C75RNL5\cnsminex[1].htm
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\#SharedObjects\XZHUMKTZ\www.inter-focus.cn
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\#SharedObjects\XZHUMKTZ\www.inter-focus.cn\flashad_beta_1.01.swf\IFFLASHAD.sol
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.inter-focus.cn
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.inter-focus.cn\settings.sol
C:\Program Files\popcorn Terms.html
C:\TeklaStructuresModels\GP2 PROJECT\_desktop.ini
C:\TeklaStructuresModels\GP2 PROJECT\attributes\_desktop.ini
C:\TeklaStructuresModels\GP2 PROJECT\DesignFiles\_desktop.ini
C:\TeklaStructuresModels\GP2 PROJECT\drawings\_desktop.ini
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-12-23 to 2008-01-23 )))))))))))))))))))))))))))))))
.

2008-01-22 15:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-21 18:08 . 2008-01-21 22:33 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-01-21 16:16 . 2008-01-21 16:17 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-20 22:57 . 2008-01-20 22:57 268 --ah----- C:\sqmdata01.sqm
2008-01-20 22:57 . 2008-01-20 22:57 244 --ah----- C:\sqmnoopt01.sqm
2008-01-16 15:46 . 2008-01-16 15:47 <DIR> d-------- C:\Program Files\iTunes
2008-01-16 15:46 . 2008-01-16 15:46 <DIR> d-------- C:\Program Files\iPod
2008-01-16 15:45 . 2008-01-16 15:45 <DIR> d-------- C:\Program Files\QuickTime
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-09 18:03 . 2008-01-09 19:36 51,355 --a------ C:\WINDOWS\system32\muzika.xm
2008-01-05 14:11 . 2008-01-05 14:11 <DIR> d-------- C:\Program Files\Videopot
2008-01-05 13:46 . 2008-01-05 13:46 <DIR> d-------- C:\Program Files\DAUM
2008-01-04 13:59 . 2008-01-04 13:59 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-01-04 13:59 . 2008-01-04 13:59 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-01-04 13:58 . 2008-01-04 13:58 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 13:58 . 2008-01-04 13:58 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-01-04 13:58 . 2008-01-04 13:58 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-01-04 13:56 . 2008-01-04 13:56 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 13:56 . 2008-01-04 13:56 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-01-03 21:27 . 2008-01-03 21:31 <DIR> d-------- C:\Program Files\TVAnts
2008-01-03 12:24 . 2005-06-23 18:37 40,960 --a------ C:\WINDOWS\system32\lxcqvs.dll
2008-01-03 12:23 . 2006-10-25 00:16 344,064 --a------ C:\WINDOWS\system32\lxcqcoin.dll
2008-01-03 12:22 . 2006-10-23 06:54 692,224 --a------ C:\WINDOWS\system32\lxcqdrs.dll
2008-01-03 12:22 . 2006-09-28 23:28 65,536 --a------ C:\WINDOWS\system32\lxcqcaps.dll
2008-01-03 12:22 . 2006-05-09 02:10 61,440 --a------ C:\WINDOWS\system32\lxcqcnv4.dll
2008-01-03 12:19 . 2006-10-24 01:33 31 --a------ C:\WINDOWS\system32\lxcqrwrd.ini
2008-01-03 12:16 . 2008-01-03 12:22 <DIR> d-------- C:\Program Files\Lexmark 9300 Series
2008-01-01 16:22 . 2008-01-01 16:23 <DIR> d-------- C:\Program Files\Hamachi
2007-12-27 12:52 . 2007-12-27 12:52 244 --ah----- C:\sqmnoopt00.sqm
2007-12-27 12:52 . 2007-12-27 12:52 232 --ah----- C:\sqmdata00.sqm
2007-12-26 17:33 . 2007-12-26 17:33 1,259 --a------ C:\WINDOWS\_ISENV31.INI
2007-12-26 16:15 . 2008-01-06 19:30 <DIR> d-------- C:\Program Files\Lx_cats
2007-12-26 16:08 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-12-26 16:08 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2007-12-26 15:46 . 2005-06-01 00:28 9,606 --a------ C:\WINDOWS\system32\NEWSOFT
2007-12-26 15:45 . 2007-12-26 15:45 <DIR> d-------- C:\Program Files\Common Files\NewSoft
2007-12-26 15:45 . 2004-07-30 12:06 28,672 --a------ C:\WINDOWS\hookdllX.dll
2007-12-26 15:44 . 2007-12-26 15:44 <DIR> d-------- C:\WINDOWS\system32\color
2007-12-26 15:44 . 2007-12-26 16:07 <DIR> d-------- C:\Program Files\Lexmark Applications
2007-12-26 15:44 . 1997-10-14 05:19 11,776 --a------ C:\WINDOWS\system32\pmsbfn32.dll
2007-12-26 15:44 . 2008-01-02 13:01 317 --a------ C:\WINDOWS\setup.iss
2007-12-26 15:43 . 2007-12-26 15:44 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-12-26 15:42 . 2006-04-24 08:00 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2007-12-26 15:42 . 2006-04-24 08:00 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2007-12-26 15:42 . 2006-04-24 08:00 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
2007-12-26 15:42 . 2006-04-24 08:00 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
2007-12-26 15:42 . 2006-04-24 08:00 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
2007-12-26 15:42 . 2006-10-25 23:03 45,056 --a------ C:\WINDOWS\system32\lxcqpmon.dll
2007-12-26 15:42 . 2006-10-25 23:02 32,768 --a------ C:\WINDOWS\system32\LXCQFXPU.DLL
2007-12-26 15:42 . 2006-10-25 23:09 12,288 --a------ C:\WINDOWS\system32\lxcqpmrc.dll
2007-12-26 15:40 . 2008-01-03 12:19 <DIR> d-------- C:\Program Files\Lexmark Toolbar
2007-12-26 15:39 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-12-26 15:39 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-12-26 15:39 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-12-26 15:39 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2007-12-26 15:39 . 2004-08-09 21:00 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-12-26 15:39 . 2004-08-09 21:00 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
2007-12-26 15:38 . 2008-01-03 12:24 22,991 --a------ C:\WINDOWS\system32\LexFiles.ulf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-22 23:53 --------- d-----w C:\Program Files\FlashGet
2008-01-22 23:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-22 02:00 --------- d-----w C:\Program Files\fsupport
2008-01-22 00:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-21 03:46 --------- d-----w C:\Program Files\Starcraft
2008-01-21 00:47 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-01-13 08:03 --------- d-----w C:\Program Files\DivX
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-02 21:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-25 19:52 --------- d-----w C:\Program Files\Java
2007-12-17 04:01 --------- d-----w C:\Program Files\MSN Messenger
2007-12-17 04:01 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-10 06:10 --------- d-----w C:\Program Files\A Midsummer Day's Resonance
2007-12-04 05:02 --------- d-----w C:\Program Files\Cheat Engine
2007-12-04 01:21 --------- d-----w C:\Program Files\FrostWire
2007-12-04 01:16 --------- d-----w C:\Program Files\LimeWire
2007-12-02 02:15 --------- d-----w C:\Program Files\Real Alternative
2007-11-28 05:45 37,027 ----a-w C:\WINDOWS\atmoUn.exe
2007-11-28 05:45 --------- d-----w C:\Program Files\Viewpoint
2007-11-25 18:23 --------- d-----w C:\Program Files\Counter-Strike Source
2007-11-13 06:09 1,497 ----a-w C:\Program Files\XVI32.ini
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-28 01:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-28 01:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-03-02 05:27 7,367 ----a-w C:\Program Files\CurrentCfg.tpr
2007-03-02 05:27 51 ----a-w C:\Program Files\CurrentBatch.tbe
2007-03-02 05:27 5,208 ----a-w C:\Program Files\TMPGEnc.ini
2007-02-27 04:22 211 ----a-w C:\Program Files\MediaStage.zip.jei
2005-05-12 06:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2005-04-11 08:15 133,516,151 ----a-w C:\Program Files\MediaStage.zip
2004-10-26 02:11 374,340 ----a-w C:\Program Files\TMPGEnc.vfp
2004-10-26 02:10 936 ----a-w C:\Program Files\Readme.big5.txt
2004-10-26 02:10 933 ----a-w C:\Program Files\Readme.gb.txt
2004-10-26 02:10 891,972 ----a-w C:\Program Files\TMPGEnc.exe
2004-10-26 02:10 4,865 ----a-w C:\Program Files\TMPGEnc.acf
2004-10-26 02:10 2,241 ----a-w C:\Program Files\License.fr.txt
2004-10-26 02:10 2,141 ----a-w C:\Program Files\License.en.txt
2004-10-26 02:10 155,648 ----a-w C:\Program Files\Resample.dll
2004-10-26 02:10 147,543 ----a-w C:\Program Files\P4Package.dll
2004-10-26 02:10 135,255 ----a-w C:\Program Files\P3Package.dll
2004-10-26 02:10 1,965 ----a-w C:\Program Files\License.ja.txt
2004-10-26 02:10 1,363 ----a-w C:\Program Files\License.gb.txt
2004-10-26 02:10 1,363 ----a-w C:\Program Files\License.big5.txt
2004-10-26 02:10 1,341 ----a-w C:\Program Files\Readme.fr.txt
2004-10-26 02:10 1,238 ----a-w C:\Program Files\Readme.ja.txt
2004-10-26 02:10 1,203 ----a-w C:\Program Files\Readme.en.txt
2002-10-08 01:30 104,583 ----a-w C:\Program Files\XVI32U.HLP
2002-10-08 01:14 6,672 ----a-w C:\Program Files\readme.txt
2002-10-07 00:52 763,904 ----a-w C:\Program Files\XVI32.exe
2001-08-27 19:47 947,689 ----a-w C:\Program Files\EditPlus 2.zip
2001-08-15 19:21 1,266 ----a-w C:\Program Files\XVI32U.cnt
1999-09-08 04:24 1,246 ----a-w C:\Program Files\WINEBCDE.XCT
1999-09-08 04:24 1,246 ----a-w C:\Program Files\EBCDEWIN.XCT
1999-09-08 04:24 1,232 ----a-w C:\Program Files\WINEBCUS.XCT
1999-09-08 04:24 1,232 ----a-w C:\Program Files\EBCUSWIN.XCT
1999-09-06 01:13 896 ----a-w C:\Program Files\WINDOS.XCT
1999-09-06 01:13 896 ----a-w C:\Program Files\DOSWIN.XCT
2005-12-23 04:18 32 --sha-w C:\WINDOWS\{87149465-800E-4962-9898-765FF0602633}.dat
2005-12-16 00:55 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
2005-12-23 04:18 32 --sha-w C:\WINDOWS\system32\{6C59E837-BF28-42E1-8775-4553B4EE725E}.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 04:00 15360]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-08-15 02:40 190024]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24 1694208]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 14:53 68856]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-04 10:50 405583]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 12:56 64512]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 16:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-08 02:59 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-08 03:03 114688]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 15:35 49152]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 14:34 245760]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-11 22:12 49152]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 02:50 155648]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-12-02 16:11 54296]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2003-12-02 16:11 58392]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-12-23 13:30 100056]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-09 21:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-09 21:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-09 21:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-09 21:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-09 21:00 455168]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44 61440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-08 03:02 94208]
"WrtMon.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 08:35 20480]
"lxcqmon.exe"="C:\Program Files\Lexmark 9300 Series\lxcqmon.exe" [2007-01-11 05:57 291760]
"Lexmark 9300 Series Fax Server"="C:\Program Files\Lexmark 9300 Series\fm3032.exe" [2006-12-05 01:36 304048]
"EzPrint"="C:\Program Files\Lexmark 9300 Series\ezprint.exe" [2006-12-05 01:35 82864]
"LXCQCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCQtime.dll" [2006-11-21 04:27 106496]
"RegistryMechanic"="" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-01-07 17:56 1816208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 09:01 437160]

C:\Documents and Settings\Andrew\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-11-20 21:26:53 113664]
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2007-09-25 20:01:09 557568]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 20:37:56 217194]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2006-12-17 20:49:44 124912]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26 282624]
Image Transfer.lnk - C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe [2006-09-09 10:16:50 73728]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-11-29 16:40:57 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R2 lxcq_device;lxcq_device;C:\WINDOWS\system32\lxcqcoms.exe [2006-12-05 01:36]
S2 sentemul;sentemul;C:\WINDOWS\system32\drivers\sentemul.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 08:05]
S3 XDva009;XDva009;C:\WINDOWS\system32\XDva009.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d49fabd6-7a97-11dc-b28d-0013d4951d0d}]
\Shell\AutoRun\command - L:\Launcher.exe

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-01-16 19:32:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-22 23:46:55 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-21 10:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NAVW32.exeG/task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca
"2008-01-23 23:59:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 16:02:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCQCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCQtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-23 16:03:18
ComboFix-quarantined-files.txt 2008-01-24 00:03:16
.
2008-01-22 23:50:50 --- E O F ---


Report Offensive Follow Up For Removal


Response Number 6
Name: jabuck
Date: January 22, 2008 at 17:12:56 Pacific
Reply: (edit)

Looks much better.

I suggest that you uninstall these programs:

Messenger Plus! Live

LimeWire

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Download ATF Cleaner from this link:
ATF Cleaner

Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Please run the BitDefender online scan this link:
Bitdefender Online Scanner

You will need to allow an active x install for the scan to run.
Leave the scanning options at default and press "click here to scan"
When finished scanning, click on "click here to export the scan report"
Save it to your desktop, at "file name" type in "bdscan" then click save.
Post a log in your reply.


Report Offensive Follow Up For Removal

Response Number 7
Name: Andaroo
Date: January 22, 2008 at 22:18:05 Pacific
Reply: (edit)

BitDefender Online Scanner



Scan report generated at: Wed, Jan 23, 2008 - 20:54:30





Scan path: C:\;D:\;E:\;F:\;H:\;I:\;J:\;K:\;







Statistics

Time
03:16:37

Files
893493

Folders
15158

Boot Sectors
3

Archives
96601

Packed Files
40664




Results

Identified Viruses
4

Infected Files
26

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
44




Engines Info

Virus Definitions
893012

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
14

Archive plugins
38

Unpack plugins
7

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Quarantine\{00004260-0001-0000-354D-7D8917DFB45F}\DATA.CAB=>RESOURCE1
Infected with: Exploit.Win32.WMF-PFV.A

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Quarantine\{00004260-0001-0000-354D-7D8917DFB45F}\DATA.CAB=>RESOURCE1
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Quarantine\{00004260-0001-0000-354D-7D8917DFB45F}\DATA.CAB=>RESOURCE1
Deleted

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Quarantine\{00004260-0001-0000-354D-7D8917DFB45F}\DATA.CAB
Update failed

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Quarantine\{00004260-0001-0000-354D-7D8917DFB45F}\DATA.CAB=>RESOURCE2
Infected with: Exploit.Win32.WMF-PFV.A

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Quarantine\{00004260-0001-0000-354D-7D8917DFB45F}\DATA.CAB=>RESOURCE2
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Quarantine\{00004260-0001-0000-354D-7D8917DFB45F}\DATA.CAB=>RESOURCE2
Deleted

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Quarantine\{00004260-0001-0000-354D-7D8917DFB45F}\DATA.CAB
Update failed

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Quarantine\{00004260-0001-0000-354D-7D8917DFB45F}\DATA.CAB=>RESOURCE3
Infected with: Exploit.Win32.WMF-PFV.A

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Quarantine\{00004260-0001-0000-354D-7D8917DFB45F}\DATA.CAB=>RESOURCE3
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Quarantine\{00004260-0001-0000-354D-7D8917DFB45F}\DATA.CAB=>RESOURCE3
Deleted

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Quarantine\{00004260-0001-0000-354D-7D8917DFB45F}\DATA.CAB
Update failed

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{6DCC3375-3919-432B-8E36-5FD69798D1AB}\Microsoft\Outlook Express\GP2.dbx=>(message 37)=>[Subject: stair dwg][Date: Sat, 26 Aug 2006 17:57:36 +0800]=>(MIME part)=>(message)=>[Subject: stair dwg][Date: Sat, 26 Aug 2006 17:57:36 +0800]=>(MIME part)=>stair.rar=>p2\p2\acad.lsp
Infected with: Trojan.Lisp.Bursted.A

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{6DCC3375-3919-432B-8E36-5FD69798D1AB}\Microsoft\Outlook Express\GP2.dbx=>(message 37)=>[Subject: stair dwg][Date: Sat, 26 Aug 2006 17:57:36 +0800]=>(MIME part)=>(message)=>[Subject: stair dwg][Date: Sat, 26 Aug 2006 17:57:36 +0800]=>(MIME part)=>stair.rar=>p2\p2\acad.lsp
Disinfection failed

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{6DCC3375-3919-432B-8E36-5FD69798D1AB}\Microsoft\Outlook Express\GP2.dbx=>(message 37)=>[Subject: stair dwg][Date: Sat, 26 Aug 2006 17:57:36 +0800]=>(MIME part)=>(message)=>[Subject: stair dwg][Date: Sat, 26 Aug 2006 17:57:36 +0800]=>(MIME part)=>stair.rar=>p2\p2\acad.lsp
Deleted

C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{6DCC3375-3919-432B-8E36-5FD69798D1AB}\Microsoft\Outlook Express\GP2.dbx=>(message 37)=>[Subject: stair dwg][Date: Sat, 26 Aug 2006 17:57:36 +0800]=>(MIME part)=>(message)=>[Subject: stair dwg][Date: Sat, 26 Aug 2006 17:57:36 +0800]=>(MIME part)=>stair.rar
Update failed

C:\Program Files\Norton AntiVirus\Quarantine\117C64E9.lsp=>(Quarantine-2)
Infected with: Trojan.Lisp.Bursted.A

C:\Program Files\Norton AntiVirus\Quarantine\117C64E9.lsp=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\117C64E9.lsp=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\19F348D1.exe=>(Quarantine-2)
Infected with: Win32.Worm.VB.DW

C:\Program Files\Norton AntiVirus\Quarantine\19F348D1.exe=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\36BE467D.lsp=>(Quarantine-2)
Infected with: Trojan.Lisp.Bursted.A

C:\Program Files\Norton AntiVirus\Quarantine\36BE467D.lsp=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\36BE467D.lsp=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\41171BD0=>(Quarantine-2)
Infected with: Trojan.Lisp.Bursted.A

C:\Program Files\Norton AntiVirus\Quarantine\41171BD0=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\41171BD0=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\4155398B=>(Quarantine-2)
Infected with: Trojan.Lisp.Bursted.A

C:\Program Files\Norton AntiVirus\Quarantine\4155398B=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\4155398B=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\44307666=>(Quarantine-2)
Infected with: Trojan.Lisp.Bursted.A

C:\Program Files\Norton AntiVirus\Quarantine\44307666=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\44307666=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\469D7BB4.jc!=>(Quarantine-2)=>(ZIP Sfx o)=>run.exe
Infected with: Trojan.Downloader.Harnig.BB

C:\Program Files\Norton AntiVirus\Quarantine\469D7BB4.jc!=>(Quarantine-2)=>(ZIP Sfx o)=>run.exe
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\469D7BB4.jc!=>(Quarantine-2)=>(ZIP Sfx o)=>run.exe
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\469D7BB4.jc!=>(Quarantine-2)=>(ZIP Sfx o)
Updated

C:\Program Files\Norton AntiVirus\Quarantine\469D7BB4.jc!=>(Quarantine-2)
Update failed

C:\Program Files\Norton AntiVirus\Quarantine\478276B9.jc!=>(Quarantine-2)=>(ZIP Sfx o)=>run.exe
Infected with: Trojan.Downloader.Harnig.BB

C:\Program Files\Norton AntiVirus\Quarantine\478276B9.jc!=>(Quarantine-2)=>(ZIP Sfx o)=>run.exe
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\478276B9.jc!=>(Quarantine-2)=>(ZIP Sfx o)=>run.exe
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\478276B9.jc!=>(Quarantine-2)=>(ZIP Sfx o)
Updated

C:\Program Files\Norton AntiVirus\Quarantine\478276B9.jc!=>(Quarantine-2)
Update failed

C:\Program Files\Norton AntiVirus\Quarantine\485F1BBB=>(Quarantine-2)
Infected with: Win32.Worm.VB.DW

C:\Program Files\Norton AntiVirus\Quarantine\485F1BBB=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\49037518=>(Quarantine-2)
Infected with: Trojan.Lisp.Bursted.A

C:\Program Files\Norton AntiVirus\Quarantine\49037518=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\49037518=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\4E23734B.lsp=>(Quarantine-2)
Infected with: Trojan.Lisp.Bursted.A

C:\Program Files\Norton AntiVirus\Quarantine\4E23734B.lsp=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\4E23734B.lsp=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\52E11DB4.lsp=>(Quarantine-2)
Infected with: Trojan.Lisp.Bursted.A

C:\Program Files\Norton AntiVirus\Quarantine\52E11DB4.lsp=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\52E11DB4.lsp=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\5A56574B=>(Quarantine-2)
Infected with: Trojan.Lisp.Bursted.A

C:\Program Files\Norton AntiVirus\Quarantine\5A56574B=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\5A56574B=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\5AC240D5=>(Quarantine-2)
Infected with: Trojan.Lisp.Bursted.A

C:\Program Files\Norton AntiVirus\Quarantine\5AC240D5=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\5AC240D5=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\5AFD3494=>(Quarantine-2)
Infected with: Trojan.Lisp.Bursted.A

C:\Program Files\Norton AntiVirus\Quarantine\5AFD3494=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\5AFD3494=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\5BC95697.lsp=>(Quarantine-2)
Infected with: Trojan.Lisp.Bursted.A

C:\Program Files\Norton AntiVirus\Quarantine\5BC95697.lsp=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\5BC95697.lsp=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\62B1441A=>(Quarantine-2)
Infected with: Trojan.Lisp.Bursted.A

C:\Program Files\Norton AntiVirus\Quarantine\62B1441A=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\62B1441A=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\68F001F7.lsp=>(Quarantine-2)
Infected with: Trojan.Lisp.Bursted.A

C:\Program Files\Norton AntiVirus\Quarantine\68F001F7.lsp=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\68F001F7.lsp=>(Quarantine-2)
Deleted

C:\Program Files\Norton AntiVirus\Quarantine\7CC7282A.lsp=>(Quarantine-2)
Infected with: Trojan.Lisp.Bursted.A

C:\Program Files\Norton AntiVirus\Quarantine\7CC7282A.lsp=>(Quarantine-2)
Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\7CC7282A.lsp=>(Quarantine-2)
Deleted

C:\RECYCLER\S-1-5-21-1309613129-3035525953-2618096754-1008\Dc3557.bak=>(message 37)=>[Subject: stair dwg][Date: Sat, 26 Aug 2006 17:57:36 +0800]=>(MIME part)=>(message)=>[Subject: stair dwg][Date: Sat, 26 Aug 2006 17:57:36 +0800]=>(MIME part)=>stair.rar=>p2\p2\acad.lsp
Infected with: Trojan.Lisp.Bursted.A

C:\RECYCLER\S-1-5-21-1309613129-3035525953-2618096754-1008\Dc3557.bak=>(message 37)=>[Subject: stair dwg][Date: Sat, 26 Aug 2006 17:57:36 +0800]=>(MIME part)=>(message)=>[Subject: stair dwg][Date: Sat, 26 Aug 2006 17:57:36 +0800]=>(MIME part)=>stair.rar=>p2\p2\acad.lsp
Disinfection failed

C:\RECYCLER\S-1-5-21-1309613129-3035525953-2618096754-1008\Dc3557.bak=>(message 37)=>[Subject: stair dwg][Date: Sat, 26 Aug 2006 17:57:36 +0800]=>(MIME part)=>(message)=>[Subject: stair dwg][Date: Sat, 26 Aug 2006 17:57:36 +0800]=>(MIME part)=>stair.rar=>p2\p2\acad.lsp
Deleted

C:\RECYCLER\S-1-5-21-1309613129-3035525953-2618096754-1008\Dc3557.bak=>(message 37)=>[Subject: stair dwg][Date: Sat, 26 Aug 2006 17:57:36 +0800]=>(MIME part)=>(message)=>[Subject: stair dwg][Date: Sat, 26 Aug 2006 17:57:36 +0800]=>(MIME part)=>stair.rar
Update failed

C:\RECYCLER\S-1-5-21-1309613129-3035525953-2618096754-1008\Dc3581.bak=>(message 37)=>[Subject: stair dwg][Date: Sat, 26 Aug 2006 17:57:36 +0800]=>(MIME part)=>(message)=>[Subject: stair dwg][Date: Sat, 26 Aug 2006 17:57:36 +0800]=>(MIME part)=>stair.rar=>p2\p2\acad.lsp
Infected with: Trojan.Lisp.Bursted.A

C:\RECYCLER\S-1-5-21-1309613129-3035525953-2618096754-1008\Dc3581.bak=>(message 37)=>[Subject: stair dwg][Date: Sat, 26 Aug 2006 17:57:36 +0800]=>(MIME part)=>(message)=>[Subject: stair dwg][Date: Sat, 26 Aug 2006 17:57:36 +0800]=>(MIME part)=>stair.rar=>p2\p2\acad.lsp
Disinfection failed

C:\RECYCLER\S-1-5-21-1309613129-3035525953-2618096754-1008\Dc3581.bak=>(message 37)=>[Subject: stair dwg][Date: Sat, 26 Aug 2006 17:57:36 +0800]=>(MIME part)=>(message)=>[Subject: stair dwg][Date: Sat, 26 Aug 2006 17:57:36 +0800]=>(MIME part)=>stair.rar=>p2\p2\acad.lsp
Deleted

C:\RECYCLER\S-1-5-21-1309613129-3035525953-2618096754-1008\Dc3581.bak=>(message 37)=>[Subject: stair dwg][Date: Sat, 26 Aug 2006 17:57:36 +0800]=>(MIME part)=>(message)=>[Subject: stair dwg][Date: Sat, 26 Aug 2006 17:57:36 +0800]=>(MIME part)=>stair.rar
Update failed

C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP1088\A0090286.exe=>(Quarantine-2)
Infected with: Win32.Worm.VB.DW

C:\System Volume Information\_restore{D7BD54B8-C977-4903-8CE7-9415B851EC71}\RP1088\A0090286.exe=>(Quarantine-2)
Deleted


Report Offensive Follow Up For Removal

Response Number 8
Name: jabuck
Date: January 23, 2008 at 03:29:43 Pacific
Reply: (edit)

Looks good.

How is your computer operating?


Report Offensive Follow Up For Removal

Response Number 9
Name: Andaroo
Date: January 23, 2008 at 15:53:52 Pacific
Reply: (edit)

Everything seems fine. Thanks a lot for your help!


Report Offensive Follow Up For Removal

Response Number 10
Name: jabuck
Date: January 23, 2008 at 18:48:26 Pacific
Reply: (edit)

Glad we could help.


Report Offensive Follow Up For Removal






Use following form to reply to current message: 

   Name: From My Computing.Net Settings
 E-Mail: From My Computing.Net Settings

Subject: gnida[1].swf downloader virus found

Comments:
            
         

 


  Homepage URL (*): 
Homepage Title (*): 
         Image URL:
 
Data Recovery Software



Have you ever used OpenOffice?

Yes, as my main suite.
Yes, occationally.
Yes, but only once.
No, never.


View Results

Poll Finishes In 3 Days.
Discuss in The Lounge


Ad blocking question

PWB text editor

Open Close CD-Rom

AVG Startup and Network connect.

Vista Home Premium User and Admin

All Posts Awaiting Replies