Need help removing Trojan [RESOLVED]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

Need help removing Trojan [RESOLVED], Malwarebytes couldn't complete removal

Options

FrustratedScott View Member Profile	Nov 22 2008, 12:56 PM Post #1
New Member Posts: 7 OS: Windows XP	Hello, I got infected probably by more than one virus/trojan last week. The Antivirus 2009 pop-up issues, browser re-directions, blocking of helpful sites, unable to update removal software are just some of the issues. Through persistence I was able to load spybot, run it, and then get to some helpful sites. The TDSS stuff I found on another site helped a great deal, but now I'm down to the stubborn mess I see others have run into. Malwarebytes can't seem to get rid of four trojan entries. I saw at least one other person on this forum helped successfully and I followed some of the instructions, but I realize it's individualized after a certain point. This stuff is interesting, but also annoying. This is an awesome site and look forward to hearing from someone. I've posted the Malwarebytes log and HJT log. Thanks in advance. Malwarebytes' Anti-Malware 1.30 Database version: 1415 Windows 5.1.2600 Service Pack 2 11/22/2008 1:19:54 PM mbam-log-2008-11-22 (13-19-54).txt Scan type: Full Scan (C:\\|D:\\|) Objects scanned: 155221 Time elapsed: 2 hour(s), 0 minute(s), 7 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 4 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:34:17 PM, on 11/22/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Juniper Networks\Common Files\dsNcService.exe c:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\palmOne\Hotsync.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe C:\WINDOWS\system32\hpoipm07.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.detnews.com/apps/pbcs.dll/frontpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 O2 - BHO: (no name) - {060CBB23-BA01-462F-8B74-A11BCCA9C2B3} - C:\WINDOWS\system32\d3d8l.dll O2 - BHO: (no name) - {16EC96A0-B04D-4724-8B9C-D46FB0CB9A9B} - C:\WINDOWS\system32\d3d8l.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {E66B89D8-5E9A-4EC5-AF8F-E8E9B630F7A1} - C:\WINDOWS\system32\d3d8l.dll O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe O4 - Global Startup: HPAiODevice(hp officejet k series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O15 - Trusted Zone: *.trinity-health.org O16 - DPF: {0FC6BF2B-E16A-11CF-AB2E-0080AD08A326} - http://activex.liveupdate.com/controls/cres.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://sctcdm06.extra.daimlerchrysler.com/iNotes.cab O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://sctcdm06.extra.daimlerchrysler.com/iNotes6W.cab O16 - DPF: {4B55FE21-325E-48D5-9B39-9B430D639EE8} (ScanFile.FileScan) - http://www.contentpurity.com/ScanFile.CAB O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\WINDOWS\msxml4.cab O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://sctcdm06.extra.daimlerchrysler.com/dwa7W.cab O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://easyaccess.trinity-health.org/dana-...perSetupSP1.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- End of file - 8142 bytes

Rorschach112 View Member Profile	Nov 22 2008, 12:58 PM Post #2
GeekU Teacher Posts: 35,111 From: Dublin OS: XP	Hello Download ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt** in your next reply.

FrustratedScott View Member Profile	Nov 22 2008, 01:51 PM Post #3
New Member Posts: 7 OS: Windows XP	Thanks for your help! Here's the ComboFix log: ComboFix 08-11-22.01 - Owner 2008-11-22 14:33:28.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.246 [GMT -5:00] Running from: c:\documents and settings\Owner\Desktop\healthy computer\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-10-22 to 2008-11-22 ))))))))))))))))))))))))))))))) . 2008-11-21 21:24 . 2008-11-21 21:24 <DIR> d-------- C:\fsaua.data 2008-11-19 05:14 . 2008-11-19 20:33 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2008-11-18 20:46 . 2004-08-04 02:56 99,840 --a------ c:\windows\system32\d3d8l.dll 2008-11-15 15:53 . 2008-11-15 16:04 <DIR> d-------- c:\program files\EsetOnlineScanner 2008-11-15 08:06 . 2008-11-15 08:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2008-11-15 08:05 . 2008-11-22 10:33 <DIR> d-------- c:\program files\SUPERAntiSpyware 2008-11-15 08:05 . 2008-11-22 10:33 <DIR> d-------- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com 2008-11-14 16:12 . 2008-11-14 16:12 <DIR> d-------- c:\program files\Trend Micro 2008-11-14 12:12 . 2008-11-14 12:12 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes 2008-11-14 07:14 . 2008-11-14 12:11 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-14 07:14 . 2008-11-14 07:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-14 07:14 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-14 07:14 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-14 07:10 . 2008-11-14 07:10 0 --a------ c:\windows\nsreg.dat 2008-11-13 23:01 . 2008-11-15 08:04 <DIR> d-------- c:\program files\XoftSpySE 2008-11-13 22:50 . 2008-11-13 22:50 <DIR> d-------- C:\db075724c5e524a45c41829d 2008-11-13 21:17 . 2008-11-13 21:17 19,797 --a------ c:\windows\aparoh.lib 2008-11-13 21:17 . 2008-11-13 21:17 18,811 --a------ c:\program files\Common Files\pinur.vbs 2008-11-13 21:17 . 2008-11-13 21:17 18,276 --a------ c:\windows\fefuzu.dat 2008-11-13 21:17 . 2008-11-13 21:17 16,908 --a------ c:\documents and settings\All Users\Application Data\tuxigumywy.dll 2008-11-13 21:17 . 2008-11-13 21:17 16,294 --a------ c:\documents and settings\All Users\Application Data\irar.bat 2008-11-13 21:17 . 2008-11-13 21:17 16,161 --a------ c:\windows\system32\gikesyfu.com 2008-11-13 21:17 . 2008-11-13 21:17 13,567 --a------ c:\windows\cawipyro.inf 2008-11-13 21:17 . 2008-11-13 21:17 13,330 --a------ c:\windows\wewax.lib 2008-11-13 21:17 . 2008-11-13 21:17 13,289 --a------ c:\documents and settings\Owner\Application Data\elefateza.scr 2008-11-13 21:17 . 2008-11-13 21:17 13,187 --a------ c:\documents and settings\Owner\Application Data\xajeb.sys 2008-11-13 21:17 . 2008-11-13 21:17 13,140 --a------ c:\program files\Common Files\caryvaka.com 2008-11-13 21:17 . 2008-11-13 21:17 12,423 --a------ c:\program files\Common Files\dyra.bin 2008-11-13 21:17 . 2008-11-13 21:17 11,455 --a------ c:\documents and settings\Owner\Application Data\urekixyne.reg 2008-11-13 17:21 . 2008-11-13 17:21 18,504 --a------ c:\program files\Common Files\koner.com 2008-11-13 17:21 . 2008-11-13 17:21 18,242 --a------ c:\program files\Common Files\evav.vbs 2008-11-13 17:21 . 2008-11-13 17:21 17,248 --a------ c:\windows\sijuqi.exe 2008-11-13 17:21 . 2008-11-13 17:21 15,251 --a------ c:\windows\system32\efyfoqyn.vbs 2008-11-13 17:21 . 2008-11-13 17:21 13,763 --a------ c:\program files\Common Files\xenezomy.bin 2008-11-13 17:21 . 2008-11-13 17:21 13,512 --a------ c:\windows\bizydyxe._sy 2008-11-13 17:21 . 2008-11-13 17:21 13,452 --a------ c:\windows\equp.dat 2008-11-13 17:21 . 2008-11-13 17:21 13,158 --a------ c:\documents and settings\All Users\Application Data\desugo.sys 2008-11-13 17:21 . 2008-11-13 17:21 10,746 --a------ c:\windows\gurovovalo.inf 2008-11-12 17:10 . 2008-11-12 17:10 86 --a------ c:\windows\WPCMAPI.INI 2008-11-12 17:05 . 2008-11-12 17:05 <DIR> d-------- C:\Novell . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-22 19:30 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-11-22 15:33 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-11-20 01:37 --------- d-----w c:\program files\SpywareBlaster 2008-11-19 10:18 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-16 15:00 --------- d-----w c:\program files\InetGet 2008-11-13 22:21 13,987 ----a-w c:\program files\Common Files\detacaloj.inf 2008-11-13 19:50 --------- d-----w c:\program files\palmOne 2008-11-13 19:49 --------- d-----w c:\program files\Documents To Go 2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-29 23:43 50,824 ----a-w c:\documents and settings\Owner\Application Data\GDIPFONTCACHEV1.DAT 2008-09-29 23:23 --------- d-----w c:\documents and settings\LocalService\Application Data\Softland 2008-09-29 23:18 --------- d-----w c:\program files\Softland 2008-09-28 23:17 --------- d-----w c:\program files\FPDFC 2008-09-19 18:48 21,656 ----a-w c:\windows\system32\dopdfmn6.dll 2008-09-19 18:48 18,072 ----a-w c:\windows\system32\dopdfmi6.dll 2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys 2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll 2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll 2001-08-18 12:00 94,784 --sh--w c:\windows\twain.dll 2004-08-04 07:56 50,688 --sh--w c:\windows\twain_32.dll 2004-08-04 07:56 1,028,096 --sha-w c:\windows\system32\mfc42.dll 2004-08-04 07:56 54,784 --sha-w c:\windows\system32\msvcirt.dll 2004-08-04 07:56 413,696 --sha-w c:\windows\system32\msvcp60.dll 2004-08-04 07:56 343,040 --sha-w c:\windows\system32\msvcrt.dll 2004-08-04 07:56 11,776 --sh--w c:\windows\system32\regsvr32.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{060CBB23-BA01-462F-8B74-A11BCCA9C2B3}] 2004-08-04 02:56 99840 --a------ c:\windows\system32\d3d8l.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16EC96A0-B04D-4724-8B9C-D46FB0CB9A9B}] 2004-08-04 02:56 99840 --a------ c:\windows\system32\d3d8l.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E66B89D8-5E9A-4EC5-AF8F-E8E9B630F7A1}] 2004-08-04 02:56 99840 --a------ c:\windows\system32\d3d8l.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-06-14 278528] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624] "checktime"="c:\program files\HPSelect\Frontend\ct.exe" [2002-01-26 45056] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2004-08-04 c:\windows\system32\narrator.exe] c:\documents and settings\Owner\Start Menu\Programs\Startup\ palmOne Registration.lnk - c:\program files\palmOne\register.exe [2005-04-21 2355200] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-06-09 471040] hp center UI.lnk - c:\program files\hp center\137903\Shadow\ShadowBar.exe [2002-07-24 69632] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i263_32.drv "VIDC.I263"= i263_32.drv [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Shareaza\\Shareaza.exe"= "c:\\Program Files\\Real\\RealOne Player\\realplay.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\StubInstaller.exe"= "c:\\Program Files\\CentraOne\\bin\\launcher.exe"= "c:\\Program Files\\palmOne\\Hotsync.exe"= "c:\\Program Files\\LimeWire 4126\\LimeWire.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R0 blffclej;blffclej;c:\windows\system32\drivers\blffclej.sys [2002-08-03 23424] R1 NEOFLTR_610_13437;Juniper Networks TDI Filter Driver (NEOFLTR_610_13437);\??\c:\windows\system32\Drivers\NEOFLTR_610_13437.SYS [2008-07-31 64160] R3 dsNcAdpt;Juniper Network Connect Adapter;c:\windows\system32\DRIVERS\dsNcAdpt.sys [2006-04-27 23552] R3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [2007-08-16 513152] S3 ncvcp;Network Connect Virtual Com Port;c:\windows\system32\DRIVERS\nsvcp.sys [] S3 OMVA;VPN-1 SecureClient Adapter;c:\windows\system32\DRIVERS\OMVA.sys [2005-02-18 14924] S4 hpt3xx;hpt3xx; [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd246c1e-28ef-11dc-bf86-0010dc65cb30}] \Shell\AutoRun\command - G:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder 2008-11-22 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job - c:\progra~1\NORTON~1\NAVW32.exe [2002-02-27 20:28] 2008-11-22 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 11:24] 2008-11-22 c:\windows\Tasks\XoftSpySE 2.job - c:\program files\XoftSpySE\booty.exe [2008-11-12 13:34] . - - - - ORPHANS REMOVED - - - - HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\n2ysagdl.default\ FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll FF -: plugin - c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll FF -: plugin - c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll FF -: plugin - c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll FF -: plugin - c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll FF -: plugin - c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll FF -: plugin - c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll FF -: plugin - c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll FF -: plugin - c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll FF -: plugin - c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll FF -: plugin - c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-22 14:40:57 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************ . Completion time: 2008-11-22 14:44:16 ComboFix-quarantined-files.txt 2008-11-22 19:42:43 ComboFix2.txt 2008-11-22 02:04:53 Pre-Run: 18,056,863,744 bytes free Post-Run: 18,040,848,384 bytes free 189 --- E O F --- 2008-11-14 13:53:30

Rorschach112 View Member Profile	Nov 23 2008, 03:50 AM Post #4
GeekU Teacher Posts: 35,111 From: Dublin OS: XP	Hello Open notepad and copy/paste the text in the quotebox below into it: CODE http://www.geekstogo.com/forum/Need-help-removing-Trojan-t218277.html Collect:: c:\windows\aparoh.lib c:\program files\Common Files\pinur.vbs c:\windows\fefuzu.dat c:\documents and settings\All Users\Application Data\tuxigumywy.dll c:\documents and settings\All Users\Application Data\irar.bat c:\windows\system32\gikesyfu.com c:\windows\cawipyro.inf c:\windows\wewax.lib c:\documents and settings\Owner\Application Data\elefateza.scr c:\documents and settings\Owner\Application Data\xajeb.sys c:\program files\Common Files\caryvaka.com c:\program files\Common Files\dyra.bin c:\documents and settings\Owner\Application Data\urekixyne.reg c:\program files\Common Files\koner.com c:\program files\Common Files\evav.vbs c:\windows\sijuqi.exe c:\windows\system32\efyfoqyn.vbs c:\program files\Common Files\xenezomy.bin c:\windows\bizydyxe._sy c:\windows\equp.dat c:\documents and settings\All Users\Application Data\desugo.sys c:\windows\gurovovalo.inf c:\program files\Common Files\detacaloj.inf c:\windows\system32\d3d8l.dll c:\windows\system32\drivers\blffclej.sys folder:: c:\program files\InetGet Suspect:: Driver:: blffclej hpt3xx KillAll:: Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd246c1e-28ef-11dc-bf86-0010dc65cb30}] Save this as CFScript.txt Refering to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you. Post that log in your next reply. Note When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis. Ensure you are connected to the internet and click OK on the message box. A browser will open. Simply follow the instructions to copy/paste/send the requested file.

FrustratedScott View Member Profile	Nov 23 2008, 06:31 AM Post #5
New Member Posts: 7 OS: Windows XP	Thanks so much for the help thus far. I've run ComboFix again with the instructions you provided. Here's the log: ComboFix 08-11-22.02 - Owner 2008-11-23 6:58:33.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.201 [GMT -5:00] Running from: c:\documents and settings\Owner\Desktop\healthy computer\ComboFix.exe Command switches used :: c:\documents and settings\Owner\Desktop\healthy computer\CFScript.txt . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\desugo.sys c:\documents and settings\All Users\Application Data\irar.bat c:\documents and settings\All Users\Application Data\tuxigumywy.dll c:\documents and settings\Owner\Application Data\elefateza.scr c:\documents and settings\Owner\Application Data\urekixyne.reg c:\documents and settings\Owner\Application Data\xajeb.sys c:\program files\Common Files\caryvaka.com c:\program files\Common Files\detacaloj.inf c:\program files\Common Files\dyra.bin c:\program files\Common Files\evav.vbs c:\program files\Common Files\koner.com c:\program files\Common Files\pinur.vbs c:\program files\Common Files\xenezomy.bin c:\program files\InetGet c:\windows\aparoh.lib c:\windows\bizydyxe._sy c:\windows\cawipyro.inf c:\windows\equp.dat c:\windows\fefuzu.dat c:\windows\gurovovalo.inf c:\windows\sijuqi.exe c:\windows\system32\d3d8l.dll c:\windows\system32\drivers\blffclej.sys c:\windows\system32\efyfoqyn.vbs c:\windows\system32\gikesyfu.com c:\windows\wewax.lib . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BLFFCLEJ -------\Service_blffclej -------\Service_hpt3xx ((((((((((((((((((((((((( Files Created from 2008-10-23 to 2008-11-23 ))))))))))))))))))))))))))))))) . 2008-11-21 21:24 . 2008-11-21 21:24 <DIR> d-------- C:\fsaua.data 2008-11-19 05:14 . 2008-11-19 20:33 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2008-11-15 15:53 . 2008-11-15 16:04 <DIR> d-------- c:\program files\EsetOnlineScanner 2008-11-15 08:06 . 2008-11-15 08:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2008-11-15 08:05 . 2008-11-22 10:33 <DIR> d-------- c:\program files\SUPERAntiSpyware 2008-11-15 08:05 . 2008-11-22 10:33 <DIR> d-------- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com 2008-11-14 16:12 . 2008-11-14 16:12 <DIR> d-------- c:\program files\Trend Micro 2008-11-14 12:12 . 2008-11-14 12:12 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes 2008-11-14 07:14 . 2008-11-14 12:11 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-14 07:14 . 2008-11-14 07:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-14 07:14 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-14 07:14 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-14 07:10 . 2008-11-14 07:10 0 --a------ c:\windows\nsreg.dat 2008-11-13 23:01 . 2008-11-15 08:04 <DIR> d-------- c:\program files\XoftSpySE 2008-11-13 22:50 . 2008-11-13 22:50 <DIR> d-------- C:\db075724c5e524a45c41829d 2008-11-12 17:10 . 2008-11-12 17:10 86 --a------ c:\windows\WPCMAPI.INI 2008-11-12 17:05 . 2008-11-12 17:05 <DIR> d-------- C:\Novell . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-22 19:30 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-11-22 15:33 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-11-20 01:37 --------- d-----w c:\program files\SpywareBlaster 2008-11-19 10:18 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-13 19:50 --------- d-----w c:\program files\palmOne 2008-11-13 19:49 --------- d-----w c:\program files\Documents To Go 2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-29 23:43 50,824 ----a-w c:\documents and settings\Owner\Application Data\GDIPFONTCACHEV1.DAT 2008-09-29 23:23 --------- d-----w c:\documents and settings\LocalService\Application Data\Softland 2008-09-29 23:18 --------- d-----w c:\program files\Softland 2008-09-28 23:17 --------- d-----w c:\program files\FPDFC 2008-09-19 18:48 21,656 ----a-w c:\windows\system32\dopdfmn6.dll 2008-09-19 18:48 18,072 ----a-w c:\windows\system32\dopdfmi6.dll 2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys 2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll 2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll 2001-08-18 12:00 94,784 --sh--w c:\windows\twain.dll 2004-08-04 07:56 50,688 --sh--w c:\windows\twain_32.dll 2004-08-04 07:56 1,028,096 --sha-w c:\windows\system32\mfc42.dll 2004-08-04 07:56 54,784 --sha-w c:\windows\system32\msvcirt.dll 2004-08-04 07:56 413,696 --sha-w c:\windows\system32\msvcp60.dll 2004-08-04 07:56 343,040 --sha-w c:\windows\system32\msvcrt.dll 2004-08-04 07:56 11,776 --sh--w c:\windows\system32\regsvr32.exe . ((((((((((((((((((((((((((((( snapshot@2008-11-22_14.41.51.68 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-06-14 278528] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624] "checktime"="c:\program files\HPSelect\Frontend\ct.exe" [2002-01-26 45056] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2004-08-04 c:\windows\system32\narrator.exe] c:\documents and settings\Owner\Start Menu\Programs\Startup\ palmOne Registration.lnk - c:\program files\palmOne\register.exe [2005-04-21 2355200] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-06-09 471040] hp center UI.lnk - c:\program files\hp center\137903\Shadow\ShadowBar.exe [2002-07-24 69632] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i263_32.drv "VIDC.I263"= i263_32.drv [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Shareaza\\Shareaza.exe"= "c:\\Program Files\\Real\\RealOne Player\\realplay.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\StubInstaller.exe"= "c:\\Program Files\\CentraOne\\bin\\launcher.exe"= "c:\\Program Files\\palmOne\\Hotsync.exe"= "c:\\Program Files\\LimeWire 4126\\LimeWire.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= Newly Created Service - BLFFCLEJ . Contents of the 'Scheduled Tasks' folder 2008-11-22 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job - c:\progra~1\NORTON~1\NAVW32.exe [2002-02-27 20:28] 2008-11-23 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 11:24] 2008-11-23 c:\windows\Tasks\XoftSpySE 2.job - c:\program files\XoftSpySE\booty.exe [2008-11-12 13:34] . - - - - ORPHANS REMOVED - - - - BHO-{060CBB23-BA01-462F-8B74-A11BCCA9C2B3} - c:\windows\system32\d3d8l.dll BHO-{16EC96A0-B04D-4724-8B9C-D46FB0CB9A9B} - c:\windows\system32\d3d8l.dll BHO-{E66B89D8-5E9A-4EC5-AF8F-E8E9B630F7A1} - c:\windows\system32\d3d8l.dll ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-23 07:07:44 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(600) c:\windows\system32\rsaenh.dll c:\windows\system32\WgaLogon.dll - - - - - - - > 'lsass.exe'(656) c:\windows\system32\msprivs.dll c:\windows\system32\rsaenh.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Juniper Networks\Common Files\dsNcService.exe c:\program files\Norton AntiVirus\Navapsvc.exe c:\program files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe c:\progra~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\hpoipm07.exe c:\program files\Hewlett-Packard\AiO\Shared\Bin\hposts07.exe c:\program files\Hewlett-Packard\AiO\Shared\Bin\hpofxm07.exe . ************************************************************************ . Completion time: 2008-11-23 7:18:45 - machine was rebooted ComboFix-quarantined-files.txt 2008-11-23 12:17:16 ComboFix2.txt 2008-11-22 19:44:17 ComboFix3.txt 2008-11-22 02:04:53 Pre-Run: 18,014,416,896 bytes free Post-Run: 17,971,884,032 bytes free 194 --- E O F --- 2008-11-14 13:53:30

Rorschach112 View Member Profile	Nov 23 2008, 03:27 PM Post #6
GeekU Teacher Posts: 35,111 From: Dublin OS: XP	Hello Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Go to Kaspersky website and perform an online antivirus scan. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases Click on My Computer under Scan. Once the scan is complete, it will display the results. Click on View Scan Report. You will see a list of infected items there. Click on Save Report As.... Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

FrustratedScott View Member Profile	Nov 24 2008, 03:56 AM Post #7
New Member Posts: 7 OS: Windows XP	Hi, Busy day yesterday, but I was able to follow your instructions. I posted the logs below. Thanks for hanging in there with me! Malwarebytes' Anti-Malware 1.30 Database version: 1419 Windows 5.1.2600 Service Pack 2 11/23/2008 6:38:55 PM mbam-log-2008-11-23 (18-38-55).txt Scan type: Quick Scan Objects scanned: 52027 Time elapsed: 8 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Monday, November 24, 2008 Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Sunday, November 23, 2008 23:24:08 Records in database: 1406366 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ Scan statistics: Files scanned: 112177 Threat name: 5 Infected objects: 836 Suspicious objects: 0 Duration of the scan: 03:20:53 File name / Threat name / Threats count C:\Documents and Settings\Owner\.housecall\Quarantine\'VA - The Bands 06 [2CDS] [2006][Rock][www bitmp3 com].zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\++Demonoid com++-Pizza - The Da Vinci Cup - 01[RD].zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\- mininova org - La Blue Girl Live Action Trilogy.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\100 Greatest Rock Guitar Solos[www royalproject net].zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\1500 Pixel icons.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\24 5x23 (HDTV-LOL)[VTV].zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\24 5x24 (HDTV-LOL)[VTV].zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\24 S05E23 HDTV XviD-LOL [eztv].zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\24 S05E24 HDTV XviD-LOL [eztv].zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\About CNET Networks.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Advanced search.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Air America Radio - The Al Franken Show 052206 [mp3].zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Air America Radio - The Al Franken Show 052306 [mp3].zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Air America Radio - The Majority Report 052206 [mp3].zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Air America Radio - The Majority Report 052306 [mp3].zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Air America Radio - The Marc Maron Show 052206 [mp3].zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Air America Radio - The Rachel Maddow Show 052306 [mp3].zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Air America Radio - The Randi Rhodes Show 052306 [mp3].zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Alias 5x16 (HDTV-BiA)[VTV].zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Alias 5x17 (HDTV-BiA)[VTV].zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Alias S05E16 HR HDTV AC3 5 1 XviD-NBS [eztv].zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Alias S05E17 HDTV XviD-BiA [eztv].zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\All RSS feeds.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\All Software.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Alone In The Dark The New Nightmare Pal Multi5.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\American Idol S05E40 The Final 2 Perform HDTV XviD-FQM [eztv].zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Background Remover v1 0 for Adobe Photoshop Cracked-SSG [www NewTorrents info].zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Battlefield 2 Patch 1.3 Full.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Beowulf And Grendel 2005 LiMiTED DVDRiP XViD DvF 21 05 06 pass.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Bernard Cornwell - Sharpe's Company.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Bhagavad Gita rar.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Browse categories.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Busta Rhymes-The Big Bang (Advance)-2006-MT.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Challenge of the Super Friends V2 DVDRip (Demonoid).zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\CNET Channel.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\CNET Download.com.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\CNET News.com.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\CNET Reviews.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\CNET Shopper.com.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Compare Prices.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Cool Edit Pro 2 + 2 1 + Serial + PDF Manuals rar.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Crosby, Stills, Nash & Young Déjà Vu (FLAC) (oan).zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\CSI Miami 4x25 (HDTV-LOL)[VTV].zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\DCP 5-21-06.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\DemiGods SemiDevils.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Emerson Lake and Palmer Studio Albums.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Everwood 4x19 (HDTV-FQM)[VTV].zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Face On Body 2 1 3.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Fantasy Art 10 More Artists 904 Pics rar.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Fate of the Blade.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\FIELD COMMANDER PSP DAX WORKING.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Fifth Gear - [09x07] - 2006 05 22 avi [VUK].zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Final Fantasy XIII - PS3 - E3 2006 - Square Enix.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Flash Decompiler v 2 9 0 349-TBE.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\FlashGet v1 72 Multilanguage WinALL Cracked-CzW.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Flight 77 Pentagon Official DOJ Videos.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Frank Sinatra-The Rat Pack 3CD Box(Darkside RG).zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Free MP3s.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Gantz 233 HQ [Jinchuuriki] zip.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Harry Potter 1 - The Sorcerer's Stone audiobook English (read by Jim Dale) (128kbps) (split tracks).zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Help Center.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Hitman Blood Money-RELOADED(bt-gm EFnet).zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\House 2x24 (HDTV-LOL)[VTV].zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\House S02E24 HDTV XviD-LOL [eztv].zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\How to advertise.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Howard Stern Show 05-23-06 24k.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Howard Stern Show 05-23-06 64k.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Idea Group Publishing Advanced Topics in Information Resources Management Nov 2005 eBook-LinG.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Inside Man FRENCH DVDSCR XviD-LAST avi.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\International media.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\IRC chat.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Jonathan Stroud-The Amulet Of Samarkand-The Bartimaeus Trilogy-Book-1-Unabridged-Fantasy.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\jPDFViewer 1.61.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JPEG 2000 Compressor 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JPEG 2000 Dropper 1.1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Jpeg Fixer 0.96.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JPEG Image Enhancer 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JPEG Imager 2.2.2.29.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JPEG Japery 1.05.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JPEG Lossless Resave plug-in for Photoshop 1.1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JPEG Lossless Rotator (French) 3.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JPEG Viewer 0.11 build 2.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JPEG Wizard for Photoshop 2.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JPEGCompress 2.7.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JPEGCrops 0.7.1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JPEGCruncher Desktop 2.0.8.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JpegSizer 4.0a.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JPG 4 Email 1.2.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Jpg Animated Slide Show 1.1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JPG File Sizer 1.6.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JPGallery Image Gallery Creator 3.0 build 580.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JPGCube 1.1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JPGReader 4.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JPhotoBrush Pro 1.3.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JPlayer 1.1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JProbe Profiler Freeware 5.2.1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JProfiler 4.0.2.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JProxy 2.1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JPSViewer 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JPTorrent Light 0.3.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JR Directory Printer 1.2.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JR Screen Ruler 1.4.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JR Split File 2.1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JR Split File Pro 2.1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Jr. Doctor 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Jr. Scientist 1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Jr. Vet 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JRelaxTimer 1.0.001.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\jRestaurant 3.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JS-DUC 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JScreenPrint 0.3.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JScript 5.6 Security Patch for Windows 2000 and XP MS03-008.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JScript 5.6 Security Patch for Windows MS03-008.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JSecureConnect 2.21.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JSetup Professional 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Jshock 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JShopper 1.7.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JShowBuilder 2.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\jsLogix 1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JSPMaker 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JSQLConnect 4.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JSQLMapper 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JSS Clock Sync 1.1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JT Maps 2005 1.3.9.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JTB FlexReport 2.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JTerm 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\jTFlashManager 1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JTier Internet News Server 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JTM - Java Tree Menu 3.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JTroll 1.2.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Jubler 2.9.9.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Jude Law Screensaver 1.5.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Judy's Kitchen 2003 1.0.59.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Juerguistaz Script 2.3.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Juggle (OS X) 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Juiced final demo .zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Juke 3.8.7.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JukeANator Digital Jukebox 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Jukebox Pro 1.0.68.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JukeBx 1.11.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JukeJam 8.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JukeTrax - The Jukebox Printing Press 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Julia Explorer 1.1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Julia O' Matic 1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Julia Stiles Sex-E Screensaver 3.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Julia's Time Adventures - Back to the Roaring 20s .zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JuliaShapes 1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Julius 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Jump Shot Basketball 5.55.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Jump Zampoli 1.5.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Jumpin Jehosaphat WP 1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JumpKeys 1.2.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JumpStart 1.5.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Jumpstart-it 2.0.1.2.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JumpVault Backup Software 3.2.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Jumpwel 5.05.005.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Jungle Animated Windows Screensaver 1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Jungle Balls 1.2.1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Jungle Heart 1.8.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Jungle Heart Family Edition 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Jungle Queens DT 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Jungle Queens WP 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Jungle Stalker WP 1.00.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Jungle Storm 3.5.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Juniper Practice Tests from Boson 4.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JUnitConv 1.0.001.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Junk Food Fruits Puzzle 2.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Junk Mail Remover 1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Junk-Out 1.14.0048.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JunkSweep 2.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JunkWarden for Outlook Express 2.9.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Jupiter Grid 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JUpload Applet 0.79.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Jurassic Park and The Lost World Theme 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Jurassic Park Operation Genesis .zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Jurassic Pinball 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Jurgen 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Jurtle 1.8.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Just Another Analog Clock 1.1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Just Another Tetris Clone 1.2b.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Just Bar Codes 1.2.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Just BASIC 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Just Buttons 2.3.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Just Checking 3.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Just Click 1.1.4.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Just Hold em Poker 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Just Like Heaven Trailer .zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Just Money 1.11.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Just Sudoku 1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Just Tabs 2.3.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Just Wallpaper 3.1a.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Just Watching 1.2.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Just WebMail 1.9.9.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JustaCal 1.2.2.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JustAddCommerce 5.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Justbackup 1.5.6.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JustbackupPro 1.5.6.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JustCad 6.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JustCursors 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Justice Force of America 2 (Freedom Force) patch .zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Justin Timberlake Screensaver 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JustLDAP 2.4.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JustRemoteIT 1.15.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JustRip'n'Burn 2.1.24.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JustUrls 5.2.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JustZipIt 102.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Juvenile Data 2.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Juz 'Amma Player 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Juzt-Reboot SW 7.61D.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Jv16 PowerTools 1.4.1.238.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Jv16 PowerTools 2005 1.5.1.31.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JvCrypt 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Jvider 1.6.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JVPoker Classic 1.4.1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\jvprinter 1.5.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Jvw File & Folder Hider 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Jvw FTP Client 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Jvw History Eraser 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JVW Popup Maker and DHTML Ad Generator 1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\jWebApp 2.1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JWinSvc 1.3.0.2.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JWTM (Web Tree Menu) 1.1.003.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JX Ovulation Calendar 1.1.76.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JXHTMLedit 4.0.005.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JXMLPad 3.4 FC.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JXOpen 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Jyve 0.8.9.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\JzChat 1.12.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\l'equipe du 24 05 2006 pdf.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Lavasoft Ad-Aware SE Professional 1 06r1 MultiLang - [www slotorrent net].zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Le Monde PDF 24 05 06 zip.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Le Monde PDF 250506 zip.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Lordi - Hard Rock Hallelujah (live at the finnish eurovision song contest) mp3 - [www slotorrent net.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Lordi - The Arockalypse.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Lynda com - Blogger.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\macbook service manual.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Mad Tracks GERMAN-SiLENTGATE.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Medium 2x22 (HDTV-LOL)[VTV].zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\MS Office 2003 Professional (Word, Excel, Powerpoint, Access, Frontpage, Outlook, Infopath, Visio, P.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\N 1.2.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\N 1.4.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\N-Ball 2.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\N-Ball Mac 2.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\N-Body Problem Screensaver 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\N-level Context Menu 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\N-Pass 1.2.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\n-Track Studio 4.1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\N.A.G. (Network Auralization for Gnutella) 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\n01 0.1.2.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Nabit 1.2.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Naevius Cached MP3 Player 1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Naevius CD & DVD Burner 1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Naevius Directory Watcher 1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Naevius Hidden File System 1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Naevius Wallpaper Changer 1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NAIC Club Accounting 2.5.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Nail Drivin' 5 Adventure 1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Nail Gun Thumbnail Utility 2.4.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NaisQuest Server 1.0.2.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Naja 1.2.7.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Najitool GUI 0.2.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Name and Property Modifier 1.1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Name Dropper 3.4.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Name Extractor 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Name It Your Way (NIYoW) 1.7.2.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Name Permutation Generator 1.1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Name-That-Toon 3.2.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NameCleaner (OS X) 2.5.1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NameCleaner 2.5.1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NameMage 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Names of Allah 1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NameSpire 1.2.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NameWiz 4.1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Namexif 1.3.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Namo ActiveSquare 6.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Namo FreeMotion 2006.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Namo WebCanvas 2006.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Namo WebEditor 2006.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Namu6 2.3.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Nanagram 1.4.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Nanny 2003 6.3.24.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Nano Pipeline 2.1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NanoPEG MPEG Editor 2.4.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Nanosaur II Hatchling 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Nanotechnology Patents Database 1.01.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NanoVantage Patents Database 2005 1.01.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Nantech TrafficGen 1.2.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Nantronix InternetUpgrade .NET Edition 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Naomi 3.2.9.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Naomi Campbell Bikini and Lingerie Screensaver 3.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Napalm Racing 1.3.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NaPalm Runner 1.04.01.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Napoleon Dynamite Screensaver .zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Napoleon Dynamite Trailer .zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Napster 3.1.1.8.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Napster for Media Center 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NapTracK 1.3.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Narawen Inox POP3 Connector 5.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NASA Research Aircraft 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NaSa's e.Purge 1.1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NASCAR 2000 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NASCAR Racing 2 demo .zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NASCAR Racing 2002 Dedicated Server .zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NASCAR Racing 2003 Season demo .zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NASCAR Racing 3.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NASCAR Racing 4.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NASCAR SimRacing .zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NASCAR Thunder 2003 demo .zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NASCAR Thunder 2004 demo .zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NASDAQ XP Logo Ticker 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Natalie Portman Sex-E Screensaver 3.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Natara Bonsai 4.0.2.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Nathan's Second Chance 1.03.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\National Construction Estimator 2006.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\National Geographic The Secret Bible 3of3 Apocalypse DivX mp3 www mvgroup org.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\National Parks Screensaver 2.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\National Real Time Weather Screen Saver 7.0.7.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\National Treasure Screensaver .zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\National Treasure Trailer .zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Native Assault (OS X) 1.2.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Native Assault 1.2.5.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Native POP3 Connector 2.1.6.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Native Suite 1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NativeExcel 2.3.10.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NatterChat 1.1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Natura Sound Therapy 1.8.1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Natura Sound Therapy 2.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Natural Ambience 1.5.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Natural Arches Screen Saver 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Natural Biorhythms 2.92.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Natural Facelift 1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Natural Fat Loss 1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Natural Healing 4.6.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Natural Healing Introduction 1.5.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Natural Installer 1.0.1.77.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NATural IP SOHO Client 1.55.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Natural Login Pro 1.10.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Natural Selection (Half-Life mod) 3.0 beta.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Natural Text to Speech Reader Standard 6.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Natural-stone Designare Pro 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NaturCalendar ST.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Nature 3D Screensaver 1.1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Nature Clock Screensaver 1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Nature Corners 1.3.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Nature Corners 2.1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Nature Flix Movie Screensaver 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Nature Illusion Studio 1.12.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Nature of God Screen Saver 1.2.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Nature's Creations #300 Screensaver 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Nature's Ireland Screensaver .zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Nature's Splendors Landscape Screen Saver 3.2.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Nature's Splendors Orchids Screen Saver 3.2.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NaturePainter Digital Canvas 1.2.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NaturePainter Zen Moment 1.02.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NaughtyMouse 1.2.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Nautical Wireless 1.1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Nautilus 3D Photo Screensaver 1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Nav Tools Pro 2.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Nav-U 1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Navajo 3.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Navi Search 2.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Navi's Text2Pdf Converter 1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Navi-Bar 1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Navicat (MySQL GUI) 6.1.6.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Navicat (MySQL GUI) 7.2.2.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Navicat (PostgreSQL GUI) 6.1.3.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Navicat (PostgreSQL GUI) 7.1.14.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Navigation Panes 1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Navigator Utilities 2.11.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Navigatris 1.8.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Navizon 1.2.1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NavRoad 7.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NavStudio 2005 7.4.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NavTools GPS 4.14.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NavTools Meteo 4.14DR.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NavTools Route 5.093.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NavTools Stormtrack 5.09.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Navy Field Patch 1.101 1.101.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Navy Field Resurrection of the Steel Fleet 1.118.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Navy Seals - Sea Air Land 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Navy Seals - Weapons of Mass Destruction 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\Naxtor Cart Professional E-Commerce 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NBA Action 98 demo .zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NBA Full Court Press demo .zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NBA Jam Extreme .zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NBA Live 2000 demo .zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NBA Live 2001 - Arco Arena .zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NBA Live 2001 demo .zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NBA Live 2004 Historic mod .zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NBA Live 2004 Turkish and Greek League Mod 2.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NBA Live 99 demo .zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NBCOlympics.com Search Toolbar 1.0.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NBFree MP3 to WAV Converter 2.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NBFree MP3 to WMA Converter 2.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NBFree WMA to MP3 Converter 2.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\nBinder 2005 3.6.1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\nBinder 2006 4.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\nBit HTML Editor ActiveX 2.5.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\nBit HTML Viewer ActiveX 1.3.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NBSoftware HTML Meta-Data Editor 1.0.1.zip.bac_a03244 Infected: P2P-Worm.Win32.VB.dw 1 C:\Documents and Settings\Owner\.housecall\Quarantine\NBX Audio Converter 2.zip.bac_a032

Rorschach112 View Member Profile	Nov 24 2008, 08:22 AM Post #8
GeekU Teacher Posts: 35,111 From: Dublin OS: XP	Can I get you to attach the Kaspersky log please

FrustratedScott View Member Profile	Nov 24 2008, 05:08 PM Post #9
New Member Posts: 7 OS: Windows XP	Sure, here it is Attached File(s) Kaspersky_log_11_24_08.txt ( 107.73K ) Number of downloads: 91

Rorschach112 View Member Profile	Nov 24 2008, 07:00 PM Post #10
GeekU Teacher Posts: 35,111 From: Dublin OS: XP	Post a new HJT log

FrustratedScott View Member Profile	Nov 24 2008, 07:10 PM Post #11
New Member Posts: 7 OS: Windows XP	Hello, Here's the HJT log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:07:04 PM, on 11/24/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Juniper Networks\Common Files\dsNcService.exe c:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\palmOne\Hotsync.exe C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\hpoipm07.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe C:\WINDOWS\explorer.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\LAMPLI~1.SCR C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.detnews.com/apps/pbcs.dll/frontpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe O4 - Global Startup: HPAiODevice(hp officejet k series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O15 - Trusted Zone: *.trinity-health.org O16 - DPF: {0FC6BF2B-E16A-11CF-AB2E-0080AD08A326} - http://activex.liveupdate.com/controls/cres.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://sctcdm06.extra.daimlerchrysler.com/iNotes.cab O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://sctcdm06.extra.daimlerchrysler.com/iNotes6W.cab O16 - DPF: {4B55FE21-325E-48D5-9B39-9B430D639EE8} (ScanFile.FileScan) - http://www.contentpurity.com/ScanFile.CAB O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\WINDOWS\msxml4.cab O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://sctcdm06.extra.daimlerchrysler.com/dwa7W.cab O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://easyaccess.trinity-health.org/dana-...perSetupSP1.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- End of file - 8605 bytes

Rorschach112 View Member Profile	Nov 24 2008, 07:20 PM Post #12
GeekU Teacher Posts: 35,111 From: Dublin OS: XP	Your logs are clean Follow these steps to uninstall Combofix and tools used in the removal of malware Click START then RUN Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there. Make sure you have an Internet Connection. Download OTCleanIt to your desktop and run it A list of tool components used in the Cleanup of malware will be downloaded. If your Firewall or Real Time protection attempts to block OTCleanUp to reach the Internet, please allow the application to do so. Click Yes to beging the Cleanup process and remove these components, including this application. You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes. Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here : http://www.adobe.com/products/acrobat/readstep2.html Below I have included a number of recommendations for how to protect your computer against malware infections. * Keep Windows updated by regularly checking their website at : http://windowsupdate.microsoft.com/ This will ensure your computer has always the latest security updates available installed on your computer. * To reduce re-infection for malware in the future, I strongly recommend installing these free programs: SpywareBlaster protects against bad ActiveX * SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict. Make Internet Explorer more secure Click Start > Run Type Inetcpl.cpl & click OK Click on the Security tab Click Reset all zones to default level Make sure the Internet Zone is selected & Click Custom level In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable". Next Click OK, then Apply button and then OK to exit the Internet Properties page. ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders. NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points. Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions. MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future. * Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from Here * Take a good look at the following suggestions for malware prevention by reading Tony Klein�s article 'How Did I Get Infected In The First Place' Here Thank you for your patience, and performing all of the procedures requested.

FrustratedScott View Member Profile	Nov 26 2008, 05:30 PM Post #13
New Member Posts: 7 OS: Windows XP	Hello! Thanks so much for your time and for lending your expertise to help the helpless! My computer runs great now with no problems whatsoever. I wish I had come to this site much sooner. This may seem like a small thing, but it's a wonderful thing to see people willing to help others. Thanks for your generosity. Please continue to help others.......it is contagious, and like a breath of fresh air during a time when it seems that people are only interested in the negative side of humanity. Thanks again!

Rorschach112 View Member Profile	Nov 26 2008, 07:18 PM Post #14
GeekU Teacher Posts: 35,111 From: Dublin OS: XP	Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Need help removing Trojan [RESOLVED]	14 / 978	3rd March 2006 - 01:46 AM smayne started - last by Daemon
Virus, Spyware and Trojan Removal need help removing trojan [RESOLVED]	9 / 523	12th July 2006 - 11:21 AM epilgren started - last by Daemon
Virus, Spyware and Trojan Removal Need Help removing Trojan:Win32/Conhook.I [RESOLVED]	3 / 933	6th August 2008 - 07:13 PM coq started - last by fenzodahl512
Virus, Spyware and Trojan Removal Need help removing Trojan-downloader. [RESOLVED]	13 / 775	12th August 2008 - 02:32 PM RoninJai started - last by Mike