Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

ADW_SE.76892 & ADW_SE.76889 help! [CLOSED]

Started by winabi , Feb 19 2006 04:34 PM

  • This topic is locked This topic is locked

#1
winabi
Posted 19 February 2006 - 04:34 PM

winabi

    Member

  • Member
  • PipPip
  • 40 posts
This past wednesday night I got hit with a lot of stuff. After booting my machine Thursday morning, all [bleep] broke loose. I followed and performed all that you request doing before posting and haven't been able to get rid of the two files; ADW_SE.76892 & ADW_SE.76889

The other interesting thing that I found is that there was a folder that was hidden in c:\Documents and Settings\(user) that was named "Completed." In this folder was about 8500 files that were oddly named. It seemed as though the majority were named by anime movies/shows. It looked as if I were to have logged onto Limewire and downloaded all this stuff myself. The really weird part is that about 75% of the files were only 198 kb per file and were created 02/15/06. The other 25% were only 1 kb per file and created on 02/18/06. Deleting these files opened up about 1.5 gb of free space on my startup disk. Does this have something to do with my infection? Just FYI.

What do I do?
I've posted my HiJackThis log and my Ewido Log taken today.


HIJACK THIS LOG
Logfile of HijackThis v1.99.1
Scan saved at 5:26:20 PM, on 2/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\bin\ktchnsnk.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\games\steam\steam.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\Program Files\ewido anti-malware\securitysuite.exe
C:\Documents and Settings\Mike\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - URLSearchHook: (no name) - <default> - (no file)
O1 - Hosts: talsearch.com
O1 - Hosts: arch.com
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HP OfficeJet Series 700] "C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\bin\ktchnsnk.exe" -reg "Software\Hewlett-Packard\OfficeJet Series 700\Install"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [XoftSpy] C:\Program Files\XoftSpy\XoftSpy.exe -s
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "d:\games\steam\steam.exe" -silent
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.billingnow.com
O15 - Trusted Zone: http://*.reliablestats.com
O15 - Trusted Zone: http://*.winantispyware.com
O15 - Trusted Zone: http://*.winantivirus.com
O15 - Trusted Zone: http://*.winantiviruspro.com
O15 - Trusted Zone: http://*.winnanny.com
O15 - Trusted Zone: http://*.winsoftware.com
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} - https://www.windowso...nSSWebAgent.CAB
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/...pcaploader1.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety....lscbase3401.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.pho...hxStudent15.CAB
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave...ownloadCtrl.cab
O20 - Winlogon Notify: Installer - C:\WINDOWS\system32\j02q0af5ed2.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (file missing)








EWIDO SCAN LOG
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 4:08:19 PM, 2/19/2006
+ Report-Checksum: D436E57C

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\H323TSP -> Adware.Look2Me : Cleaned with backup
[652] C:\WINDOWS\system32\nslsapi.dll -> Adware.Look2Me : Error during cleaning
C:\Program Files\Jalmp\uninstall.exe -> Adware.Suggestor : Cleaned with backup
C:\Program Files\outlook\p.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Program Files\outlook\v.tmp -> Worm.VB.dw : Cleaned with backup
:mozilla.9:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Coremetrics : Error during cleaning
:mozilla.13:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Atdmt : Error during cleaning
:mozilla.25:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Doubleclick : Error during cleaning
:mozilla.46:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Falkag : Error during cleaning
:mozilla.48:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Falkag : Error during cleaning
:mozilla.49:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Falkag : Error during cleaning
:mozilla.50:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Falkag : Error during cleaning
:mozilla.55:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Falkag : Error during cleaning
:mozilla.56:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Ru4 : Error during cleaning
:mozilla.57:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Adserver : Error during cleaning
:mozilla.58:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Adserver : Error during cleaning
:mozilla.59:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Adserver : Error during cleaning
:mozilla.60:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Adserver : Error during cleaning
:mozilla.61:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.62:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.63:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.64:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.65:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.66:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.67:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.68:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.69:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.70:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.71:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.72:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.73:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.74:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.75:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.76:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.77:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.78:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.79:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.2o7 : Error during cleaning
:mozilla.80:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Qksrv : Error during cleaning
:mozilla.81:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Qksrv : Error during cleaning
:mozilla.82:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Qksrv : Error during cleaning
:mozilla.89:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Masterstats : Error during cleaning
:mozilla.90:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Liveperson : Error during cleaning
:mozilla.91:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Liveperson : Error during cleaning
:mozilla.92:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Liveperson : Error during cleaning
:mozilla.106:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Webtrendslive : Error during cleaning
:mozilla.107:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Webtrendslive : Error during cleaning
:mozilla.110:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Zedo : Error during cleaning
:mozilla.111:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Zedo : Error during cleaning
:mozilla.112:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Zedo : Error during cleaning
:mozilla.115:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Liveperson : Error during cleaning
:mozilla.119:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Questionmarket : Error during cleaning
:mozilla.131:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Webtrendslive : Error during cleaning
:mozilla.132:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Webtrendslive : Error during cleaning
:mozilla.133:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Webtrendslive : Error during cleaning
:mozilla.134:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Webtrendslive : Error during cleaning
:mozilla.135:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Webtrendslive : Error during cleaning
:mozilla.136:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Webtrendslive : Error during cleaning
:mozilla.138:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning
:mozilla.139:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning
:mozilla.140:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning
:mozilla.141:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning
:mozilla.142:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning
:mozilla.143:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning
:mozilla.144:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Advertising : Error during cleaning
:mozilla.149:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Mediaplex : Error during cleaning
:mozilla.152:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning
:mozilla.154:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Hitbox : Error during cleaning
:mozilla.158:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Hotlog : Error during cleaning
:mozilla.159:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Xxxtoolbar : Error during cleaning
:mozilla.160:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Xxxtoolbar : Error during cleaning
:mozilla.167:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Overture : Error during cleaning
:mozilla.168:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Overture : Error during cleaning
:mozilla.172:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Cqcounter : Error during cleaning
:mozilla.173:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Yadro : Error during cleaning
:mozilla.177:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Clickzs : Error during cleaning
:mozilla.178:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Clickzs : Error during cleaning
:mozilla.190:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Fastclick : Error during cleaning
:mozilla.199:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Clickzs : Error during cleaning
:mozilla.200:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Porngraph : Error during cleaning
:mozilla.221:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Realtracker : Error during cleaning
:mozilla.256:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Webtrendslive : Error during cleaning
:mozilla.257:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Webtrendslive : Error during cleaning
:mozilla.263:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Pro-market : Error during cleaning
:mozilla.264:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Pro-market : Error during cleaning
:mozilla.280:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Serving-sys : Error during cleaning
:mozilla.281:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Serving-sys : Error during cleaning
:mozilla.282:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Serving-sys : Error during cleaning
:mozilla.283:C:\Program Files\support.com\backup\co\cookies.txt\32576_53c47ab8e_/cookies.txt -> TrackingCookie.Serving-sys : Error during cleaning
C:\Program Files\themexp\Themexp.org File\NNWDAB638.EXE -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\gimmygames9.exe -> Downloader.VB.ww : Cleaned with backup
C:\WINDOWS\NDNuninstall7_14.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\system32\dycpcsvc.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\e020lafm1d2a.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\eoent.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\in6bMs.dll -> Dropper.Agent.of : Cleaned with backup
C:\WINDOWS\system32\mlcorier.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ps.exe -> Dropper.Agent.mf : Cleaned with backup
C:\WINDOWS\system32\sdrwvdrv.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\__delete_on_reboot__nslsapi.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\winsysupd9.exe -> Downloader.VB.wy : Cleaned with backup


::Report End






Please help. Thank you for your time in reading my post. I appreciate it and will appreciate any help you're willing to give.

Edited by winabi, 19 February 2006 - 05:17 PM.

  • 0

Advertisements

#2
Flrman1
Posted 19 February 2006 - 07:12 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Hi winabi

Welcome to G2G! :tazz:

* Click here to download Look2Me-Destroyer.exe and save it to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message:
    • Done removing infected files! Look2Me-Destroyer will now shutdown your computer
  • Click OK then your computer will shutdown.
  • Wait 60 seconds then turn your computer back on.
  • Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive...ib/MSWINSCK.OCX
  • 0

#3
winabi
Posted 19 February 2006 - 07:29 PM

winabi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
THANK YOU SO MUCH FOR HELPING ME!

ok, I did as you specified. The only thing that didn't happen is that L2M didn't reopen automatically. I tried rebooting, but it still didn't. I'm gonna keep trying.




Here are the logs:


L2M LOG


Look2Me-Destroyer V1.0.6

Scanning for infected files.....
Scan started at 2/19/2006 8:19:14 PM

Infected! C:\WINDOWS\system32\j02q0af5ed2.dll
Infected! C:\WINDOWS\system32\ali2edxx.dll
Infected! C:\WINDOWS\system32\h20qlcd51f0.dll
Infected! C:\WINDOWS\system32\j02q0af5ed2.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\j02q0af5ed2.dll
C:\WINDOWS\system32\j02q0af5ed2.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\ali2edxx.dll
C:\WINDOWS\system32\ali2edxx.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\h20qlcd51f0.dll
C:\WINDOWS\system32\h20qlcd51f0.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\j02q0af5ed2.dll
C:\WINDOWS\system32\j02q0af5ed2.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Installer

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded






HiJackThis Log

Logfile of HijackThis v1.99.1
Scan saved at 8:26:05 PM, on 2/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\bin\ktchnsnk.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\games\steam\steam.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Mike\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - URLSearchHook: (no name) - <default> - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HP OfficeJet Series 700] "C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\bin\ktchnsnk.exe" -reg "Software\Hewlett-Packard\OfficeJet Series 700\Install"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "d:\games\steam\steam.exe" -silent
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.billingnow.com
O15 - Trusted Zone: http://*.reliablestats.com
O15 - Trusted Zone: http://*.winantispyware.com
O15 - Trusted Zone: http://*.winantivirus.com
O15 - Trusted Zone: http://*.winantiviruspro.com
O15 - Trusted Zone: http://*.winnanny.com
O15 - Trusted Zone: http://*.winsoftware.com
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} - https://www.windowso...nSSWebAgent.CAB
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/...pcaploader1.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety....lscbase3401.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.pho...hxStudent15.CAB
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave...ownloadCtrl.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (file missing)
  • 0

#4
Flrman1
Posted 20 February 2006 - 07:32 AM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Click here to download Brute Force Uninstaller (bfu.zip) and save it to your C:\ drive.
  • Next you must unzip the bfu.zip file to its own folder on C:\ so that the path to it is C:\BFU.
  • The file path must be C:\BFU for the removal to work.
* Next download the alcanshorty.bfu script and save it to the C:\BFU folder.
  • RIGHT-CLICK HERE and choose "Save As" (in Internet Explorer it's "Save Target As") to download alcanshorty.bfu.
  • Save it in the C:\BFU folder you made earlier
  • Start the Brute Force Uninstaller by doubleclicking the BFU.exe in the C:\BFU folder.
  • In the scriptline to execute copy and paste this line:

    c:\bfu\alcanshorty.bfu

  • Press execute and let it run.
  • Wait for the complete script execution box to popup and press OK.
  • Press exit to terminate the BFU program.

* Run ActiveScan online virus scan here

When the scan is finished, save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan
  • 0

#5
winabi
Posted 20 February 2006 - 05:59 PM

winabi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
I did as you said but not ActiveScan. Every time I would get to the part where you choose where to scan, I can't choose. I get a message in the lower left-hand corner that there was an Error On The Page. I tried downloading the 1-click version of ActiveScan to my desktop but got an error message when accessing that. Something to the effect of, "bad menu handler," or something like that. I've tried a few times to get it to work, but to no avail. I'll keep trying periodically.

I ran XoftSpy and it found live365 cookie and it quarentined it. It used to find Alcan.A and Mugly, but it didn't find it after I ran BFU. I don't know if that helps. :tazz:

I did run BFU and HiJackThis. Here's the HiJackThis log...


Logfile of HijackThis v1.99.1
Scan saved at 6:57:13 PM, on 2/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\bin\ktchnsnk.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\ctfmon.exe
D:\games\steam\steam.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mike\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - URLSearchHook: (no name) - <default> - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HP OfficeJet Series 700] "C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\bin\ktchnsnk.exe" -reg "Software\Hewlett-Packard\OfficeJet Series 700\Install"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "d:\games\steam\steam.exe" -silent
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.billingnow.com
O15 - Trusted Zone: http://*.reliablestats.com
O15 - Trusted Zone: http://*.winantispyware.com
O15 - Trusted Zone: http://*.winantivirus.com
O15 - Trusted Zone: http://*.winantiviruspro.com
O15 - Trusted Zone: http://*.winnanny.com
O15 - Trusted Zone: http://*.winsoftware.com
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} - https://www.windowso...nSSWebAgent.CAB
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/...pcaploader1.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety....lscbase3401.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.pho...hxStudent15.CAB
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave...ownloadCtrl.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (file missing)

Edited by winabi, 20 February 2006 - 06:06 PM.

  • 0

#6
Flrman1
Posted 20 February 2006 - 10:31 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Download DelDomains.inf from here.

Rightclick DelDomains.inf and choose install.


* Click here to download ATF Cleaner by Atribune and save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
  • If you use Firefox:
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera:
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
[*]Click Exit on the Main menu to close the program.
[/list]
* Click Here and download Killbox and save it to your desktop.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to.


* Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

R3 - URLSearchHook: (no name) - <default> - (no file)

O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto

O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150...ip/RdxIE601.cab


* Double-click on Killbox.exe to run it.
  • Put a tick by Delete on Reboot.
  • In the "Full Path of File to Delete" box, copy and paste the following line:

    C:\Program Files\outlook

  • Click on the button that has the red circle with the X in the middle.
  • It will ask for confimation to delete the file on next reboot and ask you if you want to reboot now.
  • Click Yes and let the computer reboot.
* After it reboots, run Kaspersky online virus scan here.

When given the option, choose the "Extended database" for the scan.

When the scan is finished, Save the results from the scan!

Post a new HiJackThis log along with the results from Kaspersky scan
  • 0

#7
winabi
Posted 21 February 2006 - 07:13 AM

winabi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
HIJACKTHIS LOG


Logfile of HijackThis v1.99.1
Scan saved at 8:09:53 AM, on 2/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\bin\ktchnsnk.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\ctfmon.exe
D:\games\steam\steam.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mike\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HP OfficeJet Series 700] "C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\bin\ktchnsnk.exe" -reg "Software\Hewlett-Packard\OfficeJet Series 700\Install"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "d:\games\steam\steam.exe" -silent
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} - https://www.windowso...nSSWebAgent.CAB
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/...pcaploader1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety....lscbase3401.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.pho...hxStudent15.CAB
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave...ownloadCtrl.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (file missing)






KASPERSKY SCAN RESULTS I've also attached the results in a html file for ease of use.

KASPERSKY ON-LINE SCANNER REPORT
Tuesday, February 21, 2006 8:08:56 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 21/02/2006
Kaspersky Anti-Virus database records: 177906
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
G:\
Scan Statistics
Total number of scanned objects 81390
Number of viruses found 4
Number of infected objects 1330
Number of suspicious objects 0
Duration of the scan process 00:30:27

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Administrator\My Documents\Data\all_files2.exe/data0002/data299033.zip/Setup.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
C:\Documents and Settings\Administrator\My Documents\Data\all_files2.exe/data0002/data299033.zip/Files/3.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
C:\Documents and Settings\Administrator\My Documents\Data\all_files2.exe/data0002/data299033.zip/Files/5.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
C:\Documents and Settings\Administrator\My Documents\Data\all_files2.exe/data0002/data299033.zip Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
C:\Documents and Settings\Administrator\My Documents\Data\all_files2.exe/data0002 Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
C:\Documents and Settings\Administrator\My Documents\Data\all_files2.exe/data0004 Infected: Trojan-Downloader.Win32.Apropo.v skipped
C:\Documents and Settings\Administrator\My Documents\Data\all_files2.exe NSIS: infected - 6 skipped
C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files2.exe/data0002/data299033.zip/Setup.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files2.exe/data0002/data299033.zip/Files/3.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files2.exe/data0002/data299033.zip/Files/5.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files2.exe/data0002/data299033.zip Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files2.exe/data0002 Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files2.exe/data0004 Infected: Trojan-Downloader.Win32.Apropo.v skipped
C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files2.exe NSIS: infected - 6 skipped
C:\Documents and Settings\Default User\My Documents\Data\all_files2.exe/data0002/data299033.zip/Setup.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
C:\Documents and Settings\Default User\My Documents\Data\all_files2.exe/data0002/data299033.zip/Files/3.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
C:\Documents and Settings\Default User\My Documents\Data\all_files2.exe/data0002/data299033.zip/Files/5.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
C:\Documents and Settings\Default User\My Documents\Data\all_files2.exe/data0002/data299033.zip Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
C:\Documents and Settings\Default User\My Documents\Data\all_files2.exe/data0002 Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
C:\Documents and Settings\Default User\My Documents\Data\all_files2.exe/data0004 Infected: Trojan-Downloader.Win32.Apropo.v skipped
C:\Documents and Settings\Default User\My Documents\Data\all_files2.exe NSIS: infected - 6 skipped
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files2.exe/data0002/data299033.zip/Setup.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files2.exe/data0002/data299033.zip/Files/3.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files2.exe/data0002/data299033.zip/Files/5.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files2.exe/data0002/data299033.zip Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files2.exe/data0002 Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files2.exe/data0004 Infected: Trojan-Downloader.Win32.Apropo.v skipped
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files2.exe NSIS: infected - 6 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\$500 000Gtd on Pokerstars[Whole Tourney] exe.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\$500 000Gtd on Pokerstars[Whole Tourney] exe.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\$500 000Gtd on Pokerstars[Whole Tourney] exe.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\©bySpikys.WinXP.Corporate.x64.German.(Unattended inkl MUI).zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\©bySpikys.WinXP.Corporate.x64.German.(Unattended inkl MUI).zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\©bySpikys.WinXP.Corporate.x64.German.(Unattended inkl MUI).zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\¥¥¥ Fantasy Art - Louis Royo - Boris Vallejo - Julie Bell - Larry Elmore.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\¥¥¥ Fantasy Art - Louis Royo - Boris Vallejo - Julie Bell - Larry Elmore.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\¥¥¥ Fantasy Art - Louis Royo - Boris Vallejo - Julie Bell - Larry Elmore.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\(ebook pdf) Illustrated TCPIP pdf.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\(ebook pdf) Illustrated TCPIP pdf.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\(ebook pdf) Illustrated TCPIP pdf.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\(MGA) (XBOX) 08 Jan 2006 XBMC XBOX MediaCenter 1 1 0 GasGiver rar.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\(MGA) (XBOX) 08 Jan 2006 XBMC XBOX MediaCenter 1 1 0 GasGiver rar.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\(MGA) (XBOX) 08 Jan 2006 XBMC XBOX MediaCenter 1 1 0 GasGiver rar.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\001Pegasus Fantasy mp3.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\001Pegasus Fantasy mp3.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\001Pegasus Fantasy mp3.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\01-dj hogat - baby cry (radio edit) mp3.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\01-dj hogat - baby cry (radio edit) mp3.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\01-dj hogat - baby cry (radio edit) mp3.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\02 10 06 A Chinese Tall Story 2005 情癲大聖-VCD.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\02 10 06 A Chinese Tall Story 2005 情癲大聖-VCD.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\02 10 06 A Chinese Tall Story 2005 情癲大聖-VCD.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\074 Playboy Hardbodies.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\074 Playboy Hardbodies.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\074 Playboy Hardbodies.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\075 Playboy Pamela Anderson.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\075 Playboy Pamela Anderson.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\075 Playboy Pamela Anderson.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\10 3DRealms Games.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\10 3DRealms Games.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\10 3DRealms Games.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\1080i Band Of Brothers -Ep03 [5.1 DTS].avi.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\1080i Band Of Brothers -Ep03 [5.1 DTS].avi.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\1080i Band Of Brothers -Ep03 [5.1 DTS].avi.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\1994 John Trudell KLOS - Power and Authority.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\1994 John Trudell KLOS - Power and Authority.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\1994 John Trudell KLOS - Power and Authority.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\1998 [bleep]ing Crazy.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\1998 [bleep]ing Crazy.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\1998 [bleep]ing Crazy.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\2000 Libros en español-www trackertomia com rar.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\2000 Libros en español-www trackertomia com rar.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\2000 Libros en español-www trackertomia com rar.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\2001 - Testament - First Strike Still Deadly [www heavytorrents tk].zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\2001 - Testament - First Strike Still Deadly [www heavytorrents tk].zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\2001 - Testament - First Strike Still Deadly [www heavytorrents tk].zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\2005 Les Chevalier Du Ciel by Caiz ナイトオブザスカ&.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\2005 Les Chevalier Du Ciel by Caiz ナイトオブザスカ&.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\2005 Les Chevalier Du Ciel by Caiz ナイトオブザスカ&.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\2006 Turin Olympics Day 5 CBC highlights DIVX Part 2 (missing part).zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\2006 Turin Olympics Day 5 CBC highlights DIVX Part 2 (missing part).zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\2006 Turin Olympics Day 5 CBC highlights DIVX Part 2 (missing part).zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\24 - 24 season 1 complete.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\24 - 24 season 1 complete.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\24 - 24 season 1 complete.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\24 S05E08 HDTV [www tensiontorrent com].zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\24 S05E08 HDTV [www tensiontorrent com].zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\24 S05E08 HDTV [www tensiontorrent com].zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\24 The Game PAL Multi 9 Ita Spa Fra Eng Deu Ces Mag Pol Ned rar.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\24 The Game PAL Multi 9 Ita Spa Fra Eng Deu Ces Mag Pol Ned rar.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\24 The Game PAL Multi 9 Ita Spa Fra Eng Deu Ces Mag Pol Ned rar.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\3 - the anchoress.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\3 - the anchoress.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\3 - the anchoress.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\32 Jimi Hendrix Albums (mp3,wav) (140kbps).zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\32 Jimi Hendrix Albums (mp3,wav) (140kbps).zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\32 Jimi Hendrix Albums (mp3,wav) (140kbps).zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\3D Models 3Ds Medical Skeletal-Anatomy.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\3D Models 3Ds Medical Skeletal-Anatomy.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\3D Models 3Ds Medical Skeletal-Anatomy.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\3D MP3 Sound Recorder v3 9 2 WinALL Cracked-CRD www.TorrentSource.TO.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\3D MP3 Sound Recorder v3 9 2 WinALL Cracked-CRD www.TorrentSource.TO.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\3D MP3 Sound Recorder v3 9 2 WinALL Cracked-CRD www.TorrentSource.TO.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\3D Outer Space Screensaver v1 0 WinAll Incl Keygen-PH www.TorrentSource.TO.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\3D Outer Space Screensaver v1 0 WinAll Incl Keygen-PH www.TorrentSource.TO.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\3D Outer Space Screensaver v1 0 WinAll Incl Keygen-PH www.TorrentSource.TO.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\40 Year Old Virgin Xvid Mp3 Dvdrip Mercifulrelease.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\40 Year Old Virgin Xvid Mp3 Dvdrip Mercifulrelease.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\40 Year Old Virgin Xvid Mp3 Dvdrip Mercifulrelease.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\7 chili in 7 giorni ITA [TNT-Village].zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\7 chili in 7 giorni ITA [TNT-Village].zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\7 chili in 7 giorni ITA [TNT-Village].zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\8 Mile [3ivx XL] Full DVD Res.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\8 Mile [3ivx XL] Full DVD Res.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\8 Mile [3ivx XL] Full DVD Res.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\9 Mozart Symphonies from httpwww.dr.dkP2Mozart250index.htm.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\9 Mozart Symphonies from httpwww.dr.dkP2Mozart250index.htm.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\9 Mozart Symphonies from httpwww.dr.dkP2Mozart250index.htm.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\A collection of Gamehouse Games for Windows incl Keygen.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\A collection of Gamehouse Games for Windows incl Keygen.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\A collection of Gamehouse Games for Windows incl Keygen.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\A Toute Epreuve John Woo FRENCH DVDRIP XVID ChoUeTTe.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\A Toute Epreuve John Woo FRENCH DVDRIP XVID ChoUeTTe.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\A Toute Epreuve John Woo FRENCH DVDRIP XVID ChoUeTTe.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\AA2K6GE Linux.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\AA2K6GE Linux.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\AA2K6GE Linux.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\About CNET Networks.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\About CNET Networks.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\About CNET Networks.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Abuelo Bochinche Vol 1-www trackertomia com zip.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Abuelo Bochinche Vol 1-www trackertomia com zip.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Abuelo Bochinche Vol 1-www trackertomia com zip.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Acdc Discography 19cd.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Acdc Discography 19cd.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Acdc Discography 19cd.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\ACDC Live.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\ACDC Live.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\ACDC Live.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\ACDSee V8.0.41 Mult-Lang[DEU,ENG,ITA] + Patch.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\ACDSee V8.0.41 Mult-Lang[DEU,ENG,ITA] + Patch.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\ACDSee V8.0.41 Mult-Lang[DEU,ENG,ITA] + Patch.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\ACE Mega CodecS Pack 6 03 - Professional Edition.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\ACE Mega CodecS Pack 6 03 - Professional Edition.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\ACE Mega CodecS Pack 6 03 - Professional Edition.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Adobe Acrobat 7 0 Professional Incl Keygen Paradox.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Adobe Acrobat 7 0 Professional Incl Keygen Paradox.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Adobe Acrobat 7 0 Professional Incl Keygen Paradox.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Adobe Acrobat 7.0 Professional ENGLISH incl Keygen.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Adobe Acrobat 7.0 Professional ENGLISH incl Keygen.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Adobe Acrobat 7.0 Professional ENGLISH incl Keygen.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Adobe Acrobate 7 0 Pro rar.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Adobe Acrobate 7 0 Pro rar.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Adobe Acrobate 7 0 Pro rar.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Adobe Audition V2 0 English Www Pctorrent Com.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Adobe Audition V2 0 English Www Pctorrent Com.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Adobe Audition V2 0 English Www Pctorrent Com.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Adobe Photoshop CS2 incl KeyGen.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Adobe Photoshop CS2 incl KeyGen.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Adobe Photoshop CS2 incl KeyGen.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Adobe Photoshop CS2 ISO iso.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Adobe Photoshop CS2 ISO iso.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Adobe Photoshop CS2 ISO iso.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Adobe Photoshop Cs2 Iso Keygen.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Adobe Photoshop Cs2 Iso Keygen.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Adobe Photoshop Cs2 Iso Keygen.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Adobe Premiere Pro 7 0.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Adobe Premiere Pro 7 0.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Adobe Premiere Pro 7 0.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Advanced search.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Advanced search.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Advanced search.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Aeon Flux SeeRax FRENCH avi.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Aeon Flux SeeRax FRENCH avi.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Aeon Flux SeeRax FRENCH avi.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Aerosol Crimes (AKA Chemtrails).zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Aerosol Crimes (AKA Chemtrails).zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Aerosol Crimes (AKA Chemtrails).zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Ahead Nero V7 0 Premium Edition.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Ahead Nero V7 0 Premium Edition.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Ahead Nero V7 0 Premium Edition.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Air - Premiers Symptomes (1999) [FLAC].zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Air - Premiers Symptomes (1999) [FLAC].zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Air - Premiers Symptomes (1999) [FLAC].zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Air America Radio - The Al Franken Show 021606 [mp3].zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Air America Radio - The Al Franken Show 021606 [mp3].zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Air America Radio - The Al Franken Show 021606 [mp3].zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Air America Radio - The Majority Report 021506 [mp3].zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Air America Radio - The Majority Report 021506 [mp3].zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Air America Radio - The Majority Report 021506 [mp3].zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Air America Radio - The Mark Riley Show 021606 [mp3].zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Air America Radio - The Mark Riley Show 021606 [mp3].zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Air America Radio - The Mark Riley Show 021606 [mp3].zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Air America Radio - The Mike Malloy Show 021506 [mp3].zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Air America Radio - The Mike Malloy Show 021506 [mp3].zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Air America Radio - The Mike Malloy Show 021506 [mp3].zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Air America Radio - The Rachel Maddow Show 021606 [mp3].zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Air America Radio - The Rachel Maddow Show 021606 [mp3].zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Air America Radio - The Rachel Maddow Show 021606 [mp3].zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Air America Radio - The Randi Rhodes Show 021506 [mp3].zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Air America Radio - The Randi Rhodes Show 021506 [mp3].zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Air America Radio - The Randi Rhodes Show 021506 [mp3].zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Air Crash Investigations Season 1.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Air Crash Investigations Season 1.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Air Crash Investigations Season 1.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Akira - Volume 1-4 (Color Version).zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Akira - Volume 1-4 (Color Version).zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Akira - Volume 1-4 (Color Version).zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Alan Greenspan - CFR Conference 2005.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Alan Greenspan - CFR Conference 2005.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Alan Greenspan - CFR Conference 2005.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Alan Moore's Watchmen (comic book).zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Alan Moore's Watchmen (comic book).zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Alan Moore's Watchmen (comic book).zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Alcohol 120 1 9 3105 Latest Corporate Edition With Patch.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Alcohol 120 1 9 3105 Latest Corporate Edition With Patch.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Alcohol 120 1 9 3105 Latest Corporate Edition With Patch.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Alex Jones Radio Show February 17 2006.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Alex Jones Radio Show February 17 2006.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Alex Jones Radio Show February 17 2006.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Alice In Chains - Alice In Chains.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Alice In Chains - Alice In Chains.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Alice In Chains - Alice In Chains.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Alice In Chains - Face lift.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Alice In Chains - Face lift.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Alice In Chains - Face lift.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Alice In Chains - Unplugged (EAC.LAME).zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Alice In Chains - Unplugged (EAC.LAME).zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Alice In Chains - Unplugged (EAC.LAME).zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Alicia Keys Complete Collection.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Alicia Keys Complete Collection.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Alicia Keys Complete Collection.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Alicia Keys Every Little Bit Hurts Ramvideostimka Mpg.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Alicia Keys Every Little Bit Hurts Ramvideostimka Mpg.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Alicia Keys Every Little Bit Hurts Ramvideostimka Mpg.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Alien Arena 2006 Gold Edition.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Alien Arena 2006 Gold Edition.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Alien Arena 2006 Gold Edition.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\All Software.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\All Software.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\All Software.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Alpha blondy-5-Albumsmp3-doum13 Frt.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Alpha blondy-5-Albumsmp3-doum13 Frt.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Alpha blondy-5-Albumsmp3-doum13 Frt.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\ALTARIA - The Fallen Empire - Promo - 2006 [www heavytorrents tk].zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\ALTARIA - The Fallen Empire - Promo - 2006 [www heavytorrents tk].zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\ALTARIA - The Fallen Empire - Promo - 2006 [www heavytorrents tk].zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Amel Bent.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Amel Bent.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Amel Bent.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\America's Army rar.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\America's Army rar.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\America's Army rar.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\American Idol S05E10 HDTV XviD-XOR [eztv].zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\American Idol S05E10 HDTV XviD-XOR [eztv].zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\American Idol S05E10 HDTV XviD-XOR [eztv].zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\An American Werewolf In Paris avi.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\An American Werewolf In Paris avi.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\An American Werewolf In Paris avi.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Ana & Jorge.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Ana & Jorge.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Ana & Jorge.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Ana Gabriel - Dos Amores Un Amante MP3 Bitrate 256 Covers.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Ana Gabriel - Dos Amores Un Amante MP3 Bitrate 256 Covers.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Ana Gabriel - Dos Amores Un Amante MP3 Bitrate 256 Covers.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Ana Gabriel - Joyas de Dos Siglos MP3 Bitrate 256 Covers.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Ana Gabriel - Joyas de Dos Siglos MP3 Bitrate 256 Covers.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Ana Gabriel - Joyas de Dos Siglos MP3 Bitrate 256 Covers.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Ana Gabriel - Mi Mexico MP3 Bitrate 256 Covers.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Ana Gabriel - Mi Mexico MP3 Bitrate 256 Covers.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Ana Gabriel - Mi Mexico MP3 Bitrate 256 Covers.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Anapod 8 5 9a + patch fixed + anapod copygear 2 0 Full working By Pifitas.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Anapod 8 5 9a + patch fixed + anapod copygear 2 0 Full working By Pifitas.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Anapod 8 5 9a + patch fixed + anapod copygear 2 0 Full working By Pifitas.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Anastacia Pieces Of A Dream 2005 Cd 3vid Covers.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Anastacia Pieces Of A Dream 2005 Cd 3vid Covers.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Anastacia Pieces Of A Dream 2005 Cd 3vid Covers.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Andrzej Mleczko - Najlepsze Rysunki [PL] [PDF].zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Andrzej Mleczko - Najlepsze Rysunki [PL] [PDF].zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Andrzej Mleczko - Najlepsze Rysunki [PL] [PDF].zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Animales Heridos TS www.freakdivx.com.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Animales Heridos TS www.freakdivx.com.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Animales Heridos TS www.freakdivx.com.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Anime-Keep Monster 1-26.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Anime-Keep Monster 1-26.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Anime-Keep Monster 1-26.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Anime-Keep Monster 27-52.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Anime-Keep Monster 27-52.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Anime-Keep Monster 27-52.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Anthology, Vol 1- Greatest Hits (.wma files).zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Anthology, Vol 1- Greatest Hits (.wma files).zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Anthology, Vol 1- Greatest Hits (.wma files).zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Aqua Teen Hunger Force - 405 - Chirpy wmv.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Aqua Teen Hunger Force - 405 - Chirpy wmv.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Aqua Teen Hunger Force - 405 - Chirpy wmv.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\ARABIC Nancy Agram - Ya Atabtab - 2006 - 192KBS [WWW TORRENTAT UNI CC].zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\ARABIC Nancy Agram - Ya Atabtab - 2006 - 192KBS [WWW TORRENTAT UNI CC].zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\ARABIC Nancy Agram - Ya Atabtab - 2006 - 192KBS [WWW TORRENTAT UNI CC].zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Arctic Monkeys Whatever People 2006 Cd Vid Cov.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Arctic Monkeys Whatever People 2006 Cd Vid Cov.zip.bac_a04088 ZIP: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Arctic Monkeys Whatever People 2006 Cd Vid Cov.zip.bac_a04088 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Arctic Monkeys-Whatever People Say I Am Thats What Im Not-CD-2006-LOSSLESS-QiE.zip.bac_a04088/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Mike\.housecall\Quarantine\Arctic Monkeys-Whatever People Say I Am T
  • 0

#8
Flrman1
Posted 21 February 2006 - 06:10 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Delete the C:\Documents and Settings\Mike\.housecall folder then empty the Recycle Bin.


* Double-click on Killbox.exe to run it.
  • Put a tick by Delete on Reboot.
  • In the "Full Path of File to Delete" box, copy and paste the following line:

    C:\Documents and Settings\Default User\My Documents\Data\Data\all_files2.exe

  • Click on the button that has the red circle with the X in the middle.
  • It will ask for confimation to delete the file on next reboot and ask you if you want to reboot now.
  • Click Yes and let the computer reboot.
* After it reboots, open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here.
  • 0

#9
winabi
Posted 21 February 2006 - 06:46 PM

winabi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Here's the list...


3DMark03
Ad-Aware SE Personal
Adobe Reader 7.0.5
Adobe SVG Viewer 3.0
Adobe Type Manager Deluxe 4.1
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
CardRd81
CCScore
CleanUp!
ComcastSUPPORT
CR2
Dr Watson for Microsoft Windows OneCare Live v0.9.0929.18
Easy CD Ripper 2.20
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSEMAIL
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
ESSTUTOR
essvcpt
ESSvpaht
ESSvpot
ewido anti-malware
FlashMenu
Google Gmail Notifier
Google Toolbar for Internet Explorer
GTK+ Runtime 2.6.9 rev a (remove only)
Hardware Doctor
HijackThis 1.99.1
HLPIndex
HLPPDOCK
HLPSFO
HP OfficeJet Series 700 (Remove Only)
HydraVision
irock! Download Manager
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment Standard Edition v1.3.1_04
Kaspersky On-line Scanner
Kodak EasyShare software
KSU
Medal of Honor Allied Assault
Medal of Honor Allied Assault™ Spearhead
Medal of Honor Allied Assault™ Spearhead
Medal of Honor Allied Assault™ Spearhead Patch 2.15
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Data Access Components KB870669
Microsoft Windows Journal Viewer
Mozilla Firefox (1.5)
MSN Music Assistant
MSN Search Toolbar
MSXML 4.0 SP2 Parser and SDK
Nero Media Player
Nero OEM
NeroMIX
NeroVision Express 2 SE
Notifier
NVIDIA Drivers
OfotoXMI
OTtBP
OTtBPSDK
Panda ActiveScan
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
SFR
SHASTA
SKIN0001
SKINXSDK
Spybot - Search & Destroy 1.3.1 TX
Steam
TrojanHunter 4.2
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar (Remove Only)
VPRINTOL
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Live Safety scanner
Windows Media Format Runtime
Windows Media Player 10
Windows Rights Management client
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WIRELESS
Wireless LAN Utility
XoftSpy
  • 0

#10
Flrman1
Posted 21 February 2006 - 07:04 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Go to Add/Remove programs and uninstall all these old vulnerable version of Java:

J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
Java 2 Runtime Environment Standard Edition v1.3.1_04

Leave this one installed:

J2SE Runtime Environment 5.0 Update 6


Also uninstall these:

Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar (Remove Only)

How is everything now?
  • 0

Advertisements

#11
winabi
Posted 22 February 2006 - 08:01 AM

winabi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Everything seems to be working fine. Thank you so much for your help. I really appreciate you taking the time out to of your life to help me.


I have a couple of questions though concerning all of this and what you did. The two files or infections that I listed in the topic of this thread—are they gone?

The only scan that I saw that detected these is Trend Micro's Housecall. I was going to run the scan again last night but I remember you having me delete the .housecall folder in my documents and settings folder. Is that folder from the online scan? I didn't run the scan b/c I didn't want to back step.



Also, which anti-virus or anti-malware program do you suggest in getting? I've read in some review sites that BitDefender ranks the highest, but your site suggests Ewido. Your thoughts?
  • 0

#12
Flrman1
Posted 22 February 2006 - 06:18 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Yes those files should be gone now.

Housecall will recreate that folder if you want to do the scan again.

I recommend Nod32 above all other antiviruses myself:

http://www.nod32.com/home/home.htm


* Check this out for info on how to tighten your security settings and some good free tools to help prevent this from happening again.


* Now turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.
  • 0

#13
winabi
Posted 23 February 2006 - 07:16 AM

winabi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Housecall is still detecting those files that I posted in the title of this thread. Could these files be in a backup file or quarentined file?


Here's my hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 8:15:33 AM, on 2/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\bin\ktchnsnk.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\games\steam\steam.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\Mike\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HP OfficeJet Series 700] "C:\Program Files\Hewlett-Packard\HP OfficeJet Series 700\bin\ktchnsnk.exe" -reg "Software\Hewlett-Packard\OfficeJet Series 700\Install"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "d:\games\steam\steam.exe" -silent
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} - https://www.windowso...nSSWebAgent.CAB
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/...pcaploader1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety....lscbase3401.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.pho...hxStudent15.CAB
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave...ownloadCtrl.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (file missing)
  • 0

#14
Flrman1
Posted 23 February 2006 - 05:37 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Are these the two files?

ADW_SE.76892 & ADW_SE.76889

Those look like reference files for Adaware. Does it give you any more info? Does it give the full file path or location?
  • 0

#15
winabi
Posted 23 February 2006 - 06:28 PM

winabi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
It doesn't give any other information regarding the files. It just labels them Adware.

I did a search for the files and it came up blank.

Should I try uninstalling ad-aware to see if they're associated with the program?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP