Exception Processing Message - ready to throw computer at brick wall

[Berna]

I deleted all nsx35.dll files, ran a hijack scan and did the repairs, did the remove.bat and installed UnHookExec.inf.

Quote:

Then try it again - delete the existing copy of HijackThis, and download a fresh copy from here to your desktop, and click the downloaded file to run the repair

I'm assuming you meant combofix so I deleted combofix files, downloaded from the link provided and attempted to run a combofix scan but the log is blank. It changed my clock setting but that was it.

I went ahead and ran another hijack log though:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:51, on 2008-01-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Roxio\MyDVD\MyDVD\DetectorApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Roxio\MyDVD\MyDVD\USBDeviceService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Nee Dobbs\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.knology.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://security.symantec.com/default...n-us&venid=sym
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Roxio\MyDVD\MyDVD\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\PINNAC~1\PPE\PPE.EXE
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1135319494359
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/down.../OTOYAX29b.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/pla.../installer.exe
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?322
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0A146A3-12D5-45D7-A360-25D5791140CA}: NameServer = 192.168.2.1
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Roxio\MyDVD\MyDVD\USBDeviceService.exe

--
End of file - 8253 bytes

[Jintan]

ComboFix is a good tool for this application, which is why we keep going back to that. Since it is still being blocked we have more active issues to address likely, but sure is looking much better here. Let's check against a scan if you can run that now.

Go here and run the Kaspersky online scan, and post back the log it creates (it requires IE).

To use the scan, accept the agreement and make sure you allow the ActiveX object to download and install (check the "yellow bar" at the top of IE if needed to allow this). Once the download has completed click Next, then Scan Settings, then make sure the "extended option" is checked (leave all others as they are) and click OK. Then click "My Computer" to begin the scan. Save the Report as a text file and post that back here.

To save it as a text file, still with the page in Internet Explorer, go to the top of the page and select File - Save As... Then make sure in the "Save as type" drop down you change it to "Text File(*.txt)".


Failing that instead Run F-Secure's online scanner here. You will need to use IE and allow the activeX controls to load. Click Full System Scan and allow the components to download and the scan to complete. If malware is found during the scan, check Submit Samples to F-Secure then select Automatic cleaning. When the scan has finished, click the Show Report button and copy and paste the entire report in your next reply.


If you continue to have problems with it use the beta version here instead.

[Berna]

Here is the results of the 5 hour Kaspersky Online scan :

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2008-01-12 00:13
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 11/01/2008
Kaspersky Anti-Virus database records: 508067
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 494576
Number of viruses found: 57
Number of infected objects: 285
Number of suspicious objects: 0
Duration of the scan process: 05:04:19

Infected Object Name / Virus Name / Last Action
C:\avenger\backup.zip/avenger/azftzw.dll Infected: Backdoor.Win32.PcClient.aqq skipped
C:\avenger\backup.zip/avenger/Down(2).exe Infected: Backdoor.Win32.PcClient.ari skipped
C:\avenger\backup.zip/avenger/Down(3).exe Infected: Backdoor.Win32.PcClient.ari skipped
C:\avenger\backup.zip/avenger/Down(4).exe Infected: Backdoor.Win32.PcClient.ari skipped
C:\avenger\backup.zip/avenger/Down(5).exe Infected: Backdoor.Win32.PcClient.ari skipped
C:\avenger\backup.zip/avenger/Flower.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
C:\avenger\backup.zip/avenger/svchst.exe Infected: Trojan-PSW.Win32.OnLineGames.ijq skipped
C:\avenger\backup.zip/avenger/test.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
C:\avenger\backup.zip ZIP: infected - 8 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip/popinstall.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip/a.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Desktop\Disney Pix Micro Downloader.lnk Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Nee Dobbs\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Nee Dobbs\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.9b7949a.ini. inuse Object is locked skipped
C:\Documents and Settings\Nee Dobbs\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Nee Dobbs\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Nee Dobbs\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Nee Dobbs\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Nee Dobbs\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Nee Dobbs\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Nee Dobbs\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Nee Dobbs\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Nee Dobbs\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Nee Dobbs\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Nee Dobbs\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Nee Dobbs\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Nee Dobbs\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Nee Dobbs\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Nee Dobbs\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Nee Dobbs\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Nee Dobbs\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Nee Dobbs\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Nee Dobbs\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\Nee Dobbs\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\Nee Dobbs\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Nee Dobbs\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Nee Dobbs\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Nee Dobbs\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Nee Dobbs\Local Settings\Application Data\Identities\{68C8549C-B54C-49C8-AE06-8BBD06069FA8}\Microsoft\Outlook Express\JIT SUPPLIER MALL.dbx/[From "JASON HOLMES" <jholmes@jitservices.com>][Date Tue, 22 Jun 2004 14:59:05 -0500]/RADMIN21.EXE/AdmDll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
C:\Documents and Settings\Nee Dobbs\Local Settings\Application Data\Identities\{68C8549C-B54C-49C8-AE06-8BBD06069FA8}\Microsoft\Outlook Express\JIT SUPPLIER MALL.dbx/[From "JASON HOLMES" <jholmes@jitservices.com>][Date Tue, 22 Jun 2004 14:59:05 -0500]/RADMIN21.EXE/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
C:\Documents and Settings\Nee Dobbs\Local Settings\Application Data\Identities\{68C8549C-B54C-49C8-AE06-8BBD06069FA8}\Microsoft\Outlook Express\JIT SUPPLIER MALL.dbx/[From "JASON HOLMES" <jholmes@jitservices.com>][Date Tue, 22 Jun 2004 14:59:05 -0500]/RADMIN21.EXE/radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
C:\Documents and Settings\Nee Dobbs\Local Settings\Application Data\Identities\{68C8549C-B54C-49C8-AE06-8BBD06069FA8}\Microsoft\Outlook Express\JIT SUPPLIER MALL.dbx/[From "JASON HOLMES" <jholmes@jitservices.com>][Date Tue, 22 Jun 2004 14:59:05 -0500]/RADMIN21.EXE/r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
C:\Documents and Settings\Nee Dobbs\Local Settings\Application Data\Identities\{68C8549C-B54C-49C8-AE06-8BBD06069FA8}\Microsoft\Outlook Express\JIT SUPPLIER MALL.dbx/[From "JASON HOLMES" <jholmes@jitservices.com>][Date Tue, 22 Jun 2004 14:59:05 -0500]/RADMIN21.EXE Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
C:\Documents and Settings\Nee Dobbs\Local Settings\Application Data\Identities\{68C8549C-B54C-49C8-AE06-8BBD06069FA8}\Microsoft\Outlook Express\JIT SUPPLIER MALL.dbx Mail MS Outlook 5: infected - 5 skipped
C:\Documents and Settings\Nee Dobbs\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped
C:\Documents and Settings\Nee Dobbs\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Nee Dobbs\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Nee Dobbs\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Nee Dobbs\Local Settings\History\History.IE5\MSHist012008011120080 112\index.dat Object is locked skipped
C:\Documents and Settings\Nee Dobbs\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Nee Dobbs\Local Settings\Temp\~DF46F4.tmp Object is locked skipped
C:\Documents and Settings\Nee Dobbs\Local Settings\Temp\~ROMFN_00000768 Object is locked skipped
C:\Documents and Settings\Nee Dobbs\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Nee Dobbs\My Documents\Downloads\codec.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\Documents and Settings\Nee Dobbs\My Documents\Outlook Express Backup\Outlook\outlook.pst/Personal Folders/JIT SUPPLIER MALL/22 Jun 2004 19:58 to rdobbs@jitservices.com:Remote Admin for the/RADMIN21.EXE/AdmDll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
C:\Documents and Settings\Nee Dobbs\My Documents\Outlook Express Backup\Outlook\outlook.pst/Personal Folders/JIT SUPPLIER MALL/22 Jun 2004 19:58 to rdobbs@jitservices.com:Remote Admin for the/RADMIN21.EXE/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
C:\Documents and Settings\Nee Dobbs\My Documents\Outlook Express Backup\Outlook\outlook.pst/Personal Folders/JIT SUPPLIER MALL/22 Jun 2004 19:58 to rdobbs@jitservices.com:Remote Admin for the/RADMIN21.EXE/radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
C:\Documents and Settings\Nee Dobbs\My Documents\Outlook Express Backup\Outlook\outlook.pst/Personal Folders/JIT SUPPLIER MALL/22 Jun 2004 19:58 to rdobbs@jitservices.com:Remote Admin for the/RADMIN21.EXE/r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
C:\Documents and Settings\Nee Dobbs\My Documents\Outlook Express Backup\Outlook\outlook.pst/Personal Folders/JIT SUPPLIER MALL/22 Jun 2004 19:58 to rdobbs@jitservices.com:Remote Admin for the/RADMIN21.EXE Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
C:\Documents and Settings\Nee Dobbs\My Documents\Outlook Express Backup\Outlook\outlook.pst Mail MS Mail: infected - 5 skipped
C:\Documents and Settings\Nee Dobbs\My Documents\Outlook Express Backup\Outlook Express\JIT SUPPLIER MALL.dbx/[From "JASON HOLMES" <jholmes@jitservices.com>][Date Tue, 22 Jun 2004 14:59:05 -0500]/RADMIN21.EXE/AdmDll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
C:\Documents and Settings\Nee Dobbs\My Documents\Outlook Express Backup\Outlook Express\JIT SUPPLIER MALL.dbx/[From "JASON HOLMES" <jholmes@jitservices.com>][Date Tue, 22 Jun 2004 14:59:05 -0500]/RADMIN21.EXE/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
C:\Documents and Settings\Nee Dobbs\My Documents\Outlook Express Backup\Outlook Express\JIT SUPPLIER MALL.dbx/[From "JASON HOLMES" <jholmes@jitservices.com>][Date Tue, 22 Jun 2004 14:59:05 -0500]/RADMIN21.EXE/radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
C:\Documents and Settings\Nee Dobbs\My Documents\Outlook Express Backup\Outlook Express\JIT SUPPLIER MALL.dbx/[From "JASON HOLMES" <jholmes@jitservices.com>][Date Tue, 22 Jun 2004 14:59:05 -0500]/RADMIN21.EXE/r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
C:\Documents and Settings\Nee Dobbs\My Documents\Outlook Express Backup\Outlook Express\JIT SUPPLIER MALL.dbx/[From "JASON HOLMES" <jholmes@jitservices.com>][Date Tue, 22 Jun 2004 14:59:05 -0500]/RADMIN21.EXE Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
C:\Documents and Settings\Nee Dobbs\My Documents\Outlook Express Backup\Outlook Express\JIT SUPPLIER MALL.dbx Mail MS Outlook 5: infected - 5 skipped
C:\Documents and Settings\Nee Dobbs\My Documents\Outlook Express Backup\outlook.pst/Personal Folders/JIT SUPPLIER MALL/22 Jun 2004 19:58 to rdobbs@jitservices.com:Remote Admin for the/RADMIN21.EXE/AdmDll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
C:\Documents and Settings\Nee Dobbs\My Documents\Outlook Express Backup\outlook.pst/Personal Folders/JIT SUPPLIER MALL/22 Jun 2004 19:58 to rdobbs@jitservices.com:Remote Admin for the/RADMIN21.EXE/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
C:\Documents and Settings\Nee Dobbs\My Documents\Outlook Express Backup\outlook.pst/Personal Folders/JIT SUPPLIER MALL/22 Jun 2004 19:58 to rdobbs@jitservices.com:Remote Admin for the/RADMIN21.EXE/radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
C:\Documents and Settings\Nee Dobbs\My Documents\Outlook Express Backup\outlook.pst/Personal Folders/JIT SUPPLIER MALL/22 Jun 2004 19:58 to rdobbs@jitservices.com:Remote Admin for the/RADMIN21.EXE/r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
C:\Documents and Settings\Nee Dobbs\My Documents\Outlook Express Backup\outlook.pst/Personal Folders/JIT SUPPLIER MALL/22 Jun 2004 19:58 to rdobbs@jitservices.com:Remote Admin for the/RADMIN21.EXE Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
C:\Documents and Settings\Nee Dobbs\My Documents\Outlook Express Backup\outlook.pst Mail MS Mail: infected - 5 skipped

[Berna]

C:\Documents and Settings\Nee Dobbs\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Nee Dobbs\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Nee Dobbs\Shared\02 Track 2.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\Nee Dobbs\Shared\06 Track 6.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\Nee Dobbs\Shared\Rare Recording.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\Nee Dobbs\Shared\really rosie 54.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Documents and Settings\Nee Dobbs\Shared\Sexy power cdg.zip/setup.exe/data0009/stream/data0004 Infected: not-a-virus:AdWare.Win32.TrafficSol.o skipped
C:\Documents and Settings\Nee Dobbs\Shared\Sexy power cdg.zip/setup.exe/data0009/stream Infected: not-a-virus:AdWare.Win32.TrafficSol.o skipped
C:\Documents and Settings\Nee Dobbs\Shared\Sexy power cdg.zip/setup.exe/data0009 Infected: not-a-virus:AdWare.Win32.TrafficSol.o skipped
C:\Documents and Settings\Nee Dobbs\Shared\Sexy power cdg.zip/setup.exe Infected: not-a-virus:AdWare.Win32.TrafficSol.o skipped
C:\Documents and Settings\Nee Dobbs\Shared\Sexy power cdg.zip ZIP: infected - 4 skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\I386\JIT SUPPLIER MALL.dbx/[From "JASON HOLMES" <jholmes@jitservices.com>][Date Tue, 22 Jun 2004 14:59:05 -0500]/RADMIN21.EXE/AdmDll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
C:\I386\JIT SUPPLIER MALL.dbx/[From "JASON HOLMES" <jholmes@jitservices.com>][Date Tue, 22 Jun 2004 14:59:05 -0500]/RADMIN21.EXE/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
C:\I386\JIT SUPPLIER MALL.dbx/[From "JASON HOLMES" <jholmes@jitservices.com>][Date Tue, 22 Jun 2004 14:59:05 -0500]/RADMIN21.EXE/radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
C:\I386\JIT SUPPLIER MALL.dbx/[From "JASON HOLMES" <jholmes@jitservices.com>][Date Tue, 22 Jun 2004 14:59:05 -0500]/RADMIN21.EXE/r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
C:\I386\JIT SUPPLIER MALL.dbx/[From "JASON HOLMES" <jholmes@jitservices.com>][Date Tue, 22 Jun 2004 14:59:05 -0500]/RADMIN21.EXE Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
C:\I386\JIT SUPPLIER MALL.dbx Mail MS Outlook 5: infected - 5 skipped
C:\Program Files\Internet Explorer\IP.exe Infected: Trojan.Win32.VB.bml skipped
C:\Program Files\Internet Explorer\realplayerupdate20071205.exe Infected: Trojan.Win32.VB.bmm skipped
C:\Program Files\Internet Explorer\systemupdate20071106.exe Infected: Trojan.Win32.VB.bmp skipped
C:\Program Files\Outlook Express\JIT SUPPLIER MALL.dbx/[From "JASON HOLMES" <jholmes@jitservices.com>][Date Tue, 22 Jun 2004 14:59:05 -0500]/RADMIN21.EXE/AdmDll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
C:\Program Files\Outlook Express\JIT SUPPLIER MALL.dbx/[From "JASON HOLMES" <jholmes@jitservices.com>][Date Tue, 22 Jun 2004 14:59:05 -0500]/RADMIN21.EXE/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
C:\Program Files\Outlook Express\JIT SUPPLIER MALL.dbx/[From "JASON HOLMES" <jholmes@jitservices.com>][Date Tue, 22 Jun 2004 14:59:05 -0500]/RADMIN21.EXE/radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
C:\Program Files\Outlook Express\JIT SUPPLIER MALL.dbx/[From "JASON HOLMES" <jholmes@jitservices.com>][Date Tue, 22 Jun 2004 14:59:05 -0500]/RADMIN21.EXE/r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
C:\Program Files\Outlook Express\JIT SUPPLIER MALL.dbx/[From "JASON HOLMES" <jholmes@jitservices.com>][Date Tue, 22 Jun 2004 14:59:05 -0500]/RADMIN21.EXE Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
C:\Program Files\Outlook Express\JIT SUPPLIER MALL.dbx Mail MS Outlook 5: infected - 5 skipped
C:\Program Files\Radmin\radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 skipped
C:\Program Files\Radmin\r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 skipped
C:\qoobox\Quarantine\C\Program Files\outlook\p.zip.vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\qoobox\Quarantine\C\Program Files\outlook\p.zip.vir ZIP: infected - 1 skipped
C:\qoobox\Quarantine\C\Program Files\outlook\v.tmp.vir Infected: P2P-Worm.Win32.VB.dw skipped
C:\RECYCLER\S-1-5-21-278548722-2186578614-1111229813-1006\Dc62.exe/data0009/stream/data0004 Infected: not-a-virus:AdWare.Win32.NewWeb.ay skipped
C:\RECYCLER\S-1-5-21-278548722-2186578614-1111229813-1006\Dc62.exe/data0009/stream Infected: not-a-virus:AdWare.Win32.NewWeb.ay skipped
C:\RECYCLER\S-1-5-21-278548722-2186578614-1111229813-1006\Dc62.exe/data0009 Infected: not-a-virus:AdWare.Win32.NewWeb.ay skipped
C:\RECYCLER\S-1-5-21-278548722-2186578614-1111229813-1006\Dc62.exe NSIS: infected - 3 skipped
C:\RECYCLER\S-1-5-21-278548722-2186578614-1111229813-1006\Dc63.exe Infected: not-a-virus:AdWare.Win32.Agent.zk skipped
C:\RECYCLER\S-1-5-21-278548722-2186578614-1111229813-1006\Dc64.zip/setup.exe/data0009/stream/data0004 Infected: not-a-virus:AdWare.Win32.NewWeb.ay skipped
C:\RECYCLER\S-1-5-21-278548722-2186578614-1111229813-1006\Dc64.zip/setup.exe/data0009/stream Infected: not-a-virus:AdWare.Win32.NewWeb.ay skipped
C:\RECYCLER\S-1-5-21-278548722-2186578614-1111229813-1006\Dc64.zip/setup.exe/data0009 Infected: not-a-virus:AdWare.Win32.NewWeb.ay skipped
C:\RECYCLER\S-1-5-21-278548722-2186578614-1111229813-1006\Dc64.zip/setup.exe Infected: not-a-virus:AdWare.Win32.NewWeb.ay skipped
C:\RECYCLER\S-1-5-21-278548722-2186578614-1111229813-1006\Dc64.zip ZIP: infected - 4 skipped
C:\RECYCLER\S-1-5-21-278548722-2186578614-1111229813-1006\Dc66.exe/data0009/stream/data0004 Infected: not-a-virus:AdWare.Win32.TrafficSol.o skipped
C:\RECYCLER\S-1-5-21-278548722-2186578614-1111229813-1006\Dc66.exe/data0009/stream Infected: not-a-virus:AdWare.Win32.TrafficSol.o skipped
C:\RECYCLER\S-1-5-21-278548722-2186578614-1111229813-1006\Dc66.exe/data0009 Infected: not-a-virus:AdWare.Win32.TrafficSol.o skipped
C:\RECYCLER\S-1-5-21-278548722-2186578614-1111229813-1006\Dc66.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1301\A0148972.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1302\A0148980.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1303\A0149021.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1304\A0150338.lnk Object is locked skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1304\A0153761.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1306\A0153808.rbf Object is locked skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1308\A0154007.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1308\A0154021.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1309\A0154036.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1310\A0154041.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1311\A0154969.rbf Object is locked skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1311\A0154970.rbf Object is locked skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1312\A0155120.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1312\A0155156.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1316\A0156358.exe Infected: Backdoor.Win32.PcClient.ari skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1316\A0157396.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1331\A0188495.exe Infected: not-a-virus:AdTool.Win32.VB.e skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1336\A0192001.dll Infected: not-a-virus:AdWare.Win32.NewWeb.ay skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1336\A0192016.dll Infected: not-a-virus:AdWare.Win32.Agent.zm skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1336\A0192156.dll Infected: Backdoor.Win32.PcClient.aqq skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1336\A0192169.exe Infected: Backdoor.Win32.PcClient.ari skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1336\A0192180.exe Infected: Backdoor.Win32.PcClient.ari skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1336\A0192183.exe Infected: Backdoor.Win32.PcClient.ari skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1336\A0192184.exe Infected: Backdoor.Win32.PcClient.ari skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1336\A0192190.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1336\A0192196.exe Infected: Trojan-PSW.Win32.OnLineGames.ijq skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1336\A0192197.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1339\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{FAFC1E 1A-4C31-4845-8247-438E1EE26504}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\DISDN\Flower.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
C:\WINDOWS\SYSTEM32\gxobza.dll Infected: Backdoor.Win32.PcClient.aqq skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MA P Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MA P Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\WINDOWS\SYSTEM\SHAgentNew.dll Infected: not-a-virus:AdWare.Win32.Sahat.g skipped
F:\WINDOWS\SYSTEM\IAicemm.dll Infected: Trojan-Dropper.Win32.Small.abd skipped
F:\WINDOWS\SYSTEM\SWRT01.dll Infected: not-a-virus:AdWare.Win32.VirtualBouncer.g skipped
F:\WINDOWS\SYSTEM\70tovmto.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped
F:\WINDOWS\All Users\Application Data\X0ff\X0ff.dll Infected: not-a-virus:AdWare.Win32.RiverAd.d skipped
F:\WINDOWS\cnbabeie.exe/data0008 Infected: not-a-virus:AdWare.Win32.CommonName.b skipped
F:\WINDOWS\cnbabeie.exe/data0009 Infected: not-a-virus:AdWare.Win32.CommonName.d skipped
F:\WINDOWS\cnbabeie.exe/data0010 Infected: not-a-virus:AdWare.Win32.CommonName.d skipped
F:\WINDOWS\cnbabeie.exe NSIS: infected - 3 skipped
F:\WINDOWS\Desktop\Outlook Express Backup\outlook.pst/Personal Folders/JIT SUPPLIER MALL/22 Jun 2004 19:58 to rdobbs@jitservices.com:Remote Admin for the/RADMIN21.EXE/AdmDll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
F:\WINDOWS\Desktop\Outlook Express Backup\outlook.pst/Personal Folders/JIT SUPPLIER MALL/22 Jun 2004 19:58 to rdobbs@jitservices.com:Remote Admin for the/RADMIN21.EXE/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
F:\WINDOWS\Desktop\Outlook Express Backup\outlook.pst/Personal Folders/JIT SUPPLIER MALL/22 Jun 2004 19:58 to rdobbs@jitservices.com:Remote Admin for the/RADMIN21.EXE/radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
F:\WINDOWS\Desktop\Outlook Express Backup\outlook.pst/Personal Folders/JIT SUPPLIER MALL/22 Jun 2004 19:58 to rdobbs@jitservices.com:Remote Admin for the/RADMIN21.EXE/r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
F:\WINDOWS\Desktop\Outlook Express Backup\outlook.pst/Personal Folders/JIT SUPPLIER MALL/22 Jun 2004 19:58 to rdobbs@jitservices.com:Remote Admin for the/RADMIN21.EXE Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
F:\WINDOWS\Desktop\Outlook Express Backup\outlook.pst Mail MS Mail: infected - 5 skipped
F:\WINDOWS\Desktop\Outlook Express Backup\Outlook\outlook.pst/Personal Folders/JIT SUPPLIER MALL/22 Jun 2004 19:58 to rdobbs@jitservices.com:Remote Admin for the/RADMIN21.EXE/AdmDll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
F:\WINDOWS\Desktop\Outlook Express Backup\Outlook\outlook.pst/Personal Folders/JIT SUPPLIER MALL/22 Jun 2004 19:58 to rdobbs@jitservices.com:Remote Admin for the/RADMIN21.EXE/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
F:\WINDOWS\Desktop\Outlook Express Backup\Outlook\outlook.pst/Personal Folders/JIT SUPPLIER MALL/22 Jun 2004 19:58 to rdobbs@jitservices.com:Remote Admin for the/RADMIN21.EXE/radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
F:\WINDOWS\Desktop\Outlook Express Backup\Outlook\outlook.pst/Personal Folders/JIT SUPPLIER MALL/22 Jun 2004 19:58 to rdobbs@jitservices.com:Remote Admin for the/RADMIN21.EXE/r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
F:\WINDOWS\Desktop\Outlook Express Backup\Outlook\outlook.pst/Personal Folders/JIT SUPPLIER MALL/22 Jun 2004 19:58 to rdobbs@jitservices.com:Remote Admin for the/RADMIN21.EXE Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
F:\WINDOWS\Desktop\Outlook Express Backup\Outlook\outlook.pst Mail MS Mail: infected - 5 skipped
F:\WINDOWS\Desktop\Outlook Express Backup\Outlook Express\JIT SUPPLIER MALL.dbx/[From "JASON HOLMES" <jholmes@jitservices.com>][Date Tue, 22 Jun 2004 14:59:05 -0500]/RADMIN21.EXE/AdmDll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
F:\WINDOWS\Desktop\Outlook Express Backup\Outlook Express\JIT SUPPLIER MALL.dbx/[From "JASON HOLMES" <jholmes@jitservices.com>][Date Tue, 22 Jun 2004 14:59:05 -0500]/RADMIN21.EXE/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
F:\WINDOWS\Desktop\Outlook Express Backup\Outlook Express\JIT SUPPLIER MALL.dbx/[From "JASON HOLMES" <jholmes@jitservices.com>][Date Tue, 22 Jun 2004 14:59:05 -0500]/RADMIN21.EXE/radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
F:\WINDOWS\Desktop\Outlook Express Backup\Outlook Express\JIT SUPPLIER MALL.dbx/[From "JASON HOLMES" <jholmes@jitservices.com>][Date Tue, 22 Jun 2004 14:59:05 -0500]/RADMIN21.EXE/r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
F:\WINDOWS\Desktop\Outlook Express Backup\Outlook Express\JIT SUPPLIER MALL.dbx/[From "JASON HOLMES" <jholmes@jitservices.com>][Date Tue, 22 Jun 2004 14:59:05 -0500]/RADMIN21.EXE Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
F:\WINDOWS\Desktop\Outlook Express Backup\Outlook Express\JIT SUPPLIER MALL.dbx Mail MS Outlook 5: infected - 5 skipped
F:\WINDOWS\Application Data\Identities\{A56F47E0-BFF3-11D6-AF6B-FC0E718F0872}\Microsoft\Outlook Express\JIT SUPPLIER MALL.dbx/[From "JASON HOLMES" <jholmes@jitservices.com>][Date Tue, 22 Jun 2004 14:59:05 -0500]/RADMIN21.EXE/AdmDll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
F:\WINDOWS\Application Data\Identities\{A56F47E0-BFF3-11D6-AF6B-FC0E718F0872}\Microsoft\Outlook Express\JIT SUPPLIER MALL.dbx/[From "JASON HOLMES" <jholmes@jitservices.com>][Date Tue, 22 Jun 2004 14:59:05 -0500]/RADMIN21.EXE/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped

[Berna]

F:\WINDOWS\Application Data\Identities\{A56F47E0-BFF3-11D6-AF6B-FC0E718F0872}\Microsoft\Outlook Express\JIT SUPPLIER MALL.dbx/[From "JASON HOLMES" <jholmes@jitservices.com>][Date Tue, 22 Jun 2004 14:59:05 -0500]/RADMIN21.EXE/radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
F:\WINDOWS\Application Data\Identities\{A56F47E0-BFF3-11D6-AF6B-FC0E718F0872}\Microsoft\Outlook Express\JIT SUPPLIER MALL.dbx/[From "JASON HOLMES" <jholmes@jitservices.com>][Date Tue, 22 Jun 2004 14:59:05 -0500]/RADMIN21.EXE/r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
F:\WINDOWS\Application Data\Identities\{A56F47E0-BFF3-11D6-AF6B-FC0E718F0872}\Microsoft\Outlook Express\JIT SUPPLIER MALL.dbx/[From "JASON HOLMES" <jholmes@jitservices.com>][Date Tue, 22 Jun 2004 14:59:05 -0500]/RADMIN21.EXE Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
F:\WINDOWS\Application Data\Identities\{A56F47E0-BFF3-11D6-AF6B-FC0E718F0872}\Microsoft\Outlook Express\JIT SUPPLIER MALL.dbx Mail MS Outlook 5: infected - 5 skipped
F:\WINDOWS\Start Menu\Programs\StartUp\DLHelperEXE.exe Infected: not-a-virus:AdWare.Win32.Thumper.a skipped
F:\WINDOWS\Start Menu\Programs\Disabled Startup Items\DLHelperEXE.exe Infected: not-a-virus:AdWare.Win32.Thumper.a skipped
F:\WINDOWS\Downloaded Program Files\flash.inf Infected: not-a-virus:AdWare.Win32.BetterInternet.as skipped
F:\WINDOWS\Downloaded Program Files\CONFLICT.7\HDPlugin1015.dll Infected: not-a-virus:AdWare.Win32.Gator.1015 skipped
F:\WINDOWS\Temporary Internet Files\Content.IE5\S1KLA3O9\kazaa[1].htm Infected: Exploit.HTML.IframeBof skipped
F:\WINDOWS\Temporary Internet Files\Content.IE5\S1KLA3O9\script[1].php Infected: Exploit.HTML.Mht skipped
F:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/JIT SUPPLIER MALL/22 Jun 2004 19:58 to rdobbs@jitservices.com:Remote Admin for the/RADMIN21.EXE/AdmDll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
F:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/JIT SUPPLIER MALL/22 Jun 2004 19:58 to rdobbs@jitservices.com:Remote Admin for the/RADMIN21.EXE/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
F:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/JIT SUPPLIER MALL/22 Jun 2004 19:58 to rdobbs@jitservices.com:Remote Admin for the/RADMIN21.EXE/radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
F:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/JIT SUPPLIER MALL/22 Jun 2004 19:58 to rdobbs@jitservices.com:Remote Admin for the/RADMIN21.EXE/r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
F:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/JIT SUPPLIER MALL/22 Jun 2004 19:58 to rdobbs@jitservices.com:Remote Admin for the/RADMIN21.EXE Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
F:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/JIT SUPPLIER MALL/22 Jun 2004 19:58 to rdobbs@jitservices.com:Remote Admin for the/RADMIN21.EXE/AdmDll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
F:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/JIT SUPPLIER MALL/22 Jun 2004 19:58 to rdobbs@jitservices.com:Remote Admin for the/RADMIN21.EXE/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
F:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/JIT SUPPLIER MALL/22 Jun 2004 19:58 to rdobbs@jitservices.com:Remote Admin for the/RADMIN21.EXE/radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
F:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/JIT SUPPLIER MALL/22 Jun 2004 19:58 to rdobbs@jitservices.com:Remote Admin for the/RADMIN21.EXE/r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
F:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/JIT SUPPLIER MALL/22 Jun 2004 19:58 to rdobbs@jitservices.com:Remote Admin for the/RADMIN21.EXE Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
F:\WINDOWS\Local Settings\Application Data\Microsoft\Outlook\outlook.pst Mail MS Mail: infected - 10 skipped

F:\WINDOWS\NDNuninstall5_48.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
F:\WINDOWS\btiein.dll Infected: Trojan-Downloader.Win32.QDown.ad skipped
F:\WINDOWS\all_files7.exe/data0002 Infected: Trojan-Downloader.Win32.Agent.ec skipped
F:\WINDOWS\all_files7.exe/data0004 Infected: not-a-virus:AdWare.Win32.EZula skipped
F:\WINDOWS\all_files7.exe/data0005 Infected: Trojan.Win32.SecondThought.h skipped
F:\WINDOWS\all_files7.exe/data0006 Infected: Backdoor.Win32.Ruledor.c skipped
F:\WINDOWS\all_files7.exe/data0007 Infected: not-a-virus:AdWare.Win32.180Solutions skipped
F:\WINDOWS\all_files7.exe NSIS: infected - 5 skipped
F:\WINDOWS\tracker7.exe/data0002 Infected: not-a-virus:AdWare.Win32.WinFetcher.d skipped
F:\WINDOWS\tracker7.exe NSIS: infected - 1 skipped
F:\WINDOWS\ICD1.tmp\dm_nsis.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.Comet.a skipped
F:\WINDOWS\ICD1.tmp\dm_nsis.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Comet.a skipped
F:\WINDOWS\ICD1.tmp\dm_nsis.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.Comet.a skipped
F:\WINDOWS\ICD1.tmp\dm_nsis.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Comet.e skipped
F:\WINDOWS\ICD1.tmp\dm_nsis.exe/stream Infected: not-a-virus:AdWare.Win32.Comet.e skipped
F:\WINDOWS\ICD1.tmp\dm_nsis.exe NSIS: infected - 5 skipped
F:\WINDOWS\nsg6130.TMP\PluginDll.dll Infected: not-a-virus:AdWare.Win32.Comet.a skipped
F:\Program Files\Windows AdStatus\WinStatKeep.exe Infected: not-a-virus:AdWare.Win32.WinAD.k skipped
F:\Program Files\Windows AdStatus\WinStatComm.dll Infected: not-a-virus:AdWare.Win32.WinAD.u skipped
F:\Program Files\Windows AdStatus\WinStat.exe Infected: not-a-virus:AdWare.Win32.WinAD.s skipped
F:\My Documents\Data\Data\all_files4.exe/data0002/data299033.zip/Setup.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
F:\My Documents\Data\Data\all_files4.exe/data0002/data299033.zip/Files/3.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
F:\My Documents\Data\Data\all_files4.exe/data0002/data299033.zip/Files/5.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
F:\My Documents\Data\Data\all_files4.exe/data0002/data299033.zip/Files/IEDRIVER.EXE Infected: Trojan-Downloader.Win32.Turown.h skipped
F:\My Documents\Data\Data\all_files4.exe/data0002/data299033.zip/Files/ieupdate.exe Infected: Trojan-Downloader.Win32.Turown.b skipped
F:\My Documents\Data\Data\all_files4.exe/data0002/data299033.zip/Files/td.exe Infected: Trojan-Downloader.Win32.Turown.a skipped
F:\My Documents\Data\Data\all_files4.exe/data0002/data299033.zip Infected: Trojan-Downloader.Win32.Turown.a skipped
F:\My Documents\Data\Data\all_files4.exe/data0002 Infected: Trojan-Downloader.Win32.Turown.a skipped
F:\My Documents\Data\Data\all_files4.exe/data0003/data0003 Infected: not-a-virus:AdWare.Win32.Connector skipped
F:\My Documents\Data\Data\all_files4.exe/data0003/data0004 Infected: not-a-virus:AdWare.Win32.Connector skipped
F:\My Documents\Data\Data\all_files4.exe/data0003 Infected: not-a-virus:AdWare.Win32.Connector skipped
F:\My Documents\Data\Data\all_files4.exe/data0004 Infected: Trojan-Downloader.Win32.Agent.ec skipped
F:\My Documents\Data\Data\all_files4.exe/data0005/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.t skipped
F:\My Documents\Data\Data\all_files4.exe/data0005/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
F:\My Documents\Data\Data\all_files4.exe/data0005/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
F:\My Documents\Data\Data\all_files4.exe/data0005/data0002.cab/Sync.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
F:\My Documents\Data\Data\all_files4.exe/data0005/data0002.cab/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
F:\My Documents\Data\Data\all_files4.exe/data0005/data0002.cab Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
F:\My Documents\Data\Data\all_files4.exe/data0005 Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
F:\My Documents\Data\Data\all_files4.exe/data0006 Infected: not-a-virus:AdWare.Win32.EZula skipped
F:\My Documents\Data\Data\all_files4.exe NSIS: infected - 20 skipped
F:\My Documents\Data\all_files4.exe/data0002/data299033.zip/Setup.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
F:\My Documents\Data\all_files4.exe/data0002/data299033.zip/Files/3.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
F:\My Documents\Data\all_files4.exe/data0002/data299033.zip/Files/5.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped
F:\My Documents\Data\all_files4.exe/data0002/data299033.zip/Files/IEDRIVER.EXE Infected: Trojan-Downloader.Win32.Turown.h skipped
F:\My Documents\Data\all_files4.exe/data0002/data299033.zip/Files/ieupdate.exe Infected: Trojan-Downloader.Win32.Turown.b skipped
F:\My Documents\Data\all_files4.exe/data0002/data299033.zip/Files/td.exe Infected: Trojan-Downloader.Win32.Turown.a skipped
F:\My Documents\Data\all_files4.exe/data0002/data299033.zip Infected: Trojan-Downloader.Win32.Turown.a skipped
F:\My Documents\Data\all_files4.exe/data0002 Infected: Trojan-Downloader.Win32.Turown.a skipped
F:\My Documents\Data\all_files4.exe/data0003/data0003 Infected: not-a-virus:AdWare.Win32.Connector skipped
F:\My Documents\Data\all_files4.exe/data0003/data0004 Infected: not-a-virus:AdWare.Win32.Connector skipped
F:\My Documents\Data\all_files4.exe/data0003 Infected: not-a-virus:AdWare.Win32.Connector skipped
F:\My Documents\Data\all_files4.exe/data0004 Infected: Trojan-Downloader.Win32.Agent.ec skipped
F:\My Documents\Data\all_files4.exe/data0005/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.t skipped
F:\My Documents\Data\all_files4.exe/data0005/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
F:\My Documents\Data\all_files4.exe/data0005/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
F:\My Documents\Data\all_files4.exe/data0005/data0002.cab/Sync.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
F:\My Documents\Data\all_files4.exe/data0005/data0002.cab/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
F:\My Documents\Data\all_files4.exe/data0005/data0002.cab Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
F:\My Documents\Data\all_files4.exe/data0005 Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
F:\My Documents\Data\all_files4.exe/data0006 Infected: not-a-virus:AdWare.Win32.EZula skipped
F:\My Documents\Data\all_files4.exe NSIS: infected - 20 skipped
F:\My Documents\RADMIN21.EXE/AdmDll.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
F:\My Documents\RADMIN21.EXE/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.20 skipped
F:\My Documents\RADMIN21.EXE/radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
F:\My Documents\RADMIN21.EXE/r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.21 skipped
F:\My Documents\RADMIN21.EXE Gentee: infected - 4 skipped
F:\test.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\SaveInstCm.exe/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.t skipped
F:\SaveInstCm.exe/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
F:\SaveInstCm.exe/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
F:\SaveInstCm.exe/data0002.cab/Sync.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
F:\SaveInstCm.exe/data0002.cab/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
F:\SaveInstCm.exe/data0002.cab Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
F:\SaveInstCm.exe EmbeddedCAB: infected - 6 skipped
F:\SaveInstCsSm.exe/data0001.cab/DnldStub.exe Infected: Trojan-Downloader.Win32.Small.kl skipped
F:\SaveInstCsSm.exe/data0001.cab Infected: Trojan-Downloader.Win32.Small.kl skipped
F:\SaveInstCsSm.exe/data0002.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c skipped
F:\SaveInstCsSm.exe/data0002.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
F:\SaveInstCsSm.exe/data0002.cab Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped
F:\SaveInstCsSm.exe/data0003.cab/Search.exe Infected: not-a-virus:AdWare.Win32.SaveNow.l skipped
F:\SaveInstCsSm.exe/data0003.cab Infected: not-a-virus:AdWare.Win32.SaveNow.l skipped
F:\SaveInstCsSm.exe EmbeddedCAB: infected - 7 skipped
F:\Excursion9.5\mIRC.ExCurSioN.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.612 skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1301\A0148974.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1302\A0148982.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1303\A0149026.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1303\A0149070.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1303\A0149086.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1303\A0150105.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1303\A0150120.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1303\A0150137.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1304\A0153742.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1304\A0153779.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1305\A0153782.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1306\A0153797.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1307\A0153931.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1307\A0153948.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1308\A0153966.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1308\A0154009.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1308\A0154023.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1309\A0154038.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1310\A0154043.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1311\A0155052.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1312\A0155122.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1312\A0155140.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1312\A0155158.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1312\A0155177.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1312\A0155196.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1313\A0155200.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1313\A0155218.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1314\A0155221.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1314\A0155238.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1314\A0155255.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1314\A0155274.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1314\A0155292.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1314\A0155316.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1315\A0155349.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1316\A0157425.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1317\A0157526.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1318\A0157568.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1319\A0157572.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1320\A0157628.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1321\A0157711.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1322\A0157719.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1323\A0157724.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1324\A0157758.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped
F:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1324\A0160984.exe Infected: Trojan-Downloader.Win32.Banload.fws skipped

Scan process completed.

[Jintan]

Still quite a bit of infection files to delete, though truly the majority of that large log includes normally locked system functions, infection held harmless in the System Restore and quite a few of those JIT SUPPLIER MALL, which is obviously the source of the Remote Admin service we shut down earlier. I see they are related to inventory of some sort - is this software you installed as part of interacting with them, or more malware behavior we need to remove?

Post back on that before we do this next cleaning steps. Also, since the presence of these on a badly infected system suggests causes related downloading choices, be sure to read this CTH info.

C:\Documents and Settings\Nee Dobbs\Shared\02 Track 2.wma ------> Trojan-Downloader.WMA.Wimad.l
C:\Documents and Settings\Nee Dobbs\Shared\06 Track 6.wma ------> Trojan-Downloader.WMA.Wimad.l
C:\Documents and Settings\Nee Dobbs\Shared\Rare Recording.wma ------> Trojan-Downloader.WMA.Wimad.l
C:\Documents and Settings\Nee Dobbs\Shared\really rosie 54.wma ------> Trojan-Downloader.WMA.Wimad.d

[Berna]

It's been several years since I worked with Supplier Mall but in answer to your question, yes, this must have been the source of the remote admin service and is definitely not malware.

[Berna]

I went ahead and ran the f-secure scan, did the auto fix and here is the report:

Scanning Report
Saturday, January 12, 2008 09:24:34 - 16:45:44
Computer name: NEE
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ F:\


--------------------------------------------------------------------------------

Result: 174 malware found
Backdoor.Win32.PcClient.aqq (virus)
C:\WINDOWS\SYSTEM32\GXOBZA.DLL (Renamed & Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1336\A0192156.DLL (Renamed & Submitted)
Backdoor.Win32.PcClient.ari (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1336\A0192169.EXE (Renamed & Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1336\A0192180.EXE (Renamed & Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1336\A0192183.EXE (Renamed & Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1336\A0192184.EXE (Renamed & Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1316\A0156358.EXE (Renamed & Submitted)
Delf.ATBB (virus)
F:\MY SHARED FOLDER\SOFTWARE PROGRAMS\ADOBE AUDITION KEYGEN.EXE (Submitted)
F:\MY SHARED FOLDER\SOFTWARE PROGRAMS\ADOBE AUDITION KEYGEN (1).EXE (Submitted)
F:\MY SHARED FOLDER\SOFTWARE PROGRAMS\ADOBE_AUDITION_KEYGEN_(BY-DR).EXE (Submitted)
Exploit.HTML.Mht (virus)
F:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\S1KLA3O9\SCRIPT[1].PHP (Renamed & Submitted)
HTML/IFrameBoF (virus)
F:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\S1KLA3O9\KAZAA[1].HTM (Renamed & Submitted)
Malware.BFKM (virus)
F:\PROGRAM FILES\SPYWAREBLASTER\SBAUTOUPDATE.EXE (Submitted)
Tracking Cookie (spyware)
System (Disinfected)
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
Trojan-Downloader.Win32.Banload.fws (virus)
C:\WINDOWS\SYSTEM32\DRIVERS\DISDN\FLOWER.EXE (Renamed & Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1336\A0192190.EXE (Renamed & Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1336\A0192197.EXE (Renamed & Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1316\A0157396.EXE (Renamed & Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1312\A0155120.EXE (Renamed & Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1312\A0155156.EXE (Renamed & Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1310\A0154041.EXE (Renamed & Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1309\A0154036.EXE (Renamed & Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1308\A0154007.EXE (Renamed & Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1308\A0154021.EXE (Renamed & Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1304\A0153761.EXE (Renamed & Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1303\A0149021.EXE (Renamed & Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1302\A0148980.EXE (Renamed & Submitted)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1301\A0148972.EXE (Renamed & Submitted)
F:\TEST.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1324\A0157758.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1324\A0160984.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1323\A0157724.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1322\A0157719.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1321\A0157711.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1320\A0157628.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1319\A0157572.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1318\A0157568.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1317\A0157526.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1316\A0157425.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1315\A0155349.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1314\A0155221.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1314\A0155238.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1314\A0155255.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1314\A0155274.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1314\A0155292.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1314\A0155316.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1313\A0155200.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1313\A0155218.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1312\A0155122.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1312\A0155140.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1312\A0155158.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1312\A0155177.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1312\A0155196.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1311\A0155052.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1310\A0154043.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1309\A0154038.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1308\A0153966.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1308\A0154009.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1308\A0154023.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1307\A0153931.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1307\A0153948.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1306\A0153797.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1305\A0153782.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1304\A0153742.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1304\A0153779.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1303\A0149026.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1303\A0149070.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1303\A0149086.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1303\A0150105.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1303\A0150120.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1303\A0150137.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1302\A0148982.EXE (Renamed & Submitted)
F:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1301\A0148974.EXE (Renamed & Submitted)
Trojan-Downloader.Win32.QDown.ad (virus)
F:\WINDOWS\BTIEIN.DLL (Renamed & Submitted)
Trojan-Downloader.Win32.Small.eqn (virus)
C:\DOCUMENTS AND SETTINGS\NEE DOBBS\MY DOCUMENTS\DOWNLOADS\CODEC.EXE (Renamed & Submitted)
Trojan-Dropper.Win32.Small.abd (virus)
F:\WINDOWS\SYSTEM\IAICEMM.DLL (Renamed & Submitted)
Trojan-PSW.Win32.OnLineGames.ijq (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1336\A0192196.EXE (Renamed & Submitted)
Trojan.Win32.VB.bml (virus)
C:\PROGRAM FILES\INTERNET EXPLORER\IP.EXE (Renamed & Submitted)
Trojan.Win32.VB.bmm (virus)
C:\PROGRAM FILES\INTERNET EXPLORER\REALPLAYERUPDATE20071205.EXE (Renamed & Submitted)
Trojan.Win32.VB.bmp (virus)
C:\PROGRAM FILES\INTERNET EXPLORER\SYSTEMUPDATE20071106.EXE (Renamed & Submitted)
W32/Casino.CI (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1324\A0159953.EXE (Submitted)
W32/Casino.CN (virus)
C:\INSTALLER\STARLUCKINSTALLER.EXE (Submitted)
W32/Downloader (virus)
F:\WINDOWS\TRACKER7.EXE (Submitted)
W32/Malware (virus)
F:\RECYCLED\DF4\QUEENS CLUB CASINO\UPDATE.EXE (Submitted)
F:\RECYCLED\DF4\PRESTIGE CASINO\UPDATE.EXE (Submitted)
W32/SDBot.BFSG (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1333\A0190866.EXE (Submitted)
W32/VBDoor.AUR (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1331\A0188495.EXE (Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 148656
System: 5376
Not scanned: 8
Actions:
Disinfected: 1
Renamed: 75
Deleted: 0
None: 98
Submitted: 86
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{FAFC1E 1A-4C31-4845-8247-438E1EE26504}.BIN
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1304\A0150338.LNK
C:\DOCUMENTS AND SETTINGS\NEE DOBBS\LOCAL SETTINGS\TEMP\~ROMFN_00000768
C:\DOCUMENTS AND SETTINGS\ALL USERS\DESKTOP\DISNEY PIX MICRO DOWNLOADER.LNK
C:\DOCUMENTS AND SETTINGS\ALL USERS\DESKTOP\LABELCREATOR PRO TRIAL.LNK
--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure Libra: 2.4.2, 2008-01-11
F-Secure AVP: 7.0.171, 2008-01-11
F-Secure Orion: 1.2.37, 2008-01-11
F-Secure Blacklight: 1.0.64
F-Secure Draco: 1.0.35, 2007-11-28
F-Secure Pegasus: 1.19.0, 2007-11-30
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQXSWF
Use Advanced heuristics

[Berna]

Thought I'd jump ahead anticipating your request to run a combofix scan but once again, not much of a report. Here it is:

ComboFix 08-01-13.1 - Nee Dobbs 2008-01-12 21:23:21.24 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1120 [GMT -6:00]
Running from: C:\Documents and Settings\Nee Dobbs\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

[Jintan]

The ComboFix author decided to add the warning, since it is often a good idea to have the Recovery Console pre-installed for emergency access. F-Secure picked out a lot of the active malware there, but also this:

F:\MY SHARED FOLDER\SOFTWARE PROGRAMS\ADOBE_AUDITION_KEYGEN_(BY-DR).EXE (Submitted)

Unfortunately, that file only shows in searches as a crack download. Please read the CTH Cyber Safety forum views posted here now. Unless there is some information that it is not an illegal software file, I am required at this time to end assistance here, and would recommend reformatting/reinstalling to make further repairs.

[Berna]

Tom,

First and most importantly, I sincerely appreciate your time and help with my computer issues.

As for a "crack download," I didn't even know what that was until I read the link provided and honestly, I'm insulted at the insinuation that I would participate in any form of illegal activity. I can assure you that each and every program run on my system has either been purchased (and yes, I have every single receipt for all software, music or movies purchased over the last 6 years to prove it) or downloaded on a trial basis. I've learned, through wasting money, that software doesn't always perform as proposed on the package summary, hence I usually look for trial versions to test before buying. I've also learned that so called "trial versions" can be disastrous to a pc if downloaded from the wrong website and I daresay the problems with malware and viruses on my pc is a result.

In any case, again, I thank you for your efforts in helping to rid my pc of malware and viruses.

[Jintan]

ADOBE_AUDITION_KEYGEN_(BY-DR).EXE

KEYGEN_(BY-DR) usually means the software crack creator who goes by Dr.Pc Putte. If not, one of the others going by that nickname. But yes, it is a crack copy of a legitimate software. One of the things some of us do to stay current with malware trends is to locate and download the sources ourselves, so we really do know what is from where, and what the results are.

www. adobe.com
Product: Audition 2.0
PRICE: $349

There appears to be trial version available, but that file is Audition3_EFGJSI_Trial.exe. And yes, the wrong software, downloaded from the wrong website, will lead to disastrous results. I will ask a Moderator to close this request thread.