Trojan(s) and Blue Screens of Death

Question

shalomalom 0 Newbie Poster

14 Years Ago

So lately I have been having certain programs I go to open state that I am not able to open them due to a certain error and it'll be like 00008300000x78 something of that nature right. Plus, the computer is running very slow (it does anyway but even worse now). Also, I open firefox this morning and my IP has a message on the opening page stating that tons of e-mail have been sent from this machine and it appears to be due to a trojan. I do use Lovasoft's Adware, Avast Antivirus and the things that come w/ windows to scan and double check the problems. Of course on the bootup scan for avast there are trojans and worms found. I have weird instances in my startup menu programs that WONT go away. I uncheck them, I delete them, I blow them up and they just keep returning. Even using PremiumBooster I wasn't able to completely fix the issues.... I can try to post the PremiumBooster log if needed but here is hijackthis (which I am a little new to) info

Logfile of HijackThis v1.99.1
Scan saved at 8:56:53 PM, on 4/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TEMP\BNC.tmp
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\dhcp\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\3361\SVCHOST.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Premium Booster\PremiumBooster.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://profiles.yahoo.com/sweetlilangel_232003
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Brians Access to the World Wide Web
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,userinit.exe
O2 - BHO: (no name) - {148166dd-ecf6-4807-b283-ffe77456ae7c} - C:\WINDOWS\system32\gaputaji.dll
O2 - BHO: C:\WINDOWS\system32\zfgh83jg3.dll - {D5BF49A0-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\zfgh83jg3.dll
O2 - BHO: C:\WINDOWS\system32\sdfgerfgf3f.dll - {E2BA40A2-74F3-42BD-F434-2604812C8953} - C:\WINDOWS\system32\sdfgerfgf3f.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [svchost.exe] "C:\WINDOWS\system32\3361\SVCHOST.exe"
O4 - HKLM\..\Run: [Antivirus XP Pro 2009] C:\WINDOWS\TEMP\TS.EXE
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CPM73fa26bf] Rundll32.exe "c:\windows\system32\zidoyowi.dll",a
O4 - HKLM\..\Run: [bukuyujopo] Rundll32.exe "C:\WINDOWS\system32\gekujedo.dll",s
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [Radio-TV adverts] C:\WINDOWS\TEMP\rtv_winupd.exe
O4 - HKLM\..\RunOnce: [svchost.exe] "C:\WINDOWS\system32\3361\SVCHOST.exe"
O4 - HKCU\..\Run: [System Mechanic Startup Guard] "C:\Program Files\iolo\System Mechanic 5 Professional\StartupGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Brian2\reader_s.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.apollolibrary.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.8.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/broadcast/ActiveXWebCam.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://ecampus.wintu.edu/secure/PhxStudent15.CAB
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - https://music.msn.com/client/msnmusax2228.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter: text/html - (no CLSID) - (no file)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: s\system32\dahigupa.dll C:\WINDOWS\system32\japadujo.dll c:\progra~1\ThunMail\testabd.dll c:\windows\system32\zidoyowi.dll c:\windows\system32\tigogitu.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zidoyowi.dll
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - %fystemRoot%\System32\svchost.exe (file missing)
O23 - Service: Dhcp server (DhcpSrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

If you notice the weird named .dll's ... those seem to be the ones in the startup

windows-virus

2 Contributors
25 Replies
582 Views
5 Days Discussion Span
Latest Post 14 Years Ago Latest Post by jholland1964

All 25 Replies

jholland1964 650 Posting Expert

14 Years Ago

Please do the following, first of all remove you HiJackThis. You are running a very old version download the most recent version from HERE
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer.
Once the computer has rebooted then run a Full System scan with the new version of HiJackThis and save the log.
Post back here with both the MBA-M log and the HJT log.

jholland1964 650 Posting Expert

14 Years Ago

What version of HiJackThis are you using? You need to use the newest version and I need to see the FULL log, from top to bottom. Beginning with the version number and all of the top part and ALL of the running processes. I don't believe everything is removed yet. There may be another step to do but I won't know until I see the entire log.
Judy

jholland1964 650 Posting Expert

14 Years Ago

I am not sure if I know what your talking about (the full log)...

The log you just posted above is not complete. Look at your VERY FIRST log and you will see the difference. There is a portion of the log that appears at the very top that should look like this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:02:00 PM, on 4/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Your most recent log doesn't show that. Your original log was version 1.99.1...that is VERY old. The newest version which I linked to in my instructions is version 2.0.2 and shows many more things than the older version.
You also are only showing three running processes when the scan was completed, that is an impossibility, especially since one of them was HiJackThis itself and another was Adobe Reader. If that is all that was running then the computer is totally broken and I don't believe that is the case. You DON'T need to run MBA-M again you need to run HiJackThis and post the full log. Then I will give you the next step, but I need to see the full log to be able to tell you what that will be.
Judy

jholland1964 650 Posting Expert

14 Years Ago

This line in the log shows you DID NOT reboot the computer after the MBA-M scan.

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

This needs to be done in order for the program to complete the cleaning. It should be to normal mode by the way or it will not clean, note these listings in the MBA-M log, it shows they are still there:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\ntos.exe -> Delete on reboot.
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\reader_s.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\ntos.exe (Backdoor.Bot) -> Delete on reboot.

jholland1964 650 Posting Expert

14 Years Ago

I need you to run ANOTHER HiJackThis scan, this time in Normal mode. I need to see if the infected files are still showing, if they are then you will have to run a different program I will give you.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

shalomalom 0 Newbie Poster · Answer 1 · 2009-04-20T06:28:04+00:00

I think it fixed it, great call! I have removed many trojans from people's computers but never had so many problems as I had w/ mine. Now, you bested me lol

here is the hijackthis report as of now

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Brian2\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://profiles.yahoo.com/sweetlilangel_232003
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Brians Access to the World Wide Web
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: C:\WINDOWS\system32\yaubfh983ind.dll - {A5AF42A3-94F3-42BD-F634-0604832C897D} - C:\WINDOWS\system32\yaubfh983ind.dll (file missing)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Radio-TV adverts] C:\WINDOWS\TEMP\rtv_winupd.exe
O4 - HKCU\..\Run: [System Mechanic Startup Guard] "C:\Program Files\iolo\System Mechanic 5 Professional\StartupGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Brian2\reader_s.exe
O4 - HKUS\S-1-5-19\..\Run: [bukuyujopo] Rundll32.exe "C:\WINDOWS\system32\gekujedo.dll",s (User '?')
O4 - HKUS\S-1-5-20\..\Run: [bukuyujopo] Rundll32.exe "C:\WINDOWS\system32\gekujedo.dll",s (User '?')
O4 - HKUS\S-1-5-21-2105857509-2107257482-2807319138-1009\..\Run: [System Mechanic Startup Guard] "C:\Program Files\iolo\System Mechanic 5 Professional\StartupGuard.exe" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\j6ox0rmhya.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\879985130.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\WINDOWS\system32\config\systemprofile\reader_s.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.apollolibrary.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/broadcast/ActiveXWebCam.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://ecampus.wintu.edu/secure/PhxStudent15.CAB
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - https://music.msn.com/client/msnmusax2228.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: s\system32\dahigupa.dll c:\progra~1\ThunMail\testabd.dll
O22 - SharedTaskScheduler: as3iur98wajkef3wgf3 - {A5AF42A3-94F3-42BD-F634-0604832C897D} - C:\WINDOWS\system32\yaubfh983ind.dll (file missing)
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Dhcp server (DhcpSrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 8964 bytes

shalomalom 0 Newbie Poster · Answer 2 · 2009-04-20T06:30:48+00:00

also, here is the malwarebytes log

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 2

4/19/2009 5:18:18 PM
mbam-log-2009-04-19 (17-18-18).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 158651
Time elapsed: 37 minute(s), 47 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 38
Registry Values Infected: 7
Registry Data Items Infected: 7
Folders Infected: 1
Files Infected: 43

Memory Processes Infected:
C:\WINDOWS\SYSTEM32\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\SYSTEM32\3361\SVCHOST.EXE (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{272c0d60-0561-4c83-b3db-eb0a71f9d2eb} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{284477e4-a7cb-4055-9e1b-0ea7cba28945} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{70ca4938-6a0f-4641-a9a9-c936e4c1e7de} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7468213e-010e-4ec6-a17d-642e909ba7ec} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{89dc33a2-f86f-42a1-8b5f-d4d1943efc9c} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b86f4810-19a9-4050-9ac9-b5cf60b5799a} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bb5b7e14-f8b4-4365-a24d-f4965c33e1ee} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c13d4627-02f5-4b03-897a-bf6a90022dd2} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c636f1fc-6ae4-4e6a-90ab-6d61d821a0dd} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cb971ac0-6408-40da-a540-92f9f256f51f} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d5694dfe-43b6-4e05-aa29-8c556c968973} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e2032ec2-a9ac-4ed7-9bdb-ebecacf076f2} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ebab4a71-8c34-461a-b57d-dd041d439555} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f06fea43-0cc3-4bf6-a85b-5efb1c07aa4b} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fc94a0f7-9c7c-4ae2-9106-5c212332b209} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5bf49a0-94f3-42bd-f434-3604812c8955} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\at1394 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\at1394 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\at1394 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fci (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Protect (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\fci (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\fci (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6dd9e0f5-8825-450d-a60f-cc7d494272f6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus xp pro 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Framework Windows (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\services\del (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\ntos.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,userinit.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> Delete on reboot.

Files Infected:
C:\WINDOWS\SYSTEM32\6to4v32.dll (Dialer) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\at1394.sys (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\lugapeda.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\velivomo.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\vosemuji.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1.tmp (Trojan.Kobcka) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN3.tmp (Trojan.Kobcka) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN6.tmp (Trojan.Kobcka) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\instsp2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\3361\SVCHOST.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ntdll64.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\reader_s.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\sys.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\peoplezzz\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\p2hhr.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\svchost.exe:ext.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\zomutaho.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\howenuze.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\funesabo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\doheyesi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\winlognn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ntos.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\msonlinebb.dll (Trojan.BHO) -> Quarantined and deleted successfully.

shalomalom 0 Newbie Poster · Answer 3 · 2009-04-20T06:57:42+00:00

What version of HiJackThis are you using? You need to use the newest version and I need to see the FULL log, from top to bottom. Beginning with the version number and all of the top part and ALL of the running processes.
Judy

I am not sure if I know what your talking about (the full log)...

also I just received the blue screen once again just now (I am currently in safe mode w/ networking) and I am continueing to have the problem where while I am visiting websites they dont always pull up and such. Like not the 404 problem but sort of where they aren't available.

I guess I'll run the program again *sigh

shalomalom 0 Newbie Poster · Answer 4 · 2009-04-20T08:24:55+00:00

The log you just posted above is not complete. Look at your VERY FIRST log and you will see the difference. There is a portion of the log that appears at the very top that should look like this:
Your most recent log doesn't show that. Your original log was version 1.99.1...that is VERY old. The newest version which I linked to in my instructions is version 2.0.2 and shows many more things than the older version.
You also are only showing three running processes when the scan was completed, that is an impossibility, especially since one of them was HiJackThis itself and another was Adobe Reader. If that is all that was running then the computer is totally broken and I don't believe that is the case. You DON'T need to run MBA-M again you need to run HiJackThis and post the full log. Then I will give you the next step, but I need to see the full log to be able to tell you what that will be.
Judy

here is what I just scanned w/ hijackthis and i selected all copy and here is the paste;also remember i am in windows safe w/ networking mode

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:22:00 PM, on 4/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\reader_s.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Brian2\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://profiles.yahoo.com/sweetlilangel_232003
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Brians Access to the World Wide Web
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: (no name) - {A5AF42A3-94F3-42BD-F634-0604832C897D} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Radio-TV adverts] C:\WINDOWS\TEMP\rtv_winupd.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [System Mechanic Startup Guard] "C:\Program Files\iolo\System Mechanic 5 Professional\StartupGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Brian2\reader_s.exe
O4 - HKUS\S-1-5-19\..\Run: [bukuyujopo] Rundll32.exe "C:\WINDOWS\system32\gekujedo.dll",s (User '?')
O4 - HKUS\S-1-5-20\..\Run: [bukuyujopo] Rundll32.exe "C:\WINDOWS\system32\gekujedo.dll",s (User '?')
O4 - HKUS\S-1-5-21-2105857509-2107257482-2807319138-1009\..\Run: [System Mechanic Startup Guard] "C:\Program Files\iolo\System Mechanic 5 Professional\StartupGuard.exe" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\kd14prda.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\3746217010.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Brian2\reader_s.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.apollolibrary.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/broadcast/ActiveXWebCam.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://ecampus.wintu.edu/secure/PhxStudent15.CAB
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - https://music.msn.com/client/msnmusax2228.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: s\system32\dahigupa.dll c:\progra~1\ThunMail\testabd.dll
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Dhcp server (DhcpSrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 8770 bytes

shalomalom 0 Newbie Poster · Answer 5 · 2009-04-20T09:04:54+00:00

This line in the log shows you DID NOT reboot the computer after the MBA-M scan.
This needs to be done in order for the program to complete the cleaning. It should be to normal mode by the way or it will not clean, note these listings in the MBA-M log, it shows they are still there:

I did press the reboot instance....I believe this I posted was after the scan while in safe mode but before the reboot. Then I rebooted. Regardless I rebooted and kept getting the blue screen in normal mode but not safe mode. But, now I rebooted in normal mode and things are ok... this is crazy. Any other ideas...thanks btw for helping me

shalomalom 0 Newbie Poster · Answer 6 · 2009-04-20T19:59:55+00:00

see, i started the computer this morning and had the blue screen...

its periodically working

so at this point i am in safe mode, if i can get the thing to pull up in normal mode before work i'll do so

shalomalom 0 Newbie Poster · Answer 7 · 2009-04-20T20:25:42+00:00

here is a normal mode post just now *woot got it to boot*

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:12 AM, on 4/20/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\dhcp\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Brian2\reader_s.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Brian2\Desktop\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://profiles.yahoo.com/sweetlilangel_232003
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Brians Access to the World Wide Web
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {A5AF42A3-94F3-42BD-F634-0604832C897D} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Radio-TV adverts] C:\WINDOWS\TEMP\rtv_winupd.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKCU\..\Run: [System Mechanic Startup Guard] "C:\Program Files\iolo\System Mechanic 5 Professional\StartupGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Brian2\reader_s.exe
O4 - HKUS\S-1-5-19\..\Run: [bukuyujopo] Rundll32.exe "C:\WINDOWS\system32\gekujedo.dll",s (User '?')
O4 - HKUS\S-1-5-20\..\Run: [bukuyujopo] Rundll32.exe "C:\WINDOWS\system32\gekujedo.dll",s (User '?')
O4 - HKUS\S-1-5-21-2105857509-2107257482-2807319138-1009\..\Run: [System Mechanic Startup Guard] "C:\Program Files\iolo\System Mechanic 5 Professional\StartupGuard.exe" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\kd14prda.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\3746217010.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Brian2\reader_s.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.apollolibrary.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/broadcast/ActiveXWebCam.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://ecampus.wintu.edu/secure/PhxStudent15.CAB
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - https://music.msn.com/client/msnmusax2228.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: s\system32\dahigupa.dll c:\progra~1\ThunMail\testabd.dll
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Dhcp server (DhcpSrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 8834 bytes

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 8 · 2009-04-20T20:41:03+00:00

Yes, the infections are still showing. First I would like you to do the following:
UNINSTALL System Mechanic Startup Guard using Add/Remove. If you have to do this in Safe Mode that is fine, but Uninstall it.
Next, and this step should be done in NORMAL mode:
I want to stress to others reading this thread, these instructions are for THIS POSTER ONLY. Combofix is a tool which should only be run IF instructed to do so. It is a very specific tool and for very specific situtations. Even if your computer may be exhibiting similar symptoms this does NOT mean others should run this tool. Many infections show the same symptoms but are not the same infection. Combofix is NOT a standard tool and should not be run with instruction on how and when to do so. It is NOT a tool to run on your own

Now shalomalom,
download ComboFix, You will get a prompt asking if you want to run or save the file. Choose SAVE and save it to the desk top. DO NOT RUN it YET
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:

* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
Windows may issue a prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
ComboFix is now preparing to run and when it has finished you will see the Disclaimer screen you should press the number 1 key and then press the enter key to continue.
ComboFix will create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry.
Once the Windows Registry has finished being backed up, ComboFix will disconnect your computer from the Internet. Therefore, do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet as your connection will be completely restored at a later stage in the program.

ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to what they were previously. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan.

When ComboFix has finished running, you will see a screen stating that it is preparing the log report
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically
You should now post this log here when all is complete.

shalomalom 0 Newbie Poster · Answer 9 · 2009-04-21T07:39:36+00:00

hey and thanks again...

at this point i am getting the blue screen on startup again so i am not able to download and run your program in normal mode at the moment.

i am doing a search *again* for system mechanic which is not being successful. I did at one time own system mechanic *i bought it at wal-mart*but I havent used it in over 2 years.

At this point I suppose I'll run the malware software again because that is what seems to be working to allow me to load in normal...be back shortly

shalomalom 0 Newbie Poster · Answer 10 · 2009-04-21T08:27:30+00:00

i ran malwarebytes and here is the log for it ; i haven't restarted yet to attempt normal mode...here is the log for it and i am going to attempt normal mode

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 2

4/20/2009 9:20:26 PM
mbam-log-2009-04-20 (21-20-26).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 159487
Time elapsed: 36 minute(s), 49 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 19

Memory Processes Infected:
C:\WINDOWS\Temp\BN6.tmp (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\SYSTEM32\w.exe (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS\SYSTEM32\3361\SVCHOST.EXE (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\6to4 (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\at1394 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\at1394 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sopidkc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sopidkc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdctxte (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdctxte (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\SYSTEM32\6to4v32.dll (Dialer) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\at1394.sys (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\3361\SVCHOST.EXE (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\afisicx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brian2\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\sopidkc.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\tpszxyd.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\w.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\dpcxool64.sys (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\p2hhr.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\winlognn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\tdctxte.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 11 · 2009-04-21T09:12:10+00:00

Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.
Reboot the computer.
Run HJT again and post the log along with the ESET log.

shalomalom 0 Newbie Poster · Answer 12 · 2009-04-21T09:18:40+00:00

Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.
* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.
Reboot the computer.
Run HJT again and post the log along with the ESET log.

ok starting all that now; btw i am still in safe mode it won't load in normal still

*edit* its taking forever, i am having to refresh A LOT because the connection is not staying good or something. I am not being disconnected from the internet but at the same time i have to refresh pages and such like I am. Just letting you know I am continuing to try

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 13 · 2009-04-21T09:20:51+00:00

I don't know that ESET will run in Safe Mode. Honestly think this may be a losing battle. One of the infections you have on the computer is the Troj/Agent-IUT, indicated by this file showing in your log:reader_s.exe The most prevalent information I can find is the recommendation to back up all important files and reformat the computer.

shalomalom 0 Newbie Poster · Answer 14 · 2009-04-21T09:38:43+00:00

I don't know that ESET will run in Safe Mode. Honestly think this may be a losing battle. One of the infections you have on the computer is the Troj/Agent-IUT, indicated by this file showing in your log:reader_s.exe The most prevalent information I can find is the recommendation to back up all important files and reformat the computer.

this may be the plan i go with... now where are my windows disks lol

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 15 · 2009-04-21T09:49:20+00:00

I am sorry but since you are unable to run various tools and you cannot run in normal mode this probably is the way to go. This is the advice I truly hate to give.
Judy

shalomalom 0 Newbie Poster · Answer 16 · 2009-04-21T09:50:28+00:00

I don't know that ESET will run in Safe Mode. Honestly think this may be a losing battle. One of the infections you have on the computer is the Troj/Agent-IUT, indicated by this file showing in your log:reader_s.exe The most prevalent information I can find is the recommendation to back up all important files and reformat the computer.

this may be the plan i go with... now where are my windows disks lol

shalomalom 0 Newbie Poster · Answer 17 · 2009-04-21T11:18:32+00:00

ok so i got eset to work, it removed a TON of stuff...here is the log file as asked for

its 72 microsoft word pages, and the attachement isn't loading due to my computer being a freak; so i apologize in advanced for the large amount of info here:

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=Unknown
# vers_standard_module=4023 (20090420)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=75d7584c0f4db646a64ea3c36ddb1bf0
# end=finished
# remove_checked=true
# unwanted_checked=false
# utc_time=2009-04-21 04:54:43
# local_time=2009-04-20 11:54:43 (-0600, Central Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=316145
# found=1762
# scan_time=3526
C:\ptrf.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\tqpxlyy.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Avenger\SVCHOST.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\DELL\ATAPI.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\DELL\IEFIX.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\DELL\UWAKEOFF.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\DELL\UWAKEON.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Administrator\Local Settings\Temp\4192350734.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\item_templ\coach\RunGdp.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\CIP\DellSupportUtil.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\DellSommelierFix.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\item_templ\coach\RunGdp.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\HTML\fix\DellSupportLauncher.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\HTML\item_templ\coach\RunGdp.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Brian2\3100_2kxp\MSIUINS.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Brian2\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Brian2\Application Data\U3\temp\cleanup.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Brian2\Application Data\U3\temp\Launchpad Removal.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Brian2\Local Settings\Temp\2628469918.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Brian2\Local Settings\Temp\vmpremov.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Brian2\Local Settings\Temporary Internet Files\Content.IE5\6D7W4BR1\svchost9[1].exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4H5H41CL\load1[1].exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4H5H41CL\maqf32[1].exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CHSEPQJ3\maqf32[1].exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CHSEPQJ3\us[1].exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\peoplezzz\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\peoplezzz\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\peoplezzz\Application Data\MySpace\IM\bin\MySpaceIM.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\peoplezzz\Application Data\U3\temp\cleanup.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\peoplezzz\Application Data\U3\temp\Launchpad Removal.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\peoplezzz\Desktop\ComputerTools\file_recovery.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\peoplezzz\Desktop\Heroes of Might and Magic III Complete\h3ccmped.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\peoplezzz\Desktop\Heroes of Might and Magic III Complete\h3maped.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\peoplezzz\Desktop\Heroes of Might and Magic III Complete\Heroes3.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\peoplezzz\Desktop\Zoo Tycoon 2 Full\Setup.Exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\peoplezzz\Desktop\Zoo Tycoon 2 Full\Splash.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\peoplezzz\Desktop\Zoo Tycoon 2 Full\DirectX\dxsetup.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\peoplezzz\Desktop\Zoo Tycoon 2 Full\Files\zt.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\peoplezzz\Local Settings\Temp\1035101164.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\peoplezzz\Local Settings\Temp\1142648496.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\peoplezzz\Local Settings\Temp\1224687214.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\peoplezzz\Local Settings\Temp\1390758868.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\peoplezzz\Local Settings\Temp\1397165118.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\peoplezzz\Local Settings\Temp\1787790118.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\peoplezzz\Local Settings\Temp\2715598972.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\peoplezzz\Local Settings\Temp\2716536472.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\peoplezzz\Local Settings\Temp\2838880222.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\peoplezzz\Local Settings\Temp\3373193438.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\peoplezzz\Local Settings\Temp\3518349688.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\peoplezzz\Local Settings\Temp\3580904510.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\peoplezzz\Local Settings\Temp\3617935760.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\peoplezzz\Local Settings\Temp\528905964.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\peoplezzz\Local Settings\Temp\860929746.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\peoplezzz\Local Settings\Temp\861242246.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\peoplezzz\Local Settings\Temp\862492246.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\peoplezzz\Local Settings\Temp\AutoRun.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\peoplezzz\Local Settings\Temp\e.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\peoplezzz\Local Settings\Temp\eauninstall.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\peoplezzz\Local Settings\Temp\Blizzard Installer Bootstrap - 0004b060\Installer.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\peoplezzz\Local Settings\Temp\Blizzard Installer Bootstrap - 000b585b\Installer.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\peoplezzz\Local Settings\Temp\Blizzard Installer Bootstrap - 003bacbb\Installer.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\peoplezzz\Local Settings\Temp\Blizzard Installer Bootstrap - 00b34dcb\Installer.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\peoplezzz\Local Settings\Temp\Blizzard Installer Bootstrap - 021d9da0\Installer.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\peoplezzz\Local Settings\Temp\Blizzard Installer Bootstrap - 02625cde\Installer.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\peoplezzz\Local Settings\Temp\Blizzard Installer Bootstrap - 028423f6\Installer.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\peoplezzz\Local Settings\Temp\Blizzard Installer Bootstrap - 02da7a32\Installer.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\peoplezzz\Local Settings\Temp\Blizzard Installer Bootstrap - 03496576\Installer.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\DRIVERS\AUDIO\INSTALL.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\DRIVERS\AUDIO\REMOVE.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\DRIVERS\MODEM\HXFSETUP.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\DRIVERS\NETWORK\ONBOARD\PROUNSTL.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\DRIVERS\VIDEO\ADDON\NVSVC32.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\ACCWIZ.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\ACTMOVIE.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\AGENTSVR.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\AHUI.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\ALG.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\ARP.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\AT.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\ATMADM.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\ATTRIB.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\BOOTOK.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\BOOTVRFY.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\CACLS.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\CALC.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\CB32.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\CHARMAP.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\CHKDSK.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\CHKNTFS.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\CIDAEMON.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\CISVC.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\CKCNV.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\CLEANMGR.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\CLICONFG.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\CLIPBRD.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\CLIPSRV.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\CLSPACK.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\CMD.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\CMDL32.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\CMMON32.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\CMSTP.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\COMP.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\COMPACT.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\COMREPL.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\COMREREG.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\CONF.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\CONIME.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\CONTROL.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\CONVERT.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\CSCRIPT.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\CTFMON.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\DCOMCNFG.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\DDESHARE.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\DEFRAG.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\Dell Image Expert.scr Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\DFRGFAT.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\DFRGNTFS.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\DIANTZ.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\DISKPART.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\DISKPERF.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\DLIMPORT.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\DLLHOST.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\DLLHST3G.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\DMADMIN.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\DMREMOTE.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\DOSKEY.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\DPLAYSVR.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\DPNSVR.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\DPVSETUP.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\DRWTSN32.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\DSentry.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\DUMPREP.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\DVDPLAY.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\DVDUPGRD.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\DWWIN.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\DXDIAG.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\ESENTUTL.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\EUDCEDIT.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\EVENTVWR.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\EXPAND.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\EXTRAC32.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\FC.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\FIND.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\FINDSTR.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\FINGER.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\FIXMAPI.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\FONTVIEW.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\FORCEDOS.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\FREECELL.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\FSUTIL.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\FTP.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\GRPCONV.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\HELP.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\HOSTNAME.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\ICWCONN1.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\ICWCONN2.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\ICWRMIND.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\ICWTUTOR.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\IE4UINIT.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\IEXPRESS.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\IMAPI.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\INETWIZ.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\IPCONFIG.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\IPSEC6.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\IPV6.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\IPXROUTE.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\ISIGNUP.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\JDBGMGR.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\JETCOMP.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\JVIEW.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\LABEL.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\LIGHTS.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\LNKSTUB.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\LOCATOR.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\LODCTR.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\LOGAGENT.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\LOGOFF.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\LOGON.SCR Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\LOGONUI.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\LPQ.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\LPR.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\LSASS.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\MAGNIFY.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\MAKECAB.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\MIGLOAD.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\MIGPWD.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\MIGWIZ.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\MIGWIZ_A.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\MMC.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\MNMSRVC.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\MOBSYNC.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\MOFCOMP.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\MOUNTVOL.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\MPLAY32.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\MPLAYER2.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\MPNOTIFY.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\MRINFO.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\MSDTC.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\MSG.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\MSHEARTS.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\MSHTA.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\MSIEXEC.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\MSIMN.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\MSINFO32.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\MSOOBE.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\MSPAINT.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\MSSWCHX.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\MSTINIT.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\MSTSC.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\NARRATOR.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\NBTSTAT.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\NDDEAPIR.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\NET.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\NET1.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\NETDDE.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\NETSETUP.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\NETSH.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\NETSTAT.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\NMSSvc.Exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\NOTEPAD.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\NPPAGENT.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\NSLOOKUP.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\NTSD.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\NTVDM.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\nvsvc32.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\ODBCAD32.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\ODBCCONF.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\OEMIG50.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\OFFPRV10.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\OOBEBALN.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\OSK.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\OSUNINST.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\ounins32_s.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\PACKAGER.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\PATHPING.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\PENTNT.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\PERFMON.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\PINBALL.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\PING.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\PING6.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\PRINT.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\PROGMAN.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\PROMon.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\PROQUOTA.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\Prounstl.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\QAPPSRV.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\QPROCESS.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\QuitRemote.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\QWINSTA.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\RASAUTOU.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\RASDIAL.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\RASPHONE.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\RCIMLBY.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\RCP.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\RDPCLIP.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\RDSADDIN.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\RDSHOST.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\RECOVER.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\REGEDIT.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\REGEDT32.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\REGINI.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\REGSVR32.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\REGWIZ.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\REPLACE.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\RESET.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\REXEC.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\ROUTE.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\ROUTEMON.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\RSH.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\RSM.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\RSMSINK.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\RSMUI.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\RSTRUI.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\RSVP.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\RTCSHARE.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\RUNAS.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\RUNDLL32.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\RUNONCE.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\RWINSTA.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SAPISVR.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SAVEDUMP.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SC.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SCARDSVR.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SCRCONS.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SCRNSAVE.SCR Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SDBINST.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SERVICES.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SESSMGR.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SETHC.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SETUP.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SETUP50.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SETUP_WM.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SFC.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SHADOW.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SHMGRATE.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SHRPUBW.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SHUTDOWN.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SIGVERIF.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SKEYS.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SMLOGSVC.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SNDREC32.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SNDVOL32.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SOL.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SORT.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SPIDER.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SPOOLSV.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SRDIAG.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SS3DFO.SCR Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SSBEZIER.SCR Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SSFLWBOX.SCR Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SSMARQUE.SCR Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SSMYPICS.SCR Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SSMYST.SCR Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SSPIPES.SCR Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SSSTARS.SCR Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SSTEXT3D.SCR Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\STIMON.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SUBST.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SVCHOST.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SwInit.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SYNCAPP.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SYSKEY.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SYSOCMGR.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SYSPARSE.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\SYSTRAY.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\TASKMAN.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\TASKMGR.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\TCMSETUP.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\TCPSVCS.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\TELNET.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\TFTP.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\tourstart.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\TRACERT.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\TRACERT6.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\TSCON.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\TSCUPGRD.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\TSDISCON.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\TSKILL.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\TSSHUTDN.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\UNLODCTR.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\UNREGMP2.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\UNSECAPP.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\UNWISE.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\UPNPCONT.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\UPS.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\USERINIT.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\usersid.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\USRMLNKA.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\USRPRBDA.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\USRSHUTA.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\UTILMAN.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\VERIFIER.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\VSSADMIN.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\VSSVC.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\W32TM.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\WAB.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\WABMIG.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\WB32.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\WBEMTEST.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\WEXTRACT.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\WIAACMGR.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\WINHLP32.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\WINLOGON.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\WINMGMT.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\WINMINE.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\WINMSD.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\WINNT32.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\WINVER.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\WJVIEW.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\WMIADAP.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\WMIAPSRV.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\WMIPRVSE.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\WMPLAYER.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\WMPSTUB.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\WPABALN.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\WPNPINST.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\WRITE.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\WSCRIPT.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\WUAUCLT.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\WUPDMGR.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\XCOPY.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\I386\xpsp1hfm.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\My Games\Super GameHouse Solitaire\solitaire.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\NVIDIA\Win2KXP\84.21\nvudisp.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\NVIDIA\Win2KXP\91.31\nvudisp.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\NVIDIA\Win2KXP\93.71\nvudisp.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\1964\099\1964.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Acrobat 6.0\Reader\AcroRd32.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000

C:\Program Files\Acrobat 6.0\Reader\AdobeUpdateManager.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Acrobat 6.0\Reader\plug_ins\Printme\ConsoleApp.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Acrobat 6.0\Reader\Updater\acroaum.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Activision Value\Candy Land - Dora the Explorer Edition\dora.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig709\ENU_\setup.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Adobe\Adobe Help Viewer\1.0\ahv.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\ashSkPcc.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\ashSkPck.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Alwil Software\Avast4\aswRegSvr.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\AOD\AolAod.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\AOD\GtAOD.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\CEZEO software\Disk Redactor\DiskRedactor.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Chami\HTML-Kit\Plugins\hkTableStarter.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Codec Pack - All In 1\DivXconfig.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Adaptec Shared\Support\RoxiScan.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Adaptec Shared\System\InstallUtility.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\aolback\Comps\coach\aolcinst.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\aolback\Comps\flash\FlashAX.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\aolback\Comps\rp\realpl8.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\aolback\Comps\rp\rp9codec.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\aolback\Comps\vwpt\VPPrePop.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Dell\EUSW\DFolder.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Dell\EUSW\DNgen.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Dell\EUSW\DSLog.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Dell\EUSW\Support.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\InstallShield\Driver\10\Intel 32\IDriver.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\InstallShield\Driver\10\Intel 32\IDriver2.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriver.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriver2.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\knlwrap.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_08.b03\launcher.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_08.b03\zipper.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_09.b03\launcher.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_09.b03\zipper.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_10.b03\launcher.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_10.b03\zipper.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Logitech\QCDriver\CamSync.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Logitech\QCDriver\HVideoS.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Logitech\QCDriver\Lqdsw.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Logitech\QCDriver\twunk_32.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Logitech\QCDriver\Install\Lqdsw.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Logitech\QCDriver\Install\Setup.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Logitech\QCDriver\Install\SLAUNCH.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Logitech\QCDriver2\HVideoS.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Logitech\QCDriver2\Lqdsw.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Logitech\QCDriver2\LVComS.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Logitech\QCDriver2\twunk_32.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Logitech\QCDriver2\Install\Lqdsw.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Logitech\QCDriver2\Install\Setup.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Logitech\QCDriver2\Install\SLAUNCH.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Logitech\QCDriver3\HVideoS.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Logitech\QCDriver3\Lqdsw.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Logitech\QCDriver3\LVComS.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Logitech\QCDriver3\twunk_32.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Logitech\QCDriver3\Install\Lqdsw.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Logitech\QCDriver3\Install\Setup.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Logitech\QCDriver3\Install\SLAUNCH.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Logitech\QCDriver3\Install\StripInf.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Microsoft Shared\MSDraw\MSDRAW.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Microsoft Shared\MSInfo\MSINFO32.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Microsoft Shared\Reference 2003\ENCCA.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Microsoft Shared\Reference 2003\WORKSINT.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Microsoft Shared\Shoebox\PIOLCH.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Microsoft Shared\Speech\SAPISVR.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Microsoft Shared\WordArt\Wrdart32.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WKSCAL.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUpdat2.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Nullsoft\ActiveX\axserver.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Nullsoft\ActiveX\2.0\AOLMediaPlaybackControl.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Nullsoft\ActiveX\2.4\AOLMediaPlaybackControl.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Nullsoft\ActiveX\2.4\ProxyConfig.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Real\Update_OB\realsched.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Real\Update_OB\rnxproc.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2702\HXFSetup.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Convar\SmartRecovery\SMR.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Creative\NOMAD MuVo\stusbmscformat.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Creative\NOMAD MuVo\uninstaller.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Creative\Product Registration\English\INETREG.EXE Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Dell\SolutionCenter\DellSC.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Dell\SolutionCenter\Register.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Dell Computer\Dell Image Expert\dellix.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Dell Computer\Dell Image Expert\IXApplet.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Dell Computer\Dell Image Expert\MovieProjector.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Dell Computer\Dell Image Expert\player.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Dell Computer\Dell Image Expert\scandrv.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Dell Computer\Dell Image Expert\webpublish.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Dell Computer\Dell Image Expert\system\LaunchAcrobat.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Dell Computer\Dell Image Expert\system\register.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Dell Computer\Dell Image Expert\WebLayout\utils\SplitHtml.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Dell Computer\Dell Picture Studio\launch.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Dell Support\DSAgnt.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Dell Support\DSBrws.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Dell Support\DSSet.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Dell Support\GTCoach\AdpBrowser.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Dell Support\GTCoach\DelDelay.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Dell Support\GTCoach\delfolder.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Dell Support\GTCoach\DoShutDown.exe Win32/Virut.NBM virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Dell Support\GTCoach\GTNY.exe Win32/Virut.NBM

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 18 · 2009-04-21T19:48:09+00:00

Virut.NBM virus

!!!!
That's the one! With the number of files removed I hesitate to ask, is the computer even running?
Hope to hear from you soon.
Judy

shalomalom 0 Newbie Poster · Answer 19 · 2009-04-24T07:37:15+00:00

well i am back;

i had to get a new copy of windows xp lol...

i used the specific program you advised because I got the computer to load in reg mode. There was so many system files messed up that when i restarted windows xp it went to like old school mode (the old way of choosing user names) and such, then wouldnt actually load onto win xp...

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 20 · 2009-04-24T09:35:41+00:00

jholland1964 650 Posting Expert

14 Years Ago

So is everything fixed now?

Trojan(s) and Blue Screens of Death

Recommended Answers Collapse Answers

All 25 Replies

Recommended Answers