hijackthis log

Started by Somchai, Dec 01 2007 10:33 PM

You cannot reply to this topic

2 replies to this topic

#1 OFFLINE Somchai

Newbie

Members
4 posts

Posted 01 December 2007 - 10:33 PM

Hello
Attached are scanlogs for:
Antivira
BitDefender
SuperSpyware
AVG
HijackThis

The following Viruses seem to be lodged in the temporary files of Symantec;
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp
While they don't seem to spread out of this file as the Symantec and Antivira Guards detect and either quarantine
or delete them, tjhey always `reapear. Have followed used tried the Symantec Virus Remover and also followed up by checking the registry for malware traces (there were none)
What else can be done. If I remove the Symantec Antivirus program (will the ADD/Remove Programs in the Control Panel get rid of it entirely?), will that solve my problem

W32.Magistr.39921@mm
W32.Magistr.B
W32.Netsky.Z@mm
W32.Klez.H@mm
WORM/Klez.E

This virus is occassionally showing up in Windows/system32:
Win32.Bagle.HM@mm

Appreciate very much any advice or information you can give me.
Somchai

Attached Files

Scan_Logs_for_Piriform.txt 1.21MB 3 downloads

Back to top

#2 OFFLINE AndyManchesta

Power Member

Spyware Moderators
1,821 posts

Gender:Male
Location:Manchester. UK
Interests:Music, Movies, Website Building & Design, Malware Testing/Research and spending time with friends & family.

Posted 06 December 2007 - 12:00 PM

Hi Somchai,

The text file you uploaded is very difficult to read as each line just continues into the next so please can you copy and paste any further logs requested into your reply

There's some very nasty worms/virus infections being detected on your system so its best to start with some scans to see if there is active infections or if its just the files in Nortons Quarantine area, if its just files in Nortons Quarantine then they can easily be removed which is described Here, if the worms have run on your system then you may have to format the PC and reinstall Windows as some of them are capable of installing rootkits to hide files from scanners, infecting legit files on the system as well as deleting files belonging to security programs, its far too early to be suggesting a format but with your protection software detecting those worms its certainly something that maybe unavoidable if they have been allowed to run on your system as there might be alot of damage caused,

Please start with these scans then we can take it from there

Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.

Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
- Scan using the following Anti-Virus database:
- Scan Options:
Click OK and, under select a target to scan, select My Computer

When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
Posted Image

To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

Download Blacklight HERE and save it to your desktop.
Run the program, accept statement > click next then scan
When its finished scanning exit the program and post back the log if it detects hidden files, The log is called 'fsbl-<date/time>.log' which will save to the same location as the fsbl.exe file.

Download this file - combofix.exe and save it to your desktop.
Double click combofix.exe & follow the prompts.
When it's finished, it will produce a log of what it found. Please post the contents of that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running as it may cause it to stall

Please then post back the Kaspersky log, Blacklight log if it finds any hidden files, Combofix log & a new HijackThis log, (please copy and paste them into the post rather than adding them as an attachment, use a seperate reply if needed for each log to make sure all the information is included)

Let us know if you have any problems

Thanks

Andy

Back to top

#3 OFFLINE Somchai

Newbie

Members
4 posts

Posted 10 December 2007 - 09:42 AM

Hello Andy,
Much appreciate your kind assistance. Below, as per your instructions, I deleted anything in quarantine before scanning. Following are the scan logs of:
Kaspersky
Blacklight (No hidden processes)
ComboFix
HijackThis

KASPERSKY LOG

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, December 10, 2007 10:36:56 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 10/12/2007
Kaspersky Anti-Virus database records: 477971
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 133159
Number of viruses found: 5
Number of infected objects: 121
Number of suspicious objects: 166
Duration of the scan process: 03:08:12

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\Skype\smolar99833\call256.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\smolar99833\callmember256.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\smolar99833\chat1024.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\smolar99833\chat256.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\smolar99833\chat512.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\smolar99833\chat8192.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\smolar99833\chatmember256.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\smolar99833\chatmsg1024.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\smolar99833\chatmsg2048.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\smolar99833\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\smolar99833\chatmsg4096.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\smolar99833\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\smolar99833\chatmsg8192.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\smolar99833\chatsync\e2\e2d325f3a34c3f8a.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\smolar99833\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\smolar99833\contactgroup512.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\smolar99833\dyncontent\bundle.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\smolar99833\index2.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\smolar99833\profile256.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\smolar99833\transfer256.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\smolar99833\transfer512.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\smolar99833\user1024.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\smolar99833\user16384.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\smolar99833\user256.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\smolar99833\user4096.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Skype\smolar99833\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012007121020071211\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF4935.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFCCBD.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT43NAV~.TMP Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT230NAV~.TMP Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{0DC2FAB4-1AA7-44DC-8E60-B6B6B13D2540}\RP61\change.log Object is locked skipped
C:\WINDOWS\CSC000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{79CAF9DC-C61B-4B31-9CC9-2747DC1AEBD1}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Backup\Outlook Express Backup\Missing Outlook Folders\Rob.dbx/[From "psmi2" <psmi2@capznet.mozcom.com>][Date Mon, 15 Sep 2003 22:03:14 +0800]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Missing Outlook Folders\Rob.dbx/[From "psmi2" <psmi2@capznet.mozcom.com>][Date Mon, 15 Sep 2003 22:03:14 +0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Missing Outlook Folders\Rob.dbx Mail MS Outlook 5: suspicious - 2 skipped
D:\Backup\Outlook Express Backup\Missing Outlook Folders\Smolar.dbx/[From <smolar@hotmail.com>][Date Sat, 7 Jun 2003 11:46:16 +0700]/submited.pi Infected: Email-Worm.Win32.Sobig.c skipped
D:\Backup\Outlook Express Backup\Missing Outlook Folders\Smolar.dbx Mail MS Outlook 5: infected - 1 skipped
D:\Backup\Outlook Express Backup\Outlook Express\17Jun04\Bruce.dbx/[From <seeralan@hotmail.com>][Date Thu, 25 Mar 2004 15:39:49 +0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\17Jun04\Bruce.dbx/[From <seeralan@hotmail.com>][Date Thu, 25 Mar 2004 15:39:49 +0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\17Jun04\Bruce.dbx Mail MS Outlook 5: suspicious - 2 skipped
D:\Backup\Outlook Express Backup\Outlook Express\17Jun04\Lito.dbx/[From lfuentesfina <lfuentesfina@phillipsfoods.com>][Date Sat, 8 May 2004 08:53:23 +0800 (PHT)]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\17Jun04\Lito.dbx/[From lfuentesfina <lfuentesfina@phillipsfoods.com>][Date Sat, 8 May 2004 08:53:23 +0800 (PHT)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\17Jun04\Lito.dbx Mail MS Outlook 5: suspicious - 2 skipped
D:\Backup\Outlook Express Backup\Outlook Express\17Jun04\Raquel.dbx/[From <reusebio@phillipsfoods.com>][Date Thu, 25 Mar 2004 09:39:25 +0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\17Jun04\Raquel.dbx/[From <reusebio@phillipsfoods.com>][Date Thu, 25 Mar 2004 09:39:25 +0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\17Jun04\Raquel.dbx Mail MS Outlook 5: suspicious - 2 skipped
D:\Backup\Outlook Express Backup\Outlook Express\17Jun04\Rob.dbx/[From "psmi2" <psmi2@capznet.mozcom.com>][Date Mon, 15 Sep 2003 22:03:14 +0800]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\17Jun04\Rob.dbx/[From "psmi2" <psmi2@capznet.mozcom.com>][Date Mon, 15 Sep 2003 22:03:14 +0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\17Jun04\Rob.dbx Mail MS Outlook 5: suspicious - 2 skipped
D:\Backup\Outlook Express Backup\Outlook Express\17Jun04\Smolar.dbx/[From <smolar@hotmail.com>][Date Sat, 7 Jun 2003 11:46:16 +0700]/submited.pi Infected: Email-Worm.Win32.Sobig.c skipped
D:\Backup\Outlook Express Backup\Outlook Express\17Jun04\Smolar.dbx Mail MS Outlook 5: infected - 1 skipped
D:\Backup\Outlook Express Backup\Outlook Express\21APR05\Bruce .dbx/[From <seeralan@hotmail.com>][Date Thu, 25 Mar 2004 15:39:49 +0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\21APR05\Bruce .dbx/[From <seeralan@hotmail.com>][Date Thu, 25 Mar 2004 15:39:49 +0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\21APR05\Bruce .dbx Mail MS Outlook 5: suspicious - 2 skipped
D:\Backup\Outlook Express Backup\Outlook Express\21APR05\Lito.dbx/[From lfuentesfina <lfuentesfina@phillipsfoods.com>][Date Sat, 8 May 2004 08:53:23 +0800 (PHT)]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\21APR05\Lito.dbx/[From lfuentesfina <lfuentesfina@phillipsfoods.com>][Date Sat, 8 May 2004 08:53:23 +0800 (PHT)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\21APR05\Lito.dbx Mail MS Outlook 5: suspicious - 2 skipped
D:\Backup\Outlook Express Backup\Outlook Express\21APR05\Raquel.dbx/[From <reusebio@phillipsfoods.com>][Date Thu, 25 Mar 2004 09:39:25 +0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\21APR05\Raquel.dbx/[From <reusebio@phillipsfoods.com>][Date Thu, 25 Mar 2004 09:39:25 +0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\21APR05\Raquel.dbx Mail MS Outlook 5: suspicious - 2 skipped
D:\Backup\Outlook Express Backup\Outlook Express\22Sep04\Bruce .dbx/[From <seeralan@hotmail.com>][Date Thu, 25 Mar 2004 15:39:49 +0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\22Sep04\Bruce .dbx/[From <seeralan@hotmail.com>][Date Thu, 25 Mar 2004 15:39:49 +0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\22Sep04\Bruce .dbx Mail MS Outlook 5: suspicious - 2 skipped
D:\Backup\Outlook Express Backup\Outlook Express\22Sep04\Hotmail - Inbox.dbx/[From cbfca0d0@mozcom.com][Date Fri, 17 Sep 2004 09:17:08 +0800]/UNNAMED/data.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\Outlook Express Backup\Outlook Express\22Sep04\Hotmail - Inbox.dbx/[From cbfca0d0@mozcom.com][Date Fri, 17 Sep 2004 09:17:08 +0800]/UNNAMED/data.zip Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\Outlook Express Backup\Outlook Express\22Sep04\Hotmail - Inbox.dbx/[From cbfca0d0@mozcom.com][Date Fri, 17 Sep 2004 09:17:08 +0800]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\Outlook Express Backup\Outlook Express\22Sep04\Hotmail - Inbox.dbx/[From cbfca0d0@mozcom.com][Date Fri, 17 Sep 2004 09:17:08 +0800]/UNNAMED/data.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\Outlook Express Backup\Outlook Express\22Sep04\Hotmail - Inbox.dbx/[From cbfca0d0@mozcom.com][Date Fri, 17 Sep 2004 09:17:08 +0800]/UNNAMED/data.zip Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\Outlook Express Backup\Outlook Express\22Sep04\Hotmail - Inbox.dbx/[From cbfca0d0@mozcom.com][Date Fri, 17 Sep 2004 09:17:08 +0800]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\Outlook Express Backup\Outlook Express\22Sep04\Hotmail - Inbox.dbx Mail MS Outlook 5: infected - 6 skipped
D:\Backup\Outlook Express Backup\Outlook Express\22Sep04\Lito.dbx/[From lfuentesfina <lfuentesfina@phillipsfoods.com>][Date Sat, 8 May 2004 08:53:23 +0800 (PHT)]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\22Sep04\Lito.dbx/[From lfuentesfina <lfuentesfina@phillipsfoods.com>][Date Sat, 8 May 2004 08:53:23 +0800 (PHT)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\22Sep04\Lito.dbx Mail MS Outlook 5: suspicious - 2 skipped
D:\Backup\Outlook Express Backup\Outlook Express\22Sep04\Raquel.dbx/[From <reusebio@phillipsfoods.com>][Date Thu, 25 Mar 2004 09:39:25 +0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\22Sep04\Raquel.dbx/[From <reusebio@phillipsfoods.com>][Date Thu, 25 Mar 2004 09:39:25 +0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\22Sep04\Raquel.dbx Mail MS Outlook 5: suspicious - 2 skipped
D:\Backup\Outlook Express Backup\Outlook Express\22Sep04\Rob.dbx/[From "psmi2" <psmi2@capznet.mozcom.com>][Date Mon, 15 Sep 2003 22:03:14 +0800]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\22Sep04\Rob.dbx/[From "psmi2" <psmi2@capznet.mozcom.com>][Date Mon, 15 Sep 2003 22:03:14 +0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\22Sep04\Rob.dbx Mail MS Outlook 5: suspicious - 2 skipped
D:\Backup\Outlook Express Backup\Outlook Express\22Sep04\Smolar.dbx/[From <smolar@hotmail.com>][Date Sat, 7 Jun 2003 11:46:16 +0700]/submited.pi Infected: Email-Worm.Win32.Sobig.c skipped
D:\Backup\Outlook Express Backup\Outlook Express\22Sep04\Smolar.dbx Mail MS Outlook 5: infected - 1 skipped
D:\Backup\Outlook Express Backup\Outlook Express\6May05\Bruce .dbx/[From <seeralan@hotmail.com>][Date Thu, 25 Mar 2004 15:39:49 +0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\6May05\Bruce .dbx/[From <seeralan@hotmail.com>][Date Thu, 25 Mar 2004 15:39:49 +0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\6May05\Bruce .dbx Mail MS Outlook 5: suspicious - 2 skipped
D:\Backup\Outlook Express Backup\Outlook Express\6May05\Hotmail (1) - Mar 2005.dbx/[From cbfca0d0@mozcom.com][Date Fri, 17 Sep 2004 09:17:08 +0800]/UNNAMED/data.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\Outlook Express Backup\Outlook Express\6May05\Hotmail (1) - Mar 2005.dbx/[From cbfca0d0@mozcom.com][Date Fri, 17 Sep 2004 09:17:08 +0800]/UNNAMED/data.zip Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\Outlook Express Backup\Outlook Express\6May05\Hotmail (1) - Mar 2005.dbx/[From cbfca0d0@mozcom.com][Date Fri, 17 Sep 2004 09:17:08 +0800]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\Outlook Express Backup\Outlook Express\6May05\Hotmail (1) - Mar 2005.dbx/[From cbfca0d0@mozcom.com][Date Fri, 17 Sep 2004 09:17:08 +0800]/UNNAMED/data.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\Outlook Express Backup\Outlook Express\6May05\Hotmail (1) - Mar 2005.dbx/[From cbfca0d0@mozcom.com][Date Fri, 17 Sep 2004 09:17:08 +0800]/UNNAMED/data.zip Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\Outlook Express Backup\Outlook Express\6May05\Hotmail (1) - Mar 2005.dbx/[From cbfca0d0@mozcom.com][Date Fri, 17 Sep 2004 09:17:08 +0800]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\Outlook Express Backup\Outlook Express\6May05\Hotmail (1) - Mar 2005.dbx/[From cbfca0d0@mozcom.com][Date Fri, 17 Sep 2004 09:17:08 +0800]/UNNAMED/data.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\Outlook Express Backup\Outlook Express\6May05\Hotmail (1) - Mar 2005.dbx/[From cbfca0d0@mozcom.com][Date Fri, 17 Sep 2004 09:17:08 +0800]/UNNAMED/data.zip Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\Outlook Express Backup\Outlook Express\6May05\Hotmail (1) - Mar 2005.dbx/[From cbfca0d0@mozcom.com][Date Fri, 17 Sep 2004 09:17:08 +0800]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\Backup\Outlook Express Backup\Outlook Express\6May05\Hotmail (1) - Mar 2005.dbx Mail MS Outlook 5: infected - 9 skipped
D:\Backup\Outlook Express Backup\Outlook Express\6May05\Lito.dbx/[From lfuentesfina <lfuentesfina@phillipsfoods.com>][Date Sat, 8 May 2004 08:53:23 +0800 (PHT)]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\6May05\Lito.dbx/[From lfuentesfina <lfuentesfina@phillipsfoods.com>][Date Sat, 8 May 2004 08:53:23 +0800 (PHT)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\6May05\Lito.dbx Mail MS Outlook 5: suspicious - 2 skipped
D:\Backup\Outlook Express Backup\Outlook Express\6May05\Raquel.dbx/[From <reusebio@phillipsfoods.com>][Date Thu, 25 Mar 2004 09:39:25 +0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\6May05\Raquel.dbx/[From <reusebio@phillipsfoods.com>][Date Thu, 25 Mar 2004 09:39:25 +0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\6May05\Raquel.dbx Mail MS Outlook 5: suspicious - 2 skipped
D:\Backup\Outlook Express Backup\Outlook Express\6May05\Rob.dbx/[From "psmi2" <psmi2@capznet.mozcom.com>][Date Mon, 15 Sep 2003 22:03:14 +0800]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\6May05\Rob.dbx/[From "psmi2" <psmi2@capznet.mozcom.com>][Date Mon, 15 Sep 2003 22:03:14 +0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\6May05\Rob.dbx Mail MS Outlook 5: suspicious - 2 skipped
D:\Backup\Outlook Express Backup\Outlook Express\6May05\Smolar.dbx/[From <smolar@hotmail.com>][Date Sat, 7 Jun 2003 11:46:16 +0700]/submited.pi Infected: Email-Worm.Win32.Sobig.c skipped
D:\Backup\Outlook Express Backup\Outlook Express\6May05\Smolar.dbx Mail MS Outlook 5: infected - 1 skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Apr05\Bruce .dbx/[From <seeralan@hotmail.com>][Date Thu, 25 Mar 2004 15:39:49 +0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Apr05\Bruce .dbx/[From <seeralan@hotmail.com>][Date Thu, 25 Mar 2004 15:39:49 +0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Apr05\Bruce .dbx Mail MS Outlook 5: suspicious - 2 skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Apr05\Lito.dbx/[From lfuentesfina <lfuentesfina@phillipsfoods.com>][Date Sat, 8 May 2004 08:53:23 +0800 (PHT)]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Apr05\Lito.dbx/[From lfuentesfina <lfuentesfina@phillipsfoods.com>][Date Sat, 8 May 2004 08:53:23 +0800 (PHT)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Apr05\Lito.dbx Mail MS Outlook 5: suspicious - 2 skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Apr05\Raquel.dbx/[From <reusebio@phillipsfoods.com>][Date Thu, 25 Mar 2004 09:39:25 +0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Apr05\Raquel.dbx/[From <reusebio@phillipsfoods.com>][Date Thu, 25 Mar 2004 09:39:25 +0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Apr05\Raquel.dbx Mail MS Outlook 5: suspicious - 2 skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Apr05\Rob.dbx/[From "psmi2" <psmi2@capznet.mozcom.com>][Date Mon, 15 Sep 2003 22:03:14 +0800]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Apr05\Rob.dbx/[From "psmi2" <psmi2@capznet.mozcom.com>][Date Mon, 15 Sep 2003 22:03:14 +0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Apr05\Rob.dbx Mail MS Outlook 5: suspicious - 2 skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Apr05\Smolar.dbx/[From <smolar@hotmail.com>][Date Sat, 7 Jun 2003 11:46:16 +0700]/submited.pi Infected: Email-Worm.Win32.Sobig.c skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Apr05\Smolar.dbx Mail MS Outlook 5: infected - 1 skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Aprilo5 backup\Bruce .dbx/[From <seeralan@hotmail.com>][Date Thu, 25 Mar 2004 15:39:49 +0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Aprilo5 backup\Bruce .dbx/[From <seeralan@hotmail.com>][Date Thu, 25 Mar 2004 15:39:49 +0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Aprilo5 backup\Bruce .dbx Mail MS Outlook 5: suspicious - 2 skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Aprilo5 backup\Lito.dbx/[From lfuentesfina <lfuentesfina@phillipsfoods.com>][Date Sat, 8 May 2004 08:53:23 +0800 (PHT)]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Aprilo5 backup\Lito.dbx/[From lfuentesfina <lfuentesfina@phillipsfoods.com>][Date Sat, 8 May 2004 08:53:23 +0800 (PHT)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Aprilo5 backup\Lito.dbx Mail MS Outlook 5: suspicious - 2 skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Aprilo5 backup\Raquel.dbx/[From <reusebio@phillipsfoods.com>][Date Thu, 25 Mar 2004 09:39:25 +0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Aprilo5 backup\Raquel.dbx/[From <reusebio@phillipsfoods.com>][Date Thu, 25 Mar 2004 09:39:25 +0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Aprilo5 backup\Raquel.dbx Mail MS Outlook 5: suspicious - 2 skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Sept04\7SEP04\Bruce.dbx/[From <seeralan@hotmail.com>][Date Thu, 25 Mar 2004 15:39:49 +0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Sept04\7SEP04\Bruce.dbx/[From <seeralan@hotmail.com>][Date Thu, 25 Mar 2004 15:39:49 +0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Sept04\7SEP04\Bruce.dbx Mail MS Outlook 5: suspicious - 2 skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Sept04\7SEP04\Lito.dbx/[From lfuentesfina <lfuentesfina@phillipsfoods.com>][Date Sat, 8 May 2004 08:53:23 +0800 (PHT)]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Sept04\7SEP04\Lito.dbx/[From lfuentesfina <lfuentesfina@phillipsfoods.com>][Date Sat, 8 May 2004 08:53:23 +0800 (PHT)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Sept04\7SEP04\Lito.dbx Mail MS Outlook 5: suspicious - 2 skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Sept04\7SEP04\Raquel.dbx/[From <reusebio@phillipsfoods.com>][Date Thu, 25 Mar 2004 09:39:25 +0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Sept04\7SEP04\Raquel.dbx/[From <reusebio@phillipsfoods.com>][Date Thu, 25 Mar 2004 09:39:25 +0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Sept04\7SEP04\Raquel.dbx Mail MS Outlook 5: suspicious - 2 skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Sept04\7SEP04\Rob.dbx/[From "psmi2" <psmi2@capznet.mozcom.com>][Date Mon, 15 Sep 2003 22:03:14 +0800]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Sept04\7SEP04\Rob.dbx/[From "psmi2" <psmi2@capznet.mozcom.com>][Date Mon, 15 Sep 2003 22:03:14 +0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Sept04\7SEP04\Rob.dbx Mail MS Outlook 5: suspicious - 2 skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Sept04\7SEP04\Smolar.dbx/[From <smolar@hotmail.com>][Date Sat, 7 Jun 2003 11:46:16 +0700]/submited.pi Infected: Email-Worm.Win32.Sobig.c skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Sept04\7SEP04\Smolar.dbx Mail MS Outlook 5: infected - 1 skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Sept04\Bruce.dbx/[From seeralan@hotmail.com][Date Thu, 25 Mar 2004 15:39:49 +0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Sept04\Bruce.dbx/[From seeralan@hotmail.com][Date Thu, 25 Mar 2004 15:39:49 +0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Sept04\Bruce.dbx Mail MS Outlook 5: suspicious - 2 skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Sept04\Raquel.dbx/[From reusebio@phillipsfoods.com][Date Thu, 25 Mar 2004 09:39:25 +0700]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Sept04\Raquel.dbx/[From reusebio@phillipsfoods.com][Date Thu, 25 Mar 2004 09:39:25 +0700]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Sept04\Raquel.dbx/[From reusebio@phillipsfoods.com][Date Thu, 25 Mar 2004 09:39:25 +0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Sept04\Raquel.dbx Mail MS Outlook 5: suspicious - 3 skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Sept04\Rob.dbx/[From psmi2 <psmi2@capznet.mozcom.com>][Date Mon, 15 Sep 2003 22:03:14 +0800]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Sept04\Rob.dbx/[From psmi2 <psmi2@capznet.mozcom.com>][Date Mon, 15 Sep 2003 22:03:14 +0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Sept04\Rob.dbx Mail MS Outlook 5: suspicious - 2 skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Sept04\Smolar.dbx/[From <smolar@hotmail.com>][Date Sat, 7 Jun 2003 11:46:16 +0700]/submited.pi Infected: Email-Worm.Win32.Sobig.c skipped
D:\Backup\Outlook Express Backup\Outlook Express\7Sept04\Smolar.dbx Mail MS Outlook 5: infected - 1 skipped
D:\Backup\Outlook Express Backup\{4EE1A4A0-8CA6-11D8-AF7E-95198371C545}\Microsoft\Outlook Express\Bruce.dbx/[From <seeralan@hotmail.com>][Date Thu, 25 Mar 2004 15:39:49 +0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\{4EE1A4A0-8CA6-11D8-AF7E-95198371C545}\Microsoft\Outlook Express\Bruce.dbx/[From <seeralan@hotmail.com>][Date Thu, 25 Mar 2004 15:39:49 +0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\{4EE1A4A0-8CA6-11D8-AF7E-95198371C545}\Microsoft\Outlook Express\Bruce.dbx Mail MS Outlook 5: suspicious - 2 skipped
D:\Backup\Outlook Express Backup\{4EE1A4A0-8CA6-11D8-AF7E-95198371C545}\Microsoft\Outlook Express\Lito.dbx/[From lfuentesfina <lfuentesfina@phillipsfoods.com>][Date Sat, 8 May 2004 08:53:23 +0800 (PHT)]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\{4EE1A4A0-8CA6-11D8-AF7E-95198371C545}\Microsoft\Outlook Express\Lito.dbx/[From lfuentesfina <lfuentesfina@phillipsfoods.com>][Date Sat, 8 May 2004 08:53:23 +0800 (PHT)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\{4EE1A4A0-8CA6-11D8-AF7E-95198371C545}\Microsoft\Outlook Express\Lito.dbx Mail MS Outlook 5: suspicious - 2 skipped
D:\Backup\Outlook Express Backup\{4EE1A4A0-8CA6-11D8-AF7E-95198371C545}\Microsoft\Outlook Express\Raquel.dbx/[From <reusebio@phillipsfoods.com>][Date Thu, 25 Mar 2004 09:39:25 +0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\{4EE1A4A0-8CA6-11D8-AF7E-95198371C545}\Microsoft\Outlook Express\Raquel.dbx/[From <reusebio@phillipsfoods.com>][Date Thu, 25 Mar 2004 09:39:25 +0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\{4EE1A4A0-8CA6-11D8-AF7E-95198371C545}\Microsoft\Outlook Express\Raquel.dbx Mail MS Outlook 5: suspicious - 2 skipped
D:\Backup\Outlook Express Backup\{4EE1A4A0-8CA6-11D8-AF7E-95198371C545}\Microsoft\Outlook Express\Rob.dbx/[From "psmi2" <psmi2@capznet.mozcom.com>][Date Mon, 15 Sep 2003 22:03:14 +0800]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\{4EE1A4A0-8CA6-11D8-AF7E-95198371C545}\Microsoft\Outlook Express\Rob.dbx/[From "psmi2" <psmi2@capznet.mozcom.com>][Date Mon, 15 Sep 2003 22:03:14 +0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Backup\Outlook Express Backup\{4EE1A4A0-8CA6-11D8-AF7E-95198371C545}\Microsoft\Outlook Express\Rob.dbx Mail MS Outlook 5: suspicious - 2 skipped
D:\Downloads\Mail\Outlook Express\Bruce.dbx/[From seeralan@hotmail.com][Date Thu, 25 Mar 2004 15:39:49 +0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Downloads\Mail\Outlook Express\Bruce.dbx/[From seeralan@hotmail.com][Date Thu, 25 Mar 2004 15:39:49 +0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Downloads\Mail\Outlook Express\Bruce.dbx Mail MS Outlook 5: suspicious - 2 skipped
D:\Downloads\Mail\Outlook Express\Raquel.dbx/[From reusebio@phillipsfoods.com][Date Thu, 25 Mar 2004 09:39:25 +0700]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Downloads\Mail\Outlook Express\Raquel.dbx/[From reusebio@phillipsfoods.com][Date Thu, 25 Mar 2004 09:39:25 +0700]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Downloads\Mail\Outlook Express\Raquel.dbx/[From reusebio@phillipsfoods.com][Date Thu, 25 Mar 2004 09:39:25 +0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Downloads\Mail\Outlook Express\Raquel.dbx Mail MS Outlook 5: suspicious - 3 skipped
D:\Downloads\Mail\Outlook Express\Rob.dbx/[From psmi2 <psmi2@capznet.mozcom.com>][Date Mon, 15 Sep 2003 22:03:14 +0800]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Downloads\Mail\Outlook Express\Rob.dbx/[From psmi2 <psmi2@capznet.mozcom.com>][Date Mon, 15 Sep 2003 22:03:14 +0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\Downloads\Mail\Outlook Express\Rob.dbx Mail MS Outlook 5: suspicious - 2 skipped
D:\Downloads\Mail\Outlook Express\Smolar.dbx/[From <smolar@hotmail.com>][Date Sat, 7 Jun 2003 11:46:16 +0700]/submited.pi Infected: Email-Worm.Win32.Sobig.c skipped
D:\Downloads\Mail\Outlook Express\Smolar.dbx Mail MS Outlook 5: infected - 1 skipped
D:\My Documents\Backup Files Nokia-Outlook Express\Backup Outlook Folders 17Jun04\Bruce.dbx/[From <seeralan@hotmail.com>][Date Thu, 25 Mar 2004 15:39:49 +0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\Backup Files Nokia-Outlook Express\Backup Outlook Folders 17Jun04\Bruce.dbx/[From <seeralan@hotmail.com>][Date Thu, 25 Mar 2004 15:39:49 +0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\Backup Files Nokia-Outlook Express\Backup Outlook Folders 17Jun04\Bruce.dbx Mail MS Outlook 5: suspicious - 2 skipped
D:\My Documents\Backup Files Nokia-Outlook Express\Backup Outlook Folders 17Jun04\Lito.dbx/[From lfuentesfina <lfuentesfina@phillipsfoods.com>][Date Sat, 8 May 2004 08:53:23 +0800 (PHT)]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\Backup Files Nokia-Outlook Express\Backup Outlook Folders 17Jun04\Lito.dbx/[From lfuentesfina <lfuentesfina@phillipsfoods.com>][Date Sat, 8 May 2004 08:53:23 +0800 (PHT)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\Backup Files Nokia-Outlook Express\Backup Outlook Folders 17Jun04\Lito.dbx Mail MS Outlook 5: suspicious - 2 skipped
D:\My Documents\Backup Files Nokia-Outlook Express\Backup Outlook Folders 17Jun04\Raquel.dbx/[From <reusebio@phillipsfoods.com>][Date Thu, 25 Mar 2004 09:39:25 +0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\Backup Files Nokia-Outlook Express\Backup Outlook Folders 17Jun04\Raquel.dbx/[From <reusebio@phillipsfoods.com>][Date Thu, 25 Mar 2004 09:39:25 +0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\Backup Files Nokia-Outlook Express\Backup Outlook Folders 17Jun04\Raquel.dbx Mail MS Outlook 5: suspicious - 2 skipped
D:\My Documents\Backup Files Nokia-Outlook Express\Backup Outlook Folders 17Jun04\Rob.dbx/[From "psmi2" <psmi2@capznet.mozcom.com>][Date Mon, 15 Sep 2003 22:03:14 +0800]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\Backup Files Nokia-Outlook Express\Backup Outlook Folders 17Jun04\Rob.dbx/[From "psmi2" <psmi2@capznet.mozcom.com>][Date Mon, 15 Sep 2003 22:03:14 +0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\Backup Files Nokia-Outlook Express\Backup Outlook Folders 17Jun04\Rob.dbx Mail MS Outlook 5: suspicious - 2 skipped
D:\My Documents\Backup Files Nokia-Outlook Express\Backup Outlook Folders 17Jun04\Smolar.dbx/[From <smolar@hotmail.com>][Date Sat, 7 Jun 2003 11:46:16 +0700]/submited.pi Infected: Email-Worm.Win32.Sobig.c skipped
D:\My Documents\Backup Files Nokia-Outlook Express\Backup Outlook Folders 17Jun04\Smolar.dbx Mail MS Outlook 5: infected - 1 skipped
D:\My Documents\CURRENT STUFF421-1715.zip/Outlook Express/Bruce .dbx/[From <seeralan@hotmail.com>][Date Thu, 25 Mar 2004 15:39:49 +0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\CURRENT STUFF421-1715.zip/Outlook Express/Bruce .dbx/[From <seeralan@hotmail.com>][Date Thu, 25 Mar 2004 15:39:49 +0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\CURRENT STUFF421-1715.zip/Outlook Express/Bruce .dbx Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\CURRENT STUFF421-1715.zip/Outlook Express/Lito.dbx/[From lfuentesfina <lfuentesfina@phillipsfoods.com>][Date Sat, 8 May 2004 08:53:23 +0800 (PHT)]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\CURRENT STUFF421-1715.zip/Outlook Express/Lito.dbx/[From lfuentesfina <lfuentesfina@phillipsfoods.com>][Date Sat, 8 May 2004 08:53:23 +0800 (PHT)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\CURRENT STUFF421-1715.zip/Outlook Express/Lito.dbx Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\CURRENT STUFF421-1715.zip/Outlook Express/Raquel.dbx/[From <reusebio@phillipsfoods.com>][Date Thu, 25 Mar 2004 09:39:25 +0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\CURRENT STUFF421-1715.zip/Outlook Express/Raquel.dbx/[From <reusebio@phillipsfoods.com>][Date Thu, 25 Mar 2004 09:39:25 +0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\CURRENT STUFF421-1715.zip/Outlook Express/Raquel.dbx Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\CURRENT STUFF421-1715.zip/Outlook Express/Rob.dbx/[From "psmi2" <psmi2@capznet.mozcom.com>][Date Mon, 15 Sep 2003 22:03:14 +0800]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\CURRENT STUFF421-1715.zip/Outlook Express/Rob.dbx/[From "psmi2" <psmi2@capznet.mozcom.com>][Date Mon, 15 Sep 2003 22:03:14 +0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\CURRENT STUFF421-1715.zip/Outlook Express/Rob.dbx Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\CURRENT STUFF421-1715.zip/Outlook Express/Smolar.dbx/[From <smolar@hotmail.com>][Date Sat, 7 Jun 2003 11:46:16 +0700]/submited.pi Infected: Email-Worm.Win32.Sobig.c skipped
D:\My Documents\CURRENT STUFF421-1715.zip/Outlook Express/Smolar.dbx Infected: Email-Worm.Win32.Sobig.c skipped
D:\My Documents\CURRENT STUFF421-1715.zip/Outlook Express/Tim Graham.dbx/[From "rr_pspc" <rr_pspc@globenet.com.pg>][Date Mon, 2 Feb 2004 08:32:28 +0800]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\CURRENT STUFF421-1715.zip/Outlook Express/Tim Graham.dbx Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\CURRENT STUFF421-1715.zip ZIP: infected - 2, suspicious - 14 skipped
D:\My Documents\CURRENT STUFF\Mail\Outlook Express\Bruce.dbx/[From seeralan@hotmail.com][Date Thu, 25 Mar 2004 15:39:49 +0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\CURRENT STUFF\Mail\Outlook Express\Bruce.dbx/[From seeralan@hotmail.com][Date Thu, 25 Mar 2004 15:39:49 +0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\CURRENT STUFF\Mail\Outlook Express\Bruce.dbx Mail MS Outlook 5: suspicious - 2 skipped
D:\My Documents\CURRENT STUFF\Mail\Outlook Express\Raquel.dbx/[From reusebio@phillipsfoods.com][Date Thu, 25 Mar 2004 09:39:25 +0700]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\CURRENT STUFF\Mail\Outlook Express\Raquel.dbx/[From reusebio@phillipsfoods.com][Date Thu, 25 Mar 2004 09:39:25 +0700]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\CURRENT STUFF\Mail\Outlook Express\Raquel.dbx/[From reusebio@phillipsfoods.com][Date Thu, 25 Mar 2004 09:39:25 +0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\CURRENT STUFF\Mail\Outlook Express\Raquel.dbx Mail MS Outlook 5: suspicious - 3 skipped
D:\My Documents\CURRENT STUFF\Mail\Outlook Express\Rob.dbx/[From psmi2 <psmi2@capznet.mozcom.com>][Date Mon, 15 Sep 2003 22:03:14 +0800]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\CURRENT STUFF\Mail\Outlook Express\Rob.dbx/[From psmi2 <psmi2@capznet.mozcom.com>][Date Mon, 15 Sep 2003 22:03:14 +0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\CURRENT STUFF\Mail\Outlook Express\Rob.dbx Mail MS Outlook 5: suspicious - 2 skipped
D:\My Documents\CURRENT STUFF\Mail\Outlook Express\Smolar.dbx/[From <smolar@hotmail.com>][Date Sat, 7 Jun 2003 11:46:16 +0700]/submited.pi Infected: Email-Worm.Win32.Sobig.c skipped
D:\My Documents\CURRENT STUFF\Mail\Outlook Express\Smolar.dbx Mail MS Outlook 5: infected - 1 skipped
D:\My Documents\Missing Outlook Folders\Rob.dbx/[From "psmi2" <psmi2@capznet.mozcom.com>][Date Mon, 15 Sep 2003 22:03:14 +0800]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\Missing Outlook Folders\Rob.dbx/[From "psmi2" <psmi2@capznet.mozcom.com>][Date Mon, 15 Sep 2003 22:03:14 +0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\Missing Outlook Folders\Rob.dbx Mail MS Outlook 5: suspicious - 2 skipped
D:\My Documents\Missing Outlook Folders\Smolar.dbx/[From <smolar@hotmail.com>][Date Sat, 7 Jun 2003 11:46:16 +0700]/submited.pi Infected: Email-Worm.Win32.Sobig.c skipped
D:\My Documents\Missing Outlook Folders\Smolar.dbx Mail MS Outlook 5: infected - 1 skipped
D:\My Documents\Outlook Express-OLD dbx Mailbox copy421-1715.zip/Outlook Express/Bruce .dbx/[From <seeralan@hotmail.com>][Date Thu, 25 Mar 2004 15:39:49 +0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\Outlook Express-OLD dbx Mailbox copy421-1715.zip/Outlook Express/Bruce .dbx/[From <seeralan@hotmail.com>][Date Thu, 25 Mar 2004 15:39:49 +0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\Outlook Express-OLD dbx Mailbox copy421-1715.zip/Outlook Express/Bruce .dbx Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\Outlook Express-OLD dbx Mailbox copy421-1715.zip/Outlook Express/Lito.dbx/[From lfuentesfina <lfuentesfina@phillipsfoods.com>][Date Sat, 8 May 2004 08:53:23 +0800 (PHT)]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\Outlook Express-OLD dbx Mailbox copy421-1715.zip/Outlook Express/Lito.dbx/[From lfuentesfina <lfuentesfina@phillipsfoods.com>][Date Sat, 8 May 2004 08:53:23 +0800 (PHT)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\Outlook Express-OLD dbx Mailbox copy421-1715.zip/Outlook Express/Lito.dbx Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\Outlook Express-OLD dbx Mailbox copy421-1715.zip/Outlook Express/Raquel.dbx/[From <reusebio@phillipsfoods.com>][Date Thu, 25 Mar 2004 09:39:25 +0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\Outlook Express-OLD dbx Mailbox copy421-1715.zip/Outlook Express/Raquel.dbx/[From <reusebio@phillipsfoods.com>][Date Thu, 25 Mar 2004 09:39:25 +0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\Outlook Express-OLD dbx Mailbox copy421-1715.zip/Outlook Express/Raquel.dbx Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\Outlook Express-OLD dbx Mailbox copy421-1715.zip/Outlook Express/Rob.dbx/[From "psmi2" <psmi2@capznet.mozcom.com>][Date Mon, 15 Sep 2003 22:03:14 +0800]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\Outlook Express-OLD dbx Mailbox copy421-1715.zip/Outlook Express/Rob.dbx/[From "psmi2" <psmi2@capznet.mozcom.com>][Date Mon, 15 Sep 2003 22:03:14 +0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\Outlook Express-OLD dbx Mailbox copy421-1715.zip/Outlook Express/Rob.dbx Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\Outlook Express-OLD dbx Mailbox copy421-1715.zip/Outlook Express/Smolar.dbx/[From <smolar@hotmail.com>][Date Sat, 7 Jun 2003 11:46:16 +0700]/submited.pi Infected: Email-Worm.Win32.Sobig.c skipped
D:\My Documents\Outlook Express-OLD dbx Mailbox copy421-1715.zip/Outlook Express/Smolar.dbx Infected: Email-Worm.Win32.Sobig.c skipped
D:\My Documents\Outlook Express-OLD dbx Mailbox copy421-1715.zip/Outlook Express/Tim Graham.dbx/[From "rr_pspc" <rr_pspc@globenet.com.pg>][Date Mon, 2 Feb 2004 08:32:28 +0800]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\Outlook Express-OLD dbx Mailbox copy421-1715.zip/Outlook Express/Tim Graham.dbx Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\My Documents\Outlook Express-OLD dbx Mailbox copy421-1715.zip ZIP: infected - 2, suspicious - 14 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd1/Data.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd1 ZIP: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd1 CryptFF: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd10/Notice.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd10 ZIP: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd10 CryptFF: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd11/Bill.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd11 ZIP: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd11 CryptFF: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd12/Data.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd12 ZIP: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd12 CryptFF: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd13/Bill.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd13 ZIP: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd13 CryptFF: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd14/Notice.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd14 ZIP: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd14 CryptFF: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd15/Data.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd15 ZIP: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd15 CryptFF: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd16/Data.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd16 ZIP: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd16 CryptFF: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd17/Notice.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd17 ZIP: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd17 CryptFF: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd18/Important.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd18 ZIP: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd18 CryptFF: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd19/Bill.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd19 ZIP: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd19 CryptFF: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd2/Details.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd2 ZIP: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd2 CryptFF: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd20/Notice.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd20 ZIP: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd20 CryptFF: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd21/Bill.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd21 ZIP: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd21 CryptFF: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd22/Informations.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd22 ZIP: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd22 CryptFF: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd23/Important.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd23 ZIP: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd23 CryptFF: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd24/Details.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd24 ZIP: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd24 CryptFF: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd25/Part-2.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd25 ZIP: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd25 CryptFF: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd26/Notice.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd26 ZIP: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd26 CryptFF: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd3/Part-2.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd3 ZIP: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd3 CryptFF: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd4 Infected: Email-Worm.Win32.Magistr.b skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd5/Informations.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd5 ZIP: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd5 CryptFF: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd6/Notice.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd6 ZIP: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd6 CryptFF: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd7/Bill.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd7 ZIP: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd7 CryptFF: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd8/Data.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd8 ZIP: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd8 CryptFF: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd9/Informations.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd9 ZIP: infected - 1 skipped
D:\RECYCLER\S-1-5-21-1343024091-746137067-1060284298-500\Dd9 CryptFF: infected - 1 skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

*************************************************

BLACKLIGHT: No hidden processes
12/10/07 10:39:10 [Info]: BlackLight Engine 1.0.67 initialized
12/10/07 10:39:10 [Info]: OS: 5.1 build 2600 (Service Pack 2)
12/10/07 10:39:10 [Note]: 7019 4
12/10/07 10:39:10 [Note]: 7005 0
12/10/07 10:39:15 [Note]: 7006 0
12/10/07 10:39:15 [Note]: 7011 3208
12/10/07 10:39:16 [Note]: 7026 0
12/10/07 10:39:16 [Note]: 7026 0
12/10/07 10:39:35 [Note]: FSRAW library version 1.7.1024
12/10/07 10:46:12 [Note]: 7007 0

**********************************************************
COMBOFIX
ComboFix 07-12-09.1 - Stephen Smolar 2007-12-10 10:47:12.2 - NTFSx86
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-10 to 2007-12-10 )))))))))))))))))))))))))))))))
.

2007-12-10 06:56 . 2007-12-10 06:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-10 05:58 . 2007-12-10 05:58 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-07 10:36 . 2007-12-09 17:00 <DIR> d-------- C:\Library of Congress
2007-12-07 07:37 . 2007-12-07 07:37 0 --a------ C:\New ACDSee 7.0 BMP Image.bmp
2007-12-04 13:07 . 2007-12-04 13:32 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-04 13:07 . 2007-12-04 13:07 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-04 13:07 . 2007-12-04 13:07 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-04 13:07 . 2007-12-04 13:07 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-04 11:49 . 2007-12-10 06:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\VersionTracker Pro
2007-12-04 11:48 . 2007-12-04 11:48 <DIR> d-------- C:\Program Files\TechTracker
2007-12-04 10:32 . 2007-12-04 10:32 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-04 10:32 . 2007-12-04 10:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-04 10:10 . 2007-12-04 10:10 <DIR> d-------- C:\Program Files\MSConfig CleanUp
2007-12-04 05:45 . 2007-12-04 05:45 <DIR> d-------- C:\HJT
2007-11-27 18:55 . 2007-11-27 18:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ArcSoft
2007-11-24 22:59 . 2007-11-24 22:59 34,560 --a------ C:\WINDOWS\system32\drivers\SSDefrag.sys
2007-11-24 22:42 . 2007-11-25 00:36 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-11-24 19:08 . 2007-11-29 15:57 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-24 19:08 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2007-11-24 19:07 . 2007-11-24 19:07 2,566,736 --a------ C:\spywareblastersetup351.exe
2007-11-24 18:41 . 2007-11-24 18:41 16,892,616 --a------ C:\setupeng.exe
2007-11-24 18:10 . 2007-11-24 18:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-24 18:06 . 2007-11-30 19:03 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-24 18:06 . 2007-11-24 18:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-11-24 18:05 . 2007-12-04 10:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-24 17:54 . 2007-11-25 00:42 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-11-24 17:54 . 2007-11-24 17:54 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-11-24 17:53 . 2007-12-10 00:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-11-24 17:53 . 2007-11-24 17:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-11-24 17:53 . 2007-11-25 00:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SiteAdvisor
2007-11-24 17:53 . 2007-11-24 17:53 1,418,608 --a------ C:\saSetup.exe
2007-11-24 15:28 . 2007-11-24 15:28 5,914,648 --a------ C:\SUPERAntiSpyware.exe
2007-11-24 15:17 . 2007-11-30 13:14 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-11-24 14:42 . 2007-11-24 14:42 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-24 14:42 . 2007-11-24 14:42 812,344 --a------ C:\HJTInstall.exe
2007-11-24 03:17 . 2007-11-24 03:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo!
2007-11-24 02:58 . 2007-11-24 02:58 <DIR> d-------- C:\Program Files\Defraggler
2007-11-24 02:56 . 2007-11-24 02:57 409,736 --a------ C:\dfsetup100.exe
2007-11-24 02:11 . 2007-11-24 02:11 <DIR> d-------- C:\Program Files\Recuva
2007-11-24 02:10 . 2007-11-24 02:10 641,624 --a------ C:\rcsetup108.exe
2007-11-24 02:07 . 2007-11-26 14:09 <DIR> d-------- C:\Program Files\Yahoo!
2007-11-24 02:07 . 2007-11-24 02:08 <DIR> d-------- C:\Program Files\CCleaner
2007-11-24 02:06 . 2007-11-24 02:06 2,725,528 --a------ C:\ccsetup202.exe
2007-11-22 21:10 . 2007-11-22 21:10 <DIR> d-------- C:\Program Files\MSECache
2007-11-20 04:00 . 2007-11-20 04:00 <DIR> d-------- C:\Program Files\Transcribe!
2007-11-14 04:46 . 2007-11-14 04:46 105,478,576 --a------ C:\SYM_REGISTRY_BACKUP.reg
2007-11-13 10:24 . 2007-11-27 17:45 <DIR> d-------- C:\aaacurrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-10 03:55 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-12-10 03:46 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2007-12-09 20:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-04 05:52 --------- d-----w C:\Documents and Settings\Administrator\Application Data\GARMIN
2007-12-03 03:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-30 20:54 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-26 01:59 --------- d-----w C:\Program Files\Common Files\Acronis
2007-11-26 01:59 --------- d-----w C:\Program Files\Acronis
2007-11-26 01:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Acronis
2007-11-24 17:04 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVG7
2007-11-24 15:41 --------- d-----w C:\Program Files\Symantec
2007-11-15 15:36 --------- d-----w C:\Program Files\Winamp
2007-11-09 16:14 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DassaultSystemes
2007-11-09 16:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\DassaultSystemes
2007-11-09 15:34 --------- d-----w C:\Program Files\MSXML 6.0
2007-11-08 00:40 --------- d-----w C:\Program Files\Google
2007-11-07 13:33 --------- d-----w C:\Program Files\MapSource
2007-10-28 09:54 --------- d-----w C:\Program Files\Common Files\Skype
2007-10-28 02:34 --------- d-----w C:\Program Files\Common Files\xing shared
2007-10-28 02:34 --------- d-----w C:\Program Files\Common Files\Real
2007-10-25 03:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-24 12:43 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys
2007-10-24 12:43 --------- d-----w C:\Program Files\Real
2007-10-24 12:43 --------- d-----w C:\Program Files\aod
2007-10-22 17:09 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-22 04:39 --------- d-----w C:\Program Files\Microsoft Works
2007-10-22 03:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-04-27 15:25 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-01-23 17:29 5,037,072 ----a-w C:\Program Files\spybotsd14.exe
2001-10-05 05:53 21,866 ----a-w C:\Program Files\Common Files\tppupd2k.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 03:24]
"PowerBar"="" []
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-26 11:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 10:44]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 10:44]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 10:44]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 17:30]
"00THotkey"="C:\WINDOWS\system32\00THotkey.exe" [2003-04-15 20:01]
"000StTHK"="000StTHK.exe" [2001-06-23 20:28 C:\WINDOWS\system32\000StTHK.exe]
"TFncKy"="TFncKy.exe" []
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-04-06 23:19]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-04-06 23:07]
"LTSMMSG"="LTSMMSG.exe" [2003-04-18 09:06 C:\WINDOWS\ltsmmsg.exe]
"TPSMain"="TPSMain.exe" [2003-09-25 10:19 C:\WINDOWS\system32\TPSMain.exe]
"PmProxy"="C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe" [2003-02-28 18:54]
"TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2002-09-09 15:07]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 15:52]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-04-17 12:30]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-09-07 20:25]
"BluetoothAuthenticationAgent"="rundll32.exe" [2004-08-10 10:44 C:\WINDOWS\system32\rundll32.exe]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35]
"MXO Auto Loader"="C:\WINDOWS\MXOALDR.EXE" [2003-04-07 18:09]
"Norton Ghost 9.0"="C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-11-22 17:20]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-21 20:00]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-27 08:21]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-19 09:29]
"FlashEnc"="c:\FlashEnc\FlashEnc.exe" [2006-09-04 03:05]
"TPP Auto Loader"="C:\WINDOWS\TPPALDR.EXE" [2001-10-05 12:54]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 13:27]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-03-30 22:42]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 10:44]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-27 08:21]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\Billionton\Bluetooth Software\BTTray.exe [2003-12-01 15:28:00]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2006-03-21 20:01:10]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-12-06 19:15:40]
VersionTrackerPro.lnk - C:\WINDOWS\Installer\{C1EDC38F-2760-4A4E-9CED-95B53024134C}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe [2007-12-04 11:48:22]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys
R0 TVALG;Toshiba Value Added Logical and General Purpose Device Driver;C:\WINDOWS\system32\DRIVERS\TVALG.SYS
R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIMount.sys
R3 TOSHIBASoftModem;TOSHIBA Software Modem;C:\WINDOWS\system32\DRIVERS\LTSM.sys
S2 GT680x;GT680x Scanner Controller;C:\WINDOWS\system32\Drivers\gt680x.sys
S3 SSDefrag;SSDefrag;\??\C:\WINDOWS\system32\drivers\SSDefrag.sys
S3 TPP725;USB Storage Adapter (TPP);C:\WINDOWS\system32\DRIVERS\TPP725.SYS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2228f1cd-661f-11da-b5ac-00080d2520ce}]
\Shell\AutoRun\command - RavMon.exe

.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cwdgydjr-62B90D.dll
-> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Z52FECx1.DLL
-> C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\Z52FECX1LIB.DLL
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-10 10:57:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

.
Completion time: 2007-12-10 11:02:16 - machine was rebooted
.
--- E O F ---

**************************************************************************

HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:03 AM, on 12/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32THotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\FlashEnc\FlashEnc.exe
C:\WINDOWS\TPPALDR.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Billionton\Bluetooth Software\BTTray.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PmProxy] "C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe"
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [FlashEnc] "c:\FlashEnc\FlashEnc.exe"
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: VersionTrackerPro.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Acronis Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Acronis Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1147165307231
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0048D0C7-2981-4E04-8830-12F6C3923773}: NameServer = 203.121.130.39,202.121.130.40
O17 - HKLM\System\CS1\Services\Tcpip\..\{0048D0C7-2981-4E04-8830-12F6C3923773}: NameServer = 203.121.130.39,202.121.130.40
O17 - HKLM\System\CS2\Services\Tcpip\..\{0048D0C7-2981-4E04-8830-12F6C3923773}: NameServer = 203.121.130.39,202.121.130.40
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 13466 bytes

Back to top

Back to Spyware Hell