Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Hijack Help?

Started by dphenry , Apr 12 2008 11:51 AM

  • This topic is locked This topic is locked
18 replies to this topic

#1 dphenry

dphenry

    Authentic Member

  • Authentic Member
  • PipPip
  • 127 posts

Posted 12 April 2008 - 11:51 AM

I have not added any new devices or software, but for some reason my system has begun to take ages to boot. Below is my hijackthis.log. Any help will be most appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:34:20 PM, on 4/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\TARGUS\PAUM008U\Ver_2.32\LWBWHEEL.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb01.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Plaxo\3.8.1.1\PlaxoHelper_en.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~4\data\Xtras\mssysmgr.exe
C:\Program Files\Chaos Software\Chaos 6\alarm.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\PaperMaster Pro 7.0\J2GDllCmd.exe
C:\Program Files\PaperMaster Pro 7.0\J2GTray.exe
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.indianapa.com/chamber
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: (no name) - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\TARGUS\PAUM008U\Ver_2.32\LWBWHEEL.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.8.1.1\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [Simple Star PhotoShow Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~4\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [alarm.exe] "C:\Program Files\Chaos Software\Chaos 6\alarm.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: AMI-Up2Date.lnk = C:\Program Files\Alchemy Mindworks\Up2Date\AMI-up2date.exe
O4 - Startup: CaptureWiz.lnk = C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: PaperMaster Live Menu 7.0.lnk = C:\Program Files\PaperMaster Pro 7.0\J2GDllCmd.exe
O4 - Startup: PaperMaster Tray Menu 7.0.lnk = C:\Program Files\PaperMaster Pro 7.0\J2GTray.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O9 - Extra button: Upload File - {A2F93841-DEAB-0392-4958-BA333CF05732} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Upload File to Mobile Phone - {A2F93841-DEAB-0392-4958-BA333CF05732} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.co...laxoInstall.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h50203.www5....DataManager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.aka...vex-2.0.3.8.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.wea...Transporter.cab?
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmar...martActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.goo...8/uploader2.cab
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberr...er/AxLoader.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.h...llMgr_v01_5.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18....es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1149447928120
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123512357461
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds...ransferCtrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} - http://supportcenter...jsp/VOLAWeb.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://www.imgag.com...tall/AxCtp2.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...5/installer.exe
O16 - DPF: {DB0474CC-8EF6-47FC-905B-23FC58A70817} (RegPropsCtrl Class) - https://download.ver...tWebInstall.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://sanford.webe...ort/ieatgpc.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://liveca04.cus...l/java/RntX.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.co...NetOpPlugin.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.h.../qdiagh.cab?326
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...ivex/RACtrl.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\\lic98rmt.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 19485 bytes

    Advertisements

Register to Remove

#2 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 17 April 2008 - 03:08 AM

Hello and welcome to the forum.

Sorry about the delay in responding

If you still need help, Scan again with HijackThis, and "copy/paste" a new log file into this thread.

Please make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.


Also please describe how your computer behaves at the moment.
You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

#3 dphenry

dphenry

    Authentic Member

  • Authentic Member
  • PipPip
  • 127 posts

Posted 17 April 2008 - 09:10 AM

Here's the log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:53 AM, on 4/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\WINDOWS\MXOALDR.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\TARGUS\PAUM008U\Ver_2.32\LWBWHEEL.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb01.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Labtec\WebCam10\WebCam10.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Plaxo\3.8.1.1\PlaxoHelper_en.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~4\data\Xtras\mssysmgr.exe
C:\Program Files\Chaos Software\Chaos 6\alarm.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\PaperMaster Pro 7.0\J2GDllCmd.exe
C:\Program Files\PaperMaster Pro 7.0\J2GTray.exe
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.indianapa.com/chamber
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: (no name) - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\TARGUS\PAUM008U\Ver_2.32\LWBWHEEL.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.8.1.1\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [alarm.exe] "C:\Program Files\Chaos Software\Chaos 6\alarm.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Simple Star PhotoShow Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~4\data\Xtras\mssysmgr.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: AMI-Up2Date.lnk = C:\Program Files\Alchemy Mindworks\Up2Date\AMI-up2date.exe
O4 - Startup: CaptureWiz.lnk = C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: PaperMaster Live Menu 7.0.lnk = C:\Program Files\PaperMaster Pro 7.0\J2GDllCmd.exe
O4 - Startup: PaperMaster Tray Menu 7.0.lnk = C:\Program Files\PaperMaster Pro 7.0\J2GTray.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O9 - Extra button: Upload File - {A2F93841-DEAB-0392-4958-BA333CF05732} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Upload File to Mobile Phone - {A2F93841-DEAB-0392-4958-BA333CF05732} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.co...laxoInstall.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h50203.www5....DataManager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.aka...vex-2.0.3.8.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.wea...Transporter.cab?
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmar...martActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.goo...8/uploader2.cab
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberr...er/AxLoader.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.h...llMgr_v01_5.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18....es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1149447928120
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123512357461
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds...ransferCtrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} - http://supportcenter...jsp/VOLAWeb.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://www.imgag.com...tall/AxCtp2.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...5/installer.exe
O16 - DPF: {DB0474CC-8EF6-47FC-905B-23FC58A70817} (RegPropsCtrl Class) - https://download.ver...tWebInstall.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://sanford.webe...ort/ieatgpc.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://liveca04.cus...l/java/RntX.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.co...NetOpPlugin.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.h.../qdiagh.cab?326
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...ivex/RACtrl.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\\lic98rmt.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 21598 bytes

Here is the uninstall file:

Active Disk
Ad-Aware SE Personal
AddrCleaner for WAB 2.0
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Shockwave Player 11
Adobe® Photoshop® Album Starter Edition 3.2
AOL Uninstaller (Choose which Products to Remove)
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Belarc Advisor 7.1
BlackBerry Desktop Software
BlackBerry Desktop Software
Brother HL-5140
Brother P-touch Editor Version 4.0
Camtasia Studio 2
CaptureWizPro 3.80
Carbonite
CardScan 7.0.5
CCleaner (remove only)
CCScore
CD Audio Reader Filter (remove only)
ChaosSync for Outlook
ChaosSync for Palm (Time and Chaos Editon)
ChaosSync v6
CoffeeCup PixConverter
Compatibility Pack for the 2007 Office system
Convert XLS
Corel Photo Album 6
Corel WordPerfect Suite 8
CR2
CROA 1.5
DBX Backup v.1.1
DirectVobSub (remove only)

My system still runs very slow and often erratic.

#4 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 17 April 2008 - 09:49 AM

Hi

WeatherBug is a system tray icon that offers weather information and includes built-in ads. WeatherBug is controlled by AWS Convergence Technologies (weatherbugmedia.com). There is some controversy over whether WeatherBug should be targeted by anti-parasite software. AWS strongly deny their software is ‘spyware’, and by the definition used here, it is not, as it does not leak information back to its controlling servers. However, WeatherBug has in the past been silently installed by the FavoriteMan parasite and Freeze.com screensavers, and more recently has been bundled by software such as AIM and Blubster. This makes it ‘unsolicited’, and since it is installed to raise money for its creators through the built-in ads it is certainly ‘commercial’. So it does meet the definition for ‘parasite’: unsolicited commercial software. It is nonetheless listed as a borderline case because it is not overtly harmful and many people do install it deliberately. WeatherBug bundles the MySearch parasite in its standalone distribution and has in the past, installed Gator and SVAPlayer.

I recommend that you uninstall WeatherBugand choose one of these alternatives:
Weather Pulse
Weather Watcher
or
Get mozilla Firefox and then get FORECASTFOX!!!
or check the weather at these websites:
Weather Street: US Weather
Intellicast
To uninstall WeatherBug:
  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight WeatherBug, click Remove.
  • Close the Add or Remove Programs and the Control Panel windows.


Lets run an F-Secure online scan it will scan for Viruses, Spyware and RootKits:
  • Click HERE
  • Scroll to the bottom of the page and click the Start Scanning button. A window will pop up.
  • Allow the Active X control to be installed on your computer, then click the Accept button
  • Click Full System Scan and allow the components to download and the scan to complete.
  • If malware is found, check Submit samples to F-Secure then select Automatic cleaning
  • When cleaning has finished, click Show report (this will open an Internet Explorer window containing the report)
    Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan
  • When the cleaning option is presented, Uncheck Submit samples to F-Secure
  • Click Automatic cleaning
  • When cleaning has finished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

Note: This scan will only work with Internet Explorer.
You must be logged on a administrator rights to run this scan.
The scan may take a few hours.
You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

#5 dphenry

dphenry

    Authentic Member

  • Authentic Member
  • PipPip
  • 127 posts

Posted 18 April 2008 - 11:37 AM

I have followed your instructions, please see below as enerated by running F-Secure. Now what? Thank you very, very much! Scanning Report Friday, April 18, 2008 07:59:41 - 13:33:23 Computer name: DPHLAPTOP Scanning type: Scan system for malware, rootkits Target: C:\ L:\ M:\ -------------------------------------------------------------------------------- Result: 2 malware found AdWare.Win32.BargainBuddy (spyware) System Tracking Cookie (spyware) System -------------------------------------------------------------------------------- Statistics Scanned: Files: 127895 System: 7053 Not scanned: 13 Actions: Disinfected: 0 Renamed: 0 Deleted: 0 None: 2 Submitted: 0 Files not scanned: C:\HIBERFIL.SYS C:\PAGEFILE.SYS C:\WINDOWS\TEMP\MCMSC_5RJ15SCRE4BCSEK C:\WINDOWS\TEMP\MCMSC_H4DZTBE28YFRDOJ C:\WINDOWS\TEMP\MCMSC_TWXHBVGSVW4ELU4 C:\WINDOWS\TEMP\MCMSC_VVEIDQRMJHSK3BY C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\WINDOWS\SYSTEM32\CONFIG\SAM C:\WINDOWS\SYSTEM32\CONFIG\SECURITY C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{44A249A5-1B48-4936-A28B-FB46477BFCFE}.BIN L:\MSDOWNLD.TMP\AS5AB7B4.TMP\ېT?S-+.{H -------------------------------------------------------------------------------- Options Scanning engines: F-Secure USS: 2.30.0 F-Secure Hydra: 2.8.8110, 2008-04-18 F-Secure AVP: 7.0.171, 2008-04-18 F-Secure Pegasus: 1.20.0, 2008-02-28 F-Secure Blacklight: 1.0.64 Scanning options: Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR Use Advanced heuristics -------------------------------------------------------------------------------- Copyright © 1998-2007 Product support |Send virus sample to F-Secure F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

#6 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 18 April 2008 - 02:24 PM

Hi

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

*Note* If you do not have Firefox or Opera, those options will be greyed out.


Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Post that log back here with a new HijackThis log.

You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

#7 dphenry

dphenry

    Authentic Member

  • Authentic Member
  • PipPip
  • 127 posts

Posted 19 April 2008 - 08:51 AM

It looks to me like we're making some headway! Thank you.

Here are the two files as requested:

Malwarebytes' Anti-Malware 1.11
Database version: 652

Scan type: Full Scan (C:\|L:\|M:\|)
Objects scanned: 207058
Time elapsed: 2 hour(s), 10 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Tencent (Adware.Agent) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchwbbar.settingsplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchwbbar.settingsplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchwbbar.toolbarplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchwbbar.toolbarplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchwbtoolbar.temperaturebarbutton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchwbtoolbar.temperaturebarbutton.1 (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Malwarebytes' Anti-Malware 1.11
Database version: 652

Scan type: Full Scan (C:\|L:\|M:\|)
Objects scanned: 207058
Time elapsed: 2 hour(s), 10 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Tencent (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchwbbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchwbbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchwbbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchwbbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchwbtoolbar.temperaturebarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchwbtoolbar.temperaturebarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{FDF5BC16-BEC4-472F-8F06-7341BFD767A7}\RP979\A0183755.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dana P. Henry\g2mdlhlpx.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:33 AM, on 4/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb01.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Labtec\WebCam10\WebCam10.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TARGUS\PAUM008U\Ver_2.32\LWBWHEEL.exe
C:\Program Files\Plaxo\3.8.1.1\PlaxoHelper_en.exe
C:\Program Files\Chaos Software\Chaos 6\alarm.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~4\data\Xtras\mssysmgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\PaperMaster Pro 7.0\J2GDllCmd.exe
C:\Program Files\PaperMaster Pro 7.0\J2GTray.exe
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.indianapa.com/chamber
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: (no name) - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\TARGUS\PAUM008U\Ver_2.32\LWBWHEEL.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.8.1.1\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [alarm.exe] "C:\Program Files\Chaos Software\Chaos 6\alarm.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Simple Star PhotoShow Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~4\data\Xtras\mssysmgr.exe
O4 - HKUS\S-1-5-21-1387572057-184262623-1940218653-1010\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: AMI-Up2Date.lnk = C:\Program Files\Alchemy Mindworks\Up2Date\AMI-up2date.exe
O4 - Startup: CaptureWiz.lnk = C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: PaperMaster Live Menu 7.0.lnk = C:\Program Files\PaperMaster Pro 7.0\J2GDllCmd.exe
O4 - Startup: PaperMaster Tray Menu 7.0.lnk = C:\Program Files\PaperMaster Pro 7.0\J2GTray.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O9 - Extra button: Upload File - {A2F93841-DEAB-0392-4958-BA333CF05732} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Upload File to Mobile Phone - {A2F93841-DEAB-0392-4958-BA333CF05732} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.co...laxoInstall.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h50203.www5....DataManager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.aka...vex-2.0.3.8.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmar...martActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.goo...8/uploader2.cab
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberr...er/AxLoader.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.h...llMgr_v01_5.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18....es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1149447928120
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123512357461
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds...ransferCtrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} - http://supportcenter...jsp/VOLAWeb.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://www.imgag.com...tall/AxCtp2.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...5/installer.exe
O16 - DPF: {DB0474CC-8EF6-47FC-905B-23FC58A70817} (RegPropsCtrl Class) - https://download.ver...tWebInstall.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://sanford.webe...ort/ieatgpc.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://liveca04.cus...l/java/RntX.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.co...NetOpPlugin.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.h.../qdiagh.cab?326
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...ivex/RACtrl.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\\lic98rmt.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 21268 bytes

Now what?

Again, thank you very, very much!!

#8 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 19 April 2008 - 09:36 AM

Ok, I just one to be absolutley sure Ive got everything, which means another scan. Then we can talk about trimming down your auto-start programs. You have a lot there of unecessary ones.

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:

      + Extended(If available otherwise Standard)
    • Scan Options:

      + Scan Archives
      + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

With the exception of Internet Explorer, which is needed for the Kaspersky Scan, keep ALL programs closed until the scan is complete. This includes your anti-virus. Once you have installed the Scanner, and the updated definitions, you can disconnect from the Internet.Re-enable the anti-virus before reconnecting to the Internet.
You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

#9 dphenry

dphenry

    Authentic Member

  • Authentic Member
  • PipPip
  • 127 posts

Posted 20 April 2008 - 08:13 AM

Here is the report. What now? What do I do about the files that the software has identified? Thank you so much for helping me. What do we do about the startup files? Sunday, April 20, 2008 10:10:21 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 19/04/2008 Kaspersky Anti-Virus database records: 715414 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer A:\ C:\ D:\ E:\ F:\ H:\ K:\ L:\ M:\ Scan Statistics Total number of scanned objects 165520 Number of viruses found 25 Number of infected objects 354 Number of suspicious objects 51 Duration of the scan process 06:09:26 Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\Carbonite\Carbonite Backup\Carbonite.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Carbonite\Carbonite Backup\CarboniteConfig.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Carbonite\Carbonite Backup\CarboniteDelta.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Carbonite\Carbonite Backup\CarboniteFiles.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Carbonite\Carbonite Backup\CarboniteNSE.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Carbonite\Carbonite Backup\CarboniteRestores.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Carbonite\Carbonite Backup\CarboniteUI.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Carbonite\Carbonite Backup\CarboniteVersions.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Output\Dana P. Henry\~Running.ping Object is locked skipped C:\Documents and Settings\All Users\Application Data\iolo\FileInfoList\IOLOFIL.FDB Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{97B6E30B-EF2F-4F98-BD98-F645C4534517}.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR3.tmp Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\Dana P. Henry\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped C:\Documents and Settings\Dana P. Henry\Application Data\Microsoft\Word\STARTUP\SolidConverterPDF.dot Object is locked skipped C:\Documents and Settings\Dana P. Henry\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Dana P. Henry\Desktop\Download_mbam-setup.exe Infected: not-a-virus:Downloader.Win32.WinFixer.fs skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Deleted Archive.dbx/[From Microsoft ][Date Thu, 25 Sep 2003 09:46:04]/UNNAMED/patch.exe Infected: Email-Worm.Win32.Dumaru.a skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Deleted Archive.dbx/[From Microsoft ][Date Thu, 25 Sep 2003 09:46:04]/UNNAMED Infected: Email-Worm.Win32.Dumaru.a skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Deleted Archive.dbx/[From ra-DCEDSBRC@state.pa.us][Date Tue, 19 Aug 2003 14:36:24]/UNNAMED/details.pif Infected: Email-Worm.Win32.Sobig.f skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Deleted Archive.dbx/[From ra-DCEDSBRC@state.pa.us][Date Tue, 19 Aug 2003 14:36:24]/UNNAMED Infected: Email-Worm.Win32.Sobig.f skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Deleted Archive.dbx/[From support@intervideo.com.tw][Date Tue, 19 Aug 2003 15:52:55]/UNNAMED/details.pif Infected: Email-Worm.Win32.Sobig.f skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Deleted Archive.dbx/[From support@intervideo.com.tw][Date Tue, 19 Aug 2003 15:52:55]/UNNAMED Infected: Email-Worm.Win32.Sobig.f skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Deleted Archive.dbx/[From randa@boulder.nist.gov][Date Tue, 19 Aug 2003 16:30:03]/UNNAMED/document_all.pif Infected: Email-Worm.Win32.Sobig.f skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Deleted Archive.dbx/[From randa@boulder.nist.gov][Date Tue, 19 Aug 2003 16:30:03]/UNNAMED Infected: Email-Worm.Win32.Sobig.f skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Deleted Archive.dbx/[From support@netobjects.com][Date Wed, 20 Aug 2003 09:23:43]/UNNAMED/details.pif Infected: Email-Worm.Win32.Sobig.f skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Deleted Archive.dbx/[From support@netobjects.com][Date Wed, 20 Aug 2003 09:23:43]/UNNAMED Infected: Email-Worm.Win32.Sobig.f skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Deleted Archive.dbx Mail MS Outlook 5: infected - 10 skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Deleted Items 2004.dbx/[From marksbenn@hotmail.com][Date Mon, 26 Jul 2004 23:14:09]/UNNAMED/document_with_notice.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Deleted Items 2004.dbx/[From marksbenn@hotmail.com][Date Mon, 26 Jul 2004 23:14:09]/UNNAMED/document_with_notice.zip Infected: Email-Worm.Win32.NetSky.q skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Deleted Items 2004.dbx/[From marksbenn@hotmail.com][Date Mon, 26 Jul 2004 23:14:09]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Deleted Items 2004.dbx/[From mamapapad@aol.com][Date Tue, 27 Jul 2004 01:24:04]/UNNAMED/pgp_sess01.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Deleted Items 2004.dbx/[From mamapapad@aol.com][Date Tue, 27 Jul 2004 01:24:04]/UNNAMED/pgp_sess01.zip Infected: Email-Worm.Win32.NetSky.q skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Deleted Items 2004.dbx/[From mamapapad@aol.com][Date Tue, 27 Jul 2004 01:24:04]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Deleted Items 2004.dbx/[From Danlan ][Date Tue, 27 Jul 2004 09:21:54]/UNNAMED/Alive_condom.scr Infected: Email-Worm.Win32.Bagle.z skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Deleted Items 2004.dbx/[From Danlan ][Date Tue, 27 Jul 2004 09:21:54]/UNNAMED Infected: Email-Worm.Win32.Bagle.z skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Deleted Items 2004.dbx/[From 3ab4d588@news2.mibx.net][Date Tue, 27 Jul 2004 15:40:25]/UNNAMED/mp3music.pif Infected: Email-Worm.Win32.NetSky.d skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Deleted Items 2004.dbx/[From 3ab4d588@news2.mibx.net][Date Tue, 27 Jul 2004 15:40:25]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Deleted Items 2004.dbx/[From Automatic Email Delivery Software ][Date Tue, 27 Jul 2004 11:11:27]/UNNAMED/message.scr Infected: Email-Worm.Win32.Mydoom.m.log skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Deleted Items 2004.dbx/[From Automatic Email Delivery Software ][Date Tue, 27 Jul 2004 11:11:27]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m.log skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Deleted Items 2004.dbx/[From jgallo@grove.iup.edu][Date Tue, 27 Jul 2004 11:18:19]/UNNAMED/document.pif Infected: Email-Worm.Win32.NetSky.d skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Deleted Items 2004.dbx/[From jgallo@grove.iup.edu][Date Tue, 27 Jul 2004 11:18:19]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Deleted Items 2004.dbx/[From awards@mobilevillage.com][Date Tue, 27 Jul 2004 11:18:47]/UNNAMED/readme.scr Infected: Email-Worm.Win32.Mydoom.m.log skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Deleted Items 2004.dbx/[From awards@mobilevillage.com][Date Tue, 27 Jul 2004 11:18:47]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m.log skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Deleted Items 2004.dbx/[From peffer@sgi.net][Date Tue, 27 Jul 2004 13:50:50]/UNNAMED/document_4351.pif Infected: Email-Worm.Win32.NetSky.d skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Deleted Items 2004.dbx/[From peffer@sgi.net][Date Tue, 27 Jul 2004 13:50:50]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Deleted Items 2004.dbx/[From web-2121405@embe2.iup.edu][Date Tue, 27 Jul 2004 14:18:54]/UNNAMED/your_archive.pif Infected: Email-Worm.Win32.NetSky.d skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Deleted Items 2004.dbx/[From web-2121405@embe2.iup.edu][Date Tue, 27 Jul 2004 14:18:54]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Deleted Items 2004.dbx/[From lcoc@neo.rr.com][Date Tue, 27 Jul 2004 15:56:13]/news01.txt Infected: Email-Worm.Win32.NetSky.q skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Deleted Items 2004.dbx/[From Returned mail ][Date Tue, 27 Jul 2004 18:24:56]/UNNAMED/file.scr Infected: Email-Worm.Win32.Mydoom.m skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Deleted Items 2004.dbx/[From Returned mail ][Date Tue, 27 Jul 2004 18:24:56]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Deleted Items 2004.dbx/[From nicole@checkpointmassage.com][Date Tue, 27 Jul 2004 16:10:45]/UNNAMED/readme.exe Infected: Email-Worm.Win32.NetSky.q skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Deleted Items 2004.dbx/[From nicole@checkpointmassage.com][Date Tue, 27 Jul 2004 16:10:45]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Deleted Items 2004.dbx/[From Inchamber ][Date Tue, 27 Jul 2004 22:15:52]/UNNAMED/Readme.scr Infected: Email-Worm.Win32.Bagle.z skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Deleted Items 2004.dbx/[From Inchamber ][Date Tue, 27 Jul 2004 22:15:52]/UNNAMED Infected: Email-Worm.Win32.Bagle.z skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Deleted Items 2004.dbx Mail MS Outlook 5: infected - 27 skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Inbox.dbx Object is locked skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Pop3uidl.dbx Object is locked skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items 2001.dbx/[From "Michel Foekens" ][Date Wed, 6 Jun 2001 05:47:12 -0400]/DC140.EXE Infected: Email-Worm.Win32.Magistr.a skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items 2001.dbx Mail MS Outlook 5: infected - 1 skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items 2003.dbx/[From RUFFRIDER013 ][Date Thu, 30 Oct 2003 23:54:18 -0500 (EST)]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items 2003.dbx/[From RUFFRIDER013 ][Date Thu, 30 Oct 2003 23:54:18 -0500 (EST)]/UNNAMED/done..scr Infected: Email-Worm.Win32.Klez.h skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items 2003.dbx/[From RUFFRIDER013 ][Date Thu, 30 Oct 2003 23:54:18 -0500 (EST)]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items 2003.dbx/[From RUFFRIDER013 ][Date Thu, 30 Oct 2003 23:54:18 -0500 (EST)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items 2003.dbx/[From pyankes ][Date Thu, 30 Oct 2003 23:54:34 -0500 (EST)]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items 2003.dbx/[From pyankes ][Date Thu, 30 Oct 2003 23:54:34 -0500 (EST)]/UNNAMED/ebsi.pif Infected: Email-Worm.Win32.Klez.h skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items 2003.dbx/[From pyankes ][Date Thu, 30 Oct 2003 23:54:34 -0500 (EST)]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items 2003.dbx/[From pyankes ][Date Thu, 30 Oct 2003 23:54:34 -0500 (EST)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items 2003.dbx/[From Mailer Daemon ][Date Fri, 31 Oct 2003 15:27:33 -0400 (EST)]/UNNAMED/undelivered.hta Infected: Trojan-Dropper.VBS.Inor.a skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items 2003.dbx/[From Mailer Daemon ][Date Fri, 31 Oct 2003 15:27:33 -0400 (EST)]/UNNAMED Infected: Trojan-Dropper.VBS.Inor.a skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items 2003.dbx/[From Mail Delivery Subsystem ][Date Fri, 31 Oct 2003 14:40:15 -0500 (EST)]/UNNAMED/[From 20.pial1.xdsl.nauticom.net [209.195.147.149]]/UNNAMED/[From dphenry ][Date Fri, 31 Oct 2003 14:40:04 -0500 (EST)]/kitty.exe Infected: Email-Worm.Win32.Klez.h skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items 2003.dbx/[From Mail Delivery Subsystem ][Date Fri, 31 Oct 2003 14:40:15 -0500 (EST)]/UNNAMED/[From 20.pial1.xdsl.nauticom.net [209.195.147.149]]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items 2003.dbx/[From Mail Delivery Subsystem ][Date Fri, 31 Oct 2003 14:40:15 -0500 (EST)]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items 2003.dbx Mail MS Outlook 5: infected - 9, suspicious - 4 skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx/[From drpet01@yahoo.com][Date Mon, 8 Mar 2004 08:59:59 -0500]/UNNAMED/document_word.pif Infected: Email-Worm.Win32.NetSky.d skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx/[From drpet01@yahoo.com][Date Mon, 8 Mar 2004 08:59:59 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx/[From loftus@netcom.com][Date Mon, 8 Mar 2004 09:42:24 -0500]/UNNAMED/your_letter.pif Infected: Email-Worm.Win32.NetSky.d skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx/[From loftus@netcom.com][Date Mon, 8 Mar 2004 09:42:24 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx/[From Postmaster@RIDDLEHOSPITAL.org][Date Mon, 8 Mar 2004 09:42:47 -0500]/UNNAMED/UNNAMED/[From dphenry@wpia.net][Date Mon, 8 Mar 2004 09:42:47 -0500]/your_letter.pif Infected: Email-Worm.Win32.NetSky.d skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx/[From Postmaster@RIDDLEHOSPITAL.org][Date Mon, 8 Mar 2004 09:42:47 -0500]/UNNAMED/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx/[From Postmaster@RIDDLEHOSPITAL.org][Date Mon, 8 Mar 2004 09:42:47 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx/[From specialed@lists.cas.psu.edu][Date Mon, 8 Mar 2004 10:02:32 -0500]/UNNAMED/product.exe Infected: Email-Worm.Win32.NetSky.b skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx/[From specialed@lists.cas.psu.edu][Date Mon, 8 Mar 2004 10:02:32 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.b skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx/[From webmaster@indianagazette.net][Date Mon, 8 Mar 2004 10:18:38 -0500]/UNNAMED/your_product.pif Infected: Email-Worm.Win32.NetSky.d skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx/[From webmaster@indianagazette.net][Date Mon, 8 Mar 2004 10:18:38 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx/[From shadic1@microserve.net][Date Mon, 8 Mar 2004 10:44:46 -0500]/UNNAMED/my_details.pif Infected: Email-Worm.Win32.NetSky.d skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx/[From shadic1@microserve.net][Date Mon, 8 Mar 2004 10:44:46 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx/[From intrepid16@hotmail.com][Date Mon, 8 Mar 2004 10:58:02 -0500]/topseller.zip/topseller.scr Infected: Email-Worm.Win32.NetSky.c skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx/[From intrepid16@hotmail.com][Date Mon, 8 Mar 2004 10:58:02 -0500]/topseller.zip Infected: Email-Worm.Win32.NetSky.c skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx/[From activisionsav@loisir.net][Date Mon, 8 Mar 2004 10:52:40 -0500]/UNNAMED/posting.zip/posting.pif Infected: Email-Worm.Win32.NetSky.c skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx/[From activisionsav@loisir.net][Date Mon, 8 Mar 2004 10:52:40 -0500]/UNNAMED/posting.zip Infected: Email-Worm.Win32.NetSky.c skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx/[From activisionsav@loisir.net][Date Mon, 8 Mar 2004 10:52:40 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.c skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx/[From ahendrickson@onestopquality.com][Date Mon, 8 Mar 2004 12:24:38 -0500]/UNNAMED/your_bill.pif Infected: Email-Worm.Win32.NetSky.d skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx/[From ahendrickson@onestopquality.com][Date Mon, 8 Mar 2004 12:24:38 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx/[From JHassinger ][Date Mon, 8 Mar 2004 15:48:29 -0500 (EST)]/UNNAMED/href.exe Infected: Email-Worm.Win32.Klez.h skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx/[From JHassinger ][Date Mon, 8 Mar 2004 15:48:29 -0500 (EST)]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx/[From ecep2@umn.edu][Date Mon, 8 Mar 2004 15:57:40 -0500]/UNNAMED/your_text.pif Infected: Email-Worm.Win32.NetSky.j skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx/[From ecep2@umn.edu][Date Mon, 8 Mar 2004 15:57:40 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.j skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx/[From "Microsoft" ][Date Mon, 8 Mar 2004 17:58:49 -0500 (EST)]/patch.exe Infected: Email-Worm.Win32.Dumaru.a skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx/[From linguaphile@wordsmith.org][Date Tue, 9 Mar 2004 09:50:28 +0530]/UNNAMED/my_details.pif Infected: Email-Worm.Win32.NetSky.d skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx/[From linguaphile@wordsmith.org][Date Tue, 9 Mar 2004 09:50:28 +0530]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx/[From Mail Delivery Subsystem ][Date Tue, 9 Mar 2004 06:00:02 -0800]/UNNAMED/[From 68-232-216-218.pittpa.adelphia.net [68.232.216.218]]/UNNAMED/[From dphenry@wpia.net][Date Mon, 8 Mar 2004 23:08:05 -0500]/your_document.pif Infected: Email-Worm.Win32.NetSky.d skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx/[From Mail Delivery Subsystem ][Date Tue, 9 Mar 2004 06:00:02 -0800]/UNNAMED/[From 68-232-216-218.pittpa.adelphia.net [68.232.216.218]]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx/[From Mail Delivery Subsystem ][Date Tue, 9 Mar 2004 06:00:02 -0800]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx/[From dcoder@county.greenepa.net][Date Tue, 9 Mar 2004 09:14:54 -0500]/UNNAMED/nomoney.zip/nomoney.htm.com Infected: Email-Worm.Win32.NetSky.c skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx/[From dcoder@county.greenepa.net][Date Tue, 9 Mar 2004 09:14:54 -0500]/UNNAMED/nomoney.zip Infected: Email-Worm.Win32.NetSky.c skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx/[From dcoder@county.greenepa.net][Date Tue, 9 Mar 2004 09:14:54 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.c skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx/[From dphenry@wpia.net][Date Tue, 9 Mar 2004 16:34:36 +0100]/UNNAMED/your_text.pif Infected: Email-Worm.Win32.NetSky.d skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx/[From dphenry@wpia.net][Date Tue, 9 Mar 2004 16:34:36 +0100]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx/[From jwbc117b@aol.com][Date Tue, 9 Mar 2004 10:42:24 -0500]/document_4351.pif Infected: Email-Worm.Win32.NetSky.d skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx/[From skundla@inventionshow.com][Date Tue, 9 Mar 2004 12:20:34 -0500]/UNNAMED/document_4351.pif Infected: Email-Worm.Win32.NetSky.d skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx/[From skundla@inventionshow.com][Date Tue, 9 Mar 2004 12:20:34 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx/[From mhmr@armsindmhmr.swsix.com][Date Tue, 9 Mar 2004 14:04:40 -0500]/UNNAMED/your_letter.pif Infected: Email-Worm.Win32.NetSky.d skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx/[From mhmr@armsindmhmr.swsix.com][Date Tue, 9 Mar 2004 14:04:40 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx/[From arshall@dover.af.mil][Date Tue, 9 Mar 2004 14:40:51 -0500]/UNNAMED/your_text.pif Infected: Email-Worm.Win32.NetSky.d skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx/[From arshall@dover.af.mil][Date Tue, 9 Mar 2004 14:40:51 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx Mail MS Outlook 5: infected - 42 skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Microsoft\Messenger\pa_bill@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Microsoft\Messenger\pa_bill@hotmail.com\SharingMetadata\pending.dat Object is locked skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Microsoft\Messenger\pa_bill@hotmail.com\SharingMetadata\Working\database_2240_718D_4071_6905\dfsr.db Object is locked skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Microsoft\Messenger\pa_bill@hotmail.com\SharingMetadata\Working\database_2240_718D_4071_6905\fsr.log Object is locked skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Microsoft\Messenger\pa_bill@hotmail.com\SharingMetadata\Working\database_2240_718D_4071_6905\fsrtmp.log Object is locked skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Microsoft\Messenger\pa_bill@hotmail.com\SharingMetadata\Working\database_2240_718D_4071_6905\tmp.edb Object is locked skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Microsoft\Windows Live Contacts\pa_bill@hotmail.com\real\members.stg Object is locked skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Microsoft\Windows Live Contacts\pa_bill@hotmail.com\shadow\members.stg Object is locked skipped C:\Documents and Settings\Dana P. Henry\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Dana P. Henry\Local Settings\History\History.IE5\MSHist012008041920080420\index.dat Object is locked skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Temp\Perflib_Perfdata_17c4.dat Object is locked skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Temp\Perflib_Perfdata_6f0.dat Object is locked skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Temp\~DF1C24.tmp Object is locked skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Temp\~DF407A.tmp Object is locked skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Temp\~DF564C.tmp Object is locked skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Temp\~DF7C5F.tmp Object is locked skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Temp\~DF8F11.tmp Object is locked skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Temp\~DF9CD6.tmp Object is locked skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Temp\~DFAE27.tmp Object is locked skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Temp\~DFB527.tmp Object is locked skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Temp\~DFB6F4.tmp Object is locked skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Temp\~DFBD56.tmp Object is locked skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Temp\~DFC1E5.tmp Object is locked skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Temp\~DFE7CB.tmp Object is locked skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Temp\~WRD0004.doc Object is locked skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Temp\~WRF0000.tmp Object is locked skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Temp\~WRS0002.tmp Object is locked skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Dana P. Henry\Local Settings\Temporary Internet Files\Content.IE5\XS0J950D\k[2] Object is locked skipped C:\Documents and Settings\Dana P. Henry\My Documents\April 08 chamber press release.doc Object is locked skipped C:\Documents and Settings\Dana P. Henry\My Documents\March 08 chamber press release.doc Object is locked skipped C:\Documents and Settings\Dana P. Henry\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Dana P. Henry\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{FDF5BC16-BEC4-472F-8F06-7341BFD767A7}\RP982\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{628DBD66-E63A-42CA-A304-91714211D944}.crmlog Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{14DF8356-07DF-41C9-9513-316838424DDE}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\LogFiles\HTTPERR\httperr2.log Object is locked skipped C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\fb_320.lck Object is locked skipped C:\WINDOWS\Temp\mcmsc_1EX5f7f7Ixuyqba Object is locked skipped C:\WINDOWS\Temp\mcmsc_MB18qcEz3iyXjpH Object is locked skipped C:\WINDOWS\Temp\mcmsc_rT0iCqz7Ff1AM90 Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped L:\Mail Backup\Deleted Items 2001.dbx/[From "Michel Foekens" ][Date Wed, 6 Jun 2001 05:47:12 -0400]/DC140.EXE Infected: Email-Worm.Win32.Magistr.a skipped L:\Mail Backup\Deleted Items 2001.dbx Mail MS Outlook 5: infected - 1 skipped L:\Mail Backup\Deleted Items 2003.dbx/[From "RUFFRIDER013" ][Date Thu, 30 Oct 2003 23:54:18 -0500 (EST)]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped L:\Mail Backup\Deleted Items 2003.dbx/[From "RUFFRIDER013" ][Date Thu, 30 Oct 2003 23:54:18 -0500 (EST)]/UNNAMED/Done..scr Infected: Email-Worm.Win32.Klez.h skipped L:\Mail Backup\Deleted Items 2003.dbx/[From "RUFFRIDER013" ][Date Thu, 30 Oct 2003 23:54:18 -0500 (EST)]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped L:\Mail Backup\Deleted Items 2003.dbx/[From "RUFFRIDER013" ][Date Thu, 30 Oct 2003 23:54:18 -0500 (EST)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped L:\Mail Backup\Deleted Items 2003.dbx/[From "pyankes" ][Date Thu, 30 Oct 2003 23:54:34 -0500 (EST)]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped L:\Mail Backup\Deleted Items 2003.dbx/[From "pyankes" ][Date Thu, 30 Oct 2003 23:54:34 -0500 (EST)]/UNNAMED/Ebsi.pif Infected: Email-Worm.Win32.Klez.h skipped L:\Mail Backup\Deleted Items 2003.dbx/[From "pyankes" ][Date Thu, 30 Oct 2003 23:54:34 -0500 (EST)]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped L:\Mail Backup\Deleted Items 2003.dbx/[From "pyankes" ][Date Thu, 30 Oct 2003 23:54:34 -0500 (EST)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped L:\Mail Backup\Deleted Items 2003.dbx/[From "Mailer Daemon" ][Date Fri, 31 Oct 2003 15:27:33 -0400 (EST)]/UNNAMED/undelivered.hta Infected: Trojan-Dropper.VBS.Inor.a skipped L:\Mail Backup\Deleted Items 2003.dbx/[From "Mailer Daemon" ][Date Fri, 31 Oct 2003 15:27:33 -0400 (EST)]/UNNAMED Infected: Trojan-Dropper.VBS.Inor.a skipped L:\Mail Backup\Deleted Items 2003.dbx/[From "Mail Delivery Subsystem" ][Date Fri, 31 Oct 2003 14:40:15 -0500 (EST)]/UNNAMED/UNNAMED/[From dphenry ][Date Fri, 31 Oct 2003 14:40:04 -0500 (EST)]/kitty.exe Infected: Email-Worm.Win32.Klez.h skipped L:\Mail Backup\Deleted Items 2003.dbx/[From "Mail Delivery Subsystem" ][Date Fri, 31 Oct 2003 14:40:15 -0500 (EST)]/UNNAMED/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped L:\Mail Backup\Deleted Items 2003.dbx/[From "Mail Delivery Subsystem" ][Date Fri, 31 Oct 2003 14:40:15 -0500 (EST)]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped L:\Mail Backup\Deleted Items 2003.dbx Mail MS Outlook 5: infected - 9, suspicious - 4 skipped L:\Mail Backup\Deleted Items August 2004.dbx/[From <3dasirmons@pamlico.net>][Date Tue, 31 Aug 2004 18:42:56 -0400]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped L:\Mail Backup\Deleted Items August 2004.dbx/[From <3dasirmons@pamlico.net>][Date Tue, 31 Aug 2004 18:42:56 -0400]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped L:\Mail Backup\Deleted Items August 2004.dbx/[From <3dasirmons@pamlico.net>][Date Tue, 31 Aug 2004 18:42:56 -0400]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items August 2004.dbx/[From <3dasirmons@pamlico.net>][Date Tue, 31 Aug 2004 18:42:56 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items August 2004.dbx/[From "Ckamin" ][Date Tue, 31 Aug 2004 19:16:59 -0500]/UNNAMED/foto.zip/foto.htm Infected: Exploit.HTML.CodeBaseExec skipped L:\Mail Backup\Deleted Items August 2004.dbx/[From "Ckamin" ][Date Tue, 31 Aug 2004 19:16:59 -0500]/UNNAMED/foto.zip/1/calc.exe Infected: Trojan.Win32.Glieder.gen skipped L:\Mail Backup\Deleted Items August 2004.dbx/[From "Ckamin" ][Date Tue, 31 Aug 2004 19:16:59 -0500]/UNNAMED/foto.zip Infected: Trojan.Win32.Glieder.gen skipped L:\Mail Backup\Deleted Items August 2004.dbx/[From "Ckamin" ][Date Tue, 31 Aug 2004 19:16:59 -0500]/UNNAMED Infected: Trojan.Win32.Glieder.gen skipped L:\Mail Backup\Deleted Items August 2004.dbx/[From ][Date Tue, 31 Aug 2004 19:19:34 -0400]/UNNAMED/readme.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items August 2004.dbx/[From ][Date Tue, 31 Aug 2004 19:19:34 -0400]/UNNAMED/readme.zip Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items August 2004.dbx/[From ][Date Tue, 31 Aug 2004 19:19:34 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items August 2004.dbx Mail MS Outlook 5: infected - 9, suspicious - 2 skipped L:\Mail Backup\Deleted Items December 2004.dbx/[From "Suntrust Online support" ][Date Tue, 07 Dec 2004 11:59:12 +0000]/html Infected: Trojan-Spy.HTML.Sunfraud.bf skipped L:\Mail Backup\Deleted Items December 2004.dbx Mail MS Outlook 5: infected - 1 skipped L:\Mail Backup\Deleted Items January 2005.dbx/[From ][Date Wed, 26 Jan 2005 09:16:08 -0600]/UNNAMED/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped L:\Mail Backup\Deleted Items January 2005.dbx/[From ][Date Wed, 26 Jan 2005 09:16:08 -0600]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped L:\Mail Backup\Deleted Items January 2005.dbx Mail MS Outlook 5: suspicious - 2 skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Wed, 28 Jul 2004 13:33:37 -0700]/UNNAMED/abuse_list.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Wed, 28 Jul 2004 13:33:37 -0700]/UNNAMED/abuse_list.zip Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Wed, 28 Jul 2004 13:33:37 -0700]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From "Webmaster" ][Date Wed, 28 Jul 2004 17:38:02 -0600]/UNNAMED/Manufacture.hta Infected: Email-Worm.Win32.Bagle.z skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From "Webmaster" ][Date Wed, 28 Jul 2004 17:38:02 -0600]/UNNAMED Infected: Email-Worm.Win32.Bagle.z skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From <3dneumjs@aol.com>][Date Wed, 28 Jul 2004 16:26:44 -0700]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From <3dneumjs@aol.com>][Date Wed, 28 Jul 2004 16:26:44 -0700]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From <3dneumjs@aol.com>][Date Wed, 28 Jul 2004 16:26:44 -0700]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From <3dneumjs@aol.com>][Date Wed, 28 Jul 2004 16:26:44 -0700]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From "Doug" ][Date Wed, 28 Jul 2004 19:25:09 -0500]/UNNAMED/Music_MP3.scr Infected: Email-Worm.Win32.Bagle.ai skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From "Doug" ][Date Wed, 28 Jul 2004 19:25:09 -0500]/UNNAMED Infected: Email-Worm.Win32.Bagle.ai skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From "Inchamber" ][Date Thu, 29 Jul 2004 09:44:25 -0500]/UNNAMED/Information.scr Infected: Email-Worm.Win32.Bagle.z skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From "Inchamber" ][Date Thu, 29 Jul 2004 09:44:25 -0500]/UNNAMED Infected: Email-Worm.Win32.Bagle.z skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Thu, 29 Jul 2004 09:52:50 -0400]/UNNAMED/your_website.pif Infected: Email-Worm.Win32.NetSky.d skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Thu, 29 Jul 2004 09:52:50 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Thu, 29 Jul 2004 12:47:52 -0400]/UNNAMED/UNNAMED/[From dphenry@wpia.net][Date Thu, 29 Jul 2004 12:54:30 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Thu, 29 Jul 2004 12:47:52 -0400]/UNNAMED/UNNAMED/[From dphenry@wpia.net][Date Thu, 29 Jul 2004 12:54:30 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Thu, 29 Jul 2004 12:47:52 -0400]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Thu, 29 Jul 2004 12:47:52 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Thu, 29 Jul 2004 13:14:21 -0400]/UNNAMED/software.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Thu, 29 Jul 2004 13:14:21 -0400]/UNNAMED/software.zip Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Thu, 29 Jul 2004 13:14:21 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From <12e.15b59c73.2a887b32@aol.com>][Date Thu, 29 Jul 2004 13:20:41 -0400]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From <12e.15b59c73.2a887b32@aol.com>][Date Thu, 29 Jul 2004 13:20:41 -0400]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From <12e.15b59c73.2a887b32@aol.com>][Date Thu, 29 Jul 2004 13:20:41 -0400]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From <12e.15b59c73.2a887b32@aol.com>][Date Thu, 29 Jul 2004 13:20:41 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From "System Administrator" ][Date Thu, 29 Jul 2004 11:44:36 -0700]/UNNAMED/UNNAMED/[From dphenry@wpia.net][Date Thu, 29 Jul 2004 11:55:25 -0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From "System Administrator" ][Date Thu, 29 Jul 2004 11:44:36 -0700]/UNNAMED/UNNAMED/[From dphenry@wpia.net][Date Thu, 29 Jul 2004 11:55:25 -0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From "System Administrator" ][Date Thu, 29 Jul 2004 11:44:36 -0700]/UNNAMED/UNNAMED/[From dphenry@wpia.net][Date Thu, 29 Jul 2004 11:55:25 -0700]/message.scr Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From "System Administrator" ][Date Thu, 29 Jul 2004 11:44:36 -0700]/UNNAMED/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From "System Administrator" ][Date Thu, 29 Jul 2004 11:44:36 -0700]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Thu, 29 Jul 2004 14:59:46 -0700]/UNNAMED/websitelist01_dphenry.txt.pif Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Thu, 29 Jul 2004 14:59:46 -0700]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Thu, 29 Jul 2004 15:01:15 -0700]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Thu, 29 Jul 2004 15:01:15 -0700]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Thu, 29 Jul 2004 15:01:15 -0700]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Thu, 29 Jul 2004 15:01:15 -0700]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Mon, 26 Jul 2004 09:39:39 -0400]/UNNAMED/your_website.pif Infected: Email-Worm.Win32.NetSky.d skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Mon, 26 Jul 2004 09:39:39 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From "Mzieger" ][Date Mon, 26 Jul 2004 09:54:59 -0600]/UNNAMED/Details.scr Infected: Email-Worm.Win32.Bagle.af skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From "Mzieger" ][Date Mon, 26 Jul 2004 09:54:59 -0600]/UNNAMED Infected: Email-Worm.Win32.Bagle.af skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Mon, 26 Jul 2004 12:44:51 -0400]/UNNAMED/your_picture.pif Infected: Email-Worm.Win32.NetSky.d skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Mon, 26 Jul 2004 12:44:51 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Mon, 26 Jul 2004 23:14:09 -0400]/UNNAMED/document_with_notice.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Mon, 26 Jul 2004 23:14:09 -0400]/UNNAMED/document_with_notice.zip Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Mon, 26 Jul 2004 23:14:09 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From "Inchamber" ][Date Fri, 30 Jul 2004 00:40:39 -0500]/UNNAMED/Details.exe Infected: Email-Worm.Win32.Bagle.z skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From "Inchamber" ][Date Fri, 30 Jul 2004 00:40:39 -0500]/UNNAMED Infected: Email-Worm.Win32.Bagle.z skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From "Mail Administrator" ][Date Fri, 30 Jul 2004 08:07:43 -0400]/letter.zip/letter.zip/letter.scr Infected: Email-Worm.Win32.Mydoom.m skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From "Mail Administrator" ][Date Fri, 30 Jul 2004 08:07:43 -0400]/letter.zip/letter.zip Infected: Email-Worm.Win32.Mydoom.m skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From "Mail Administrator" ][Date Fri, 30 Jul 2004 08:07:43 -0400]/letter.zip Infected: Email-Worm.Win32.Mydoom.m skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Fri, 30 Jul 2004 08:31:21 -0400]/UNNAMED/message_part2.pif Infected: Email-Worm.Win32.NetSky.d skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Fri, 30 Jul 2004 08:31:21 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Fri, 30 Jul 2004 09:05:58 -0400]/UNNAMED/my_details.pif Infected: Email-Worm.Win32.NetSky.d skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Fri, 30 Jul 2004 09:05:58 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Fri, 30 Jul 2004 03:14:54 -0400]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Fri, 30 Jul 2004 03:14:54 -0400]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Fri, 30 Jul 2004 03:14:54 -0400]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Fri, 30 Jul 2004 03:14:54 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From "Sales" ][Date Fri, 30 Jul 2004 08:55:05 -0500]/UNNAMED/Cat.exe Infected: Email-Worm.Win32.Bagle.ai skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From "Sales" ][Date Fri, 30 Jul 2004 08:55:05 -0500]/UNNAMED Infected: Email-Worm.Win32.Bagle.ai skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Fri, 30 Jul 2004 12:15:21 -0400]/UNNAMED/your_text.pif Infected: Email-Worm.Win32.NetSky.d skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Fri, 30 Jul 2004 12:15:21 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Fri, 30 Jul 2004 07:09:42 -0400]/UNNAMED/document_dphenry.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Fri, 30 Jul 2004 07:09:42 -0400]/UNNAMED/document_dphenry.zip Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Fri, 30 Jul 2004 07:09:42 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Fri, 30 Jul 2004 13:03:55 -0700]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Fri, 30 Jul 2004 13:03:55 -0700]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Fri, 30 Jul 2004 13:03:55 -0700]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Fri, 30 Jul 2004 13:03:55 -0700]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From "System Administrator" ][Date Fri, 30 Jul 2004 15:54:41 -0400]/UNNAMED/UNNAMED/[From Dphenry ][Date Fri, 30 Jul 2004 17:04:21 -0400]/Info.cpl Infected: Email-Worm.Win32.Bagle.af skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From "System Administrator" ][Date Fri, 30 Jul 2004 15:54:41 -0400]/UNNAMED/UNNAMED Infected: Email-Worm.Win32.Bagle.af skipped L:\Mail Backup\Deleted Items July 2004.dbx/[From "System Administrator" ][Date Fri, 30 Jul 2004 15:54:41 -0400]/UNNAMED Infected: Email-Worm.Win32.Bagle.af skipped L:\Mail Backup\Deleted Items July 2004.dbx Mail MS Outlook 5: infected - 57, suspicious - 16 skipped L:\Mail Backup\Deleted Items March 2004.dbx/[From ][Date Sat, 13 Mar 2004 10:05:21 -0500]/UNNAMED/ps_friend.doc.exe Infected: Email-Worm.Win32.NetSky.c skipped L:\Mail Backup\Deleted Items March 2004.dbx/[From ][Date Sat, 13 Mar 2004 10:05:21 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.c skipped L:\Mail Backup\Deleted Items March 2004.dbx/[From ][Date Sat, 13 Mar 2004 10:12:39 -0500]/UNNAMED/textfile_yours.htm.scr Infected: Email-Worm.Win32.NetSky.c skipped L:\Mail Backup\Deleted Items March 2004.dbx/[From ][Date Sat, 13 Mar 2004 10:12:39 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.c skipped L:\Mail Backup\Deleted Items March 2004.dbx/[From ][Date Sat, 13 Mar 2004 13:54:41 -0500]/UNNAMED/your_letter.pif Infected: Email-Worm.Win32.NetSky.d skipped L:\Mail Backup\Deleted Items March 2004.dbx/[From ][Date Sat, 13 Mar 2004 13:54:41 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped L:\Mail Backup\Deleted Items March 2004.dbx/[From ][Date Sat, 13 Mar 2004 14:05:11 -0500]/UNNAMED/yours.pif Infected: Email-Worm.Win32.NetSky.d skipped L:\Mail Backup\Deleted Items March 2004.dbx/[From ][Date Sat, 13 Mar 2004 14:05:11 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped L:\Mail Backup\Deleted Items March 2004.dbx/[From ][Date Sat, 13 Mar 2004 18:22:33 -0500]/UNNAMED/message_details.pif Infected: Email-Worm.Win32.NetSky.d skipped L:\Mail Backup\Deleted Items March 2004.dbx/[From ][Date Sat, 13 Mar 2004 18:22:33 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped L:\Mail Backup\Deleted Items March 2004.dbx/[From ][Date Sat, 13 Mar 2004 20:47:47 -0500]/UNNAMED/website_secrets.htm.exe Infected: Email-Worm.Win32.NetSky.c skipped L:\Mail Backup\Deleted Items March 2004.dbx/[From ][Date Sat, 13 Mar 2004 20:47:47 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.c skipped L:\Mail Backup\Deleted Items March 2004.dbx/[From ][Date Sat, 13 Mar 2004 23:36:14 -0500]/UNNAMED/document_full.pif Infected: Email-Worm.Win32.NetSky.d skipped L:\Mail Backup\Deleted Items March 2004.dbx/[From ][Date Sat, 13 Mar 2004 23:36:14 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped L:\Mail Backup\Deleted Items March 2004.dbx/[From ][Date Sun, 14 Mar 2004 00:11:17 -0500]/UNNAMED/your_archive.pif Infected: Email-Worm.Win32.NetSky.d skipped L:\Mail Backup\Deleted Items March 2004.dbx/[From ][Date Sun, 14 Mar 2004 00:11:17 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped L:\Mail Backup\Deleted Items March 2004.dbx/[From ][Date Wed, 10 Mar 2004 09:02:48 -0500]/yours.pif Infected: Email-Worm.Win32.NetSky.d skipped L:\Mail Backup\Deleted Items March 2004.dbx/[From ][Date Thu, 11 Mar 2004 08:58:34 -0500]/UNNAMED/your_bill.pif Infected: Email-Worm.Win32.NetSky.d skipped L:\Mail Backup\Deleted Items March 2004.dbx/[From ][Date Thu, 11 Mar 2004 08:58:34 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped L:\Mail Backup\Deleted Items March 2004.dbx/[From ][Date Thu, 11 Mar 2004 15:39:42 -0500]/UNNAMED/final.zip/final.exe Infected: Email-Worm.Win32.NetSky.c skipped L:\Mail Backup\Deleted Items March 2004.dbx/[From ][Date Thu, 11 Mar 2004 15:39:42 -0500]/UNNAMED/final.zip Infected: Email-Worm.Win32.NetSky.c skipped L:\Mail Backup\Deleted Items March 2004.dbx/[From ][Date Thu, 11 Mar 2004 15:39:42 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.c skipped L:\Mail Backup\Deleted Items March 2004.dbx Mail MS Outlook 5: infected - 22 skipped L:\Mail Backup\Deleted Items November 2004 (1).dbx/[From ][Date Tue, 30 Nov 2004 08:37:05 +0000]/html Infected: Trojan-Spy.HTML.Pcard.c skipped L:\Mail Backup\Deleted Items November 2004 (1).dbx/[From =?Windows-1252?Q?eBay=AE_Account_Manager?= ][Date Tue, 30 Nov 2004 06:15:37 -0600]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped L:\Mail Backup\Deleted Items November 2004 (1).dbx Mail MS Outlook 5: infected - 1, suspicious - 1 skipped L:\Mail Backup\Deleted Items October 2004.dbx/[From ][Date Fri, 29 Oct 2004 07:02:31 -0400]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped L:\Mail Backup\Deleted Items October 2004.dbx/[From ][Date Fri, 29 Oct 2004 07:02:31 -0400]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped L:\Mail Backup\Deleted Items October 2004.dbx/[From ][Date Fri, 29 Oct 2004 07:02:31 -0400]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items October 2004.dbx/[From ][Date Fri, 29 Oct 2004 07:02:31 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items October 2004.dbx/[From ][Date Sat, 30 Oct 2004 08:29:51 -0400]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped L:\Mail Backup\Deleted Items October 2004.dbx/[From ][Date Sat, 30 Oct 2004 08:29:51 -0400]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped L:\Mail Backup\Deleted Items October 2004.dbx/[From ][Date Sat, 30 Oct 2004 08:29:51 -0400]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items October 2004.dbx/[From ][Date Sat, 30 Oct 2004 08:29:51 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items October 2004.dbx/[From ][Date Sat, 30 Oct 2004 08:33:32 -0400]/UNNAMED/abuses_dphenry.scr Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items October 2004.dbx/[From ][Date Sat, 30 Oct 2004 08:33:32 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items October 2004.dbx/[From ][Date Sun, 31 Oct 2004 08:26:32 -0500]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped L:\Mail Backup\Deleted Items October 2004.dbx/[From ][Date Sun, 31 Oct 2004 08:26:32 -0500]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped L:\Mail Backup\Deleted Items October 2004.dbx/[From ][Date Sun, 31 Oct 2004 08:26:32 -0500]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items October 2004.dbx/[From ][Date Sun, 31 Oct 2004 08:26:32 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items October 2004.dbx/[From <000073b3@hotmail.com>][Date Sun, 31 Oct 2004 08:27:38 -0500]/UNNAMED/id09509.exe Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items October 2004.dbx/[From <000073b3@hotmail.com>][Date Sun, 31 Oct 2004 08:27:38 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items October 2004.dbx/[From ][Date Sun, 31 Oct 2004 14:58:15 -0100]/UNNAMED/photo.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items October 2004.dbx/[From ][Date Sun, 31 Oct 2004 14:58:15 -0100]/UNNAMED/photo.zip Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items October 2004.dbx/[From ][Date Sun, 31 Oct 2004 14:58:15 -0100]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items October 2004.dbx Mail MS Outlook 5: infected - 13, suspicious - 6 skipped L:\Mail Backup\Deleted Items September 2004.dbx/[From "Dmh" ][Date Wed, 29 Sep 2004 21:12:20 -0500]/UNNAMED/Joke.cpl Infected: Email-Worm.Win32.Bagle.as skipped L:\Mail Backup\Deleted Items September 2004.dbx/[From "Dmh" ][Date Wed, 29 Sep 2004 21:12:20 -0500]/UNNAMED Infected: Email-Worm.Win32.Bagle.as skipped L:\Mail Backup\Deleted Items September 2004.dbx/[From "Roumfort" ][Date Thu, 30 Sep 2004 09:46:55 +0100]/UNNAMED/Counter_strike.exe Infected: Email-Worm.Win32.Bagle.z skipped L:\Mail Backup\Deleted Items September 2004.dbx/[From "Roumfort" ][Date Thu, 30 Sep 2004 09:46:55 +0100]/UNNAMED Infected: Email-Worm.Win32.Bagle.z skipped L:\Mail Backup\Deleted Items September 2004.dbx/[From <7@tricera.bronto.com>][Date Thu, 30 Sep 2004 03:42:41 -0400]/UNNAMED/msg.txt Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items September 2004.dbx/[From <7@tricera.bronto.com>][Date Thu, 30 Sep 2004 03:42:41 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items September 2004.dbx/[From "Roumfort" ][Date Thu, 30 Sep 2004 10:38:47 +0100]/UNNAMED/Information.vbs Infected: Email-Worm.Win32.Bagle.z skipped L:\Mail Backup\Deleted Items September 2004.dbx/[From "Roumfort" ][Date Thu, 30 Sep 2004 10:38:47 +0100]/UNNAMED Infected: Email-Worm.Win32.Bagle.z skipped L:\Mail Backup\Deleted Items September 2004.dbx/[From "Verbanac" ][Date Thu, 30 Sep 2004 08:58:17 -0500]/UNNAMED/price.exe Infected: Email-Worm.Win32.Bagle.as skipped L:\Mail Backup\Deleted Items September 2004.dbx/[From "Verbanac" ][Date Thu, 30 Sep 2004 08:58:17 -0500]/UNNAMED Infected: Email-Worm.Win32.Bagle.as skipped L:\Mail Backup\Deleted Items September 2004.dbx/[From ][Date Thu, 30 Sep 2004 09:11:27 -0400]/UNNAMED/your_archive.pif Infected: Email-Worm.Win32.NetSky.d skipped L:\Mail Backup\Deleted Items September 2004.dbx/[From ][Date Thu, 30 Sep 2004 09:11:27 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped L:\Mail Backup\Deleted Items September 2004.dbx/[From ][Date Thu, 30 Sep 2004 13:00:52 -0400]/your_picture.pif Infected: Email-Worm.Win32.NetSky.d skipped L:\Mail Backup\Deleted Items September 2004.dbx/[From <940@ovm1.net>][Date Thu, 30 Sep 2004 13:18:02 -0400]/UNNAMED/my_details.pif Infected: Email-Worm.Win32.NetSky.d skipped L:\Mail Backup\Deleted Items September 2004.dbx/[From <940@ovm1.net>][Date Thu, 30 Sep 2004 13:18:02 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped L:\Mail Backup\Deleted Items September 2004.dbx/[From "DOCCONWAY" ][Date Thu, 30 Sep 2004 10:25:15 -0500]/UNNAMED/You_are_dismissed.hta Infected: Email-Worm.Win32.Bagle.z skipped L:\Mail Backup\Deleted Items September 2004.dbx/[From "DOCCONWAY" ][Date Thu, 30 Sep 2004 10:25:15 -0500]/UNNAMED Infected: Email-Worm.Win32.Bagle.z skipped L:\Mail Backup\Deleted Items September 2004.dbx/[From <335@aol.com>][Date Thu, 30 Sep 2004 05:48:08 -0400]/UNNAMED/message.pif Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items September 2004.dbx/[From <335@aol.com>][Date Thu, 30 Sep 2004 05:48:08 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items September 2004.dbx/[From ][Date Thu, 30 Sep 2004 05:51:20 -0400]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped L:\Mail Backup\Deleted Items September 2004.dbx/[From ][Date Thu, 30 Sep 2004 05:51:20 -0400]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped L:\Mail Backup\Deleted Items September 2004.dbx/[From ][Date Thu, 30 Sep 2004 05:51:20 -0400]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items September 2004.dbx/[From ][Date Thu, 30 Sep 2004 05:51:20 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items September 2004.dbx/[From ][Date Thu, 30 Sep 2004 05:51:20 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped L:\Mail Backup\Deleted Items September 2004.dbx/[From "Arties" ][Date Thu, 30 Sep 2004 12:24:17 -0500]/UNNAMED/Joke.com Infected: Email-Worm.Win32.Bagle.as skipped L:\Mail Backup\Deleted Items September 2004.dbx/[From "Arties" ][Date Thu, 30 Sep 2004 12:24:17 -0500]/UNNAMED Infected: Email-Worm.Win32.Bagle.as skipped L:\Mail Backup\Deleted Items September 2004.dbx/[From "DOCCONWAY" ][Date Thu, 30 Sep 2004 13:13:16 -0500]/UNNAMED/foto1.zip Infected: Email-Worm.Win32.Bagle.gen skipped L:\Mail Backup\Deleted Items September 2004.dbx/[From "DOCCONWAY" ][Date Thu, 30 Sep 2004 13:13:16 -0500]/UNNAMED Infected: Email-Worm.Win32.Bagle.gen skipped L:\Mail Backup\Deleted Items September 2004.dbx/[From "DOCCONWAY" ][Date Thu, 30 Sep 2004 13:32:47 -0500]/UNNAMED/Your_complaint.vbs Infected: Email-Worm.Win32.Bagle.z skipped L:\Mail Backup\Deleted Items September 2004.dbx/[From "DOCCONWAY" ][Date Thu, 30 Sep 2004 13:32:47 -0500]/UNNAMED Infected: Email-Worm.Win32.Bagle.z skipped L:\Mail Backup\Deleted Items September 2004.dbx/[From "DOCCONWAY" ][Date Thu, 30 Sep 2004 14:11:21 -0500]/UNNAMED/Garry.cpl Infected: Email-Worm.Win32.Bagle.ah skipped L:\Mail Backup\Deleted Items September 2004.dbx/[From "DOCCONWAY" ][Date Thu, 30 Sep 2004 14:11:21 -0500]/UNNAMED Infected: Email-Worm.Win32.Bagle.ah skipped L:\Mail Backup\Deleted Items September 2004.dbx/[From "DOCCONWAY" ][Date Thu, 30 Sep 2004 14:23:54 -0500]/UNNAMED/Nervous_illnesses.scr Infected: Email-Worm.Win32.Bagle.z skipped L:\Mail Backup\Deleted Items September 2004.dbx/[From "DOCCONWAY" ][Date Thu, 30 Sep 2004 14:23:54 -0500]/UNNAMED Infected: Email-Worm.Win32.Bagle.z skipped L:\Mail Backup\Deleted Items September 2004.dbx/[From ][Date Thu, 30 Sep 2004 14:37:39 -0700]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped L:\Mail Backup\Deleted Items September 2004.dbx/[From ][Date Thu, 30 Sep 2004 14:37:39 -0700]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped L:\Mail Backup\Deleted Items September 2004.dbx/[From ][Date Thu, 30 Sep 2004 14:37:39 -0700]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items September 2004.dbx/[From ][Date Thu, 30 Sep 2004 14:37:39 -0700]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items September 2004.dbx/[From ][Date Thu, 30 Sep 2004 14:37:46 -0700]/UNNAMED/your_doc.pif Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items September 2004.dbx/[From ][Date Thu, 30 Sep 2004 14:37:46 -0700]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped L:\Mail Backup\Deleted Items September 2004.dbx/[From "Inchamber" ][Date Thu, 30 Sep 2004 17:33:05 -0500]/UNNAMED/Loves_money.hta Infected: Email-Worm.Win32.Bagle.z skipped L:\Mail Backup\Deleted Items September 2004.dbx/[From "Inchamber" ][Date Thu, 30 Sep 2004 17:33:05 -0500]/UNNAMED Infected: Email-Worm.Win32.Bagle.z skipped L:\Mail Backup\Deleted Items September 2004.dbx Mail MS Outlook 5: infected - 37, suspicious - 5 skipped L:\System Volume Information\_restore{FDF5BC16-BEC4-472F-8F06-7341BFD767A7}\RP982\change.log Object is locked skipped M:\Mail Backup\Dc101.dbx/[From "Michel Foekens" ][Date Wed, 6 Jun 2001 05:47:12 -0400]/DC140.EXE Infected: Email-Worm.Win32.Magistr.a skipped M:\Mail Backup\Dc101.dbx Mail MS Outlook 5: infected - 1 skipped M:\Mail Backup\Dc106.dbx/[From <3dasirmons@pamlico.net>][Date Tue, 31 Aug 2004 18:42:56 -0400]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped M:\Mail Backup\Dc106.dbx/[From <3dasirmons@pamlico.net>][Date Tue, 31 Aug 2004 18:42:56 -0400]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped M:\Mail Backup\Dc106.dbx/[From <3dasirmons@pamlico.net>][Date Tue, 31 Aug 2004 18:42:56 -0400]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped M:\Mail Backup\Dc106.dbx/[From <3dasirmons@pamlico.net>][Date Tue, 31 Aug 2004 18:42:56 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped M:\Mail Backup\Dc106.dbx/[From "Ckamin" ][Date Tue, 31 Aug 2004 19:16:59 -0500]/UNNAMED/foto.zip/foto.htm Infected: Exploit.HTML.CodeBaseExec skipped M:\Mail Backup\Dc106.dbx/[From "Ckamin" ][Date Tue, 31 Aug 2004 19:16:59 -0500]/UNNAMED/foto.zip/1/calc.exe Infected: Trojan.Win32.Glieder.gen skipped M:\Mail Backup\Dc106.dbx/[From "Ckamin" ][Date Tue, 31 Aug 2004 19:16:59 -0500]/UNNAMED/foto.zip Infected: Trojan.Win32.Glieder.gen skipped M:\Mail Backup\Dc106.dbx/[From "Ckamin" ][Date Tue, 31 Aug 2004 19:16:59 -0500]/UNNAMED Infected: Trojan.Win32.Glieder.gen skipped M:\Mail Backup\Dc106.dbx/[From ][Date Tue, 31 Aug 2004 19:19:34 -0400]/UNNAMED/readme.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped M:\Mail Backup\Dc106.dbx/[From ][Date Tue, 31 Aug 2004 19:19:34 -0400]/UNNAMED/readme.zip Infected: Email-Worm.Win32.NetSky.q skipped M:\Mail Backup\Dc106.dbx/[From ][Date Tue, 31 Aug 2004 19:19:34 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped M:\Mail Backup\Dc106.dbx Mail MS Outlook 5: infected - 9, suspicious - 2 skipped M:\Mail Backup\deleted archive 1.dbx/[From "RUFFRIDER013" ][Date Thu, 30 Oct 2003 23:54:18 -0500 (EST)]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped M:\Mail Backup\deleted archive 1.dbx/[From "RUFFRIDER013" ][Date Thu, 30 Oct 2003 23:54:18 -0500 (EST)]/UNNAMED/Done..scr Infected: Email-Worm.Win32.Klez.h skipped M:\Mail Backup\deleted archive 1.dbx/[From "RUFFRIDER013" ][Date Thu, 30 Oct 2003 23:54:18 -0500 (EST)]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped M:\Mail Backup\deleted archive 1.dbx/[From "RUFFRIDER013" ][Date Thu, 30 Oct 2003 23:54:18 -0500 (EST)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped M:\Mail Backup\deleted archive 1.dbx/[From "pyankes" ][Date Thu, 30 Oct 2003 23:54:34 -0500 (EST)]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped M:\Mail Backup\deleted archive 1.dbx/[From "pyankes" ][Date Thu, 30 Oct 2003 23:54:34 -0500 (EST)]/UNNAMED/Ebsi.pif Infected: Email-Worm.Win32.Klez.h skipped M:\Mail Backup\deleted archive 1.dbx/[From "pyankes" ][Date Thu, 30 Oct 2003 23:54:34 -0500 (EST)]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped M:\Mail Backup\deleted archive 1.dbx/[From "pyankes" ][Date Thu, 30 Oct 2003 23:54:34 -0500 (EST)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped M:\Mail Backup\deleted archive 1.dbx/[From "Mailer Daemon" ][Date Fri, 31 Oct 2003 15:27:33 -0400 (EST)]/UNNAMED/undelivered.hta Infected: Trojan-Dropper.VBS.Inor.a skipped M:\Mail Backup\deleted archive 1.dbx/[From "Mailer Daemon" ][Date Fri, 31 Oct 2003 15:27:33 -0400 (EST)]/UNNAMED Infected: Trojan-Dropper.VBS.Inor.a skipped M:\Mail Backup\deleted archive 1.dbx/[From "Mail Delivery Subsystem" ][Date Fri, 31 Oct 2003 14:40:15 -0500 (EST)]/UNNAMED/UNNAMED/[From dphenry ][Date Fri, 31 Oct 2003 14:40:04 -0500 (EST)]/kitty.exe Infected: Email-Worm.Win32.Klez.h skipped M:\Mail Backup\deleted archive 1.dbx/[From "Mail Delivery Subsystem" ][Date Fri, 31 Oct 2003 14:40:15 -0500 (EST)]/UNNAMED/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped M:\Mail Backup\deleted archive 1.dbx/[From "Mail Delivery Subsystem" ][Date Fri, 31 Oct 2003 14:40:15 -0500 (EST)]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped M:\Mail Backup\deleted archive 1.dbx Mail MS Outlook 5: infected - 9, suspicious - 4 skipped M:\Mail Backup\Deleted Items 2001.dbx/[From "Michel Foekens" ][Date Wed, 6 Jun 2001 05:47:12 -0400]/DC140.EXE Infected: Email-Worm.Win32.Magistr.a skipped M:\Mail Backup\Deleted Items 2001.dbx Mail MS Outlook 5: infected - 1 skipped M:\Mail Backup\Deleted Items 2003.dbx/[From RUFFRIDER013 ][Date Thu, 30 Oct 2003 23:54:18 -0500 (EST)]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped M:\Mail Backup\Deleted Items 2003.dbx/[From RUFFRIDER013 ][Date Thu, 30 Oct 2003 23:54:18 -0500 (EST)]/UNNAMED/done..scr Infected: Email-Worm.Win32.Klez.h skipped M:\Mail Backup\Deleted Items 2003.dbx/[From RUFFRIDER013 ][Date Thu, 30 Oct 2003 23:54:18 -0500 (EST)]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped M:\Mail Backup\Deleted Items 2003.dbx/[From RUFFRIDER013 ][Date Thu, 30 Oct 2003 23:54:18 -0500 (EST)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped M:\Mail Backup\Deleted Items 2003.dbx/[From pyankes ][Date Thu, 30 Oct 2003 23:54:34 -0500 (EST)]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped M:\Mail Backup\Deleted Items 2003.dbx/[From pyankes ][Date Thu, 30 Oct 2003 23:54:34 -0500 (EST)]/UNNAMED/ebsi.pif Infected: Email-Worm.Win32.Klez.h skipped M:\Mail Backup\Deleted Items 2003.dbx/[From pyankes ][Date Thu, 30 Oct 2003 23:54:34 -0500 (EST)]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped M:\Mail Backup\Deleted Items 2003.dbx/[From pyankes ][Date Thu, 30 Oct 2003 23:54:34 -0500 (EST)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped M:\Mail Backup\Deleted Items 2003.dbx/[From Mailer Daemon ][Date Fri, 31 Oct 2003 15:27:33 -0400 (EST)]/UNNAMED/undelivered.hta Infected: Trojan-Dropper.VBS.Inor.a skipped M:\Mail Backup\Deleted Items 2003.dbx/[From Mailer Daemon ][Date Fri, 31 Oct 2003 15:27:33 -0400 (EST)]/UNNAMED Infected: Trojan-Dropper.VBS.Inor.a skipped M:\Mail Backup\Deleted Items 2003.dbx/[From Mail Delivery Subsystem ][Date Fri, 31 Oct 2003 14:40:15 -0500 (EST)]/UNNAMED/[From 20.pial1.xdsl.nauticom.net [209.195.147.149]]/UNNAMED/[From dphenry ][Date Fri, 31 Oct 2003 14:40:04 -0500 (EST)]/kitty.exe Infected: Email-Worm.Win32.Klez.h skipped M:\Mail Backup\Deleted Items 2003.dbx/[From Mail Delivery Subsystem ][Date Fri, 31 Oct 2003 14:40:15 -0500 (EST)]/UNNAMED/[From 20.pial1.xdsl.nauticom.net [209.195.147.149]]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped M:\Mail Backup\Deleted Items 2003.dbx/[From Mail Delivery Subsystem ][Date Fri, 31 Oct 2003 14:40:15 -0500 (EST)]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped M:\Mail Backup\Deleted Items 2003.dbx Mail MS Outlook 5: infected - 9, suspicious - 4 skipped M:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Sat, 13 Mar 2004 10:05:21 -0500]/UNNAMED/ps_friend.doc.exe Infected: Email-Worm.Win32.NetSky.c skipped M:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Sat, 13 Mar 2004 10:05:21 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.c skipped M:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Sat, 13 Mar 2004 10:12:39 -0500]/UNNAMED/textfile_yours.htm.scr Infected: Email-Worm.Win32.NetSky.c skipped M:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Sat, 13 Mar 2004 10:12:39 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.c skipped M:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Sat, 13 Mar 2004 13:54:41 -0500]/UNNAMED/your_letter.pif Infected: Email-Worm.Win32.NetSky.d skipped M:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Sat, 13 Mar 2004 13:54:41 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped M:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Sat, 13 Mar 2004 14:05:11 -0500]/UNNAMED/yours.pif Infected: Email-Worm.Win32.NetSky.d skipped M:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Sat, 13 Mar 2004 14:05:11 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped M:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Sat, 13 Mar 2004 18:22:33 -0500]/UNNAMED/message_details.pif Infected: Email-Worm.Win32.NetSky.d skipped M:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Sat, 13 Mar 2004 18:22:33 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped M:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Sat, 13 Mar 2004 20:47:47 -0500]/UNNAMED/website_secrets.htm.exe Infected: Email-Worm.Win32.NetSky.c skipped M:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Sat, 13 Mar 2004 20:47:47 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.c skipped M:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Sat, 13 Mar 2004 23:36:14 -0500]/UNNAMED/document_full.pif Infected: Email-Worm.Win32.NetSky.d skipped M:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Sat, 13 Mar 2004 23:36:14 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped M:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Sun, 14 Mar 2004 00:11:17 -0500]/UNNAMED/your_archive.pif Infected: Email-Worm.Win32.NetSky.d skipped M:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Sun, 14 Mar 2004 00:11:17 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped M:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Wed, 10 Mar 2004 09:02:48 -0500]/yours.pif Infected: Email-Worm.Win32.NetSky.d skipped M:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Thu, 11 Mar 2004 08:58:34 -0500]/UNNAMED/your_bill.pif Infected: Email-Worm.Win32.NetSky.d skipped M:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Thu, 11 Mar 2004 08:58:34 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped M:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Thu, 11 Mar 2004 15:39:42 -0500]/UNNAMED/final.zip/final.exe Infected: Email-Worm.Win32.NetSky.c skipped M:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Thu, 11 Mar 2004 15:39:42 -0500]/UNNAMED/final.zip Infected: Email-Worm.Win32.NetSky.c skipped M:\Mail Backup\Deleted Items July 2004.dbx/[From ][Date Thu, 11 Mar 2004 15:39:42 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.c skipped M:\Mail Backup\Deleted Items July 2004.dbx Mail MS Outlook 5: infected - 22 skipped M:\Mail Backup\Deleted Items March 2004.dbx/[From drpet01@yahoo.com][Date Mon, 8 Mar 2004 08:59:59 -0500]/UNNAMED/document_word.pif Infected: Email-Worm.Win32.NetSky.d skipped M:\Mail Backup\Deleted Items March 2004.dbx/[From drpet01@yahoo.com][Date Mon, 8 Mar 2004 08:59:59 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped M:\Mail Backup\Deleted Items March 2004.dbx/[From loftus@netcom.com][Date Mon, 8 Mar 2004 09:42:24 -0500]/UNNAMED/your_letter.pif Infected: Email-Worm.Win32.NetSky.d skipped M:\Mail Backup\Deleted Items March 2004.dbx/[From loftus@netcom.com][Date Mon, 8 Mar 2004 09:42:24 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped M:\Mail Backup\Deleted Items March 2004.dbx/[From Postmaster@RIDDLEHOSPITAL.org][Date Mon, 8 Mar 2004 09:42:47 -0500]/UNNAMED/UNNAMED/[From dphenry@wpia.net][Date Mon, 8 Mar 2004 09:42:47 -0500]/your_letter.pif Infected: Email-Worm.Win32.NetSky.d skipped M:\Mail Backup\Deleted Items March 2004.dbx/[From Postmaster@RIDDLEHOSPITAL.org][Date Mon, 8 Mar 2004 09:42:47 -0500]/UNNAMED/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped M:\Mail Backup\Deleted Items March 2004.dbx/[From Postmaster@RIDDLEHOSPITAL.org][Date Mon, 8 Mar 2004 09:42:47 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped M:\Mail Backup\Deleted Items March 2004.dbx/[From specialed@lists.cas.psu.edu][Date Mon, 8 Mar 2004 10:02:32 -0500]/UNNAMED/product.exe Infected: Email-Worm.Win32.NetSky.b skipped M:\Mail Backup\Deleted Items March 2004.dbx/[From specialed@lists.cas.psu.edu][Date Mon, 8 Mar 2004 10:02:32 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.b skipped M:\Mail Backup\Deleted Items March 2004.dbx/[From webmaster@indianagazette.net][Date Mon, 8 Mar 2004 10:18:38 -0500]/UNNAMED/your_product.pif Infected: Email-Worm.Win32.NetSky.d skipped M:\Mail Backup\Deleted Items March 2004.dbx/[From webmaster@indianagazette.net][Date Mon, 8 Mar 2004 10:18:38 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped M:\Mail Backup\Deleted Items March 2004.dbx/[From shadic1@microserve.net][Date Mon, 8 Mar 2004 10:44:46 -0500]/UNNAMED/my_details.pif Infected: Email-Worm.Win32.NetSky.d skipped M:\Mail Backup\Deleted Items March 2004.dbx/[From shadic1@microserve.net][Date Mon, 8 Mar 2004 10:44:46 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped M:\Mail Backup\Deleted Items March 2004.dbx/[From intrepid16@hotmail.com][Date Mon, 8 Mar 2004 10:58:02 -0500]/topseller.zip/topseller.scr Infected: Email-Worm.Win32.NetSky.c skipped M:\Mail Backup\Deleted Items March 2004.dbx/[From intrepid16@hotmail.com][Date Mon, 8 Mar 2004 10:58:02 -0500]/topseller.zip Infected: Email-Worm.Win32.NetSky.c skipped M:\Mail Backup\Deleted Items March 2004.dbx/[From activisionsav@loisir.net][Date Mon, 8 Mar 2004 10:52:40 -0500]/UNNAMED/posting.zip/posting.pif Infected: Email-Worm.Win32.NetSky.c skipped M:\Mail Backup\Deleted Items March 2004.dbx/[From activisionsav@loisir.net][Date Mon, 8 Mar 2004 10:52:40 -0500]/UNNAMED/posting.zip Infected: Email-Worm.Win32.NetSky.c skipped M:\Mail Backup\Deleted Items March 2004.dbx/[From activisionsav@loisir.net][Date Mon, 8 Mar 2004 10:52:40 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.c skipped M:\Mail Backup\Deleted Items March 2004.dbx/[From ahendrickson@onestopquality.com][Date Mon, 8 Mar 2004 12:24:38 -0500]/UNNAMED/your_bill.pif Infected: Email-Worm.Win32.NetSky.d skipped M:\Mail Backup\Deleted Items March 2004.dbx/[From ahendrickson@onestopquality.com][Date Mon, 8 Mar 2004 12:24:38 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped M:\Mail Backup\Deleted Items March 2004.dbx/[From JHassinger ][Date Mon, 8 Mar 2004 15:48:29 -0500 (EST)]/UNNAMED/href.exe Infected: Email-Worm.Win32.Klez.h skipped M:\Mail Backup\Deleted Items March 2004.dbx/[From JHassinger ][Date Mon, 8 Mar 2004 15:48:29 -0500 (EST)]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped M:\Mail Backup\Deleted Items March 2004.dbx/[From ecep2@umn.edu][Date Mon, 8 Mar 2004 15:57:40 -0500]/UNNAMED/your_text.pif Infected: Email-Worm.Win32.NetSky.j skipped M:\Mail Backup\Deleted Items March 2004.dbx/[From ecep2@umn.edu][Date Mon, 8 Mar 2004 15:57:40 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.j skipped M:\Mail Backup\Deleted Items March 2004.dbx/[From "Microsoft" ][Date Mon, 8 Mar 2004 17:58:49 -0500 (EST)]/patch.exe Infected: Email-Worm.Win32.Dumaru.a skipped M:\Mail Backup\Deleted Items March 2004.dbx/[From linguaphile@wordsmith.org][Date Tue, 9 Mar 2004 09:50:28 +0530]/UNNAMED/my_details.pif Infected: Email-Worm.Win32.NetSky.d skipped M:\Mail Backup\Deleted Items March 2004.dbx/[From linguaphile@wordsmith.org][Date Tue, 9 Mar 2004 09:50:28 +0530]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped M:\Mail Backup\Deleted Items March 2004.dbx/[From Mail Delivery Subsystem ][Date Tue, 9 Mar 2004 06:00:02 -0800]/UNNAMED/[From 68-232-216-218.pittpa.adelphia.net [68.232.216.218]]/UNNAMED/[From dphenry@wpia.net][Date Mon, 8 Mar 2004 23:08:05 -0500]/your_document.pif Infected: Email-Worm.Win32.NetSky.d skipped M:\Mail Backup\Deleted Items March 2004.dbx/[From Mail Delivery Subsystem ][Date Tue, 9 Mar 2004 06:00:02 -0800]/UNNAMED/[From 68-232-216-218.pittpa.adelphia.net [68.232.216.218]]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped M:\Mail Backup\Deleted Items March 2004.dbx/[From Mail Delivery Subsystem ][Date Tue, 9 Mar 2004 06:00:02 -0800]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped M:\Mail Backup\Deleted Items March 2004.dbx/[From dcoder@county.greenepa.net][Date Tue, 9 Mar 2004 09:14:54 -0500]/UNNAMED/nomoney.zip/nomoney.htm.com Infected: Email-Worm.Win32.NetSky.c skipped M:\Mail Backup\Deleted Items March 2004.dbx/[From dcoder@county.greenepa.net][Date Tue, 9 Mar 2004 09:14:54 -0500]/UNNAMED/nomoney.zip Infected: Email-Worm.Win32.NetSky.c skipped M:\Mail Backup\Deleted Items March 2004.dbx/[From dcoder@county.greenepa.net][Date Tue, 9 Mar 2004 09:14:54 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.c skipped M:\Mail Backup\Deleted Items March 2004.dbx/[From dphenry@wpia.net][Date Tue, 9 Mar 2004 16:34:36 +0100]/UNNAMED/your_text.pif Infected: Email-Worm.Win32.NetSky.d skipped M:\Mail Backup\Deleted Items March 2004.dbx/[From dphenry@wpia.net][Date Tue, 9 Mar 2004 16:34:36 +0100]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped M:\Mail Backup\Deleted Items March 2004.dbx/[From jwbc117b@aol.com][Date Tue, 9 Mar 2004 10:42:24 -0500]/document_4351.pif Infected: Email-Worm.Win32.NetSky.d skipped M:\Mail Backup\Deleted Items March 2004.dbx/[From skundla@inventionshow.com][Date Tue, 9 Mar 2004 12:20:34 -0500]/UNNAMED/document_4351.pif Infected: Email-Worm.Win32.NetSky.d skipped M:\Mail Backup\Deleted Items March 2004.dbx/[From skundla@inventionshow.com][Date Tue, 9 Mar 2004 12:20:34 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped M:\Mail Backup\Deleted Items March 2004.dbx/[From mhmr@armsindmhmr.swsix.com][Date Tue, 9 Mar 2004 14:04:40 -0500]/UNNAMED/your_letter.pif Infected: Email-Worm.Win32.NetSky.d skipped M:\Mail Backup\Deleted Items March 2004.dbx/[From mhmr@armsindmhmr.swsix.com][Date Tue, 9 Mar 2004 14:04:40 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped M:\Mail Backup\Deleted Items March 2004.dbx/[From arshall@dover.af.mil][Date Tue, 9 Mar 2004 14:40:51 -0500]/UNNAMED/your_text.pif Infected: Email-Worm.Win32.NetSky.d skipped M:\Mail Backup\Deleted Items March 2004.dbx/[From arshall@dover.af.mil][Date Tue, 9 Mar 2004 14:40:51 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped M:\Mail Backup\Deleted Items March 2004.dbx Mail MS Outlook 5: infected - 42 skipped M:\System Volume Information\1{3808876b-c176-4e48-b7ae-04046e6cc752} Object is locked skipped M:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped M:\System Volume Information\_restore{FDF5BC16-BEC4-472F-8F06-7341BFD767A7}\RP982\change.log Object is locked skipped Scan process completed.

#10 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 20 April 2008 - 02:12 PM

Yowser! I hate emails. :pullhair: Questio- do you have old emails saved that you need to keep or can all go?
You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

    Advertisements

Register to Remove

#11 dphenry

dphenry

    Authentic Member

  • Authentic Member
  • PipPip
  • 127 posts

Posted 20 April 2008 - 02:55 PM

I do need to keep the emails, please?

#12 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 21 April 2008 - 04:15 AM

Hi Im just enquiring about a quick way to remove all the infected emails. Shouldnt be too long. :thumbup:
You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

#13 dphenry

dphenry

    Authentic Member

  • Authentic Member
  • PipPip
  • 127 posts

Posted 21 April 2008 - 04:27 AM

Thank you VERY much! Moving forward, what should I be doing to prevent this situation in the future?

#14 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 21 April 2008 - 04:39 AM

When I post my all-clean speech there will be a link or two about how you got infected and how to avoid it in the future.
You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

#15 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 21 April 2008 - 05:28 AM

Ok, short of getting an reply as yet, I have noticed one thing, that these files were already deleted, but OE still has them stored. But I tested a way of deleting the deleted.

First,
To enable the viewing of Hidden files follow these steps:
  • Close all programs so that you are at your desktop.
  • Double-click on the My Computer icon (or click Start, then select My Computer)
  • Select the Tools menu and click Folder Options.
  • After the new window appears select the View tab.
  • Put a checkmark in the checkbox labeled Display the contents of system folders.
  • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  • Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
  • Remove the checkmark from the checkbox labeled Hide protected operating system files.
  • Press the Apply button and then the OK button and shutdown My Computer.
    Now your computer is configured to show all hidden files.


Now navigate to and delete these files. (In bold)
C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Deleted Archive.dbx
C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}\Microsoft\Outlook Express\Deleted Items 2004.dbx
C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items 2001.dbx
C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items 2003.dbx
C:\Documents and Settings\Dana P. Henry\Local Settings\Application Data\Identities\{379361C8-FEAB-4593-BD29-D3B69D1424DA}(2)\Microsoft(2)\Outlook Express(2)\Deleted Items March 2004.dbx
L:\Mail Backup\Deleted Items 2001.dbx
L:\Mail Backup\Deleted Items 2003.dbx
L:\Mail Backup\Deleted Items August 2004.dbx
L:\Mail Backup\Deleted Items January 2005.dbx
L:\Mail Backup\Deleted Items July 2004.dbx
L:\Mail Backup\Deleted Items March 2004.dbx
L:\Mail Backup\Deleted Items November 2004 (1).dbx
L:\Mail Backup\Deleted Items October 2004.dbx
L:\Mail Backup\Deleted Items September 2004.dbx
M:\Mail Backup\Dc101.dbx
M:\Mail Backup\Dc106.dbx
M:\Mail Backup\deleted archive 1.dbx
M:\Mail Backup\Deleted Items 2001.dbx
M:\Mail Backup\Deleted Items 2003.dbx
M:\Mail Backup\Deleted Items July 2004.dbx
M:\Mail Backup\Deleted Items March 2004.dbx

Enjoy!

When you are done with those, update MBAM and run a quick scan then post the new log along with a new HijackThis log, please.
You too could train to help others- Join the Classroom

Posted Image

Posted Image
Posted Image

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·