PDA

View Full Version : I have a virtumonde virus problem!



lizrussell
2007-08-22, 14:04
Hi, I have tried using S&D but it cant get rid of this thing. help please!!
I tried to paste the kaspersky report but the post was too long so here is the hijackthis log for you guys to look at.
cheers




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:26:58 PM, on 22/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HP.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\WinZip\WZQKPICK.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com.au/"); (C:\Documents and Settings\USER\Application Data\Mozilla\Profiles\default\ds8nmiw9.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\USER\Application Data\Mozilla\Profiles\default\ds8nmiw9.slt\prefs.js)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX630 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HP.EXE /P31 "EPSON Stylus Photo RX630 Series" /O6 "USB001" /M "Stylus Photo RX630"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus Photo RX630 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HP.EXE /P31 "EPSON Stylus Photo RX630 Series" /M "Stylus Photo RX630" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingD6608] cmd /c del "C:\WINDOWS\system32\jkhfg.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1079] command /c del "C:\WINDOWS\system32\jkhfg.dll_tobedeleted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6652] cmd /c del "C:\WINDOWS\system32\jkhfg.dll_tobedeleted"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10014 bytes

pskelley
2007-08-22, 20:52
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Looks like you are trying to delete Vundo on reboot with Spybot S&D. Please don't use Spybot for a bit, it wil not remove this junk. We need to have a look at the infection, please do this:

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe <<< return to here and rename HJT.exe, call it lizrussell.exe or whatever you wish. It will look like this:
C:\Program Files\Trend Micro\HijackThis\lizrussell.exe Now restart the computer and post a new HJT log.

Thanks

lizrussell
2007-08-23, 03:32
ok here is the new hjt log. thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:05 AM, on 23/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HP.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Trend Micro\HijackThis\lizrussell.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com.au/"); (C:\Documents and Settings\USER\Application Data\Mozilla\Profiles\default\ds8nmiw9.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\USER\Application Data\Mozilla\Profiles\default\ds8nmiw9.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {44218730-94E0-4b24-BBF0-C3D8B2BCE2C3} - C:\WINDOWS\system32\mlwdappl.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4} - C:\WINDOWS\system32\byxxusq.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E468F623-37E5-4054-AEA9-4FC6739B9D4B} - C:\WINDOWS\system32\jkhfg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX630 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HP.EXE /P31 "EPSON Stylus Photo RX630 Series" /O6 "USB001" /M "Stylus Photo RX630"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MSOffice] rundll32.exe "C:\WINDOWS\system32\uebexket.dll",sitypnow
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus Photo RX630 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HP.EXE /P31 "EPSON Stylus Photo RX630 Series" /M "Stylus Photo RX630" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O20 - Winlogon Notify: byxxusq - C:\WINDOWS\SYSTEM32\byxxusq.dll
O20 - Winlogon Notify: jkhfg - C:\WINDOWS\system32\jkhfg.dll
O20 - Winlogon Notify: winzwr32 - winzwr32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11569 bytes

lizrussell
2007-08-23, 03:41
And now my computer says that I have a trojan.awax object name C:\WINDOWS\system32|byxxusq.dll that it is unable to repair and access to the file is denied...

pskelley
2007-08-23, 12:41
Hi Liz, here is some information about this junk:
http://www.networkworld.com/news/2007/030807-mystery-around-winfixer-slowly-unravels.html
http://www.youtube.com/watch?v=zBUZHiKhsog
http://msmvps.com/blogs/spywaresucks/search.aspx?q=winfixer+msn
http://www.revenews.com/wayneporter/archives/adware-spyware-greynets/getting_the_fix_on_winfixer_aol_network_now/
It's a nasty infection and causing all kind of computer issues until it is remove, which we will start doing right no, it is going to take some work.

Thanks to Atribune and any others who helped with this fix.

Please understand these hackers can call there junk anything they wish. Vundofix may not know the files at first, but it will learn. You want to run the fix until you see all Vundo files say: "Has been deleted"

Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThislog
in a reply to this thread.Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Thanks...Phil

lizrussell
2007-08-23, 13:53
thanks... here goes



VundoFix V6.5.7

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 8:36:05 PM 23/08/2007

Listing files found while scanning....

C:\windows\system32\gfhkj.bak2
C:\WINDOWS\system32\gfhkj.ini
C:\WINDOWS\system32\jkhfg.dll

Beginning removal...

Attempting to delete C:\windows\system32\gfhkj.bak2
C:\windows\system32\gfhkj.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\gfhkj.ini
C:\WINDOWS\system32\gfhkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhfg.dll
C:\WINDOWS\system32\jkhfg.dll Has been deleted!

Performing Repairs to the registry.
Done!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:52:05 PM, on 23/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HP.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Trend Micro\HijackThis\lizrussell.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com.au/"); (C:\Documents and Settings\USER\Application Data\Mozilla\Profiles\default\ds8nmiw9.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\USER\Application Data\Mozilla\Profiles\default\ds8nmiw9.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {44218730-94E0-4b24-BBF0-C3D8B2BCE2C3} - C:\WINDOWS\system32\mlwdappl.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4} - C:\WINDOWS\system32\byxxusq.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {A734132E-999E-4B7F-9714-EA560083090D} - C:\WINDOWS\system32\jkhfg.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX630 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HP.EXE /P31 "EPSON Stylus Photo RX630 Series" /O6 "USB001" /M "Stylus Photo RX630"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MSOffice] rundll32.exe "C:\WINDOWS\system32\uebexket.dll",sitypnow
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus Photo RX630 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HP.EXE /P31 "EPSON Stylus Photo RX630 Series" /M "Stylus Photo RX630" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O20 - Winlogon Notify: byxxusq - byxxusq.dll (file missing)
O20 - Winlogon Notify: winzwr32 - winzwr32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11542 bytes

pskelley
2007-08-23, 14:32
Thanks for returning your information and you did great with that tool, let's let combofix have a look before we cleanup.

Thanks to sUBs and anyone else who helped with this fix.

Download ComboFix from Here (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe) or Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

:bigthumb:

lizrussell
2007-08-23, 14:54
ok combofix


ComboFix 07-08-17.2 - "User" 2007-08-23 21:36:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.611 [GMT 10:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\User\APPLIC~1\install.dat
C:\DOCUME~1\User\Desktop\internet.lnk
C:\WINDOWS\sisport.sys
C:\WINDOWS\system32\mlwdappl.dll


((((((((((((((((((((((((( Files Created from 2007-07-23 to 2007-08-23 )))))))))))))))))))))))))))))))


2007-08-23 21:35 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-23 20:36 <DIR> d-------- C:\VundoFix Backups
2007-08-22 22:03 87,616 --a------ C:\WINDOWS\system32\uebexket.dll
2007-08-22 16:14 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-22 12:57 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-22 12:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-08-21 22:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-21 21:56 <DIR> d-------- C:\DOCUME~1\User\APPLIC~1\Opera
2007-08-21 21:45 93,696 --a------ C:\WINDOWS\system32\drvguh.dll
2007-08-21 21:45 43,542 --a------ C:\WINDOWS\system32\ddcyaxx.dll
2007-08-21 21:45 15,360 --a------ C:\WINDOWS\system32\drvguhr.dll
2007-08-21 21:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
2007-08-21 21:13 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-08-21 21:04 229,057 --a------ C:\WINDOWS\Alcohol_Toolbar_Uninstaller_2390.exe
2007-08-21 21:04 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-08-21 21:00 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-08-14 09:48 <DIR> d-------- C:\etax2007
2007-07-29 15:37 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-07-29 15:37 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-07-29 15:37 43,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-07-29 15:37 129,784 --a------ C:\WINDOWS\system32\pxafs.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-23 21:34 --------- d-------- C:\DOCUME~1\User\APPLIC~1\WholeSecurity
2007-08-22 12:58 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-21 22:00 --------- d-------- C:\Program Files\Norton Internet Security
2007-08-21 21:55 --------- d-------- C:\Program Files\Symantec
2007-08-01 08:58 --------- d-------- C:\Program Files\Winamp
2007-07-12 03:00 --------- d-------- C:\Program Files\MSXML 4.0
2007-06-27 04:54 --------- d-------- C:\DOCUME~1\User\APPLIC~1\Google
2007-06-27 04:53 --------- d-------- C:\Program Files\Google
2007-06-26 16:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 23:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 20:23 1033216 --a------ C:\WINDOWS\explorer.exe
2006-03-11 17:47 577826 --a------ C:\Program Files\massive2006.zip
2006-02-24 19:49 36526792 --a------ C:\Program Files\iTunesSetup.exe
2005-03-31 22:17 40960 --a------ C:\Program Files\Uninstall_CDS.exe
2004-08-04 12:00:00 94,784 --sh--w C:\WINDOWS\twain.dll
2004-08-04 12:00:00 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-08-04 12:00:00 1,028,096 --sh--w C:\WINDOWS\system32\mfc42.dll
2004-08-04 12:00:00 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
2004-08-04 12:00:00 413,696 --sh--w C:\WINDOWS\system32\msvcp60.dll
2004-08-04 12:00:00 343,040 --sh--w C:\WINDOWS\system32\msvcrt.dll
2007-05-17 11:28:05 549,376 --sh--w C:\WINDOWS\system32\oleaut32.dll
2004-08-04 12:00:00 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll
2004-08-04 12:00:00 11,776 --sh--w C:\WINDOWS\system32\regsvr32.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4}]
C:\WINDOWS\system32\byxxusq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A734132E-999E-4B7F-9714-EA560083090D}]
C:\WINDOWS\system32\jkhfg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 20:15]
"SiSPower"="SiSPower.dll" [2005-03-04 04:50 C:\WINDOWS\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 20:20 C:\WINDOWS\SOUNDMAN.EXE]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"EPSON Stylus Photo RX630 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HP.exe" [2004-05-20 13:00]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 08:11]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2004-08-31 01:29]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-08-21 21:55]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-08 13:03]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-24 19:54]
"eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2007-05-03 17:58]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 08:22]
"MSOffice"="C:\WINDOWS\system32\uebexket.dll" [2007-08-22 22:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 02:24]
"Mozilla Quick Launch"="C:\Program Files\Netscape\Netscape\Netscp.exe" [2003-06-24 11:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-01-24 10:37]
"EPSON Stylus Photo RX630 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HP.exe" [2004-05-20 13:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 04:25]

C:\Documents and Settings\User\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2005-10-27 17:58:54]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-11-15 07:03:54]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4}"= C:\WINDOWS\system32\byxxusq.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxxusq]
byxxusq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzwr32]
winzwr32.dll

R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
S3 PortAcc;Spearit Port Access;\??\C:\Program Files\Laplink\PCmover\PortAcc.sys


Contents of the 'Scheduled Tasks' folder
2007-08-17 05:14:06 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - User.job - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-23 21:42:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus Photo RX630 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HP.EXE /P31 "EPSON Stylus Photo RX630 Series" /M "Stylus Photo RX630" /EF "HKCU"??????????????????????????????p???W?D~0?A~????*?A~??A~??????C~????????????????l/[???A~????????????????????T???????????W?D~??A~??????A~??A~X/[???????????A~???????????????????????????????|????????X/[???????????????C~s?A~??A~-?B~????????????????????????E????\?'????????????4????YB~????????????????????????????????T????YB~?????????????H??????????????X?C~????????????j?C~????????8???????????`??

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-23 21:50:04 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-23 21:50

--- E O F ---

lizrussell
2007-08-23, 14:56
and hjt log



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:52:20 PM, on 23/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HP.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Trend Micro\HijackThis\lizrussell.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com.au/"); (C:\Documents and Settings\USER\Application Data\Mozilla\Profiles\default\ds8nmiw9.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\USER\Application Data\Mozilla\Profiles\default\ds8nmiw9.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4} - C:\WINDOWS\system32\byxxusq.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {A734132E-999E-4B7F-9714-EA560083090D} - C:\WINDOWS\system32\jkhfg.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX630 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HP.EXE /P31 "EPSON Stylus Photo RX630 Series" /O6 "USB001" /M "Stylus Photo RX630"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MSOffice] rundll32.exe "C:\WINDOWS\system32\uebexket.dll",sitypnow
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus Photo RX630 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HP.EXE /P31 "EPSON Stylus Photo RX630 Series" /M "Stylus Photo RX630" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O20 - Winlogon Notify: byxxusq - byxxusq.dll (file missing)
O20 - Winlogon Notify: winzwr32 - winzwr32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11445 bytes

pskelley
2007-08-23, 15:47
Thanks for returning you informaion, combofix found more junk, let's clean an run a good scan to look for anything hidded. Please delete the Kaspersky scan you saved, it is obsolete now.

1) Remove Vundofix from your computer, but sure to also delete the C:\Vundofix Backups\ folder. Remove combofix from your computer and be sure to remove the C:\Qoobox\quarantine\ folder. You may also rename HJT if you wish.

2) How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm. Click OK.
You may reverse this for safety when we are finished.

3) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.

4) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4} - C:\WINDOWS\system32\byxxusq.dll (file missing)
O2 - BHO: (no name) - {A734132E-999E-4B7F-9714-EA560083090D} - C:\WINDOWS\system32\jkhfg.dll (file missing)
O4 - HKLM\..\Run: [MSOffice] rundll32.exe "C:\WINDOWS\system32\uebexket.dll",sitypnow
O20 - Winlogon Notify: byxxusq - byxxusq.dll (file missing)
O20 - Winlogon Notify: winzwr32 - winzwr32.dll (file missing)

Close all programs but HJT and all browser windows, then click on "Fix Checked"

5) RIGHT Click on Start then click on Explore. Locate and delete these items:

C:\WINDOWS\system32\uebexket.dll <<< delete that file

(if that file gives you trouble use this tool and instructions)
How to use the Delete on Reboot tool
http://www.bleepingcomputer.com/tutorials/tutorial42.html#delreb

6) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

7) Run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner

Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make that the following are selected:
* Scan using the following Anti-Virus database:
* Standard
* Scan Options:
* Scan Archives
* Scan Mail Bases
* Click OK
* Now under select a target to scan:
* Select My Computer
* This will program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
* Now click on the Save as Text button:
* Save the file to your desktop.

Then post it here along with a new HJT log. Break the scan into as many posted as needed to post it.

Thanks

lizrussell
2007-08-24, 01:09
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, August 24, 2007 8:05:29 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 23/08/2007
Kaspersky Anti-Virus database records: 363560
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 62948
Number of viruses found: 9
Number of infected objects: 21
Number of suspicious objects: 157
Duration of the scan process: 03:15:30

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip/win4FC.tmp.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip/Yazzle1162OinUninstaller.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-08-23_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\User\Application Data\Mozilla\Profiles\default\ds8nmiw9.slt\parent.lock Object is locked skipped
C:\Documents and Settings\User\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\User\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\User\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\User\NTUSER.DAT.LOG Object is locked skipped
C:\Gemmology\Mail\Inbox/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sat, 17 Jun 2000 15:12:47 EST]/text/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sun, 18 Jun 2000 23:28:12 EST]/UNNAMED/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sun, 18 Jun 2000 23:23:47 EST]/UNNAMED/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sun, 18 Jun 2000 23:34:35 EST]/UNNAMED/[From ray.thom ... /[From Marilyn Healy <Marilyn.Healy@kraken.itc.gu.edu.au>][Date Tue, 20 Jun 2000 11:09:20 +1000]/LIFE_STAGES.TXT.SHS Infected: Email-Worm.VBS.Scrapworm skipped
C:\Gemmology\Mail\Inbox/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sat, 17 Jun 2000 15:12:47 EST]/text/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sun, 18 Jun 2000 23:28:12 EST]/UNNAMED/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sun, 18 Jun 2000 23:23:47 EST]/UNNAMED/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sun, 18 Jun 2000 23:34:35 EST]/UNNAMED/[From ray.thomas@db.com][Date Mo ... /[From Mail Delivery Subsystem <MAILER-DAEMON>][Date Mon, 19 Jun 2000 23:53:52 +1000 (EST)]/UNNAMED Infected: Email-Worm.VBS.Scrapworm skipped
C:\Gemmology\Mail\Inbox/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sat, 17 Jun 2000 15:12:47 EST]/text/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sun, 18 Jun 2000 23:28:12 EST]/UNNAMED/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sun, 18 Jun 2000 23:23:47 EST]/UNNAMED/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sun, 18 Jun 2000 23:34:35 EST]/UNNAMED/[From ray.thomas@db.com][Date Mon, 19 Jun ... /[From "ross mcnally" <rosco1352@hotmail.com>][Date Mon, 19 Jun 2000 14:52:11 EST]/UNNAMED Infected: Email-Worm.VBS.Scrapworm skipped
C:\Gemmology\Mail\Inbox/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sat, 17 Jun 2000 15:12:47 EST]/text/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sun, 18 Jun 2000 23:28:12 EST]/UNNAMED/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sun, 18 Jun 2000 23:23:47 EST]/UNNAMED/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sun, 18 Jun 2000 23:34:35 EST]/UNNAMED/[From ray.thomas@db.com][Date Mon, 19 Jun 2000 12:34:14 +1000]/text Infected: Email-Worm.VBS.Scrapworm skipped
C:\Gemmology\Mail\Inbox/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sat, 17 Jun 2000 15:12:47 EST]/text/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sun, 18 Jun 2000 23:28:12 EST]/UNNAMED/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sun, 18 Jun 2000 23:23:47 EST]/UNNAMED/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sun, 18 Jun 2000 23:34:35 EST]/UNNAMED Infected: Email-Worm.VBS.Scrapworm skipped
C:\Gemmology\Mail\Inbox/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sat, 17 Jun 2000 15:12:47 EST]/text/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sun, 18 Jun 2000 23:28:12 EST]/UNNAMED/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sun, 18 Jun 2000 23:23:47 EST]/UNNAMED Infected: Email-Worm.VBS.Scrapworm skipped
C:\Gemmology\Mail\Inbox/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sat, 17 Jun 2000 15:12:47 EST]/text/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sun, 18 Jun 2000 23:28:12 EST]/UNNAMED Infected: Email-Worm.VBS.Scrapworm skipped
C:\Gemmology\Mail\Inbox/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sat, 17 Jun 2000 15:12:47 EST]/text Infected: Email-Worm.VBS.Scrapworm skipped
C:\Gemmology\Mail\Inbox Mail Berkeley mbox: infected - 8 skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Fri, 13 Sep 2002 00:17:35 +1000]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Fri, 13 Sep 2002 00:14:06 +1000]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 10 Sep 2002 02:03:57 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 10 Sep 2002 02:00:36 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 10 Sep 2002 01:55:41 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 05 Sep 2002 21:33:13 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Aug 2002 17:42:41 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Aug 2002 07:35:10 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Aug 2002 05:41:05 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped

lizrussell
2007-08-24, 01:20
sorry i lost my place ill start again from the top of the kaspersky log


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, August 24, 2007 8:05:29 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 23/08/2007
Kaspersky Anti-Virus database records: 363560
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 62948
Number of viruses found: 9
Number of infected objects: 21
Number of suspicious objects: 157
Duration of the scan process: 03:15:30

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip/win4FC.tmp.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip/Yazzle1162OinUninstaller.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-08-23_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\User\Application Data\Mozilla\Profiles\default\ds8nmiw9.slt\parent.lock Object is locked skipped
C:\Documents and Settings\User\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\User\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\User\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\User\NTUSER.DAT.LOG Object is locked skipped
C:\Gemmology\Mail\Inbox/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sat, 17 Jun 2000 15:12:47 EST]/text/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sun, 18 Jun 2000 23:28:12 EST]/UNNAMED/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sun, 18 Jun 2000 23:23:47 EST]/UNNAMED/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sun, 18 Jun 2000 23:34:35 EST]/UNNAMED/[From ray.thom ... /[From Marilyn Healy <Marilyn.Healy@kraken.itc.gu.edu.au>][Date Tue, 20 Jun 2000 11:09:20 +1000]/LIFE_STAGES.TXT.SHS Infected: Email-Worm.VBS.Scrapworm skipped
C:\Gemmology\Mail\Inbox/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sat, 17 Jun 2000 15:12:47 EST]/text/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sun, 18 Jun 2000 23:28:12 EST]/UNNAMED/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sun, 18 Jun 2000 23:23:47 EST]/UNNAMED/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sun, 18 Jun 2000 23:34:35 EST]/UNNAMED/[From ray.thomas@db.com][Date Mo ... /[From Mail Delivery Subsystem <MAILER-DAEMON>][Date Mon, 19 Jun 2000 23:53:52 +1000 (EST)]/UNNAMED Infected: Email-Worm.VBS.Scrapworm skipped
C:\Gemmology\Mail\Inbox/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sat, 17 Jun 2000 15:12:47 EST]/text/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sun, 18 Jun 2000 23:28:12 EST]/UNNAMED/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sun, 18 Jun 2000 23:23:47 EST]/UNNAMED/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sun, 18 Jun 2000 23:34:35 EST]/UNNAMED/[From ray.thomas@db.com][Date Mon, 19 Jun ... /[From "ross mcnally" <rosco1352@hotmail.com>][Date Mon, 19 Jun 2000 14:52:11 EST]/UNNAMED Infected: Email-Worm.VBS.Scrapworm skipped
C:\Gemmology\Mail\Inbox/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sat, 17 Jun 2000 15:12:47 EST]/text/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sun, 18 Jun 2000 23:28:12 EST]/UNNAMED/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sun, 18 Jun 2000 23:23:47 EST]/UNNAMED/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sun, 18 Jun 2000 23:34:35 EST]/UNNAMED/[From ray.thomas@db.com][Date Mon, 19 Jun 2000 12:34:14 +1000]/text Infected: Email-Worm.VBS.Scrapworm skipped
C:\Gemmology\Mail\Inbox/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sat, 17 Jun 2000 15:12:47 EST]/text/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sun, 18 Jun 2000 23:28:12 EST]/UNNAMED/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sun, 18 Jun 2000 23:23:47 EST]/UNNAMED/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sun, 18 Jun 2000 23:34:35 EST]/UNNAMED Infected: Email-Worm.VBS.Scrapworm skipped
C:\Gemmology\Mail\Inbox/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sat, 17 Jun 2000 15:12:47 EST]/text/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sun, 18 Jun 2000 23:28:12 EST]/UNNAMED/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sun, 18 Jun 2000 23:23:47 EST]/UNNAMED Infected: Email-Worm.VBS.Scrapworm skipped
C:\Gemmology\Mail\Inbox/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sat, 17 Jun 2000 15:12:47 EST]/text/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sun, 18 Jun 2000 23:28:12 EST]/UNNAMED Infected: Email-Worm.VBS.Scrapworm skipped
C:\Gemmology\Mail\Inbox/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sat, 17 Jun 2000 15:12:47 EST]/text Infected: Email-Worm.VBS.Scrapworm skipped
C:\Gemmology\Mail\Inbox Mail Berkeley mbox: infected - 8 skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Fri, 13 Sep 2002 00:17:35 +1000]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Fri, 13 Sep 2002 00:14:06 +1000]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 10 Sep 2002 02:03:57 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 10 Sep 2002 02:00:36 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 10 Sep 2002 01:55:41 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 05 Sep 2002 21:33:13 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Aug 2002 17:42:41 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Aug 2002 07:35:10 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Aug 2002 05:41:05 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Mon, 12 Aug 2002 08:23:41 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 25 Jul 2002 23:38:56 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 25 Jul 2002 23:18:40 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 23 Jul 2002 22:39:27 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Sun, 21 Jul 2002 22:07:54 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 18 Jul 2002 23:58:21 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Mon, 08 Jul 2002 23:24:55 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bi ... /[From bilsec@ozemail.com.au][Date Thu, 04 Jul 2002 09:58:17 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Sat, 29 Jun 2002 02:56:44 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 27 Jun 2002 08:25:47 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 26 Jun 2002 23:46:08 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped

lizrussell
2007-08-24, 01:22
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Mon, 24 Jun 2002 23:12:09 +1000]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Sun, 12 May 2002 21:00:03 +1000]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Sun, 12 May 2002 20:23:09 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Sun, 12 May 2002 11:47:21 +1000]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Sat, 11 May 2002 10:51:37 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Sat, 11 May 2002 10:48:16 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Sat, 11 May 2002 10:35:45 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Mon, 29 Apr 2002 07:33:04 +1000]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Mon, 29 Apr 2002 07:30:15 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Fri, 26 Apr 2002 19:16:57 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 16 Apr 2002 08:09:26 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 21 Mar 2002 07:26:22 +1100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Mon, 21 Jan 2002 21:55:01 +1100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 25 Dec 2001 10:03:55 +1100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Dec 2001 23:23:57 +1100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 11 Dec 2001 22:57:55 +1100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Sun, 09 Dec 2001 23:10:09 +1100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From ... /[From bilsec@ozemail.com.au][Date Sun, 09 Dec 2001 18:14:43 +1100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 06 Dec 2001 08:34:47 +1100]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 06 Dec 2001 08:29:06 +1100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Sat, 01 Dec 2001 01:33:16 +1100]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Mon, 19 Nov 2001 23:30:43 +1100]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 15 Nov 2001 01:42:59 +1100]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Mon, 12 Nov 2001 23:37:25 +1100]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Mon, 12 Nov 2001 23:17:57 +1100]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Mon, 12 Nov 2001 22:50:35 +1100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Mon, 12 Nov 2001 22:42:20 +1100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 30 Oct 2001 23:05:41 +1100]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 30 Oct 2001 22:30:37 +1100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Sun, 28 Oct 2001 22:15:17 +1100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Mon, 22 Oct 2001 22:26:30 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Mon, 22 Oct 2001 22:17:53 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Mon, 22 Oct 2001 07:51:43 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 18 Oct 2001 18:53:42 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 18 Oct 2001 18:47:46 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped

lizrussell
2007-08-24, 01:23
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 18 Oct 2001 08:01:01 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 18 Oct 2001 07:59:38 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Mon, 15 Oct 2001 22:00:02 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 09 Oct 2001 23:55:22 +1000]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 09 Oct 2001 02:11:40 +1000]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 09 Oct 2001 00:01:19 +1000]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Mon, 08 Oct 2001 22:57:53 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Sun, 07 Oct 2001 16:38:27 +1000]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Fri, 05 Oct 2001 22:59:28 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 03 Oct 2001 23:43:58 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Fri, 28 Sep 2001 01:29:35 +1000]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Fri, 28 Sep 2001 00:47:54 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Fri, 28 Sep 2001 00:39:39 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Fri, 28 Sep 2001 00:36:52 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Fri, 28 Sep 2001 00:34:08 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Fri, 28 Sep 2001 00:30:17 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 27 Sep 2001 19:54:17 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 19 Sep 2001 23:46:55 +1000]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Sun, 02 Sep 2001 15:09:04 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Sun, 02 Sep 2001 14:47:13 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 23 Aug 2001 20:52:34 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Mon, 13 Aug 2001 23:41:16 +1000]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Mon, 13 Aug 2001 22:53:13 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Fri, 10 Aug 2001 20:36:19 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 26 Jul 2001 00:19:04 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 21 Jun 2001 23:15:02 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 14 Jun 2001 22:04:11 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 06 Jun 2001 20:17:21 +1000]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 05 Jun 2001 01:41:20 +1000]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 05 Jun 2001 01:28:00 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 05 Jun 2001 00:08:01 +1000]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Mon, 04 Jun 2001 01:33:43 +1000]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped

lizrussell
2007-08-24, 01:24
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Mon, 21 May 2001 23:08:56 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 17 May 2001 11:54:32 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 15 May 2001 23:26:25 +1000]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 10 May 2001 00:00:31 +1000]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 09 May 2001 23:21:56 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 09 May 2001 23:18:51 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 09 May 2001 23:13:35 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 09 May 2001 23:04:43 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 09 May 2001 00:37:06 +1000]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Mon, 07 May 2001 00:00:42 +1000]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Sat, 05 May 2001 23:02:51 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Sat, 05 May 2001 10:47:07 +1000]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 03 May 2001 23:01:53 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 02 May 2001 01:03:39 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Sat, 28 Apr 2001 00:00:01 +1000]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 24 Apr 2001 00:23:54 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 19 Apr 2001 21:00:34 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 10 Apr 2001 08:19:31 +1000]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 29 Mar 2001 08:52:15 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Mon, 22 Jan 2001 23:05:25 +1100]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Mon, 22 Jan 2001 23:00:42 +1100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 26 Dec 2000 01:51:08 +1100]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Mon, 18 Dec 2000 23:23:44 +1100]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Mon, 18 Dec 2000 23:20:35 +1100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 14 Dec 2000 00:39:48 +1100]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 14 Dec 2000 00:04:38 +1100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 13 Dec 2000 23:57:56 +1100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Sat, 09 Dec 2000 19:27:55 +1100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 06 Dec 2000 23:23:18 +1100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 05 Dec 2000 23:50:54 +1100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 05 Dec 2000 00:31:03 +1100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 05 Dec 2000 00:18:28 +1100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 05 Dec 2000 00:02:28 +1100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Mon, 27 Nov 2000 23:08:45 +1100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Sun, 26 Nov 2000 21:53:49 +1100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped

lizrussell
2007-08-24, 01:25
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Mon, 13 Nov 2000 23:06:45 +1100]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Mon, 13 Nov 2000 22:48:34 +1100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Sun, 12 Nov 2000 08:57:21 +1100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Mon, 06 Nov 2000 12:39:01 +1100]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Sun, 05 Nov 2000 13:52:00 +1100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Sun, 05 Nov 2000 13:49:38 +1100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Sun, 05 Nov 2000 13:47:00 +1100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Sun, 05 Nov 2000 13:44:03 +1100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 01 Nov 2000 10:46:52 +1100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Mon, 30 Oct 2000 11:40:25 +1100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 26 Oct 2000 22:20:41 +1000]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 24 Oct 2000 23:28:59 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 24 Oct 2000 22:06:32 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Mon, 16 Oct 2000 22:23:40 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 10 Oct 2000 15:22:45 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Fri, 06 Oct 2000 23:48:32 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Fri, 06 Oct 2000 23:42:04 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Fri, 06 Oct 2000 23:40:08 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Fri, 06 Oct 2000 23:38:05 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 05 Oct 2000 21:14:51 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Mon, 25 Sep 2000 23:37:29 +1000]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 20 Sep 2000 21:17:49 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 07 Sep 2000 22:20:08 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat .. ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Mon, 14 Aug 2000 23:26:06 +1000]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Dat ... /[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 10 Aug 2000 22:46:36 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 19 Jul 2000 22:35:12 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Thu, 13 Jul 2000 23:02:55 +1000]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Wed, 28 Jun 2000 23:35:38 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 22:54:47 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Gemmology\Mail\Sent/[From Bill Sechos <bilsec@ozemail.com.au>][Date Tue, 20 Jun 2000 00:28:44 +1000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped

lizrussell
2007-08-24, 01:26
C:\Gemmology\Mail\Sent Mail Berkeley mbox: suspicious - 152 skipped
C:\Log.txt Object is locked skipped
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\sw_ae-20070823-232245.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\00321CA9.exe Infected: Trojan.Win32.Agent.qt skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\003546A5.exe Infected: Trojan.Win32.Agent.qt skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\10A52AF2.tmp Infected: Net-Worm.Win32.Mytob.u skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\62C83676.exe Infected: Virus.Win32.Virut.i skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6D7A5401.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6D7A5401.exe NSIS: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6D7A5401.exe CryptFF: infected - 1 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7C1B3097.exe Infected: Trojan-Downloader.Win32.LoadAdv.gen skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{121AA659-A550-47AB-8AE3-B577D59957E3}\RP701\A0029113.exe Infected: Trojan.Win32.Agent.qt skipped
C:\System Volume Information\_restore{121AA659-A550-47AB-8AE3-B577D59957E3}\RP701\A0029115.dll Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{121AA659-A550-47AB-8AE3-B577D59957E3}\RP701\A0029119.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\System Volume Information\_restore{121AA659-A550-47AB-8AE3-B577D59957E3}\RP703\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{BB26CE61-7901-48B6-83FF-F8099F999D61}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drvguh.dll Infected: Trojan.Win32.Dialer.qn skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

lizrussell
2007-08-24, 01:27
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:27:36 AM, on 24/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HP.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\lizrussell.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com.au/"); (C:\Documents and Settings\USER\Application Data\Mozilla\Profiles\default\ds8nmiw9.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\USER\Application Data\Mozilla\Profiles\default\ds8nmiw9.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX630 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HP.EXE /P31 "EPSON Stylus Photo RX630 Series" /O6 "USB001" /M "Stylus Photo RX630"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus Photo RX630 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HP.EXE /P31 "EPSON Stylus Photo RX630 Series" /M "Stylus Photo RX630" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10925 bytes

pskelley
2007-08-24, 01:55
KASPERSKY ONLINE SCANNER REPORT Friday, August 24, 2007 8:05:29 AM

What is all of the suspicious junk Kaspersky is finding? Let's look at the 21 infected items first.

Number of infected objects: 21

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ (4)
Open Spybot S&D and click on the white case with the RED X, delete the contents.


C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\ <<< delete the contents (8)
http://service1.symantec.com/SUPPORT/nav.nsf/docid/2000041213443506

C:\System Volume Information\_restore{121AA659-A550-47AB-8AE3-B577D59957E3}\RP701\A0029113.exe Infected: Trojan.Win32.Agent.qt skipped
C:\System Volume Information\_restore{121AA659-A550-47AB-8AE3-B577D59957E3}\RP701\A0029115.dll Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{121AA659-A550-47AB-8AE3-B577D59957E3}\RP701\A0029119.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
We will clean these last so we only have to reset system restore one time.

C:\WINDOWS\system32\drvguh.dll <<< delete that file

I am having a hard time seeing what is infected in this area:
C:\Gemmology\Mail\Inbox/ see some of it:
Infected: Email-Worm.VBS.Scrapworm
Exploit.HTML.Iframe.FileDownload

Look at the junk yourself. Why is this stuff being stored on your computer? I suggest you delete all of it and you may want to start with this folder:
C:\Gemmology\ <<< I have no idea what it is?

Once you clean out the junk and do what I posted above, run another scan and post it.

lizrussell
2007-08-24, 02:26
I cant delete the gemmology file because it is our business so what should I do?

pskelley
2007-08-24, 02:32
Good luck to you, you can follow each of those items and try to figure out which file is infected using these scanners if you wish:
http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustotal.com/

I can post programs that may remove the infected files? I have not run into this item before?

Give this one a try to see what happens:

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found: http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

lizrussell
2007-08-24, 17:30
A0029115.dll;C:\System Volume Information\_restore{121AA659-A550-47AB-8AE3-B577D59957E3}\RP701;Trojan.Mezzia;Deleted.;
A0029119.exe;C:\System Volume Information\_restore{121AA659-A550-47AB-8AE3-B577D59957E3}\RP701;Adware.ClickSpring;Incurable.Moved.;
A0029232.dll;C:\System Volume Information\_restore{121AA659-A550-47AB-8AE3-B577D59957E3}\RP701;Trojan.Virtumod.206;Deleted.;
A0029260.dll;C:\System Volume Information\_restore{121AA659-A550-47AB-8AE3-B577D59957E3}\RP703;Trojan.Virtumod;Deleted.;

pskelley
2007-08-24, 17:40
If that is all it impacted, then you still have problems. System Restore files can be cleaned simply by turning off System Restore, rebooting the computer and turning System Restore back on. I do this routinely at the end of each clean up.

You problem is not System Restore, it is what appears to be infected email in the program I showed you. If SrWeb did not clean those, and it is one of the better scanners, then I really don't know what to suggest. I can post more scans but there is a good chance you will run into the same issues with each one??? And I can not say that for sure.

What I suggest is that you use the tools and information I have provided and manually remove the infected (suspecious) items from your computer.

For instance:
C:\Gemmology\Mail\Inbox/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sat, 17 Jun 2000 15:12:47 EST]/text/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sun, 18 Jun 2000 23:28:12 EST]/UNNAMED/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sun, 18 Jun 2000 23:23:47 EST]/UNNAMED/[From "ross mcnally" <rosco1352@hotmail.com>][Date Sun, 18 Jun 2000 23:34:35 EST]/UNNAMED/[From ray.thom ... /[From Marilyn Healy <Marilyn.Healy@kraken.itc.gu.edu.au>][Date Tue, 20 Jun 2000 11:09:20 +1000]/LIFE_STAGES.TXT.SHS Infected: Email-Worm.VBS.Scrapworm skipped
I do not know this program and I am only guessing, but my guess would be that in this case, the email in red is infected and needs to be deleted.

I would proceed one by one until a Kaspersky scan indicates no infections other that System Restore. At that point we would clean those files.


Thanks

pskelley
2007-09-01, 15:37
No response in over a week, topic is closed.

Thanks