PDA

View Full Version : Viruses in My Network Drive???



GaryB927
2008-01-26, 01:01
You'll get a kick out of this one...

My home network consists of this desktop (hardwired to a router), a laptop (wireless to the same router), a printer (with a card reader; Drive Z) and a Maxtor 300 GB network drive also hanging off the router. In doing a Kaspersky scan on my laptop (which took 12 hours), it also scanned the mapped drives on the Maxtor and found TONS of bad stuff. The Maxtor contains mirrored volumes for both the laptop and the desktop. How should we go about handling that situation? I'm afraid we might just be continuously vulnerable to attacks from the network drive.

What do you think? Please see my other recent thread for background on the desktop side. Logs follow...

GaryB927
2008-01-26, 01:02
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:53:13 PM, on 1/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\act\act for windows\act.scheduler.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Lighthouse\uploadservice.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Maxtor\Maxtor Quick Start\msssort.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\ACT\ACT for Windows\Act.Scheduler.UI.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://quotes.nasdaq.com/quote.dll?mode=stock&page=quick&symbol=wye&symbol=csco&symbol=&symbol=&symbol=&symbol=&symbol=&symbol=&symbol=&symbol=&selected=wye
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [mssSort] C:\Program Files\Maxtor\Maxtor Quick Start\msssort.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ACTSchedulerUI] "C:\Program Files\ACT\ACT for Windows\Act.Scheduler.UI.exe" -Dfalse
O4 - HKLM\..\Run: [Act! Preloader] "C:\Program Files\ACT\ACT for Windows\Act8.exe" -stayrunning
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PartyGammonNet - {42ABEA80-798C-4236-B90C-4091EC0927BA} - C:\Program Files\PartyGaming.net\PartyGammonNet\RunPartyGammonNet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyGammonNet - {42ABEA80-798C-4236-B90C-4091EC0927BA} - C:\Program Files\PartyGaming.net\PartyGammonNet\RunPartyGammonNet.exe (file missing)
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.cismcare.net
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190063697265
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190065209218
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ACT! Scheduler - Sage Software SB, Inc - c:\program files\act\act for windows\act.scheduler.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Inspector Lounge Transfer Service (ILTransferSvc) - Unknown owner - C:\Program Files\Lighthouse\uploadservice.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 10048 bytes

GaryB927
2008-01-26, 01:05
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, January 25, 2008 1:34:30 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 25/01/2008
Kaspersky Anti-Virus database records: 531830
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
L:\
X:\
Y:\
Z:\

Scan Statistics:
Total number of scanned objects: 239749
Number of viruses found: 24
Number of infected objects: 98
Number of suspicious objects: 24
Duration of the scan process: 11:59:10

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\VISIO\catalog.wci\00000002.ps1 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\VISIO\catalog.wci\00000002.ps2 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\VISIO\catalog.wci\00010003.ci Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\VISIO\catalog.wci\cicat.fid Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\VISIO\catalog.wci\cicat.hsh Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\VISIO\catalog.wci\CiCL0001.000 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\VISIO\catalog.wci\CiP10000.000 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\VISIO\catalog.wci\CiP20000.000 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\VISIO\catalog.wci\CiPT0000.000 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\VISIO\catalog.wci\CiSL0001.000 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\VISIO\catalog.wci\CiSP0000.000 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\VISIO\catalog.wci\CiST0000.000 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\VISIO\catalog.wci\CiVP0000.000 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\VISIO\catalog.wci\INDEX.000 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\VISIO\catalog.wci\propstor.bk1 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\VISIO\catalog.wci\propstor.bk2 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Common Client\ccSubSDK\submissions.idx Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Common Client\settings.DAT Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Common Client\volatile.DAT Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Common Client\{550DF1A9-5C33-44D0-894E-B69E43F42A8B}.DAT Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Common Client\{BFF52923-2E03-47CA-B89E-0D2F29A4E315}.DAT Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Common Client\{DFDC8B18-F2F1-4C15-877D-C9BC855727C0}.DAT Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Common Client\{FEEAEE71-2D41-444A-B30B-BCC2198E64A8}.DAT Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\LiveUpdate\2008-01-24_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\Shl_{10CBA514-B2CD-45DB-AEA6-B4FF3D1CAC4C}.ldb Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\Shl_{10CBA514-B2CD-45DB-AEA6-B4FF3D1CAC4C}.sds Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtETmp\285960D0.TMP Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtETmp\5A65D020.TMP Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT\ACT for Windows\Email\ActEmailMessageStore.mdf Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT\ACT for Windows\Email\ActEmailMessageStoreLog.LDF Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT\ACT for Windows 8\Databases\ACT8Demo.ADF Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT\ACT for Windows 8\Databases\ACT8Demo.ALF Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT\ACT for Windows 8\Databases\Judy_Diamond_Prospects_II.ADF Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT\ACT for Windows 8\Databases\Judy_Diamond_Prospects_II.ALF Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT\ACT for Windows 8\Databases\Laptop.ADF Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Documents\ACT\ACT for Windows 8\Databases\Laptop.ALF Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner.LAPTOP\Application Data\Symantec\NPMDataStore\CIMStore.xml Object is locked skipped
C:\Documents and Settings\Owner.LAPTOP\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner.LAPTOP\Local Settings\Application Data\ApplicationHistory\Act.Scheduler.UI.exe.af9dcef5.ini.inuse Object is locked skipped
C:\Documents and Settings\Owner.LAPTOP\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Owner.LAPTOP\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner.LAPTOP\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner.LAPTOP\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner.LAPTOP\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Owner.LAPTOP\Local Settings\Temp\~DFBD5F.tmp Object is locked skipped
C:\Documents and Settings\Owner.LAPTOP\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Owner.LAPTOP\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner.LAPTOP\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner.LAPTOP\NTUSER.DAT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\ProgramData\Electronic Arts\EADM\cache\logs\Core.html Object is locked skipped

GaryB927
2008-01-26, 01:06
C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped
C:\System Volume Information\catalog.wci\00010007.ci Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped
C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{6BE8E33F-32C5-454A-BB61-54493853CD67}\RP167\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{205335DE-2B49-4D97-B26E-04C12586C99E}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\JETB640.tmp Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_718.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
X:\realvnc\othread2.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
X:\realvnc\WinVNC\othread2.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
X:\RECYCLER\S-1-5-21-3231475185-1900677007-1263468895-1005\Dc324.exe/vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
X:\RECYCLER\S-1-5-21-3231475185-1900677007-1263468895-1005\Dc324.exe 7-Zip: infected - 1 skipped
X:\RECYCLER\S-1-5-21-3231475185-1900677007-1263468895-1005\Dc324.exe UPX: infected - 1 skipped
X:\Documents and Settings\Gary\Local Settings\Temp\7zS285.tmp\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
X:\Documents and Settings\Gary\Local Settings\Temp\7zS28C.tmp\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/30 Jan 2004 22:31 from MAILER-DAEMON@qmail.exim.org:failure noti.eml/[From serg@gbedrosian.com][Date Fri, 30 Jan 2004 17:33:32 -0500]/UNNAMED/body.pif Infected: Email-Worm.Win32.Mydoom.a skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/30 Jan 2004 22:31 from MAILER-DAEMON@qmail.exim.org:failure noti.eml/[From serg@gbedrosian.com][Date Fri, 30 Jan 2004 17:33:32 -0500]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/30 Jan 2004 22:31 from MAILER-DAEMON@qmail.exim.org:failure noti.eml Infected: Email-Worm.Win32.Mydoom.a skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/30 Jan 2004 15:37 from MAILER-DAEMON@qmail.exim.org:failure noti.eml/[From stan@gbedrosian.com][Date Fri, 30 Jan 2004 10:39:40 -0500]/UNNAMED/document.zip/document.scr Infected: Email-Worm.Win32.Mydoom.a skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/30 Jan 2004 15:37 from MAILER-DAEMON@qmail.exim.org:failure noti.eml/[From stan@gbedrosian.com][Date Fri, 30 Jan 2004 10:39:40 -0500]/UNNAMED/document.zip Infected: Email-Worm.Win32.Mydoom.a skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/30 Jan 2004 15:37 from MAILER-DAEMON@qmail.exim.org:failure noti.eml/[From stan@gbedrosian.com][Date Fri, 30 Jan 2004 10:39:40 -0500]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/30 Jan 2004 15:37 from MAILER-DAEMON@qmail.exim.org:failure noti.eml Infected: Email-Worm.Win32.Mydoom.a skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/16 Apr 2004 21:53 from mailer-daemon@groups.msn.com:Your e-mail /16 Apr 2004 21:49 to grassroots2003@groups.msn.com:Mail Delivery.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/15 Apr 2004 20:05 from MAILER-DAEMON@mail.supremecenter.com:fail.eml/[From garyb@networkersnet.com][Date Tue, 15 Jun 2004 11:24:15 -0400]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/15 Apr 2004 20:05 from MAILER-DAEMON@mail.supremecenter.com:fail.eml/[From garyb@networkersnet.com][Date Tue, 15 Jun 2004 11:24:15 -0400]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/15 Apr 2004 20:05 from MAILER-DAEMON@mail.supremecenter.com:fail.eml/[From garyb@networkersnet.com][Date Tue, 15 Jun 2004 11:24:15 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/15 Apr 2004 20:05 from MAILER-DAEMON@mail.supremecenter.com:fail.eml Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/27 Apr 2004 17:06 from MAILER-DAEMON@smtpout-1-1d.secureserver.n.eml/[From "Bedrosian & Associates" <gary@gbedrosian.com>][Date Tue, 27 Apr 2004 13:06:06 -0400]/UNNAMED/clientsupport.zip/clientsupport.exe/data.rar/realvnc/othread2.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/27 Apr 2004 17:06 from MAILER-DAEMON@smtpout-1-1d.secureserver.n.eml/[From "Bedrosian & Associates" <gary@gbedrosian.com>][Date Tue, 27 Apr 2004 13:06:06 -0400]/UNNAMED/clientsupport.zip/clientsupport.exe/data.rar/realvnc/WinVNC/othread2.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/27 Apr 2004 17:06 from MAILER-DAEMON@smtpout-1-1d.secureserver.n.eml/[From "Bedrosian & Associates" <gary@gbedrosian.com>][Date Tue, 27 Apr 2004 13:06:06 -0400]/UNNAMED/clientsupport.zip/clientsupport.exe/data.rar Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/27 Apr 2004 17:06 from MAILER-DAEMON@smtpout-1-1d.secureserver.n.eml/[From "Bedrosian & Associates" <gary@gbedrosian.com>][Date Tue, 27 Apr 2004 13:06:06 -0400]/UNNAMED/clientsupport.zip/clientsupport.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/27 Apr 2004 17:06 from MAILER-DAEMON@smtpout-1-1d.secureserver.n.eml/[From "Bedrosian & Associates" <gary@gbedrosian.com>][Date Tue, 27 Apr 2004 13:06:06 -0400]/UNNAMED/clientsupport.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/27 Apr 2004 17:06 from MAILER-DAEMON@smtpout-1-1d.secureserver.n.eml/[From "Bedrosian & Associates" <gary@gbedrosian.com>][Date Tue, 27 Apr 2004 13:06:06 -0400]/UNNAMED Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/27 Apr 2004 17:06 from MAILER-DAEMON@smtpout-1-1d.secureserver.n.eml Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/27 Apr 2004 17:02 from MAILER-DAEMON@smtpout-1-2d.secureserver.n.eml/[From "Bedrosian & Associates" <gary@gbedrosian.com>][Date Tue, 27 Apr 2004 13:01:24 -0400]/UNNAMED/clientsupport.zip/clientsupport.exe/data.rar/realvnc/othread2.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/27 Apr 2004 17:02 from MAILER-DAEMON@smtpout-1-2d.secureserver.n.eml/[From "Bedrosian & Associates" <gary@gbedrosian.com>][Date Tue, 27 Apr 2004 13:01:24 -0400]/UNNAMED/clientsupport.zip/clientsupport.exe/data.rar/realvnc/WinVNC/othread2.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/27 Apr 2004 17:02 from MAILER-DAEMON@smtpout-1-2d.secureserver.n.eml/[From "Bedrosian & Associates" <gary@gbedrosian.com>][Date Tue, 27 Apr 2004 13:01:24 -0400]/UNNAMED/clientsupport.zip/clientsupport.exe/data.rar Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/27 Apr 2004 17:02 from MAILER-DAEMON@smtpout-1-2d.secureserver.n.eml/[From "Bedrosian & Associates" <gary@gbedrosian.com>][Date Tue, 27 Apr 2004 13:01:24 -0400]/UNNAMED/clientsupport.zip/clientsupport.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/27 Apr 2004 17:02 from MAILER-DAEMON@smtpout-1-2d.secureserver.n.eml/[From "Bedrosian & Associates" <gary@gbedrosian.com>][Date Tue, 27 Apr 2004 13:01:24 -0400]/UNNAMED/clientsupport.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/27 Apr 2004 17:02 from MAILER-DAEMON@smtpout-1-2d.secureserver.n.eml/[From "Bedrosian & Associates" <gary@gbedrosian.com>][Date Tue, 27 Apr 2004 13:01:24 -0400]/UNNAMED Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/27 Apr 2004 17:02 from MAILER-DAEMON@smtpout-1-2d.secureserver.n.eml Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/20 Apr 2004 19:31 from Stephen Sewall:Client Support Files/clientsupport.exe/data.rar/realvnc/othread2.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/20 Apr 2004 19:31 from Stephen Sewall:Client Support Files/clientsupport.exe/data.rar/realvnc/WinVNC/othread2.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/20 Apr 2004 19:31 from Stephen Sewall:Client Support Files/clientsupport.exe/data.rar Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/20 Apr 2004 19:31 from Stephen Sewall:Client Support Files/clientsupport.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/02 Aug 2004 17:41 from US Bank:U.S. Bank updates..rtf Infected: Trojan-Spy.HTML.Usbankfraud.i skipped

GaryB927
2008-01-26, 01:07
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/09 Aug 2004 18:32 from Glassdon:/price2.zip/price.html Infected: Exploit.HTML.CodeBaseExec skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/09 Aug 2004 18:32 from Glassdon:/price2.zip/price/price.exe Infected: Email-Worm.Win32.Bagle.al skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/09 Aug 2004 18:32 from Glassdon:/price2.zip Infected: Email-Worm.Win32.Bagle.al skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/09 Aug 2004 18:32 from Gary:/price2.zip/price.html Infected: Exploit.HTML.CodeBaseExec skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/09 Aug 2004 18:32 from Gary:/price2.zip/price/price.exe Infected: Email-Worm.Win32.Bagle.al skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/09 Aug 2004 18:32 from Gary:/price2.zip Infected: Email-Worm.Win32.Bagle.al skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/08 Aug 2004 14:32 from U.S. Bank:U.S. Bank: IMPORTANT NOTIFICATI.rtf Infected: Trojan-Spy.HTML.Usbankfraud.a skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/31 Aug 2004 22:17 from Alan.johnson:foto/foto.zip/foto.htm Infected: Exploit.HTML.CodeBaseExec skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/31 Aug 2004 22:17 from Alan.johnson:foto/foto.zip Infected: Exploit.HTML.CodeBaseExec skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/09 Sep 2004 17:49 from Citi:Citibank: Urgent Security Notificati.rtf Infected: Trojan-Spy.HTML.Citifraud.ae skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/08 Sep 2004 21:46 from jim@trainingedge.com:Mail Delivery (failu.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/08 Sep 2004 16:36 from info@getwebdd.com:Mail Delivery (failure .rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/07 Sep 2004 21:04 from tedtay@newfrontiers.com.sg:Mail Delivery .rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/02 Oct 2004 01:53 from Smith Barney:Please Read This Message [Sa.rtf Infected: Trojan-Spy.HTML.Smitfraud.c skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/02 Oct 2004 02:51 from albn62@aol.com:Mail Delivery (failure gar.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/01 Oct 2004 18:52 from ptdonovan@aol.com:Mail Delivery (failure .rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/29 Sep 2004 23:33 from renville@astound.net:Mail Delivery (failu.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/29 Sep 2004 23:33 from renville@astound.net:Mail Delivery (failu/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/29 Sep 2004 18:36 from john@johnpillow.com:Mail Delivery (failur.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/28 Sep 2004 17:12 from troy@rooney-eng.com:Mail Delivery (failur.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/28 Sep 2004 10:36 from CitiBank:CitiBank: urgent security notifi.rtf Infected: Trojan-Spy.HTML.Citifraud.ai skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/24 Sep 2004 19:15 from scott.choate@earthlink.net:Mail Delivery .rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/22 Sep 2004 04:36 from Citizens Bank:URGENT SECURITY NOTIFICATIO.rtf Infected: Trojan-Spy.HTML.Citifraud.ai skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/20 Oct 2004 03:19 from CITI:Customer Service: Your Account In Ci.rtf Infected: Trojan-Spy.HTML.Citifraud.bc skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/13 Oct 2004 15:45 from nonisnors@comcast.net:Mail Delivery (fail.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/12 Oct 2004 21:36 from kwoomer@uplink.net:Mail Delivery (failure.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/12 Oct 2004 02:06 from pazgreeneyes543@aol.com:Mail Delivery (fa.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/06 Oct 2004 16:38 from awrobbins@worldnet.att.net:Mail Delivery .rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/01 Dec 2004 19:35 from Citizens Bank:Citizens Bank: Please Confi.rtf Infected: Trojan-Spy.HTML.Citifraud.ai skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/08 Jan 2005 15:37 from Smith Barney:Protect Your Smith Barney Ac.rtf Infected: Trojan-Spy.HTML.Smitfraud.a skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/27 Jan 2005 20:56 from 3Dgary@gbedrosian.com:Is delivered mail/upd02.com Infected: Email-Worm.Win32.Bagle.ba skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/28 Jan 2005 03:11 from 3Dgary@gbedrosian.com:Delivery service ma/upd02.exe Infected: Email-Worm.Win32.Bagle.ba skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/28 Jan 2005 09:39 from 3Dgary@gbedrosian.com:Registration is acc/siupd02.scr Infected: Email-Worm.Win32.Bagle.ba skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/27 Jan 2005 09:42 from 3Dgary@gbedrosian.com:Is delivered mail/guupd02.scr Infected: Email-Worm.Win32.Bagle.ay skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/26 Jan 2005 19:54 from 3Dgary@gbedrosian.com:Delivery service ma/Jol03.scr Infected: Email-Worm.Win32.Bagle.ax skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/08 Feb 2005 05:50 from Smith@host225.ipowerweb.com:*****SPAM****/08 Feb 2005 05:50 to gary@gbedrosian.com:Banking MaiI From Smith.rtf Infected: Trojan-Spy.HTML.Smitfraud.c skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/14 Mar 2005 14:19 from francesconfldyno@1st.net:*****SPAM***** M/14 Mar 2005 14:19 to newsletter@gbedrosian.com:Mail Delivery (fa.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/03 Mar 2005 09:05 from Regions & Union Planters:*****SPAM***** R/03 Mar 2005 09:05 to gary@gbedrosian.com:Regions Bank: Your Acco.rtf Infected: Trojan-Spy.HTML.Bankfraud.dq skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/28 Mar 2005 04:13 from Regions Bank:*****SPAM***** Please Read T/28 Mar 2005 04:12 from Regions Bank:Please Read This Message.rtf Infected: Trojan-Spy.HTML.Bankfraud.ci skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/18 Mar 2005 19:10 from john.doe@somewhere.com:*****SPAM***** Mai/18 Mar 2005 19:10 to newsletter@gbedrosian.com:Mail Delivery (fa.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/17 Mar 2005 14:01 from skkitching@yahoo.com:*****SPAM***** Mail /17 Mar 2005 14:00 to newsletter@gbedrosian.com:Mail Delivery (fa.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/16 Mar 2005 14:12 from theabradford@hotmail.com:*****SPAM***** M/16 Mar 2005 14:12 to newsletter@gbedrosian.com:Mail Delivery (fa.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/16 Mar 2005 19:28 from durkinm@alicedaypeck.org:*****SPAM***** M/16 Mar 2005 19:28 to newsletter@gbedrosian.com:Mail Delivery (fa.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/15 Mar 2005 14:48 from asserman@iname.com:*****SPAM***** Mail De/15 Mar 2005 14:48 to newsletter@gbedrosian.com:Mail Delivery (fa.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/05 Apr 2005 08:53 from jobs@ajb.com:GOOD DAY/readme.exe Infected: Net-Worm.Win32.Mytob.q skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/04 Jun 2005 00:01 from MAILER-DAEMON@host225.ipowerweb.com:failu.eml/[From info@gbedrosian.com][Date Fri, 3 Jun 2005 20:05:53 -0400]/UNNAMED/info-text.zip/info-text.htm .exe Infected: Net-Worm.Win32.Mytob.be skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/04 Jun 2005 00:01 from MAILER-DAEMON@host225.ipowerweb.com:failu.eml/[From info@gbedrosian.com][Date Fri, 3 Jun 2005 20:05:53 -0400]/UNNAMED/info-text.zip Infected: Net-Worm.Win32.Mytob.be skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/04 Jun 2005 00:01 from MAILER-DAEMON@host225.ipowerweb.com:failu.eml/[From info@gbedrosian.com][Date Fri, 3 Jun 2005 20:05:53 -0400]/UNNAMED Infected: Net-Worm.Win32.Mytob.be skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/04 Jun 2005 00:01 from MAILER-DAEMON@host225.ipowerweb.com:failu.eml Infected: Net-Worm.Win32.Mytob.be skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/29 Jul 2005 00:51 from eBay Inc:*****SPAM***** eBay: Urgent Secu/29 Jul 2005 00:51 to gary@gbedrosian.com:eBay: Urgent Security N.html Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/16 Aug 2005 17:54 from Mail Delivery System:Mail delivery failed.eml/[From "Gary" <gary@gbedrosian.com>][Date Fri, 12 Aug 2005 12:04:23 -0600]/UNNAMED/UNNAMED/[From "Gary" <gary@gbedrosian.com>][Date Fri, 12 Aug 2005 12:04:23 -0600]/The_reporting_of_taxes.zip/Taxes.exe Infected: Email-Worm.Win32.Bagle.bq skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/16 Aug 2005 17:54 from Mail Delivery System:Mail delivery failed.eml/[From "Gary" <gary@gbedrosian.com>][Date Fri, 12 Aug 2005 12:04:23 -0600]/UNNAMED/UNNAMED/[From "Gary" <gary@gbedrosian.com>][Date Fri, 12 Aug 2005 12:04:23 -0600]/The_reporting_of_taxes.zip Infected: Email-Worm.Win32.Bagle.bq skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/16 Aug 2005 17:54 from Mail Delivery System:Mail delivery failed.eml/[From "Gary" <gary@gbedrosian.com>][Date Fri, 12 Aug 2005 12:04:23 -0600]/UNNAMED/UNNAMED Infected: Email-Worm.Win32.Bagle.bq skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/16 Aug 2005 17:54 from Mail Delivery System:Mail delivery failed.eml/[From "Gary" <gary@gbedrosian.com>][Date Fri, 12 Aug 2005 12:04:23 -0600]/UNNAMED Infected: Email-Worm.Win32.Bagle.bq skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/16 Aug 2005 17:54 from Mail Delivery System:Mail delivery failed.eml Infected: Email-Worm.Win32.Bagle.bq skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/16 Sep 2005 23:04 from Mail Delivery System:Mail delivery failed.eml/[From "Gary" <gary@gbedrosian.com>][Date Mon, 12 Sep 2005 17:09:20 -0600]/UNNAMED/UNNAMED/[From "Gary" <gary@gbedrosian.com>][Date Mon, 12 Sep 2005 17:09:20 -0600]/price2.zip/1.cpl Infected: Email-Worm.Win32.Bagle.cs skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/16 Sep 2005 23:04 from Mail Delivery System:Mail delivery failed.eml/[From "Gary" <gary@gbedrosian.com>][Date Mon, 12 Sep 2005 17:09:20 -0600]/UNNAMED/UNNAMED/[From "Gary" <gary@gbedrosian.com>][Date Mon, 12 Sep 2005 17:09:20 -0600]/price2.zip Infected: Email-Worm.Win32.Bagle.cs skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/16 Sep 2005 23:04 from Mail Delivery System:Mail delivery failed.eml/[From "Gary" <gary@gbedrosian.com>][Date Mon, 12 Sep 2005 17:09:20 -0600]/UNNAMED/UNNAMED Infected: Email-Worm.Win32.Bagle.cs skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/16 Sep 2005 23:04 from Mail Delivery System:Mail delivery failed.eml/[From "Gary" <gary@gbedrosian.com>][Date Mon, 12 Sep 2005 17:09:20 -0600]/UNNAMED Infected: Email-Worm.Win32.Bagle.cs skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/16 Sep 2005 23:04 from Mail Delivery System:Mail delivery failed.eml Infected: Email-Worm.Win32.Bagle.cs skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Sent Items/27 Apr 2004 17:17 to 'Ted Castonguay':Emailing: clientsupport.zi/clientsupport.zip/clientsupport.exe/data.rar/realvnc/othread2.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Sent Items/27 Apr 2004 17:17 to 'Ted Castonguay':Emailing: clientsupport.zi/clientsupport.zip/clientsupport.exe/data.rar/realvnc/WinVNC/othread2.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Sent Items/27 Apr 2004 17:17 to 'Ted Castonguay':Emailing: clientsupport.zi/clientsupport.zip/clientsupport.exe/data.rar Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Sent Items/27 Apr 2004 17:17 to 'Ted Castonguay':Emailing: clientsupport.zi/clientsupport.zip/clientsupport.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped

GaryB927
2008-01-26, 01:08
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Sent Items/27 Apr 2004 17:17 to 'Ted Castonguay':Emailing: clientsupport.zi/clientsupport.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Sent Items/24 Apr 2004 14:30 to 'tnjbates@metrocast.net':Emailing: clientsu/clientsupport.zip/clientsupport.exe/data.rar/realvnc/othread2.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Sent Items/24 Apr 2004 14:30 to 'tnjbates@metrocast.net':Emailing: clientsu/clientsupport.zip/clientsupport.exe/data.rar/realvnc/WinVNC/othread2.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Sent Items/24 Apr 2004 14:30 to 'tnjbates@metrocast.net':Emailing: clientsu/clientsupport.zip/clientsupport.exe/data.rar Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Sent Items/24 Apr 2004 14:30 to 'tnjbates@metrocast.net':Emailing: clientsu/clientsupport.zip/clientsupport.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Sent Items/24 Apr 2004 14:30 to 'tnjbates@metrocast.net':Emailing: clientsu/clientsupport.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\archive.pst Mail MS Mail: infected - 77, suspicious - 24 skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/Associates/23 Apr 2004 15:52 from Stephen Sewall:Zipped Client Support File/clientsupport.zip/clientsupport.exe/data.rar/realvnc/othread2.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/Associates/23 Apr 2004 15:52 from Stephen Sewall:Zipped Client Support File/clientsupport.zip/clientsupport.exe/data.rar/realvnc/WinVNC/othread2.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/Associates/23 Apr 2004 15:52 from Stephen Sewall:Zipped Client Support File/clientsupport.zip/clientsupport.exe/data.rar Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/Associates/23 Apr 2004 15:52 from Stephen Sewall:Zipped Client Support File/clientsupport.zip/clientsupport.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/Associates/23 Apr 2004 15:52 from Stephen Sewall:Zipped Client Support File/clientsupport.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
X:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Mail MS Mail: infected - 5 skipped
X:\Documents and Settings\Gary\My Documents\Files from Desktop\Outlook.pst/Personal Folders/Deleted Items/26 Jul 2004 22:04 from U.S. Bank:[Norton AntiSpam] Important acc.rtf Infected: Trojan-Spy.HTML.Usbankfraud.p skipped
X:\Documents and Settings\Gary\My Documents\Files from Desktop\Outlook.pst/Personal Folders/Sent Items/12 Oct 2004 20:03 to 'ios@verizon.net':/clientsupport.zip/clientsupport.exe/data.rar/realvnc/othread2.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
X:\Documents and Settings\Gary\My Documents\Files from Desktop\Outlook.pst/Personal Folders/Sent Items/12 Oct 2004 20:03 to 'ios@verizon.net':/clientsupport.zip/clientsupport.exe/data.rar/realvnc/WinVNC/othread2.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
X:\Documents and Settings\Gary\My Documents\Files from Desktop\Outlook.pst/Personal Folders/Sent Items/12 Oct 2004 20:03 to 'ios@verizon.net':/clientsupport.zip/clientsupport.exe/data.rar Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
X:\Documents and Settings\Gary\My Documents\Files from Desktop\Outlook.pst/Personal Folders/Sent Items/12 Oct 2004 20:03 to 'ios@verizon.net':/clientsupport.zip/clientsupport.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
X:\Documents and Settings\Gary\My Documents\Files from Desktop\Outlook.pst/Personal Folders/Sent Items/12 Oct 2004 20:03 to 'ios@verizon.net':/clientsupport.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
X:\Documents and Settings\Gary\My Documents\Files from Desktop\Outlook.pst Mail MS Mail: infected - 6 skipped

Scan process completed.