jamierooney
2008-04-16, 00:50
Hi there,
Having terrible trouble removing the last traces of Malware from my machine.....
I am a software tester so should be able to cope with the technical suggestions... hopefully :red:
Heres the HJT log and then followed by the Kaspersky online scanner log.... hope you guys can help me out.
*******************HJT log****************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:41:33, on 15/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\FarStone\DriveClone Pro\CBP\DCSchdler.exe
C:\Program Files\FarStone\DriveClone Pro\EFB\efbfs.exe
C:\Program Files\FarStone\DriveClone Pro\fsloader.exe
C:\Program Files\FarStone\DriveClone Pro\EFB\EfbSchedule.exe
C:\Program Files\FarStone\DriveClone Pro\VerChk.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\FileZilla Server\FileZilla Server Interface.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\ZSSnp211.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Creative\Prodikeys PC-MIDI\HotKeysManager\HKManager.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\hszmvuhm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Symantec AntiVirus\vpc32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\HPZipm12.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F3 - REG:win.ini: load=C:\WINDOWS\system32\svchost.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DVD43] C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe /hidden
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CTHotKeys] "C:\Program Files\Creative\Prodikeys PC-MIDI\HotKeysManager\HKManager.exe" -STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [46e7d122] rundll32.exe "C:\WINDOWS\system32\pweagkyh.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BayGenie] "C:\Program Files\BayGenie\ProEdition\BayGenie.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [zhoueqpw] C:\WINDOWS\system32\hszmvuhm.exe
O4 - HKLM\..\Policies\Explorer\Run: [dNLx4gHe22] C:\Documents and Settings\All Users\Application Data\zkfkjcle\vgfyfgjo.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O21 - SSODL: mgsvflkw - {26F9814E-445F-40F8-81B9-9B577010ECA8} - C:\WINDOWS\mgsvflkw.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DriveClone Scheduler (DCScheduler) - Unknown owner - C:\Program Files\FarStone\DriveClone Pro\CBP\DCSchdlerSRVC.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Restore FarStone File Event Manager (efbfs) - FarStone Technology, Inc. - C:\Program Files\FarStone\DriveClone Pro\EFB\efbfs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FarStone RestoreIT Loader - Unknown owner - C:\Program Files\FarStone\DriveClone Pro\fsloader.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 15065 bytes
**********************************************************
*****************Kaspersky online AV scan log*******************
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, April 15, 2008 10:30:41 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/04/2008
Kaspersky Anti-Virus database records: 707202
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
F:\
G:\
H:\
I:\
J:\
Y:\
Scan Statistics:
Total number of scanned objects: 127140
Number of viruses found: 19
Number of infected objects: 111
Number of suspicious objects: 0
Duration of the scan process: 02:54:02
Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\isuwnuba.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\xqvrfcka.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\rqgexrtf.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\qfmhrpor.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.nvf skipped
C:\WINDOWS\system32\nnnmkIcB.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.nmz skipped
C:\WINDOWS\Temp\regkern.log Object is locked skipped
C:\WINDOWS\Temp\wrt63sec.log Object is locked skipped
C:\WINDOWS\Temp\hdlog.log Object is locked skipped
C:\WINDOWS\Temp\JET589A.tmp Object is locked skipped
C:\WINDOWS\Temp\JET94.tmp Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\dclog.bin Object is locked skipped
C:\WINDOWS\dcdisk0_0 Object is locked skipped
C:\WINDOWS\mgsvflkw.dll Infected: not-a-virus:AdWare.Win32.Vapsup.dxb skipped
C:\WINDOWS\qdnkewfa.dll Infected: not-a-virus:AdWare.Win32.Vapsup.dxg skipped
C:\WINDOWS\temlxopqdrf.dll Infected: not-a-virus:AdWare.Win32.Vapsup.dxe skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-04122008-190054.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17A40000\57ED1A72.VBN Infected: Worm.Win32.Perlovga.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17A40001\57ED1AC9.VBN Infected: Trojan-Dropper.Win32.Small.apl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D640000\4FE50692.VBN Infected: Worm.Win32.Perlovga.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D640001\4FE506E5.VBN Infected: Trojan-Dropper.Win32.Small.apl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\jamie\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Temp\data.p1 Infected: Trojan-Spy.Win32.AutoIt.a skipped
C:\Documents and Settings\jamie\Local Settings\Temp\~DFBBB5.tmp Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Temp\ngyoysed.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\Documents and Settings\jamie\Local Settings\Temp\~DF5C4A.tmp Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Temp\~DF5EFF.tmp Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Temp\Perflib_Perfdata_c40.dat Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Temp\~DF847D.tmp Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Temp\~DF87DB.tmp Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\History\History.IE5\MSHist012008041520080416\index.dat Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Temporary Internet Files\Content.IE5\D39N3FN2\zrt20080408[1] Infected: Trojan.Win32.KillAV.rf skipped
C:\Documents and Settings\jamie\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Microsoft\Windows Live Contacts\rhythm_n_blues_man@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Microsoft\Windows Live Contacts\rhythm_n_blues_man@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{00CD9865-A68A-4D8C-8E41-7AA19FAD55C5} Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\dbeam Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\dbeao Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\dbdam Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\dbdao Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\dbm Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\fii.cf1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\rpm.cf1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\rpm1mh.ht1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\rpm1m.cf1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\hp Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\fiih.ht1 Object is locked skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ... /[Fr ... /[From ... /[From no@eircom.net][Date Sat, 21 Aug 2004 10: ... /my_details.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UN ... /[From "" Elnora Morrow ... /[From service@darklite.ie][Date Mon, 02 May ... /account_info-text.zip Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UN ... /[From "" Elnora Morrow ... /[From service@darklite.ie][Date Mon, 02 May 2005 16:51:26 GMT]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UN ... /[From "" Elnora Morrow "" <mikefishink@fishhoo.com>][Date Tue, 22 Mar 2005 12:28:50 +0600]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/ ... /[From "Miss Herrera" <davidblack@netster.com>][Date Mon, 25 Oct 2004 15:53:50 +0300]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ... / ... /[From siobhan_mckenna@hotmail.com][Date Mon, 23 Aug 2004 12:15:21 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ... / ... /[From cormacmonaghan@hotmail.com][Date Mon, 23 Aug 2004 12:15:20 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ... / .. ... /[From admin@z1.adserver[1].txt][Date Sun, 22 Aug 2004 13:44:57 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ... / ... /[From zhrqssaegxer@bfhpzrzigco.kw][Date Sun, 22 Aug 2004 13:44:57 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ... / ... /[From 0003fd43@mc8-f15.hotmail.com][Date Sat, 21 Aug 2004 17:09:30 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ... / ... /[From sboose@handshakedynamics.com][Date Sat, 21 Aug 2004 17:09:30 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ... /[Fr ... /[F ... /[From dderek@eircom.net][Date Sat, 21 Aug 2004 10:07:56 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ... /[Fr ... /[From ... /[From no@eircom.net][Date Sat, 21 Aug 2004 10:07:56 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ... /[Fr ... /[From Quarantine@icap.com][Date Sun, 15 Aug 2004 10:31:59 +0100 (BST)]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ... /[From reservation@accomodationdublin.com][Date Tue, 10 Aug 2004 12:42:24 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballin .. ... ... /[From mvkarney@eircom.net][Date Tue, 10 Aug 2004 12:42:22 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballin .. ... /[From ... /[From 00a@eircom.net][Date Mon, 9 Aug 2004 09:37:07 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballin .. ... /[From dubtour@dublintourist.com][Date Mon, 9 Aug 2004 09:37:06 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballin ... ... / . ... /[From tara@intrepid.ie][Date Sun, 8 Aug 2004 19:16:21 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballin ... ... / ... /[From lleahy6@eircom.net][Date Sun, 8 Aug 2004 19:16:21 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballin ... ... /[From ildiko.szabo@nkom.gov.hu][Date Sun, 8 Aug 2004 10:11:56 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballin ... / ... /[From davefinance@eircom.net][Date Sun, 8 Aug 2004 10:11:53 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballin ... /[From competitions@ticketmaster.ie][Date Sat, 7 Aug 2004 10:42:39 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballin ... /[From games-feedback@yahoo-inc.com][Date Sat, 7 Aug 2004 10:42:39 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@bal ... ... /[From mafox@bankofny.com][Date Fri, 6 Aug 2004 09:53:34 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@bal ... /[From cartmen052@hotmail.com][Date Fri, 6 Aug 2004 09:53:32 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ballinastr ... /[From ehpa@eircom.net][Date Thu, 5 Aug 2004 21:33:04 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ballinastreetfestival.ie][Date Thu, 5 Aug 2004 21:33:04 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ba ... /[Fr ... /[From ... /[From no@eircom.net][Date Sat, 21 Aug 2004 10: ... /my_details.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ... /[From "" Elnora Morrow ... /[From service@darklite.ie][Date Mon, 02 May ... /account_info-text.zip Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ... /[From "" Elnora Morrow ... /[From service@darklite.ie][Date Mon, 02 May 2005 16:51:26 GMT]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ... /[From "" Elnora Morrow "" <mikefishink@fishhoo.com>][Date Tue, 22 Mar 2005 12:28:50 +0600]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballin ... /[From "Miss Herrera" <davidblack@netster.com>][Date Mon, 25 Oct 2004 15:53:50 +0300]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ba ... / ... /[From siobhan_mckenna@hotmail.com][Date Mon, 23 Aug 2004 12:15:21 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ba ... / ... /[From cormacmonaghan@hotmail.com][Date Mon, 23 Aug 2004 12:15:20 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ba ... / .. ... /[From admin@z1.adserver[1].txt][Date Sun, 22 Aug 2004 13:44:57 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ba ... / ... /[From zhrqssaegxer@bfhpzrzigco.kw][Date Sun, 22 Aug 2004 13:44:57 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ba ... / ... /[From 0003fd43@mc8-f15.hotmail.com][Date Sat, 21 Aug 2004 17:09:30 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ba ... / ... /[From sboose@handshakedynamics.com][Date Sat, 21 Aug 2004 17:09:30 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ba ... /[Fr ... /[F ... /[From dderek@eircom.net][Date Sat, 21 Aug 2004 10:07:56 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ba ... /[Fr ... /[From ... /[From no@eircom.net][Date Sat, 21 Aug 2004 10:07:56 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ba ... /[Fr ... /[From Quarantine@icap.com][Date Sun, 15 Aug 2004 10:31:59 +0100 (BST)]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ba ... /[From reservation@accomodationdublin.com][Date Tue, 10 Aug 2004 12:42:24 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ballinast .. ... ... /[From mvkarney@eircom.net][Date Tue, 10 Aug 2004 12:42:22 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ballinast .. ... /[From ... /[From 00a@eircom.net][Date Mon, 9 Aug 2004 09:37:07 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ballinast .. ... /[From dubtour@dublintourist.com][Date Mon, 9 Aug 2004 09:37:06 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ballinast ... ... / . ... /[From tara@intrepid.ie][Date Sun, 8 Aug 2004 19:16:21 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
Having terrible trouble removing the last traces of Malware from my machine.....
I am a software tester so should be able to cope with the technical suggestions... hopefully :red:
Heres the HJT log and then followed by the Kaspersky online scanner log.... hope you guys can help me out.
*******************HJT log****************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:41:33, on 15/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\FarStone\DriveClone Pro\CBP\DCSchdler.exe
C:\Program Files\FarStone\DriveClone Pro\EFB\efbfs.exe
C:\Program Files\FarStone\DriveClone Pro\fsloader.exe
C:\Program Files\FarStone\DriveClone Pro\EFB\EfbSchedule.exe
C:\Program Files\FarStone\DriveClone Pro\VerChk.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\FileZilla Server\FileZilla Server Interface.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\ZSSnp211.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Creative\Prodikeys PC-MIDI\HotKeysManager\HKManager.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\hszmvuhm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Symantec AntiVirus\vpc32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\HPZipm12.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F3 - REG:win.ini: load=C:\WINDOWS\system32\svchost.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DVD43] C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe /hidden
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CTHotKeys] "C:\Program Files\Creative\Prodikeys PC-MIDI\HotKeysManager\HKManager.exe" -STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [46e7d122] rundll32.exe "C:\WINDOWS\system32\pweagkyh.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BayGenie] "C:\Program Files\BayGenie\ProEdition\BayGenie.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [zhoueqpw] C:\WINDOWS\system32\hszmvuhm.exe
O4 - HKLM\..\Policies\Explorer\Run: [dNLx4gHe22] C:\Documents and Settings\All Users\Application Data\zkfkjcle\vgfyfgjo.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O21 - SSODL: mgsvflkw - {26F9814E-445F-40F8-81B9-9B577010ECA8} - C:\WINDOWS\mgsvflkw.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DriveClone Scheduler (DCScheduler) - Unknown owner - C:\Program Files\FarStone\DriveClone Pro\CBP\DCSchdlerSRVC.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Restore FarStone File Event Manager (efbfs) - FarStone Technology, Inc. - C:\Program Files\FarStone\DriveClone Pro\EFB\efbfs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FarStone RestoreIT Loader - Unknown owner - C:\Program Files\FarStone\DriveClone Pro\fsloader.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 15065 bytes
**********************************************************
*****************Kaspersky online AV scan log*******************
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, April 15, 2008 10:30:41 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/04/2008
Kaspersky Anti-Virus database records: 707202
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
F:\
G:\
H:\
I:\
J:\
Y:\
Scan Statistics:
Total number of scanned objects: 127140
Number of viruses found: 19
Number of infected objects: 111
Number of suspicious objects: 0
Duration of the scan process: 02:54:02
Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\isuwnuba.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\xqvrfcka.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\rqgexrtf.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\qfmhrpor.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.nvf skipped
C:\WINDOWS\system32\nnnmkIcB.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.nmz skipped
C:\WINDOWS\Temp\regkern.log Object is locked skipped
C:\WINDOWS\Temp\wrt63sec.log Object is locked skipped
C:\WINDOWS\Temp\hdlog.log Object is locked skipped
C:\WINDOWS\Temp\JET589A.tmp Object is locked skipped
C:\WINDOWS\Temp\JET94.tmp Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\dclog.bin Object is locked skipped
C:\WINDOWS\dcdisk0_0 Object is locked skipped
C:\WINDOWS\mgsvflkw.dll Infected: not-a-virus:AdWare.Win32.Vapsup.dxb skipped
C:\WINDOWS\qdnkewfa.dll Infected: not-a-virus:AdWare.Win32.Vapsup.dxg skipped
C:\WINDOWS\temlxopqdrf.dll Infected: not-a-virus:AdWare.Win32.Vapsup.dxe skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-04122008-190054.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17A40000\57ED1A72.VBN Infected: Worm.Win32.Perlovga.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17A40001\57ED1AC9.VBN Infected: Trojan-Dropper.Win32.Small.apl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D640000\4FE50692.VBN Infected: Worm.Win32.Perlovga.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D640001\4FE506E5.VBN Infected: Trojan-Dropper.Win32.Small.apl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\jamie\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Temp\data.p1 Infected: Trojan-Spy.Win32.AutoIt.a skipped
C:\Documents and Settings\jamie\Local Settings\Temp\~DFBBB5.tmp Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Temp\ngyoysed.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\Documents and Settings\jamie\Local Settings\Temp\~DF5C4A.tmp Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Temp\~DF5EFF.tmp Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Temp\Perflib_Perfdata_c40.dat Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Temp\~DF847D.tmp Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Temp\~DF87DB.tmp Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\History\History.IE5\MSHist012008041520080416\index.dat Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Temporary Internet Files\Content.IE5\D39N3FN2\zrt20080408[1] Infected: Trojan.Win32.KillAV.rf skipped
C:\Documents and Settings\jamie\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Microsoft\Windows Live Contacts\rhythm_n_blues_man@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Microsoft\Windows Live Contacts\rhythm_n_blues_man@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{00CD9865-A68A-4D8C-8E41-7AA19FAD55C5} Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\dbeam Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\dbeao Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\dbdam Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\dbdao Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\dbm Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\fii.cf1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\rpm.cf1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\rpm1mh.ht1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\rpm1m.cf1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\hp Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\fiih.ht1 Object is locked skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ... /[Fr ... /[From ... /[From no@eircom.net][Date Sat, 21 Aug 2004 10: ... /my_details.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UN ... /[From "" Elnora Morrow ... /[From service@darklite.ie][Date Mon, 02 May ... /account_info-text.zip Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UN ... /[From "" Elnora Morrow ... /[From service@darklite.ie][Date Mon, 02 May 2005 16:51:26 GMT]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UN ... /[From "" Elnora Morrow "" <mikefishink@fishhoo.com>][Date Tue, 22 Mar 2005 12:28:50 +0600]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/ ... /[From "Miss Herrera" <davidblack@netster.com>][Date Mon, 25 Oct 2004 15:53:50 +0300]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ... / ... /[From siobhan_mckenna@hotmail.com][Date Mon, 23 Aug 2004 12:15:21 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ... / ... /[From cormacmonaghan@hotmail.com][Date Mon, 23 Aug 2004 12:15:20 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ... / .. ... /[From admin@z1.adserver[1].txt][Date Sun, 22 Aug 2004 13:44:57 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ... / ... /[From zhrqssaegxer@bfhpzrzigco.kw][Date Sun, 22 Aug 2004 13:44:57 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ... / ... /[From 0003fd43@mc8-f15.hotmail.com][Date Sat, 21 Aug 2004 17:09:30 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ... / ... /[From sboose@handshakedynamics.com][Date Sat, 21 Aug 2004 17:09:30 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ... /[Fr ... /[F ... /[From dderek@eircom.net][Date Sat, 21 Aug 2004 10:07:56 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ... /[Fr ... /[From ... /[From no@eircom.net][Date Sat, 21 Aug 2004 10:07:56 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ... /[Fr ... /[From Quarantine@icap.com][Date Sun, 15 Aug 2004 10:31:59 +0100 (BST)]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ... /[From reservation@accomodationdublin.com][Date Tue, 10 Aug 2004 12:42:24 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballin .. ... ... /[From mvkarney@eircom.net][Date Tue, 10 Aug 2004 12:42:22 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballin .. ... /[From ... /[From 00a@eircom.net][Date Mon, 9 Aug 2004 09:37:07 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballin .. ... /[From dubtour@dublintourist.com][Date Mon, 9 Aug 2004 09:37:06 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballin ... ... / . ... /[From tara@intrepid.ie][Date Sun, 8 Aug 2004 19:16:21 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballin ... ... / ... /[From lleahy6@eircom.net][Date Sun, 8 Aug 2004 19:16:21 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballin ... ... /[From ildiko.szabo@nkom.gov.hu][Date Sun, 8 Aug 2004 10:11:56 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballin ... / ... /[From davefinance@eircom.net][Date Sun, 8 Aug 2004 10:11:53 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballin ... /[From competitions@ticketmaster.ie][Date Sat, 7 Aug 2004 10:42:39 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballin ... /[From games-feedback@yahoo-inc.com][Date Sat, 7 Aug 2004 10:42:39 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@bal ... ... /[From mafox@bankofny.com][Date Fri, 6 Aug 2004 09:53:34 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@bal ... /[From cartmen052@hotmail.com][Date Fri, 6 Aug 2004 09:53:32 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ballinastr ... /[From ehpa@eircom.net][Date Thu, 5 Aug 2004 21:33:04 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ballinastreetfestival.ie][Date Thu, 5 Aug 2004 21:33:04 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ba ... /[Fr ... /[From ... /[From no@eircom.net][Date Sat, 21 Aug 2004 10: ... /my_details.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ... /[From "" Elnora Morrow ... /[From service@darklite.ie][Date Mon, 02 May ... /account_info-text.zip Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ... /[From "" Elnora Morrow ... /[From service@darklite.ie][Date Mon, 02 May 2005 16:51:26 GMT]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ... /[From "" Elnora Morrow "" <mikefishink@fishhoo.com>][Date Tue, 22 Mar 2005 12:28:50 +0600]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballin ... /[From "Miss Herrera" <davidblack@netster.com>][Date Mon, 25 Oct 2004 15:53:50 +0300]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ba ... / ... /[From siobhan_mckenna@hotmail.com][Date Mon, 23 Aug 2004 12:15:21 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ba ... / ... /[From cormacmonaghan@hotmail.com][Date Mon, 23 Aug 2004 12:15:20 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ba ... / .. ... /[From admin@z1.adserver[1].txt][Date Sun, 22 Aug 2004 13:44:57 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ba ... / ... /[From zhrqssaegxer@bfhpzrzigco.kw][Date Sun, 22 Aug 2004 13:44:57 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ba ... / ... /[From 0003fd43@mc8-f15.hotmail.com][Date Sat, 21 Aug 2004 17:09:30 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ba ... / ... /[From sboose@handshakedynamics.com][Date Sat, 21 Aug 2004 17:09:30 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ba ... /[Fr ... /[F ... /[From dderek@eircom.net][Date Sat, 21 Aug 2004 10:07:56 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ba ... /[Fr ... /[From ... /[From no@eircom.net][Date Sat, 21 Aug 2004 10:07:56 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ba ... /[Fr ... /[From Quarantine@icap.com][Date Sun, 15 Aug 2004 10:31:59 +0100 (BST)]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ba ... /[From reservation@accomodationdublin.com][Date Tue, 10 Aug 2004 12:42:24 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ballinast .. ... ... /[From mvkarney@eircom.net][Date Tue, 10 Aug 2004 12:42:22 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ballinast .. ... /[From ... /[From 00a@eircom.net][Date Mon, 9 Aug 2004 09:37:07 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ballinast .. ... /[From dubtour@dublintourist.com][Date Mon, 9 Aug 2004 09:37:06 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ballinast ... ... / . ... /[From tara@intrepid.ie][Date Sun, 8 Aug 2004 19:16:21 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped