PDA

View Full Version : Virtumonde.dll



jamierooney
2008-04-16, 00:50
Hi there,

Having terrible trouble removing the last traces of Malware from my machine.....
I am a software tester so should be able to cope with the technical suggestions... hopefully :red:

Heres the HJT log and then followed by the Kaspersky online scanner log.... hope you guys can help me out.


*******************HJT log****************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:41:33, on 15/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\FarStone\DriveClone Pro\CBP\DCSchdler.exe
C:\Program Files\FarStone\DriveClone Pro\EFB\efbfs.exe
C:\Program Files\FarStone\DriveClone Pro\fsloader.exe
C:\Program Files\FarStone\DriveClone Pro\EFB\EfbSchedule.exe
C:\Program Files\FarStone\DriveClone Pro\VerChk.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\FileZilla Server\FileZilla Server Interface.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\ZSSnp211.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Creative\Prodikeys PC-MIDI\HotKeysManager\HKManager.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\hszmvuhm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Symantec AntiVirus\vpc32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\HPZipm12.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F3 - REG:win.ini: load=C:\WINDOWS\system32\svchost.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DVD43] C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe /hidden
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CTHotKeys] "C:\Program Files\Creative\Prodikeys PC-MIDI\HotKeysManager\HKManager.exe" -STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [46e7d122] rundll32.exe "C:\WINDOWS\system32\pweagkyh.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BayGenie] "C:\Program Files\BayGenie\ProEdition\BayGenie.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [zhoueqpw] C:\WINDOWS\system32\hszmvuhm.exe
O4 - HKLM\..\Policies\Explorer\Run: [dNLx4gHe22] C:\Documents and Settings\All Users\Application Data\zkfkjcle\vgfyfgjo.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O21 - SSODL: mgsvflkw - {26F9814E-445F-40F8-81B9-9B577010ECA8} - C:\WINDOWS\mgsvflkw.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DriveClone Scheduler (DCScheduler) - Unknown owner - C:\Program Files\FarStone\DriveClone Pro\CBP\DCSchdlerSRVC.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Restore FarStone File Event Manager (efbfs) - FarStone Technology, Inc. - C:\Program Files\FarStone\DriveClone Pro\EFB\efbfs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FarStone RestoreIT Loader - Unknown owner - C:\Program Files\FarStone\DriveClone Pro\fsloader.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 15065 bytes
**********************************************************


*****************Kaspersky online AV scan log*******************
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, April 15, 2008 10:30:41 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/04/2008
Kaspersky Anti-Virus database records: 707202
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
F:\
G:\
H:\
I:\
J:\
Y:\

Scan Statistics:
Total number of scanned objects: 127140
Number of viruses found: 19
Number of infected objects: 111
Number of suspicious objects: 0
Duration of the scan process: 02:54:02

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\isuwnuba.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\xqvrfcka.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\rqgexrtf.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\qfmhrpor.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.nvf skipped
C:\WINDOWS\system32\nnnmkIcB.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.nmz skipped
C:\WINDOWS\Temp\regkern.log Object is locked skipped
C:\WINDOWS\Temp\wrt63sec.log Object is locked skipped
C:\WINDOWS\Temp\hdlog.log Object is locked skipped
C:\WINDOWS\Temp\JET589A.tmp Object is locked skipped
C:\WINDOWS\Temp\JET94.tmp Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\dclog.bin Object is locked skipped
C:\WINDOWS\dcdisk0_0 Object is locked skipped
C:\WINDOWS\mgsvflkw.dll Infected: not-a-virus:AdWare.Win32.Vapsup.dxb skipped
C:\WINDOWS\qdnkewfa.dll Infected: not-a-virus:AdWare.Win32.Vapsup.dxg skipped
C:\WINDOWS\temlxopqdrf.dll Infected: not-a-virus:AdWare.Win32.Vapsup.dxe skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-04122008-190054.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17A40000\57ED1A72.VBN Infected: Worm.Win32.Perlovga.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17A40001\57ED1AC9.VBN Infected: Trojan-Dropper.Win32.Small.apl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D640000\4FE50692.VBN Infected: Worm.Win32.Perlovga.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D640001\4FE506E5.VBN Infected: Trojan-Dropper.Win32.Small.apl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\jamie\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Temp\data.p1 Infected: Trojan-Spy.Win32.AutoIt.a skipped
C:\Documents and Settings\jamie\Local Settings\Temp\~DFBBB5.tmp Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Temp\ngyoysed.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\Documents and Settings\jamie\Local Settings\Temp\~DF5C4A.tmp Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Temp\~DF5EFF.tmp Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Temp\Perflib_Perfdata_c40.dat Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Temp\~DF847D.tmp Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Temp\~DF87DB.tmp Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\History\History.IE5\MSHist012008041520080416\index.dat Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Temporary Internet Files\Content.IE5\D39N3FN2\zrt20080408[1] Infected: Trojan.Win32.KillAV.rf skipped
C:\Documents and Settings\jamie\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Microsoft\Windows Live Contacts\rhythm_n_blues_man@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Microsoft\Windows Live Contacts\rhythm_n_blues_man@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{00CD9865-A68A-4D8C-8E41-7AA19FAD55C5} Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\dbeam Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\dbeao Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\dbdam Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\dbdao Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\dbm Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\fii.cf1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\rpm.cf1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\rpm1mh.ht1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\rpm1m.cf1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\hp Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Documents and Settings\jamie\Local Settings\Application Data\Google\Google Desktop\2a33062cf111\fiih.ht1 Object is locked skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ... /[Fr ... /[From ... /[From no@eircom.net][Date Sat, 21 Aug 2004 10: ... /my_details.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UN ... /[From "" Elnora Morrow ... /[From service@darklite.ie][Date Mon, 02 May ... /account_info-text.zip Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UN ... /[From "" Elnora Morrow ... /[From service@darklite.ie][Date Mon, 02 May 2005 16:51:26 GMT]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UN ... /[From "" Elnora Morrow "" <mikefishink@fishhoo.com>][Date Tue, 22 Mar 2005 12:28:50 +0600]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/ ... /[From "Miss Herrera" <davidblack@netster.com>][Date Mon, 25 Oct 2004 15:53:50 +0300]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ... / ... /[From siobhan_mckenna@hotmail.com][Date Mon, 23 Aug 2004 12:15:21 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ... / ... /[From cormacmonaghan@hotmail.com][Date Mon, 23 Aug 2004 12:15:20 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ... / .. ... /[From admin@z1.adserver[1].txt][Date Sun, 22 Aug 2004 13:44:57 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ... / ... /[From zhrqssaegxer@bfhpzrzigco.kw][Date Sun, 22 Aug 2004 13:44:57 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ... / ... /[From 0003fd43@mc8-f15.hotmail.com][Date Sat, 21 Aug 2004 17:09:30 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ... / ... /[From sboose@handshakedynamics.com][Date Sat, 21 Aug 2004 17:09:30 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ... /[Fr ... /[F ... /[From dderek@eircom.net][Date Sat, 21 Aug 2004 10:07:56 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ... /[Fr ... /[From ... /[From no@eircom.net][Date Sat, 21 Aug 2004 10:07:56 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ... /[Fr ... /[From Quarantine@icap.com][Date Sun, 15 Aug 2004 10:31:59 +0100 (BST)]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ... /[From reservation@accomodationdublin.com][Date Tue, 10 Aug 2004 12:42:24 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballin .. ... ... /[From mvkarney@eircom.net][Date Tue, 10 Aug 2004 12:42:22 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballin .. ... /[From ... /[From 00a@eircom.net][Date Mon, 9 Aug 2004 09:37:07 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballin .. ... /[From dubtour@dublintourist.com][Date Mon, 9 Aug 2004 09:37:06 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballin ... ... / . ... /[From tara@intrepid.ie][Date Sun, 8 Aug 2004 19:16:21 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballin ... ... / ... /[From lleahy6@eircom.net][Date Sun, 8 Aug 2004 19:16:21 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballin ... ... /[From ildiko.szabo@nkom.gov.hu][Date Sun, 8 Aug 2004 10:11:56 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballin ... / ... /[From davefinance@eircom.net][Date Sun, 8 Aug 2004 10:11:53 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballin ... /[From competitions@ticketmaster.ie][Date Sat, 7 Aug 2004 10:42:39 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballin ... /[From games-feedback@yahoo-inc.com][Date Sat, 7 Aug 2004 10:42:39 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@bal ... ... /[From mafox@bankofny.com][Date Fri, 6 Aug 2004 09:53:34 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@bal ... /[From cartmen052@hotmail.com][Date Fri, 6 Aug 2004 09:53:32 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ballinastr ... /[From ehpa@eircom.net][Date Thu, 5 Aug 2004 21:33:04 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ballinastreetfestival.ie][Date Thu, 5 Aug 2004 21:33:04 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/home/backup/mail/ballinaf Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ba ... /[Fr ... /[From ... /[From no@eircom.net][Date Sat, 21 Aug 2004 10: ... /my_details.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ... /[From "" Elnora Morrow ... /[From service@darklite.ie][Date Mon, 02 May ... /account_info-text.zip Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ... /[From "" Elnora Morrow ... /[From service@darklite.ie][Date Mon, 02 May 2005 16:51:26 GMT]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ... /[From "" Elnora Morrow "" <mikefishink@fishhoo.com>][Date Tue, 22 Mar 2005 12:28:50 +0600]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballin ... /[From "Miss Herrera" <davidblack@netster.com>][Date Mon, 25 Oct 2004 15:53:50 +0300]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ba ... / ... /[From siobhan_mckenna@hotmail.com][Date Mon, 23 Aug 2004 12:15:21 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ba ... / ... /[From cormacmonaghan@hotmail.com][Date Mon, 23 Aug 2004 12:15:20 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ba ... / .. ... /[From admin@z1.adserver[1].txt][Date Sun, 22 Aug 2004 13:44:57 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ba ... / ... /[From zhrqssaegxer@bfhpzrzigco.kw][Date Sun, 22 Aug 2004 13:44:57 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ba ... / ... /[From 0003fd43@mc8-f15.hotmail.com][Date Sat, 21 Aug 2004 17:09:30 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ba ... / ... /[From sboose@handshakedynamics.com][Date Sat, 21 Aug 2004 17:09:30 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ba ... /[Fr ... /[F ... /[From dderek@eircom.net][Date Sat, 21 Aug 2004 10:07:56 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ba ... /[Fr ... /[From ... /[From no@eircom.net][Date Sat, 21 Aug 2004 10:07:56 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ba ... /[Fr ... /[From Quarantine@icap.com][Date Sun, 15 Aug 2004 10:31:59 +0100 (BST)]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ba ... /[From reservation@accomodationdublin.com][Date Tue, 10 Aug 2004 12:42:24 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ballinast .. ... ... /[From mvkarney@eircom.net][Date Tue, 10 Aug 2004 12:42:22 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ballinast .. ... /[From ... /[From 00a@eircom.net][Date Mon, 9 Aug 2004 09:37:07 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ballinast .. ... /[From dubtour@dublintourist.com][Date Mon, 9 Aug 2004 09:37:06 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped
C:\Documents and Settings\jamie\My Documents\festival_site\wholesite.tar/mail/ballinaf/[From uksales@adlink.net][Date Sun, 1 Aug 2004 10:02:06 +0100]/UNNAMED/[From allendolan@yahoo.com][Date Mon, 2 Aug 2004 13:08:40 +0100]/UNNAMED/[From jbarendr@centralhome.com][Date Mon, 2 Aug 2004 13:08:42 +0100]/UNNAMED/[From janetmurphy@dell.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From annegarvin@hotmail.com][Date Tue, 3 Aug 2004 11:27:57 +0100]/UNNAMED/[From ballinaf@ballinast ... ... / . ... /[From tara@intrepid.ie][Date Sun, 8 Aug 2004 19:16:21 +0100]/UNNAMED Infected: Email-Worm.Win32.Sober.p skipped

Blade81
2008-04-16, 18:35
Hi


Download
SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe)
and save it to your desktop. (If you can't download with this computer try to get it downloaded on some other one.)

Please then reboot your computer in Safe Mode by doing the
following :
Restart your computer
After hearing your computer beep once during startup, but before the
Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press
Enter
.
Choose your usual account.

In Safe Mode, double click the SDFix.exe file. Click Install in appearing window,
Open the extracted folder and double click RunThis.bat to
start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the
registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool
will be running and removing files.
When the desktop loads the Fixtool will complete the removal and
display Finished, then press any key to end the script and load
your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the
contents of the results file Report.txt back onto the forum with
a new HijackThis log