Search:

Thank You

Thank You

Thank You ...


Shall I come to Finland and cook you a nice dinner?

It didn't help.
It was already set to Manual, but I went through the steps anyway.
After reboot I tested it by opening Outlook, and the installer window still pops up.

Hello Shaba,

The link from Microsoft does not have a clear follow through. (it says to follow a link and download orktools.exe, but orktools.exe is not found at the link provided.)
I am running...

I deleted the deleted items for this user, but I did not know what to do with the next item: The Mail MS Outlook 5: infected - 1 skipped

C:\Documents and Settings\Rhonni\Local Settings\Application...

It all fit in one post!
woo hoo!

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, January 20, 2008 5:35:59 PM
Operating System: Microsoft Windows XP...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:37:28 PM, on 1/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
...

C:\Program Files\CA\SharedComponents\PPRT\logs\2008-01-20.csv Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\master.mdf Object is locked skipped...

C:\Documents and Settings\Rhonni\Local Settings\Application Data\Mozilla\Firefox\Profiles\z2ymyj8r.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Rhonni\Local...

C:\Documents and Settings\Rhonni\Local Settings\Application Data\Identities\{EB187F76-71F6-4642-90B5-A8593A810903}\Microsoft\Outlook Express\Deleted Items.dbx/[From <lookjed@MAIL.BIU.AC.IL>][Date...

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FDA0809 Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application...

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70561972/[From info@hairbraiding.com][Date Fri, 3 Dec 2004 16:19:45 -0500]/UNNAMED/UNNAMED/html Suspicious:...

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66115CD8/mail.eml ...

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FB064A3 Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application...

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5EB52420/[From licensing@internet.com][Date Sat, 25 Dec 2004 16:34:06 -0500]/UNNAMED/html Suspicious:...

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5D301759/[From Mail Delivery System <Mailer-Daemon@server52.hostvolt.com>][Date Fri, 22 Oct 2004 06:40:20...

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B200E11 Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application...

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\58F07DB8/[From hmperformance@aol.com][Date Fri, 10 Dec 2004 08:51:59 -0500]/UNNAMED/html Suspicious:...

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47E10225/[From nucer@aol.com][Date Thu, 4 Nov 2004 09:13:22 -0600]/UNNAMED/html Suspicious:...

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\310D4A96 Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application...

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\200E3D6B CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton...

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E0172E9 Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application...

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08180B21 CryptFF: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton...

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06524455 ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton...

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\054329F6/[From iseabalault@igma.com][Date Mon, 15 Nov 2004 01:04:46 -0800]/UNNAMED/html Suspicious:...

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, January 20, 2008 11:32:42 AM
Operating System: Microsoft Windows XP...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:35 AM, on 1/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:49:20 AM, on 1/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
...

ComboFix 08-01-18.5 - Rhonni 2008-01-20 8:35:24.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1091 [GMT -5:00]
Running from: C:\Documents and...

I don't know how long combofix ran. I left the office at 45 minutes or so.

.
((((((((((((((((((((((((( Files Created from 2007-12-19 to 2008-01-19 )))))))))))))))))))))))))))))))
.

2008-01-19 07:38 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe...

C:\posD.tmp
C:\posD0.tmp
C:\posD00.tmp
C:\posD01.tmp
C:\posD02.tmp
C:\posD03.tmp
C:\posD04.tmp
C:\posD05.tmp
C:\posD06.tmp
C:\posD07.tmp

C:\pos9.tmp
C:\pos90.tmp
C:\pos900.tmp
C:\pos901.tmp
C:\pos902.tmp
C:\pos903.tmp
C:\pos904.tmp
C:\pos905.tmp
C:\pos906.tmp
C:\pos907.tmp

C:\pos6.tmp
C:\pos60.tmp
C:\pos600.tmp
C:\pos601.tmp
C:\pos602.tmp
C:\pos603.tmp
C:\pos604.tmp
C:\pos605.tmp
C:\pos606.tmp
C:\pos607.tmp

C:\pos3.tmp
C:\pos30.tmp
C:\pos300.tmp
C:\pos301.tmp
C:\pos302.tmp
C:\pos303.tmp
C:\pos304.tmp
C:\pos305.tmp
C:\pos306.tmp
C:\pos307.tmp

C:\pos2A.tmp
C:\pos2A0.tmp
C:\pos2A00.tmp
C:\pos2A01.tmp
C:\pos2A02.tmp
C:\pos2A03.tmp
C:\pos2A04.tmp
C:\pos2A05.tmp
C:\pos2A06.tmp
C:\pos2A07.tmp

C:\pos28.tmp
C:\pos280.tmp
C:\pos2800.tmp
C:\pos2801.tmp
C:\pos2802.tmp
C:\pos2803.tmp
C:\pos2804.tmp
C:\pos2805.tmp
C:\pos2806.tmp
C:\pos2807.tmp

C:\pos24.tmp
C:\pos240.tmp
C:\pos2400.tmp
C:\pos2401.tmp
C:\pos2402.tmp
C:\pos2403.tmp
C:\pos2404.tmp
C:\pos2405.tmp
C:\pos2406.tmp
C:\pos2407.tmp

C:\pos20.tmp
C:\pos200.tmp
C:\pos2000.tmp
C:\pos2001.tmp
C:\pos2002.tmp
C:\pos2003.tmp
C:\pos2004.tmp
C:\pos2005.tmp
C:\pos2006.tmp
C:\pos2007.tmp

C:\pos1C.tmp
C:\pos1C0.tmp
C:\pos1C00.tmp
C:\pos1C01.tmp
C:\pos1C02.tmp
C:\pos1C03.tmp
C:\pos1C04.tmp
C:\pos1C05.tmp
C:\pos1C06.tmp
C:\pos1C07.tmp

C:\pos18.tmp
C:\pos180.tmp
C:\pos1800.tmp
C:\pos1801.tmp
C:\pos1802.tmp
C:\pos1803.tmp
C:\pos1804.tmp
C:\pos1805.tmp
C:\pos1806.tmp
C:\pos1807.tmp

C:\pos15.tmp
C:\pos150.tmp
C:\pos1500.tmp
C:\pos1501.tmp
C:\pos1502.tmp
C:\pos1503.tmp
C:\pos1504.tmp
C:\pos1505.tmp
C:\pos1506.tmp
C:\pos1507.tmp

C:\pos12.tmp
C:\pos120.tmp
C:\pos1200.tmp
C:\pos1201.tmp
C:\pos1202.tmp
C:\pos1203.tmp
C:\pos1204.tmp
C:\pos1205.tmp
C:\pos1206.tmp
C:\pos1207.tmp

C:\pos10.tmp
C:\pos100.tmp
C:\pos1000.tmp
C:\pos1001.tmp
C:\pos1002.tmp
C:\pos1003.tmp
C:\pos1004.tmp
C:\pos1005.tmp
C:\pos1006.tmp
C:\pos1007.tmp

C:\Documents and Settings\Rhonni\My Documents\posF00.tmp
C:\Documents and Settings\Rhonni\My Documents\posF01.tmp
C:\Documents and Settings\Rhonni\My Documents\posF02.tmp
C:\Documents and...

C:\Documents and Settings\Rhonni\My Documents\posE00.tmp
C:\Documents and Settings\Rhonni\My Documents\posE01.tmp
C:\Documents and Settings\Rhonni\My Documents\posE02.tmp
C:\Documents and...

C:\Documents and Settings\Rhonni\My Documents\posD00.tmp
C:\Documents and Settings\Rhonni\My Documents\posD01.tmp
C:\Documents and Settings\Rhonni\My Documents\posD02.tmp
C:\Documents and...

C:\Documents and Settings\Rhonni\My Documents\posC00.tmp
C:\Documents and Settings\Rhonni\My Documents\posC01.tmp
C:\Documents and Settings\Rhonni\My Documents\posC02.tmp
C:\Documents and...

C:\Documents and Settings\Rhonni\My Documents\posB00.tmp
C:\Documents and Settings\Rhonni\My Documents\posB01.tmp
C:\Documents and Settings\Rhonni\My Documents\posB02.tmp
C:\Documents and...

C:\Documents and Settings\Rhonni\My Documents\posA00.tmp
C:\Documents and Settings\Rhonni\My Documents\posA01.tmp
C:\Documents and Settings\Rhonni\My Documents\posA02.tmp
C:\Documents and...