Vitrumonde (the malware that shall not be named)

Kaspersky results, part 12

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FB064A3 Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FB71904/[From dscohen@hotmail.com][Date Mon, 27 Dec 2004 17:34:55 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FB71904/[From dscohen@hotmail.com][Date Mon, 27 Dec 2004 17:34:55 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FB71904/[From dscohen@hotmail.com][Date Mon, 27 Dec 2004 17:34:55 -0500]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FB71904 Mail: infected - 1, suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FB71904 CryptFF: infected - 1, suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FBE27FB/[From 37@espgcm02-appl.nc.checkfree.com][Date Sun, 5 Dec 2004 21:19:53 -0500]/message28096.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FBE27FB Mail: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FBE27FB CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FBE6CFD/[From 12d.50657bfb.2ed90213@aol.com][Date Mon, 27 Dec 2004 19:24:09 -0500]/message23571.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FBE6CFD Mail: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FBE6CFD CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FC116F9/[From newsletter@reply.ticketmaster.com][Date Mon, 27 Dec 2004 19:29:52 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FC116F9/[From newsletter@reply.ticketmaster.com][Date Mon, 27 Dec 2004 19:29:52 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FC116F9/[From newsletter@reply.ticketmaster.com][Date Mon, 27 Dec 2004 19:29:52 -0500]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FC116F9 Mail: infected - 1, suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FC116F9 CryptFF: infected - 1, suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FC13691/[From chess@yourmailnow.com][Date Thu, 2 Dec 2004 16:32:36 -0800]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FC13691/[From chess@yourmailnow.com][Date Thu, 2 Dec 2004 16:32:36 -0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FC13691 Mail: suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FC13691 CryptFF: suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FD512E3/[From ttkowal@verizon.net][Date Mon, 27 Dec 2004 20:26:22 -0500]/mail10758.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FD512E3 Mail: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FD512E3 CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FDB66DC/[From cburda@thetravelteam.com][Date Mon, 27 Dec 2004 21:01:43 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FDB66DC/[From cburda@thetravelteam.com][Date Mon, 27 Dec 2004 21:01:43 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FDB66DC/[From cburda@thetravelteam.com][Date Mon, 27 Dec 2004 21:01:43 -0500]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FDB66DC Mail: infected - 1, suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FDB66DC CryptFF: infected - 1, suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FE275D3/[From mosalm@mindspring.com][Date Sun, 5 Dec 2004 21:20:03 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FE275D3/[From mosalm@mindspring.com][Date Sun, 5 Dec 2004 21:20:03 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FE275D3/[From mosalm@mindspring.com][Date Sun, 5 Dec 2004 21:20:03 -0500]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FE275D3 Mail: infected - 1, suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FE275D3 CryptFF: infected - 1, suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5FF536C0 Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6013309F Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60165A9C/[From peraphanr@yahoo.com][Date Tue, 28 Dec 2004 13:52:03 -0800]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60165A9C/[From peraphanr@yahoo.com][Date Tue, 28 Dec 2004 13:52:03 -0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60165A9C Mail: suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60165A9C CryptFF: suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60856E21 Infected: Email-Worm.Win32.NetSky.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\608E2EF8/naked2.txt.scr Infected: Email-Worm.Win32.NetSky.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\608E2EF8 ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\608E2EF8 CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60F01A8C/Part-2.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60F01A8C ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60F01A8C CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61AB0C85/[From lllie46@aol.com][Date Sat, 8 Jan 2005 18:19:01 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61AB0C85/[From lllie46@aol.com][Date Sat, 8 Jan 2005 18:19:01 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61AB0C85/[From lllie46@aol.com][Date Sat, 8 Jan 2005 18:19:01 -0500]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61AB0C85 Mail: infected - 1, suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61AB0C85 CryptFF: infected - 1, suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61BB5E73/[From 676.mta4.adelphia.net@email05.quris.net][Date Sat, 8 Jan 2005 18:22:06 -0500]/message26107.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61BB5E73 Mail: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61BB5E73 CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61DB4154/[From info@hairbraiding.com][Date Mon, 25 Oct 2004 08:06:43 -0400]/your_website.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61DB4154 Mail: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61DB4154 CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63287BE5/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63287BE5 ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63287BE5 CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\633523D7 Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\633F21CC/[From john@championzone.net][Date Mon, 25 Oct 2004 08:56:59 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\633F21CC/[From john@championzone.net][Date Mon, 25 Oct 2004 08:56:59 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\633F21CC Mail: suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\633F21CC CryptFF: suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\634C49BE/mydate.doc.exe Infected: Email-Worm.Win32.NetSky.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\634C49BE ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\634C49BE CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63B5094B Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63C55B39 Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63C80535/[From dawn.gusty@bmg.com][Date Mon, 25 Oct 2004 09:24:34 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63C80535/[From dawn.gusty@bmg.com][Date Mon, 25 Oct 2004 09:24:34 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63C80535 Mail: suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63C80535 CryptFF: suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63CC0C13/[From mahat@sp.edu.sg][Date Fri, 22 Oct 2004 20:54:33 -0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63CC0C13/[From mahat@sp.edu.sg][Date Fri, 22 Oct 2004 20:54:33 -0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63CC0C13 Mail: suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63CC0C13 CryptFF: suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63D93405/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63D93405 ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63D93405 CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63EA4964/Informations.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63EA4964 ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63EA4964 CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63F303E8/Bill.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63F303E8 ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63F303E8 CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\64067FD3 Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\641427C4/[From usahana_iicecreamm@hotmail.com][Date Fri, 22 Oct 2004 23:06:05 -0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\641427C4/[From usahana_iicecreamm@hotmail.com][Date Fri, 22 Oct 2004 23:06:05 -0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\641427C4 Mail: suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\641427C4 CryptFF: suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\642479B2/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\642479B2 ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\642479B2 CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\659375A7/[From bstuart@acfchefs.net][Date Sat, 8 Jan 2005 10:44:59 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\659375A7/[From bstuart@acfchefs.net][Date Sat, 8 Jan 2005 10:44:59 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\659375A7/[From bstuart@acfchefs.net][Date Sat, 8 Jan 2005 10:44:59 -0500]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\659375A7 Mail: infected - 1, suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\659375A7 CryptFF: infected - 1, suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6596458D/Part-2.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6596458D ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6596458D CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\65B01570 Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\65BB6D7B/[From welcome@ebay.com][Date Sat, 8 Jan 2005 10:45:56 -0500]/mail13916.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\65BB6D7B Mail: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\65BB6D7B CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66022F16/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66022F16 ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66022F16 CryptFF: infected - 1 skipped
 
Kaspersky results, part 13

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66115CD8/mail.eml .scr Infected: Email-Worm.Win32.NetSky.r skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66115CD8 ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66115CD8 CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\661854FD Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66267CEF/[From allan@engr.colostate.edu][Date Mon, 6 Dec 2004 15:43:06 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66267CEF/[From allan@engr.colostate.edu][Date Mon, 6 Dec 2004 15:43:06 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66267CEF/[From allan@engr.colostate.edu][Date Mon, 6 Dec 2004 15:43:06 -0500]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66267CEF Mail: infected - 1, suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66267CEF CryptFF: infected - 1, suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66342AB0/[From cakmakr@adelphia.net][Date Wed, 5 Jan 2005 18:35:24 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66342AB0/[From cakmakr@adelphia.net][Date Wed, 5 Jan 2005 18:35:24 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66342AB0/[From cakmakr@adelphia.net][Date Wed, 5 Jan 2005 18:35:24 -0500]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66342AB0 Mail: infected - 1, suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66342AB0 CryptFF: infected - 1, suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66364EDD Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\664620CB/[From cartoons@wn.com][Date Mon, 6 Dec 2004 15:51:16 -0500]/data23855.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\664620CB Mail: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\664620CB CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\665E0DD3 Infected: Email-Worm.Win32.Klez.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\666F5FC1 Infected: Email-Worm.Win32.Klez.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66785DB6 Infected: Email-Worm.Win32.Klez.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\667F31AF Infected: Email-Worm.Win32.Klez.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6985722A/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6985722A ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6985722A CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\69E75DBE Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\69ED31B7/[From walden@411seek.com][Date Sat, 26 Feb 2005 16:18:10 -0800]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\69ED31B7/[From walden@411seek.com][Date Sat, 26 Feb 2005 16:18:10 -0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\69ED31B7 Mail: suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\69ED31B7 CryptFF: suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6ADD102C/[From apags@aol.com][Date Wed, 29 Dec 2004 22:27:17 -0500]/mail9269.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6ADD102C Mail: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6ADD102C CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6AFB0A0C/[From irishofw@aol.com][Date Wed, 29 Dec 2004 22:31:03 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6AFB0A0C/[From irishofw@aol.com][Date Wed, 29 Dec 2004 22:31:03 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6AFB0A0C/[From irishofw@aol.com][Date Wed, 29 Dec 2004 22:31:03 -0500]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6AFB0A0C Mail: infected - 1, suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6AFB0A0C CryptFF: infected - 1, suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6BD93DBA/Textfile.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6BD93DBA ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6BD93DBA CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C654B1F Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C761D0D Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C7C7106/[From stevenmbob@yahoo.com][Date Mon, 1 Nov 2004 14:38:14 -0600]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C7C7106/[From stevenmbob@yahoo.com][Date Mon, 1 Nov 2004 14:38:14 -0600]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C7C7106 Mail: suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C7C7106 CryptFF: suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C835012 Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C8D4E07/[From yup..luv_hurtz8827@hotmail.com][Date Thu, 30 Dec 2004 18:23:11 -0800]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C8D4E07/[From yup..luv_hurtz8827@hotmail.com][Date Thu, 30 Dec 2004 18:23:11 -0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C8D4E07 Mail: suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C8D4E07 CryptFF: suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C942200/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C942200 ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C942200 CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBB6F37/mail.eml .scr Infected: Email-Worm.Win32.NetSky.r skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBB6F37 ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EBB6F37 CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F0F32D9/[From sknoer7@adelphia.net][Date Thu, 2 Dec 2004 08:06:19 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F0F32D9/[From sknoer7@adelphia.net][Date Thu, 2 Dec 2004 08:06:19 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F0F32D9/[From sknoer7@adelphia.net][Date Thu, 2 Dec 2004 08:06:19 -0500]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F0F32D9 Mail: infected - 1, suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F0F32D9 CryptFF: infected - 1, suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F3A0959/[From propwork@frontiernet.net][Date Mon, 3 Jan 2005 15:22:21 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F3A0959/[From propwork@frontiernet.net][Date Mon, 3 Jan 2005 15:22:21 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F3A0959/[From propwork@frontiernet.net][Date Mon, 3 Jan 2005 15:22:21 -0500]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F3A0959 Mail: infected - 1, suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F3A0959 CryptFF: infected - 1, suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F4677DC/Bill.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F4677DC ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F4677DC CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F4D0543/data.eml .scr Infected: Email-Worm.Win32.NetSky.r skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F4D0543 ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F4D0543 CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F5B7887/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F5B7887 ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F5B7887 CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F675526/data.eml .scr Infected: Email-Worm.Win32.NetSky.r skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F675526 ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F675526 CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F747D18/[From 40bca1db00131779d@bounce.quris.net][Date Mon, 3 Jan 2005 19:56:07 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F747D18/[From 40bca1db00131779d@bounce.quris.net][Date Mon, 3 Jan 2005 19:56:07 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F747D18/[From 40bca1db00131779d@bounce.quris.net][Date Mon, 3 Jan 2005 19:56:07 -0500]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F747D18 Mail: infected - 1, suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F747D18 CryptFF: infected - 1, suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FB61022/admire_001.exe Infected: Email-Worm.Win32.Wurmark.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FB61022 ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FB61022 CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\701551BA Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70165CCC/[From rvneil1@aol.com][Date Thu, 16 Dec 2004 08:57:13 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70165CCC/[From rvneil1@aol.com][Date Thu, 16 Dec 2004 08:57:13 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70165CCC/[From rvneil1@aol.com][Date Thu, 16 Dec 2004 08:57:13 -0500]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70165CCC Mail: infected - 1, suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70165CCC CryptFF: infected - 1, suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\702304BD/[From cd@ideatown.com][Date Thu, 16 Dec 2004 09:03:57 -0500]/data31636.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\702304BD Mail: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\702304BD CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70464784/[From jmdl@jmdlnospam.com][Date Fri, 3 Dec 2004 16:16:19 -0500]/message4260.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70464784 Mail: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70464784 CryptFF: infected - 1 skipped
 
Kaspersky results, part 14

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70561972/[From info@hairbraiding.com][Date Fri, 3 Dec 2004 16:19:45 -0500]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70561972/[From info@hairbraiding.com][Date Fri, 3 Dec 2004 16:19:45 -0500]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70561972/[From info@hairbraiding.com][Date Fri, 3 Dec 2004 16:19:45 -0500]/UNNAMED/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70561972/[From info@hairbraiding.com][Date Fri, 3 Dec 2004 16:19:45 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.r skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70561972 Mail: infected - 2, suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70561972 CryptFF: infected - 2, suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70634164/[From jbuc0617@brockport.edu][Date Fri, 3 Dec 2004 16:22:14 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70634164/[From jbuc0617@brockport.edu][Date Fri, 3 Dec 2004 16:22:14 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70634164/[From jbuc0617@brockport.edu][Date Fri, 3 Dec 2004 16:22:14 -0500]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70634164 Mail: infected - 1, suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70634164 CryptFF: infected - 1, suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\708A3938/[From t@express.mail.tickle.com][Date Fri, 3 Dec 2004 21:59:37 -0500]/message8159.zip Infected: Email-Worm.Win32.NetSky.r skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\708A3938 Mail: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\708A3938 CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70AB5D15/[From neverstuck@aol.com][Date Fri, 3 Dec 2004 22:06:25 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70AB5D15/[From neverstuck@aol.com][Date Fri, 3 Dec 2004 22:06:25 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70AB5D15/[From neverstuck@aol.com][Date Fri, 3 Dec 2004 22:06:25 -0500]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70AB5D15 Mail: infected - 1, suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70AB5D15 CryptFF: infected - 1, suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71BA79EA Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\723D095B/[From junehcate@hotmail.com][Date Sat, 4 Dec 2004 19:54:49 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\723D095B/[From junehcate@hotmail.com][Date Sat, 4 Dec 2004 19:54:49 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\723D095B/[From junehcate@hotmail.com][Date Sat, 4 Dec 2004 19:54:49 -0500]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\723D095B Mail: infected - 1, suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\723D095B CryptFF: infected - 1, suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7274531D/[From drussus19@hotmail.com][Date Sat, 4 Dec 2004 20:04:44 -0500]/msg19606.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7274531D Mail: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7274531D CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74B1552B Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74BB5320/[From sswapan@sp.edu.sg][Date Sun, 30 Jan 2005 17:08:41 -0800]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74BB5320/[From sswapan@sp.edu.sg][Date Sun, 30 Jan 2005 17:08:41 -0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74BB5320 Mail: suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74BB5320 CryptFF: suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74C55116 Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74F072E7/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74F072E7 ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74F072E7 CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74F60FBB/Details.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74F60FBB ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74F60FBB CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74FD1AD8 Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\750044D5/[From pmqbycyoisvup@bfjnyej.to][Date Mon, 31 Jan 2005 01:25:15 -0800]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\750044D5/[From pmqbycyoisvup@bfjnyej.to][Date Mon, 31 Jan 2005 01:25:15 -0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\750044D5 Mail: suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\750044D5 CryptFF: suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75415569/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75415569 ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75415569 CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\76BA4BCC Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\76DE19A5/[From iosqqbfkyjlbla@foefbzmlxizk.cy][Date Fri, 28 Jan 2005 14:40:49 -0800]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\76DE19A5/[From iosqqbfkyjlbla@foefbzmlxizk.cy][Date Fri, 28 Jan 2005 14:40:49 -0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\76DE19A5 Mail: suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\76DE19A5 CryptFF: suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\76E8179A/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\76E8179A ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\76E8179A CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\771F615D/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\771F615D ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\771F615D CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\772C094F Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\77645311/[From zottbixeuebb@ztllpevrur.com][Date Fri, 28 Jan 2005 23:00:53 -0800]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\77645311/[From zottbixeuebb@ztllpevrur.com][Date Fri, 28 Jan 2005 23:00:53 -0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\77645311 Mail: suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\77645311 CryptFF: suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78342672 Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78A663F4 Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78AD37ED/[From uhful@ydqbxuhe.com][Date Mon, 31 Jan 2005 17:06:54 -0800]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78AD37ED/[From uhful@ydqbxuhe.com][Date Mon, 31 Jan 2005 17:06:54 -0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78AD37ED Mail: suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78AD37ED CryptFF: suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78C033D7/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78C033D7 ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78C033D7 CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78FB2796 Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79084F88/[From mitsubishi@denzel.hu][Date Mon, 31 Jan 2005 22:01:30 -0800]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79084F88/[From mitsubishi@denzel.hu][Date Mon, 31 Jan 2005 22:01:30 -0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79084F88 Mail: suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79084F88 CryptFF: suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\790F2381 Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7915289F Infected: Email-Worm.Win32.NetSky.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\791C4B72 Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\793341C1/Bill.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\793341C1 ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\793341C1 CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79361B56/[From antionettetobler@straightmail.net][Date Mon, 31 Jan 2005 23:51:01 -0800]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79361B56/[From antionettetobler@straightmail.net][Date Mon, 31 Jan 2005 23:51:01 -0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79361B56 Mail: suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79361B56 CryptFF: suspicious - 2 skipped
 
Kaspersky results, part 15

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FDA0809 Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FE15C02/[From atbap@iname.com][Date Mon, 13 Dec 2004 04:31:18 -0800]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FE15C02/[From atbap@iname.com][Date Mon, 13 Dec 2004 04:31:18 -0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FE15C02 Mail: suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FE15C02 CryptFF: suspicious - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FFE55E2/Important.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FFE55E2 ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FFE55E2 CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FFE7F53 Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Deleted Items/12 Oct 2002 03:44 from Mail Delivery Subsystem:Returned mail: Ca/12 Oct 2002 01:24 from info:Undercuts, and how often do they nee.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\archive.pst Mail MS Mail: suspicious - 1 skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/13 Jul 2004 23:15 from kwk129:Document.write(PPCBBodyPost).rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/13 Jul 2004 01:38 from customer_service:Darling.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/19 Jul 2004 18:22 from News & Info on Book Publishing:Re:/Garry.cpl Infected: Email-Worm.Win32.Bagle.ai skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/24 Jul 2004 17:19 from comments@hairboutique.com:i hope thats no/doc.zip/doc.txt.scr Infected: Email-Worm.Win32.NetSky.c skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/24 Jul 2004 17:19 from comments@hairboutique.com:i hope thats no/doc.zip Infected: Email-Worm.Win32.NetSky.c skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/25 Jul 2004 21:30 from orienta.scpol@unica.it:denied!/swimmingpool.scr Infected: Email-Worm.Win32.NetSky.c skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/28 Jul 2004 15:15 from kurt.grigg@virgin.net:Status/freaky.zip/freaky.htm.scr Infected: Email-Worm.Win32.NetSky.c skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/28 Jul 2004 15:15 from kurt.grigg@virgin.net:Status/freaky.zip Infected: Email-Worm.Win32.NetSky.c skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/08 Aug 2004 00:56 from 800USBanks:New U.S. Bank Security Standar.rtf Infected: Trojan-Spy.HTML.Usbankfraud.f skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/09 Aug 2004 23:33 from nikyusa@msn.com:bob the builder/concert.zip/concert.scr Infected: Email-Worm.Win32.NetSky.c skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/09 Aug 2004 23:33 from nikyusa@msn.com:bob the builder/concert.zip Infected: Email-Worm.Win32.NetSky.c skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/09 Aug 2004 21:13 from pambytes:Hello,info,the Garden of Eden.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/13 Aug 2004 01:21 from ALSLegalDept:SAT Prep.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/12 Aug 2004 14:01 from taotao@163.com:Hey, dude, it's me ^_^ :P/Readme.zip/yfeubmqu.scr Infected: Email-Worm.Win32.Bagle.g skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/12 Aug 2004 14:01 from taotao@163.com:Hey, dude, it's me ^_^ :P/Readme.zip Infected: Email-Worm.Win32.Bagle.g skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/12 Aug 2004 11:57 from Michael Dow:meeting monday at 10-00.rtf Infected: Trojan-Dropper.VBS.Zerolin skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/18 Aug 2004 18:40 from Tracy Frank:meeting thursday at 03-00.rtf Infected: Trojan-Dropper.VBS.Zerolin skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/18 Aug 2004 13:54 from stephen@systemhouse.ie:Re: approved data/data.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/18 Aug 2004 13:54 from stephen@systemhouse.ie:Re: approved data/data.zip Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/17 Aug 2004 23:34 from sryanke51:Have a good Assumption.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/27 Aug 2004 19:14 from noreply@paypal.com:Congratulations!/confirm.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/27 Aug 2004 19:14 from noreply@paypal.com:Congratulations!/confirm.zip Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/28 Aug 2004 11:31 from spoof@paypal.com:Thank you for your email.eml Infected: Trojan-Spy.HTML.Paylap.cf skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/31 Aug 2004 21:25 from Natalia Ferreira:re:our conversation on a.rtf Infected: Trojan-Dropper.VBS.Zerolin skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/01 Sep 2004 18:00 from davenport@online.ora.com:Re: Mail Server/msg.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/01 Sep 2004 18:00 from davenport@online.ora.com:Re: Mail Server/msg.zip Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/01 Sep 2004 18:00 from feedback@hairboutique.com:Re: Re: Documen/your_document.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/01 Sep 2004 12:53 from masterbraider@mindspring.com:Re: Approved/corrected.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/01 Sep 2004 12:53 from masterbraider@mindspring.com:Re: Approved/corrected.zip Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/07 Sep 2004 16:11 from adidascl06:Scratch Tickets. $25,000 Grand.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/06 Sep 2004 18:24 from RLLinHobart:This page to a friend!.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/16 Sep 2004 12:44 from Ophelia Medeirosl:re:appointment monday a.rtf Infected: Trojan-Dropper.VBS.Zerolin skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/15 Sep 2004 14:04 from Sherrie Schmitt:Do you qualify for a Univ.rtf Infected: Trojan-Dropper.VBS.Zerolin skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/14 Sep 2004 17:37 from info:Background.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/22 Sep 2004 15:07 from shanna2312@go.com:Re: Hi/your_file.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/27 Sep 2004 12:20 from sales@birthdayjubilee.com:Re: Your docume/msg_info.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/27 Sep 2004 12:20 from sales@birthdayjubilee.com:Re: Your docume/msg_info.zip Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/30 Sep 2004 15:34 from info@reunionteam.com:Is that your passwor/part6.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/30 Sep 2004 15:34 from info@reunionteam.com:Is that your passwor/part6.zip Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/30 Sep 2004 15:32 from toback@qpw8.hlp:Re: Your archive/your_archive.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/30 Sep 2004 15:13 from anders@nylim.com:Yep/product.scr Infected: Email-Worm.Win32.NetSky.c skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/30 Sep 2004 13:37 from siricefalcon@yahoo.com:important/privacy_sexy.zip/privacy_sexy.txt.exe Infected: Email-Worm.Win32.NetSky.c skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/30 Sep 2004 13:37 from siricefalcon@yahoo.com:important/privacy_sexy.zip Infected: Email-Worm.Win32.NetSky.c skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/03 Oct 2004 16:12 from jennmckeown@hotmail.com:Document/Notice.zip/Notice.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/03 Oct 2004 16:12 from jennmckeown@hotmail.com:Document/Notice.zip Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/08 Oct 2004 13:45 from jokeraf11@hotmail.com:Mail Delivery (fail.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/10 Oct 2004 09:42 from adorablebaybeee@hotmail.com:Mail Delivery.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/09 Oct 2004 23:40 from tinobambino@shaw.ca:Information/Data.zip/Data.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/09 Oct 2004 23:40 from tinobambino@shaw.ca:Information/Data.zip Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/13 Oct 2004 07:34 from kma7731@yahoo.co.kr:I cannot forget you!/photo.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/13 Oct 2004 07:34 from kma7731@yahoo.co.kr:I cannot forget you!/photo.zip Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/14 Oct 2004 08:17 from ameya_oak@rediffmail.com:Mail Delivery (f.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/06 Apr 2004 12:47 from changeme@lastminute.com:Mail Delivery (fa.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/23 Sep 2004 13:57 from masterbraider@mindspring.com:Re: Your let/your_letter.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Sent Items/28 Aug 2004 11:29 to 'spoof@paypal.com':FW: Congratulations!/confirm.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Sent Items/28 Aug 2004 11:29 to 'spoof@paypal.com':FW: Congratulations!/confirm.zip Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Mail MS Mail: infected - 44, suspicious - 12 skipped
C:\Documents and Settings\Rhonni\Application Data\Mozilla\Firefox\Profiles\z2ymyj8r.default\cert8.db Object is locked skipped
C:\Documents and Settings\Rhonni\Application Data\Mozilla\Firefox\Profiles\z2ymyj8r.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Rhonni\Application Data\Mozilla\Firefox\Profiles\z2ymyj8r.default\history.dat Object is locked skipped
C:\Documents and Settings\Rhonni\Application Data\Mozilla\Firefox\Profiles\z2ymyj8r.default\key3.db Object is locked skipped
C:\Documents and Settings\Rhonni\Application Data\Mozilla\Firefox\Profiles\z2ymyj8r.default\parent.lock Object is locked skipped
C:\Documents and Settings\Rhonni\Application Data\Mozilla\Firefox\Profiles\z2ymyj8r.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Rhonni\Application Data\Mozilla\Firefox\Profiles\z2ymyj8r.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Rhonni\Cookies\index.dat Object is locked skipped
 
Kaspersky results, part 16

C:\Documents and Settings\Rhonni\Local Settings\Application Data\Identities\{EB187F76-71F6-4642-90B5-A8593A810903}\Microsoft\Outlook Express\Deleted Items.dbx/[From <lookjed@MAIL.BIU.AC.IL>][Date Tue, 3 Jun 2003 13:29:15 --0400]/document.pif Infected: Email-Worm.Win32.Sobig.c skipped
C:\Documents and Settings\Rhonni\Local Settings\Application Data\Identities\{EB187F76-71F6-4642-90B5-A8593A810903}\Microsoft\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: infected - 1 skipped
C:\Documents and Settings\Rhonni\Local Settings\Application Data\Identities\{F214C960-4C79-11D5-8B83-E6887A8A3B53}\Microsoft\Outlook Express\Paypal.dbx/[From service <service@paypal.com>][Date Mon, 07 Mar 2005 19:28:38 -0800]/html Infected: Trojan-Spy.HTML.Paylap.n skipped
C:\Documents and Settings\Rhonni\Local Settings\Application Data\Identities\{F214C960-4C79-11D5-8B83-E6887A8A3B53}\Microsoft\Outlook Express\Paypal.dbx/[From "PayPal" <service@paypal.com>][Date Sat, 19 Nov 2005 18:52:13 -0700]/html Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\Rhonni\Local Settings\Application Data\Identities\{F214C960-4C79-11D5-8B83-E6887A8A3B53}\Microsoft\Outlook Express\Paypal.dbx/[From PayPal <service@paypal.com>][Date 28 May 2006 20:45:51 +0200]/html Infected: Trojan-Spy.HTML.Paylap.iy skipped
C:\Documents and Settings\Rhonni\Local Settings\Application Data\Identities\{F214C960-4C79-11D5-8B83-E6887A8A3B53}\Microsoft\Outlook Express\Paypal.dbx Mail MS Outlook 5: infected - 3 skipped
C:\Documents and Settings\Rhonni\Local Settings\Application Data\Microsoft\Outlook\old outlook.pst/Personal Folders/Deleted Items/31 Jan 2004 02:44 from dan@scaa.org:hi/jrjfeg.pif Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Documents and Settings\Rhonni\Local Settings\Application Data\Microsoft\Outlook\old outlook.pst/Personal Folders/Deleted Items/31 Jan 2004 08:47 from joe@att.net:Test/imd.zip/imd.scr Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Documents and Settings\Rhonni\Local Settings\Application Data\Microsoft\Outlook\old outlook.pst/Personal Folders/Deleted Items/31 Jan 2004 08:47 from joe@att.net:Test/imd.zip Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Documents and Settings\Rhonni\Local Settings\Application Data\Microsoft\Outlook\old outlook.pst/Personal Folders/Deleted Items/31 Jan 2004 20:44 from julie@pgtc.com:Mail Delivery System/mihyg.zip/mihyg.scr Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Documents and Settings\Rhonni\Local Settings\Application Data\Microsoft\Outlook\old outlook.pst/Personal Folders/Deleted Items/31 Jan 2004 20:44 from julie@pgtc.com:Mail Delivery System/mihyg.zip Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Documents and Settings\Rhonni\Local Settings\Application Data\Microsoft\Outlook\old outlook.pst/Personal Folders/Deleted Items/01 Feb 2004 15:12 from alex@yahoo.com/document.exe Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Documents and Settings\Rhonni\Local Settings\Application Data\Microsoft\Outlook\old outlook.pst/Personal Folders/Deleted Items/02 Feb 2004 15:58 from sam@aol.com:peigiefovrfxdfuma/file.zip/file.htm .pif Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Documents and Settings\Rhonni\Local Settings\Application Data\Microsoft\Outlook\old outlook.pst/Personal Folders/Deleted Items/02 Feb 2004 15:58 from sam@aol.com:peigiefovrfxdfuma/file.zip Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Documents and Settings\Rhonni\Local Settings\Application Data\Microsoft\Outlook\old outlook.pst/Personal Folders/Deleted Items/03 Feb 2004 16:07 from adam@ifairtrade.net:hi/ozntifc.zip/ozntifc.pif Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Documents and Settings\Rhonni\Local Settings\Application Data\Microsoft\Outlook\old outlook.pst/Personal Folders/Deleted Items/03 Feb 2004 16:07 from adam@ifairtrade.net:hi/ozntifc.zip Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Documents and Settings\Rhonni\Local Settings\Application Data\Microsoft\Outlook\old outlook.pst/Personal Folders/Deleted Items/09 Feb 2004 06:47 from jboswell99@yahoo.com:xsxfogjqidgvcvy/readme.zip/readme.pif Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Documents and Settings\Rhonni\Local Settings\Application Data\Microsoft\Outlook\old outlook.pst/Personal Folders/Deleted Items/09 Feb 2004 06:47 from jboswell99@yahoo.com:xsxfogjqidgvcvy/readme.zip Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Documents and Settings\Rhonni\Local Settings\Application Data\Microsoft\Outlook\old outlook.pst/Personal Folders/Deleted Items/09 Feb 2004 18:06 from System Administrator:Undeliverable: /10 Feb 2004 01:33 from rhonni@hairbraiding.com/text.zip/text.scr Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Documents and Settings\Rhonni\Local Settings\Application Data\Microsoft\Outlook\old outlook.pst/Personal Folders/Deleted Items/09 Feb 2004 18:06 from System Administrator:Undeliverable: /10 Feb 2004 01:33 from rhonni@hairbraiding.com/text.zip Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Documents and Settings\Rhonni\Local Settings\Application Data\Microsoft\Outlook\old outlook.pst/Personal Folders/Deleted Items/11 Feb 2004 12:59 from rddrgk@yahoo.com/document.zip/document.exe Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Documents and Settings\Rhonni\Local Settings\Application Data\Microsoft\Outlook\old outlook.pst/Personal Folders/Deleted Items/11 Feb 2004 12:59 from rddrgk@yahoo.com/document.zip Infected: Email-Worm.Win32.Mydoom.a skipped
C:\Documents and Settings\Rhonni\Local Settings\Application Data\Microsoft\Outlook\old outlook.pst/Personal Folders/Inbox/12 Oct 2002 03:44 from Mail Delivery Subsystem:Returned mail: Ca/12 Oct 2002 01:24 from info:Undercuts, and how often do they nee.html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Rhonni\Local Settings\Application Data\Microsoft\Outlook\old outlook.pst Mail MS Mail: infected - 16, suspicious - 1 skipped
C:\Documents and Settings\Rhonni\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Rhonni\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
 
Kaspersky results, part 17

C:\Documents and Settings\Rhonni\Local Settings\Application Data\Mozilla\Firefox\Profiles\z2ymyj8r.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Rhonni\Local Settings\Application Data\Mozilla\Firefox\Profiles\z2ymyj8r.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Rhonni\Local Settings\Application Data\Mozilla\Firefox\Profiles\z2ymyj8r.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Rhonni\Local Settings\Application Data\Mozilla\Firefox\Profiles\z2ymyj8r.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Rhonni\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Rhonni\Local Settings\Temp\~DF533A.tmp Object is locked skipped
C:\Documents and Settings\Rhonni\Local Settings\Temp\~DF6B51.tmp Object is locked skipped
C:\Documents and Settings\Rhonni\Local Settings\Temp\~DF8EE1.tmp Object is locked skipped
C:\Documents and Settings\Rhonni\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/13 Jul 2004 01:38 from customer_service:Darling.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/13 Jul 2004 23:15 from kwk129:Document.write(PPCBBodyPost).rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/19 Jul 2004 18:22 from News & Info on Book Publishing:Re:/Garry.cpl Infected: Email-Worm.Win32.Bagle.ai skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/24 Jul 2004 17:19 from comments@hairboutique.com:i hope thats no/doc.zip/doc.txt.scr Infected: Email-Worm.Win32.NetSky.c skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/24 Jul 2004 17:19 from comments@hairboutique.com:i hope thats no/doc.zip Infected: Email-Worm.Win32.NetSky.c skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/25 Jul 2004 21:30 from orienta.scpol@unica.it:denied!/swimmingpool.scr Infected: Email-Worm.Win32.NetSky.c skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/28 Jul 2004 15:15 from kurt.grigg@virgin.net:Status/freaky.zip/freaky.htm.scr Infected: Email-Worm.Win32.NetSky.c skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/28 Jul 2004 15:15 from kurt.grigg@virgin.net:Status/freaky.zip Infected: Email-Worm.Win32.NetSky.c skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/08 Aug 2004 00:56 from 800USBanks:New U.S. Bank Security Standar.rtf Infected: Trojan-Spy.HTML.Usbankfraud.f skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/09 Aug 2004 21:13 from pambytes:Hello,info,the Garden of Eden.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/09 Aug 2004 23:33 from nikyusa@msn.com:bob the builder/concert.zip/concert.scr Infected: Email-Worm.Win32.NetSky.c skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/09 Aug 2004 23:33 from nikyusa@msn.com:bob the builder/concert.zip Infected: Email-Worm.Win32.NetSky.c skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/12 Aug 2004 11:57 from Michael Dow:meeting monday at 10-00.rtf Infected: Trojan-Dropper.VBS.Zerolin skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/12 Aug 2004 14:01 from taotao@163.com:Hey, dude, it's me ^_^ :P/Readme.zip/yfeubmqu.scr Infected: Email-Worm.Win32.Bagle.g skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/12 Aug 2004 14:01 from taotao@163.com:Hey, dude, it's me ^_^ :P/Readme.zip Infected: Email-Worm.Win32.Bagle.g skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/13 Aug 2004 01:21 from ALSLegalDept:SAT Prep.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/17 Aug 2004 23:34 from sryanke51:Have a good Assumption.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/18 Aug 2004 13:54 from stephen@systemhouse.ie:Re: approved data/data.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/18 Aug 2004 13:54 from stephen@systemhouse.ie:Re: approved data/data.zip Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/18 Aug 2004 18:40 from Tracy Frank:meeting thursday at 03-00.rtf Infected: Trojan-Dropper.VBS.Zerolin skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/27 Aug 2004 19:14 from noreply@paypal.com:Congratulations!/confirm.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/27 Aug 2004 19:14 from noreply@paypal.com:Congratulations!/confirm.zip Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/28 Aug 2004 11:31 from spoof@paypal.com:Thank you for your email.eml Infected: Trojan-Spy.HTML.Paylap.cf skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/31 Aug 2004 21:25 from Natalia Ferreira:re:our conversation on a.rtf Infected: Trojan-Dropper.VBS.Zerolin skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/01 Sep 2004 12:53 from masterbraider@mindspring.com:Re: Approved/corrected.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/01 Sep 2004 12:53 from masterbraider@mindspring.com:Re: Approved/corrected.zip Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/01 Sep 2004 18:00 from feedback@hairboutique.com:Re: Re: Documen/your_document.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/01 Sep 2004 18:00 from davenport@online.ora.com:Re: Mail Server/msg.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/01 Sep 2004 18:00 from davenport@online.ora.com:Re: Mail Server/msg.zip Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/06 Sep 2004 18:24 from RLLinHobart:This page to a friend!.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/07 Sep 2004 16:11 from adidascl06:Scratch Tickets. $25,000 Grand.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/14 Sep 2004 17:37 from info:Background.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/15 Sep 2004 14:04 from Sherrie Schmitt:Do you qualify for a Univ.rtf Infected: Trojan-Dropper.VBS.Zerolin skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/16 Sep 2004 12:44 from Ophelia Medeirosl:re:appointment monday a.rtf Infected: Trojan-Dropper.VBS.Zerolin skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/22 Sep 2004 15:07 from shanna2312@go.com:Re: Hi/your_file.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/27 Sep 2004 12:20 from sales@birthdayjubilee.com:Re: Your docume/msg_info.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/27 Sep 2004 12:20 from sales@birthdayjubilee.com:Re: Your docume/msg_info.zip Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/30 Sep 2004 13:37 from siricefalcon@yahoo.com:important/privacy_sexy.zip/privacy_sexy.txt.exe Infected: Email-Worm.Win32.NetSky.c skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/30 Sep 2004 13:37 from siricefalcon@yahoo.com:important/privacy_sexy.zip Infected: Email-Worm.Win32.NetSky.c skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/30 Sep 2004 15:13 from anders@nylim.com:Yep/product.scr Infected: Email-Worm.Win32.NetSky.c skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/30 Sep 2004 15:32 from toback@qpw8.hlp:Re: Your archive/your_archive.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/30 Sep 2004 15:34 from info@reunionteam.com:Is that your passwor/part6.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/30 Sep 2004 15:34 from info@reunionteam.com:Is that your passwor/part6.zip Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/03 Oct 2004 16:12 from jennmckeown@hotmail.com:Document/Notice.zip/Notice.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/03 Oct 2004 16:12 from jennmckeown@hotmail.com:Document/Notice.zip Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/08 Oct 2004 13:45 from jokeraf11@hotmail.com:Mail Delivery (fail.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/09 Oct 2004 23:40 from tinobambino@shaw.ca:Information/Data.zip/Data.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/09 Oct 2004 23:40 from tinobambino@shaw.ca:Information/Data.zip Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/10 Oct 2004 09:42 from adorablebaybeee@hotmail.com:Mail Delivery.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/13 Oct 2004 07:34 from kma7731@yahoo.co.kr:I cannot forget you!/photo.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/13 Oct 2004 07:34 from kma7731@yahoo.co.kr:I cannot forget you!/photo.zip Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Deleted Items/14 Oct 2004 08:17 from ameya_oak@rediffmail.com:Mail Delivery (f.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Inbox/06 Apr 2004 12:47 from changeme@lastminute.com:Mail Delivery (fa.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Inbox/23 Sep 2004 13:57 from masterbraider@mindspring.com:Re: Your let/your_letter.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Sent Items/28 Aug 2004 11:29 to 'spoof@paypal.com':FW: Congratulations!/confirm.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst/Personal Folders/Sent Items/28 Aug 2004 11:29 to 'spoof@paypal.com':FW: Congratulations!/confirm.zip Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Rhonni\My Documents\backup.pst Mail MS Mail: infected - 44, suspicious - 12 skipped
C:\Documents and Settings\Rhonni\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Rhonni\ntuser.dat.LOG Object is locked skipped
 
Kaspersky results, part 18

C:\Program Files\CA\SharedComponents\PPRT\logs\2008-01-20.csv Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\LOG\ERRORLOG Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\edaluybm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\edcA01\edcA011065.exe.vir Infected: Trojan-Downloader.Win32.VB.caw skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\jzebpxpw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\pmnkhfd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dlm skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\windows.vir Infected: Trojan.Win32.Zapchast.dt skipped
C:\QooBox\Quarantine\catchme2008-01-19_171454.45.zip/jzebpxpw.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\QooBox\Quarantine\catchme2008-01-19_171454.45.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP789\A0153515.exe Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP791\A0161619.exe Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP791\A0161629.exe Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP791\A0161640.exe Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP791\A0163650.exe Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP791\A0163658.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP791\A0163663.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP791\A0163664.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP791\A0163665.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP791\A0163668.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dlm skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP791\A0163703.exe Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP794\A0165735.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP794\A0165738.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dlm skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP794\A0165748.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP794\A0165752.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP795\A0165809.exe Infected: Trojan-Downloader.Win32.VB.caw skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP795\change.log Object is locked skipped
C:\VundoFix Backups\bixlbkil.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\VundoFix Backups\pmnkhfd.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.dlm skipped
C:\VundoFix Backups\qifqvatv.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\VundoFix Backups\sjfibavb.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\VundoFix Backups\utxofxkg.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\VundoFix Backups\yaywxxw.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.dlm skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_608.dat Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP795\change.log Object is locked skipped

Scan process completed.
 
Hi

Empty these folders:

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine

C:\QooBox\Quarantine\

C:\VundoFix Backups

Delete these (unless you need them):

C:\Documents and Settings\Rhonni\My Documents\backup.pst

C:\Documents and Settings\Rhonni\Local Settings\Application Data\Microsoft\Outlook\old outlook.pst

C:\Documents and Settings\Rhonn1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst

Empty Recycle Bin

Delete Deleted Items in Outlook for Rhonni.

Re-scan with kaspersky.

Post:

- a fresh HijackThis log
- kaspersky report
 
fresh hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:37:28 PM, on 1/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\Rhonn1.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weightwatchers.com/commu...ys&viewchange=LASTPOSTDESC&setviewHidden=TRUE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe (file missing)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144371875335
O16 - DPF: {7411047A-48E1-4EC9-8AC1-088087AD368F} (QuickBooks GLDownload Control) - https://cbspayroll.intuit.com/NetPay/QBGL/GLDownload.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/546...img/operations/symbizpr/xcontrol/SymDlBrg.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPCtlPriv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

--
End of file - 9799 bytes
 
Kaspersky results, part 1

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, January 20, 2008 5:35:59 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/01/2008
Kaspersky Anti-Virus database records: 524777
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 108172
Number of viruses found: 8
Number of infected objects: 17
Number of suspicious objects: 0
Duration of the scan process: 01:35:42

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12162006-103705.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Rhonni\Application Data\Mozilla\Firefox\Profiles\z2ymyj8r.default\cert8.db Object is locked skipped
C:\Documents and Settings\Rhonni\Application Data\Mozilla\Firefox\Profiles\z2ymyj8r.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Rhonni\Application Data\Mozilla\Firefox\Profiles\z2ymyj8r.default\history.dat Object is locked skipped
C:\Documents and Settings\Rhonni\Application Data\Mozilla\Firefox\Profiles\z2ymyj8r.default\key3.db Object is locked skipped
C:\Documents and Settings\Rhonni\Application Data\Mozilla\Firefox\Profiles\z2ymyj8r.default\parent.lock Object is locked skipped
C:\Documents and Settings\Rhonni\Application Data\Mozilla\Firefox\Profiles\z2ymyj8r.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Rhonni\Application Data\Mozilla\Firefox\Profiles\z2ymyj8r.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Rhonni\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Rhonni\Local Settings\Application Data\Identities\{EB187F76-71F6-4642-90B5-A8593A810903}\Microsoft\Outlook Express\Deleted Items.dbx/[From <lookjed@MAIL.BIU.AC.IL>][Date Tue, 3 Jun 2003 13:29:15 --0400]/document.pif Infected: Email-Worm.Win32.Sobig.c skipped
C:\Documents and Settings\Rhonni\Local Settings\Application Data\Identities\{EB187F76-71F6-4642-90B5-A8593A810903}\Microsoft\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: infected - 1 skipped
C:\Documents and Settings\Rhonni\Local Settings\Application Data\Identities\{F214C960-4C79-11D5-8B83-E6887A8A3B53}\Microsoft\Outlook Express\Paypal.dbx/[From service <service@paypal.com>][Date Mon, 07 Mar 2005 19:28:38 -0800]/html Infected: Trojan-Spy.HTML.Paylap.n skipped
C:\Documents and Settings\Rhonni\Local Settings\Application Data\Identities\{F214C960-4C79-11D5-8B83-E6887A8A3B53}\Microsoft\Outlook Express\Paypal.dbx/[From "PayPal" <service@paypal.com>][Date Sat, 19 Nov 2005 18:52:13 -0700]/html Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\Rhonni\Local Settings\Application Data\Identities\{F214C960-4C79-11D5-8B83-E6887A8A3B53}\Microsoft\Outlook Express\Paypal.dbx/[From PayPal <service@paypal.com>][Date 28 May 2006 20:45:51 +0200]/html Infected: Trojan-Spy.HTML.Paylap.iy skipped
C:\Documents and Settings\Rhonni\Local Settings\Application Data\Identities\{F214C960-4C79-11D5-8B83-E6887A8A3B53}\Microsoft\Outlook Express\Paypal.dbx Mail MS Outlook 5: infected - 3 skipped
C:\Documents and Settings\Rhonni\Local Settings\Application Data\Microsoft\Business Contact Manager\MSBusinessContactManager2.ldf Object is locked skipped
C:\Documents and Settings\Rhonni\Local Settings\Application Data\Microsoft\Business Contact Manager\MSBusinessContactManager2.mdf Object is locked skipped
C:\Documents and Settings\Rhonni\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Rhonni\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Rhonni\Local Settings\Application Data\Mozilla\Firefox\Profiles\z2ymyj8r.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Rhonni\Local Settings\Application Data\Mozilla\Firefox\Profiles\z2ymyj8r.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Rhonni\Local Settings\Application Data\Mozilla\Firefox\Profiles\z2ymyj8r.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Rhonni\Local Settings\Application Data\Mozilla\Firefox\Profiles\z2ymyj8r.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Rhonni\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Rhonni\Local Settings\Temp\~DF1DDD.tmp Object is locked skipped
C:\Documents and Settings\Rhonni\Local Settings\Temp\~DF533A.tmp Object is locked skipped
C:\Documents and Settings\Rhonni\Local Settings\Temp\~DF6B51.tmp Object is locked skipped
C:\Documents and Settings\Rhonni\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Rhonni\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Rhonni\ntuser.dat.LOG Object is locked skipped
C:\Program Files\CA\SharedComponents\PPRT\logs\2008-01-20.csv Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\LOG\ERRORLOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP789\A0153515.exe Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP791\A0163658.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP791\A0163663.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP791\A0163664.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP791\A0163665.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP791\A0163668.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dlm skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP794\A0165735.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP794\A0165738.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dlm skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP794\A0165748.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP794\A0165752.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP795\A0165809.exe Infected: Trojan-Downloader.Win32.VB.caw skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP795\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_608.dat Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP795\change.log Object is locked skipped

Scan process completed.
 
Hi

Yes, that's a good sign :)

Empty Deleted items for this user:

C:\Documents and Settings\Rhonni\Local Settings\Application Data\Identities\{EB187F76-71F6-4642-90B5-A8593A810903}\Microsoft\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: infected - 1 skipped

All other viruses are in system restore and inactive.

I give you later instructions how to empty it.

Other than that, any problems left?
 
I deleted the deleted items for this user, but I did not know what to do with the next item: The Mail MS Outlook 5: infected - 1 skipped

C:\Documents and Settings\Rhonni\Local Settings\Application Data\Identities\{EB187F76-71F6-4642-90B5-A8593A810903}\Microsoft\Outlook Express\Deleted Items.dbx
Mail MS Outlook 5: infected - 1 skipped

The only other symptom (and this started showing up with the infection, not as a result of the repairs), is that every time I launch any piece of MS Office, I get prompted to install and insert the CD Rom. When I am using Outlook Express, I get this "Windows is Preparing to Install" with each different email that I open. Other programs it seems only to want to install 2 to 5 times while I am opening the program.
 
Hi

"but I did not know what to do with the next item: The Mail MS Outlook 5: infected - 1 skipped"

You can skip that :)

As for another problem, see here
 
Thanks!

Hello Shaba,

The link from Microsoft does not have a clear follow through. (it says to follow a link and download orktools.exe, but orktools.exe is not found at the link provided.)
I am running office small business edition 2003, and I have posted my problem to the MS office forums in hopes that someone has an answer (other than reloading office 2003).

Other than that small annoyance, everything seems to be running well.
 
Hi

Try this then:

Please click Start > Run and type in: services.msc
Click OK
In the Services window find: Windows Installer
Select/highlight and right click the entry, and choose: Properties
Beside: Startup Type, in the drop menu, select: Manual
Click Apply, then OK

Reboot.

Does it help?
 
No

It didn't help.
It was already set to Manual, but I went through the steps anyway.
After reboot I tested it by opening Outlook, and the installer window still pops up.
 
Only this ...

Thank You

Thank You

Thank You ...


Shall I come to Finland and cook you a nice dinner?


truthfully,
I cannot thank you enough for your help!
 
Hi

Then you're clean!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Remove MS Java and install Sun Java, see

Next we remove all used tools.

Please download OTMoveIt and save it to desktop.
  • Double-click OTMoveIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet, please allow it to do so.

  • Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and re-enable system restore here:

    Windows XP System Restore Guide

Re-enable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
  • Comodo BOCLEAN <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
  • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
    Using Winpatrol to protect your computer from malicious software

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean! :bigthumb:
 
You must log in or register to reply here.
Back
Top