iamthetboz
New member
Oh yeah, also C:/i386 is NOT on the computer.
Win Anti Spy Ware
- Thread starter iamthetboz
- Start date
- Status
Nope, lots of information at Google though:
http://www.google.com/search?hl=en&...ked+a+portion+of+the+file'&btnG=Google+Search
I just clicked on all three of those links and have access to all?
http://www.virustotal.com/ >>> Upload a file
You understand you have to browse with Windows Explorer to the location of the file:
C:\WINDOWS\system32\drivers\tcpip.sys and when it is in the upload box, you click on "Send Files" correct?
It only takes a few moments to get a report. If the file is infected you have a problem. No CD and no C:/i386 <<< backups.
Try using Start > Search > All Files and Folders and search for tcpip.sys to see if it is anywhere else on your OS.
(make sure all files and folders are unhidden)
http://www.xtra.co.nz/help/0,,4155-1916458,00.html
C:\WINDOWS\system32\dllcache\tcpip.sys <<< it is possible a copy of that file is there. If so, then you can right click it and copy, they right click it and paste it to here:
C:\WINDOWS\system32\drivers\ <<< At that point you should get a message about the files being there and do you want to replace it and the answer would be yes.
DO NOT cut and move that file from where it is!!
Hope I am explaining this OK, you are taking me way out of my malware removal area.
You understand the problem you have if that file is infected and you don't have one to replace it with, and you don't have the CD to reinstall windows, YES?
One option I can think of would be to ask a freind with the same OS to lend the CD or allow you to make a copy of the file. I also found this information but it is new to me:
http://www.google.com/search?hl=en&q=download+tcpip.sys&btnG=Search
Thanks
http://www.google.com/search?hl=en&...ked+a+portion+of+the+file'&btnG=Google+Search
I just clicked on all three of those links and have access to all?
http://www.virustotal.com/ >>> Upload a file
You understand you have to browse with Windows Explorer to the location of the file:
C:\WINDOWS\system32\drivers\tcpip.sys and when it is in the upload box, you click on "Send Files" correct?
It only takes a few moments to get a report. If the file is infected you have a problem. No CD and no C:/i386 <<< backups.
Try using Start > Search > All Files and Folders and search for tcpip.sys to see if it is anywhere else on your OS.
(make sure all files and folders are unhidden)
http://www.xtra.co.nz/help/0,,4155-1916458,00.html
C:\WINDOWS\system32\dllcache\tcpip.sys <<< it is possible a copy of that file is there. If so, then you can right click it and copy, they right click it and paste it to here:
C:\WINDOWS\system32\drivers\ <<< At that point you should get a message about the files being there and do you want to replace it and the answer would be yes.
DO NOT cut and move that file from where it is!!
Hope I am explaining this OK, you are taking me way out of my malware removal area.
You understand the problem you have if that file is infected and you don't have one to replace it with, and you don't have the CD to reinstall windows, YES?
One option I can think of would be to ask a freind with the same OS to lend the CD or allow you to make a copy of the file. I also found this information but it is new to me:
http://www.google.com/search?hl=en&q=download+tcpip.sys&btnG=Search
Thanks
iamthetboz
New member
Yes I browsed to the file and try to upload for the scan using IE. But got the same result from all three sites. I think the file is causing the problem. I'll try to find it in other locations like you say.
Thanks,
-Tboz
Thanks,
-Tboz
iamthetboz
New member
I found it in a couple other places but I can't copy and paste into the drivers folder. It gives me that 'another process has locked a portion of the file' message. I'm thinking maybe I should just get my files that I want off the hard drive and reinstall windows. Get a clean start with a copy of XP that I physically have. The only thing I was worried about is losing files. But I can get them now. What do you think? I know you won't make decisions for me, but what would you do in this situation?
Thanks,
-Tboz
Thanks,
-Tboz
Whoa...if this was my computer, I would have reformatted day ago. See if this information helps you:
http://support.microsoft.com/kb/308421
Thanks
http://support.microsoft.com/kb/308421
Thanks
iamthetboz
New member
Well that worked! Once I changed the security on that file I was able to scan it on all three sites and they all passed as non-infected. Should I run combofix again?
Thanks,
-Tyler
P.S. I think I'll reformat eventually but I'm kind of dealing with a time crunch. Getting married in two weeks and having brain surgery in three!
Thanks,
-Tyler
P.S. I think I'll reformat eventually but I'm kind of dealing with a time crunch. Getting married in two weeks and having brain surgery in three!
iamthetboz
New member
I ran combofix again. Here is the log report. Let me know what you think.
-Tboz
ComboFix 07-08-04.3 - "SaraS" 2007-08-06 20:27:47.2 CScript Error: Can't find script engine "VBScript" for script "C:\ComboFix\timezone.vbs". - NTFS
CScript Error: Can't find script engine "VBScript" for script "C:\ComboFix\osid.vbs".
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\SaraS\APPLIC~1.\ymbols~1
C:\DOCUME~1\SaraS\Desktop\internet.lnk
((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 )))))))))))))))))))))))))))))))
2007-08-05 20:38 <DIR> d-------- C:\i386
2007-08-05 20:27 14,336 --a--c--- C:\WINDOWS\system32\dllcache\iisreset.exe
2007-08-05 16:47 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-05 16:46 1,408,582 --a------ C:\ComboFix.exe
2007-08-04 17:58 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-07-31 22:45 93,696 --a------ C:\WINDOWS\system32\drvsat.dll
2007-07-31 22:30 125,504 --a--c--- C:\WINDOWS\system32\bhipvpus.dll
2007-07-31 19:44 70,312 --a------ C:\Program Files\codec_setup.exe
2007-07-31 16:30 168,960 --a------ C:\WINDOWS\system32\drivers\Qie28.sys
2007-07-31 16:17 7,968 --a------ C:\WINDOWS\system32\wdfmzrx.exe
2007-07-31 16:17 43,526 --a------ C:\WINDOWS\wdfmzrx.exe
2007-07-31 16:17 168,960 --a------ C:\WINDOWS\system32\drivers\Xrx49.sys
2007-07-31 16:17 168,960 --a------ C:\WINDOWS\system32\drivers\symavc32.sys
2007-07-31 16:11 9,769 --a------ C:\WINDOWS\gsvjy0578.exe
2007-07-28 16:03 8,704 --a--c--- C:\WINDOWS\system32\dllcache\kbdjpn.dll
2007-07-28 16:03 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-07-28 16:03 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdkor.dll
2007-07-28 16:03 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-07-28 16:03 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd106.dll
2007-07-28 16:03 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101c.dll
2007-07-28 16:03 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101b.dll
2007-07-28 16:03 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-07-28 16:03 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-07-28 16:03 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-07-28 16:03 5,632 --a--c--- C:\WINDOWS\system32\dllcache\kbd103.dll
2007-07-28 16:03 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-07-24 12:06 <DIR> d-------- C:\DOCUME~1\Tyler\APPLIC~1\MySpace
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-05 21:08 375168 --a--c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2007-08-05 19:49 --------- d-------- C:\DOCUME~1\SaraS\APPLIC~1\Aim
2007-07-31 16:16 --------- d-------- C:\Program Files\Windows NT
2007-07-28 21:34 --------- d-------- C:\Program Files\MSN Messenger
2007-07-28 04:06 135 --a------ C:\Program Files\page.html
2007-07-26 20:23 --------- d-------- C:\Program Files\OpenOffice.org1.1.1
2007-07-26 15:32 --------- d-------- C:\DOCUME~1\SaraS\APPLIC~1\Azureus
2007-07-07 15:35 2983 --a------ C:\WINDOWS\mozver.dat
2007-07-07 14:52 --------- d-------- C:\DOCUME~1\SaraS\APPLIC~1\Canon
2007-07-05 00:07 --------- d-------- C:\DOCUME~1\SaraS\APPLIC~1\Walgreens
2007-07-05 00:06 --------- d-------- C:\DOCUME~1\SaraS\APPLIC~1\Simple Star
2007-07-05 00:05 --------- d-------- C:\Program Files\Walgreens
2007-06-25 08:54 53248 --a------ C:\WINDOWS\uni_eh44.exe
2007-06-25 08:53 53248 --a------ C:\WINDOWS\uninst1014.exe
2007-06-06 03:28 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-06-03 20:21 8326 --a------ C:\WINDOWS\extend.dat
2007-05-16 10:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 10:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 10:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 10:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 10:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 10:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-03-06 22:15 1201917 --a------ C:\Program Files\wrar37b4.exe
2007-03-06 22:14 25755448 --a------ C:\Program Files\wmp11-windowsxp-x86-enu.exe
2007-03-06 20:06 6006304 --a------ C:\Program Files\Firefox Setup 2.0.0.2.exe
2006-12-02 20:05 2522 --a------ C:\Program Files\func.js
2006-11-25 02:57 482 --a------ C:\Program Files\Del.js
2006-06-08 02:02 2048 --a------ C:\Program Files\func.exe
2006-01-22 14:25 112729 --a------ C:\Program Files\cddrv224.zip
2006-01-22 14:06 7180311 --a------ C:\Program Files\HandBrake-0.7.0-GUIAndCLI-20060115.zip
2001-09-27 18:51 44779 --a------ C:\Program Files\NLDS1XXW.INF
2001-08-27 16:40 940606 --a------ C:\Program Files\data1.cab
2001-08-27 16:40 526 --a------ C:\Program Files\layout.bin
2001-08-27 16:40 36731 --a------ C:\Program Files\data1.hdr
2001-08-27 16:40 296 --a------ C:\Program Files\Setup.ini
2001-08-27 16:40 1409627 --a------ C:\Program Files\data2.cab
2001-08-24 05:44 2632 --a------ C:\Program Files\YDSXGDK.INF
2001-06-13 09:41 142209 --a------ C:\Program Files\setup.inx
2000-11-14 02:05 131072 --a------ C:\Program Files\dsuninst.exe
2000-10-30 13:00 141 --a------ C:\Program Files\setup.inf
2000-05-16 15:36 139264 --a------ C:\Program Files\Setup.exe
2000-05-14 19:17 335626 --a------ C:\Program Files\ikernel.ex_
2000-04-01 22:00 1073 --a------ C:\Program Files\YDSXGDK.CAT
2000-04-01 22:00 1073 --a------ C:\Program Files\YDSDEV.CAT
1999-04-02 12:16 2417445 --a------ C:\Program Files\Dsxgwave.tbl
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]
"AtiPTA"="atiptaxx.exe" [2001-09-26 22:39 C:\WINDOWS\system32\atiptaxx.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-12-27 19:01]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 18:50]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-21 20:30]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 01:14]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 14:19]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 18:51]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe" [2005-05-19 16:59]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6fc94ea-c64a-11da-9c33-005022491f7c}]
AutoRun\command- E:\JDLightning\Windows\JDLightning.exe
Contents of the 'Scheduled Tasks' folder
2007-08-06 15:57:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-06 20:33:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
**************************************************************************
Completion time: 2007-08-06 20:35:52
C:\ComboFix-quarantined-files.txt ... 2007-08-06 20:34
C:\ComboFix2.txt ... 2007-08-05 17:08
--- E O F ---
-Tboz
ComboFix 07-08-04.3 - "SaraS" 2007-08-06 20:27:47.2 CScript Error: Can't find script engine "VBScript" for script "C:\ComboFix\timezone.vbs". - NTFS
CScript Error: Can't find script engine "VBScript" for script "C:\ComboFix\osid.vbs".
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\SaraS\APPLIC~1.\ymbols~1
C:\DOCUME~1\SaraS\Desktop\internet.lnk
((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 )))))))))))))))))))))))))))))))
2007-08-05 20:38 <DIR> d-------- C:\i386
2007-08-05 20:27 14,336 --a--c--- C:\WINDOWS\system32\dllcache\iisreset.exe
2007-08-05 16:47 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-05 16:46 1,408,582 --a------ C:\ComboFix.exe
2007-08-04 17:58 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-07-31 22:45 93,696 --a------ C:\WINDOWS\system32\drvsat.dll
2007-07-31 22:30 125,504 --a--c--- C:\WINDOWS\system32\bhipvpus.dll
2007-07-31 19:44 70,312 --a------ C:\Program Files\codec_setup.exe
2007-07-31 16:30 168,960 --a------ C:\WINDOWS\system32\drivers\Qie28.sys
2007-07-31 16:17 7,968 --a------ C:\WINDOWS\system32\wdfmzrx.exe
2007-07-31 16:17 43,526 --a------ C:\WINDOWS\wdfmzrx.exe
2007-07-31 16:17 168,960 --a------ C:\WINDOWS\system32\drivers\Xrx49.sys
2007-07-31 16:17 168,960 --a------ C:\WINDOWS\system32\drivers\symavc32.sys
2007-07-31 16:11 9,769 --a------ C:\WINDOWS\gsvjy0578.exe
2007-07-28 16:03 8,704 --a--c--- C:\WINDOWS\system32\dllcache\kbdjpn.dll
2007-07-28 16:03 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-07-28 16:03 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdkor.dll
2007-07-28 16:03 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-07-28 16:03 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd106.dll
2007-07-28 16:03 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101c.dll
2007-07-28 16:03 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101b.dll
2007-07-28 16:03 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-07-28 16:03 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-07-28 16:03 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-07-28 16:03 5,632 --a--c--- C:\WINDOWS\system32\dllcache\kbd103.dll
2007-07-28 16:03 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-07-24 12:06 <DIR> d-------- C:\DOCUME~1\Tyler\APPLIC~1\MySpace
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-05 21:08 375168 --a--c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2007-08-05 19:49 --------- d-------- C:\DOCUME~1\SaraS\APPLIC~1\Aim
2007-07-31 16:16 --------- d-------- C:\Program Files\Windows NT
2007-07-28 21:34 --------- d-------- C:\Program Files\MSN Messenger
2007-07-28 04:06 135 --a------ C:\Program Files\page.html
2007-07-26 20:23 --------- d-------- C:\Program Files\OpenOffice.org1.1.1
2007-07-26 15:32 --------- d-------- C:\DOCUME~1\SaraS\APPLIC~1\Azureus
2007-07-07 15:35 2983 --a------ C:\WINDOWS\mozver.dat
2007-07-07 14:52 --------- d-------- C:\DOCUME~1\SaraS\APPLIC~1\Canon
2007-07-05 00:07 --------- d-------- C:\DOCUME~1\SaraS\APPLIC~1\Walgreens
2007-07-05 00:06 --------- d-------- C:\DOCUME~1\SaraS\APPLIC~1\Simple Star
2007-07-05 00:05 --------- d-------- C:\Program Files\Walgreens
2007-06-25 08:54 53248 --a------ C:\WINDOWS\uni_eh44.exe
2007-06-25 08:53 53248 --a------ C:\WINDOWS\uninst1014.exe
2007-06-06 03:28 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-06-03 20:21 8326 --a------ C:\WINDOWS\extend.dat
2007-05-16 10:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 10:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 10:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 10:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 10:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 10:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-03-06 22:15 1201917 --a------ C:\Program Files\wrar37b4.exe
2007-03-06 22:14 25755448 --a------ C:\Program Files\wmp11-windowsxp-x86-enu.exe
2007-03-06 20:06 6006304 --a------ C:\Program Files\Firefox Setup 2.0.0.2.exe
2006-12-02 20:05 2522 --a------ C:\Program Files\func.js
2006-11-25 02:57 482 --a------ C:\Program Files\Del.js
2006-06-08 02:02 2048 --a------ C:\Program Files\func.exe
2006-01-22 14:25 112729 --a------ C:\Program Files\cddrv224.zip
2006-01-22 14:06 7180311 --a------ C:\Program Files\HandBrake-0.7.0-GUIAndCLI-20060115.zip
2001-09-27 18:51 44779 --a------ C:\Program Files\NLDS1XXW.INF
2001-08-27 16:40 940606 --a------ C:\Program Files\data1.cab
2001-08-27 16:40 526 --a------ C:\Program Files\layout.bin
2001-08-27 16:40 36731 --a------ C:\Program Files\data1.hdr
2001-08-27 16:40 296 --a------ C:\Program Files\Setup.ini
2001-08-27 16:40 1409627 --a------ C:\Program Files\data2.cab
2001-08-24 05:44 2632 --a------ C:\Program Files\YDSXGDK.INF
2001-06-13 09:41 142209 --a------ C:\Program Files\setup.inx
2000-11-14 02:05 131072 --a------ C:\Program Files\dsuninst.exe
2000-10-30 13:00 141 --a------ C:\Program Files\setup.inf
2000-05-16 15:36 139264 --a------ C:\Program Files\Setup.exe
2000-05-14 19:17 335626 --a------ C:\Program Files\ikernel.ex_
2000-04-01 22:00 1073 --a------ C:\Program Files\YDSXGDK.CAT
2000-04-01 22:00 1073 --a------ C:\Program Files\YDSDEV.CAT
1999-04-02 12:16 2417445 --a------ C:\Program Files\Dsxgwave.tbl
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]
"AtiPTA"="atiptaxx.exe" [2001-09-26 22:39 C:\WINDOWS\system32\atiptaxx.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-12-27 19:01]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 18:50]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-21 20:30]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 01:14]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 14:19]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 18:51]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe" [2005-05-19 16:59]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6fc94ea-c64a-11da-9c33-005022491f7c}]
AutoRun\command- E:\JDLightning\Windows\JDLightning.exe
Contents of the 'Scheduled Tasks' folder
2007-08-06 15:57:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-06 20:33:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
**************************************************************************
Completion time: 2007-08-06 20:35:52
C:\ComboFix-quarantined-files.txt ... 2007-08-06 20:34
C:\ComboFix2.txt ... 2007-08-05 17:08
--- E O F ---
Let's run one good scan to make sure nothing is hidden. combofix is not longer reporting that files as infected. If it is, this scan will find it.
Make sure the tools we used, combofix, etc. are deleted, especially C:\qoobox as the quarantined items will be found by the scan.
Run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner
Next Click on Launch Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make that the following are selected:
* Scan using the following Anti-Virus database:
* Standard
* Scan Options:
* Scan Archives
* Scan Mail Bases
* Click OK
* Now under select a target to scan:
* Select My Computer
* This will program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
* Now click on the Save as Text button:
* Save the file to your desktop.
Then post it here.
Thanks
Make sure the tools we used, combofix, etc. are deleted, especially C:\qoobox as the quarantined items will be found by the scan.
Run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner
Next Click on Launch Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make that the following are selected:
* Scan using the following Anti-Virus database:
* Standard
* Scan Options:
* Scan Archives
* Scan Mail Bases
* Click OK
* Now under select a target to scan:
* Select My Computer
* This will program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
* Now click on the Save as Text button:
* Save the file to your desktop.
Then post it here.
Thanks
iamthetboz
New member
Seems to be a lot more in there then we thought. Any way to clear these without reformatting?
Thanks,
-Tboz
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2007-08-07 16:48
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 7/08/2007
Kaspersky Anti-Virus database records: 353504
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
G:\
Scan Statistics:
Total number of scanned objects: 131121
Number of viruses found: 32
Number of infected objects: 182
Number of suspicious objects: 28
Duration of the scan process: 03:16:53
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Desktop\catchme.zip/ldcore.dll Infected: Trojan-Downloader.Win32.Small.dxm skipped
C:\Documents and Settings\Administrator\Desktop\catchme.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\bot924B.tmp Infected: Trojan-Proxy.Win32.Xorpix.be skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\bot9B0B.tmp Infected: Trojan-Proxy.Win32.Xorpix.be skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\~tmp143 Infected: Trojan-Clicker.Win32.Agent.jp skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\bot97C5.tmp Infected: Trojan-Proxy.Win32.Xorpix.be skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\bot9A20.tmp Infected: Trojan-Proxy.Win32.Xorpix.be skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\~tmp143 Infected: Trojan-Clicker.Win32.Agent.jp skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\SaraS\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From ckrause@greatermadisonchamber.com][Date Wed, 2 Jun 2004 01:15:24 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From ckrause@greatermadisonchamber.com][Date Wed, 2 Jun 2004 01:15:24 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From ckrause@greatermadisonchamber.com][Date Wed, 2 Jun 2004 01:15:24 -0500]/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From tcandibar@newman.newman-grt.oscar.aol.com][Date Wed, 2 Jun 2004 16:37:04 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From tcandibar@newman.newman-grt.oscar.aol.com][Date Wed, 2 Jun 2004 16:37:04 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From tcandibar@newman.newman-grt.oscar.aol.com][Date Wed, 2 Jun 2004 16:37:04 -0500]/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From charitykirchberg@hotmail.com][Date Wed, 2 Jun 2004 16:46:03 -0500]/UNNAMED/message.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From charitykirchberg@hotmail.com][Date Wed, 2 Jun 2004 16:46:03 -0500]/UNNAMED/message.zip Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From charitykirchberg@hotmail.com][Date Wed, 2 Jun 2004 16:46:03 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From friend@provide.net][Date Wed, 2 Jun 2004 00:32:19 -0500]/UNNAMED/your_document.doc.pif Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From friend@provide.net][Date Wed, 2 Jun 2004 00:32:19 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From ramcgarry@ebnet.org][Date Tue, 1 Jun 2004 19:08:56 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From ramcgarry@ebnet.org][Date Tue, 1 Jun 2004 19:08:56 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From ramcgarry@ebnet.org][Date Tue, 1 Jun 2004 19:08:56 -0500]/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From geoff@roseandcrown.com.au][Date Tue, 1 Jun 2004 19:10:48 -0500]/UNNAMED/attach_sassysls.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From geoff@roseandcrown.com.au][Date Tue, 1 Jun 2004 19:10:48 -0500]/UNNAMED/attach_sassysls.zip Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From geoff@roseandcrown.com.au][Date Tue, 1 Jun 2004 19:10:48 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From jdunnum@chorus.net][Date Mon, 31 May 2004 15:13:26 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From jdunnum@chorus.net][Date Mon, 31 May 2004 15:13:26 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From jdunnum@chorus.net][Date Mon, 31 May 2004 15:13:26 -0500]/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From mailadmin@projectcashmail.com][Date Mon, 31 May 2004 19:13:51 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From mailadmin@projectcashmail.com][Date Mon, 31 May 2004 19:13:51 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From mailadmin@projectcashmail.com][Date Mon, 31 May 2004 19:13:51 -0500]/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From opercentangel5868@hotmail.com][Date Mon, 31 May 2004 20:56:24 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From opercentangel5868@hotmail.com][Date Mon, 31 May 2004 20:56:24 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From opercentangel5868@hotmail.com][Date Mon, 31 May 2004 20:56:24 -0500]/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From bmkrbachhuber@aol.com][Date Mon, 31 May 2004 22:29:18 -0500]/UNNAMED/details.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From bmkrbachhuber@aol.com][Date Mon, 31 May 2004 22:29:18 -0500]/UNNAMED/details.zip Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From bmkrbachhuber@aol.com][Date Mon, 31 May 2004 22:29:18 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From Joseph Emerson <jcemerson@uspower.net>][Date Sun, 20 Jun 2004 22:08:31 -0400 (EDT)]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From Joseph Emerson <jcemerson@uspower.net>][Date Sun, 20 Jun 2004 22:08:31 -0400 (EDT)]/UNNAMED/astrolistfinala.txt.exe Infected: Email-Worm.Win32.Tanatos.b skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From Joseph Emerson <jcemerson@uspower.net>][Date Sun, 20 Jun 2004 22:08:31 -0400 (EDT)]/UNNAMED Infected: Email-Worm.Win32.Tanatos.b skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From 1058383340336@mailserver2.iexpect.com][Date Sat, 12 Jun 2004 14:44:40 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From 1058383340336@mailserver2.iexpect.com][Date Sat, 12 Jun 2004 14:44:40 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From ome118883@vtarget.com][Date Sat, 12 Jun 2004 23:20:38 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From ome118883@vtarget.com][Date Sat, 12 Jun 2004 23:20:38 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From jschemb@optonline.net][Date Thu, 10 Jun 2004 13:05:30 -0500]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From jschemb@optonline.net][Date Thu, 10 Jun 2004 13:05:30 -0500]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From jschemb@optonline.net][Date Thu, 10 Jun 2004 13:05:30 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Thanks,
-Tboz
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2007-08-07 16:48
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 7/08/2007
Kaspersky Anti-Virus database records: 353504
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
G:\
Scan Statistics:
Total number of scanned objects: 131121
Number of viruses found: 32
Number of infected objects: 182
Number of suspicious objects: 28
Duration of the scan process: 03:16:53
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Desktop\catchme.zip/ldcore.dll Infected: Trojan-Downloader.Win32.Small.dxm skipped
C:\Documents and Settings\Administrator\Desktop\catchme.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\bot924B.tmp Infected: Trojan-Proxy.Win32.Xorpix.be skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\bot9B0B.tmp Infected: Trojan-Proxy.Win32.Xorpix.be skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\~tmp143 Infected: Trojan-Clicker.Win32.Agent.jp skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\bot97C5.tmp Infected: Trojan-Proxy.Win32.Xorpix.be skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\bot9A20.tmp Infected: Trojan-Proxy.Win32.Xorpix.be skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\~tmp143 Infected: Trojan-Clicker.Win32.Agent.jp skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\SaraS\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From ckrause@greatermadisonchamber.com][Date Wed, 2 Jun 2004 01:15:24 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From ckrause@greatermadisonchamber.com][Date Wed, 2 Jun 2004 01:15:24 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From ckrause@greatermadisonchamber.com][Date Wed, 2 Jun 2004 01:15:24 -0500]/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From tcandibar@newman.newman-grt.oscar.aol.com][Date Wed, 2 Jun 2004 16:37:04 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From tcandibar@newman.newman-grt.oscar.aol.com][Date Wed, 2 Jun 2004 16:37:04 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From tcandibar@newman.newman-grt.oscar.aol.com][Date Wed, 2 Jun 2004 16:37:04 -0500]/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From charitykirchberg@hotmail.com][Date Wed, 2 Jun 2004 16:46:03 -0500]/UNNAMED/message.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From charitykirchberg@hotmail.com][Date Wed, 2 Jun 2004 16:46:03 -0500]/UNNAMED/message.zip Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From charitykirchberg@hotmail.com][Date Wed, 2 Jun 2004 16:46:03 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From friend@provide.net][Date Wed, 2 Jun 2004 00:32:19 -0500]/UNNAMED/your_document.doc.pif Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From friend@provide.net][Date Wed, 2 Jun 2004 00:32:19 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From ramcgarry@ebnet.org][Date Tue, 1 Jun 2004 19:08:56 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From ramcgarry@ebnet.org][Date Tue, 1 Jun 2004 19:08:56 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From ramcgarry@ebnet.org][Date Tue, 1 Jun 2004 19:08:56 -0500]/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From geoff@roseandcrown.com.au][Date Tue, 1 Jun 2004 19:10:48 -0500]/UNNAMED/attach_sassysls.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From geoff@roseandcrown.com.au][Date Tue, 1 Jun 2004 19:10:48 -0500]/UNNAMED/attach_sassysls.zip Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From geoff@roseandcrown.com.au][Date Tue, 1 Jun 2004 19:10:48 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From jdunnum@chorus.net][Date Mon, 31 May 2004 15:13:26 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From jdunnum@chorus.net][Date Mon, 31 May 2004 15:13:26 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From jdunnum@chorus.net][Date Mon, 31 May 2004 15:13:26 -0500]/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From mailadmin@projectcashmail.com][Date Mon, 31 May 2004 19:13:51 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From mailadmin@projectcashmail.com][Date Mon, 31 May 2004 19:13:51 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From mailadmin@projectcashmail.com][Date Mon, 31 May 2004 19:13:51 -0500]/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From opercentangel5868@hotmail.com][Date Mon, 31 May 2004 20:56:24 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From opercentangel5868@hotmail.com][Date Mon, 31 May 2004 20:56:24 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From opercentangel5868@hotmail.com][Date Mon, 31 May 2004 20:56:24 -0500]/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From bmkrbachhuber@aol.com][Date Mon, 31 May 2004 22:29:18 -0500]/UNNAMED/details.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From bmkrbachhuber@aol.com][Date Mon, 31 May 2004 22:29:18 -0500]/UNNAMED/details.zip Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From bmkrbachhuber@aol.com][Date Mon, 31 May 2004 22:29:18 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From Joseph Emerson <jcemerson@uspower.net>][Date Sun, 20 Jun 2004 22:08:31 -0400 (EDT)]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From Joseph Emerson <jcemerson@uspower.net>][Date Sun, 20 Jun 2004 22:08:31 -0400 (EDT)]/UNNAMED/astrolistfinala.txt.exe Infected: Email-Worm.Win32.Tanatos.b skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From Joseph Emerson <jcemerson@uspower.net>][Date Sun, 20 Jun 2004 22:08:31 -0400 (EDT)]/UNNAMED Infected: Email-Worm.Win32.Tanatos.b skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From 1058383340336@mailserver2.iexpect.com][Date Sat, 12 Jun 2004 14:44:40 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From 1058383340336@mailserver2.iexpect.com][Date Sat, 12 Jun 2004 14:44:40 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From ome118883@vtarget.com][Date Sat, 12 Jun 2004 23:20:38 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From ome118883@vtarget.com][Date Sat, 12 Jun 2004 23:20:38 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From jschemb@optonline.net][Date Thu, 10 Jun 2004 13:05:30 -0500]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From jschemb@optonline.net][Date Thu, 10 Jun 2004 13:05:30 -0500]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From jschemb@optonline.net][Date Thu, 10 Jun 2004 13:05:30 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
iamthetboz
New member
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From otto__humanize31@web39f.gl.okayml.net][Date Fri, 4 Jun 2004 07:57:09 -0500]/UNNAMED/data.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From otto__humanize31@web39f.gl.okayml.net][Date Fri, 4 Jun 2004 07:57:09 -0500]/UNNAMED/data.zip Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From otto__humanize31@web39f.gl.okayml.net][Date Fri, 4 Jun 2004 07:57:09 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From lnapiwocki@cuna.com][Date Fri, 4 Jun 2004 08:03:40 -0500]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From lnapiwocki@cuna.com][Date Fri, 4 Jun 2004 08:03:40 -0500]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From lnapiwocki@cuna.com][Date Fri, 4 Jun 2004 08:03:40 -0500]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From lnapiwocki@cuna.com][Date Fri, 4 Jun 2004 08:03:40 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From Mail Delivery Subsystem <MAILER-DAEMON@voyager.net>][Date Fri, 4 Jun 2004 09:16:35 -0400 (EDT)]/UNNAMED/[From c68.190.87.50.mad.wi.charter.com [68.190.87.50]]/UNNAMED/[From sassysls@charter.net][Date Fri, 4 Jun 2004 08:16:33 -0500]/message.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From Mail Delivery Subsystem <MAILER-DAEMON@voyager.net>][Date Fri, 4 Jun 2004 09:16:35 -0400 (EDT)]/UNNAMED/[From c68.190.87.50.mad.wi.charter.com [68.190.87.50]]/UNNAMED/[From sassysls@charter.net][Date Fri, 4 Jun 2004 08:16:33 -0500]/message.zip Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From Mail Delivery Subsystem <MAILER-DAEMON@voyager.net>][Date Fri, 4 Jun 2004 09:16:35 -0400 (EDT)]/UNNAMED/[From c68.190.87.50.mad.wi.charter.com [68.190.87.50]]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From Mail Delivery Subsystem <MAILER-DAEMON@voyager.net>][Date Fri, 4 Jun 2004 09:16:35 -0400 (EDT)]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From par@acronet.net][Date Fri, 4 Jun 2004 15:01:21 -0500]/UNNAMED/report01.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From par@acronet.net][Date Fri, 4 Jun 2004 15:01:21 -0500]/UNNAMED/report01.zip Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From par@acronet.net][Date Fri, 4 Jun 2004 15:01:21 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From pinkeepunk@mediaone.net][Date Fri, 4 Jun 2004 16:17:18 -0500]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From pinkeepunk@mediaone.net][Date Fri, 4 Jun 2004 16:17:18 -0500]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From pinkeepunk@mediaone.net][Date Fri, 4 Jun 2004 16:17:18 -0500]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From pinkeepunk@mediaone.net][Date Fri, 4 Jun 2004 16:17:18 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From mahle54@aol.com][Date Sat, 5 Jun 2004 00:59:52 -0500]/UNNAMED/id04009.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From mahle54@aol.com][Date Sat, 5 Jun 2004 00:59:52 -0500]/UNNAMED/id04009.zip Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From mahle54@aol.com][Date Sat, 5 Jun 2004 00:59:52 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From mgi-support@tech.angel.co.jp][Date Sat, 5 Jun 2004 08:13:31 -0500]/UNNAMED/msg.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From mgi-support@tech.angel.co.jp][Date Sat, 5 Jun 2004 08:13:31 -0500]/UNNAMED/msg.zip Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From mgi-support@tech.angel.co.jp][Date Sat, 5 Jun 2004 08:13:31 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From nater_everson@hotmail.com][Date Thu, 3 Jun 2004 05:07:26 -0500]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From nater_everson@hotmail.com][Date Thu, 3 Jun 2004 05:07:26 -0500]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From nater_everson@hotmail.com][Date Thu, 3 Jun 2004 05:07:26 -0500]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From nater_everson@hotmail.com][Date Thu, 3 Jun 2004 05:07:26 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From ktpanda@hotmail.com][Date Thu, 3 Jun 2004 17:21:27 -0500]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From ktpanda@hotmail.com][Date Thu, 3 Jun 2004 17:21:27 -0500]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From ktpanda@hotmail.com][Date Thu, 3 Jun 2004 17:21:27 -0500]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From ktpanda@hotmail.com][Date Thu, 3 Jun 2004 17:21:27 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From kristen_reader25@hotmail.com][Date Thu, 3 Jun 2004 17:21:32 -0500]/UNNAMED/doc01.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From kristen_reader25@hotmail.com][Date Thu, 3 Jun 2004 17:21:32 -0500]/UNNAMED/doc01.zip Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From kristen_reader25@hotmail.com][Date Thu, 3 Jun 2004 17:21:32 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: infected - 46, suspicious - 28 skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\SaraS\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\SaraS\Local Settings\Temp\me_8Wd1QZtzTjIX5eS Object is locked skipped
C:\Documents and Settings\SaraS\Local Settings\Temp\me_FFdgP1v7YbMWy9y Object is locked skipped
C:\Documents and Settings\SaraS\Local Settings\Temp\me_fKBydkdap2KyiEx Object is locked skipped
C:\Documents and Settings\SaraS\Local Settings\Temp\me_LMEfHDvvbClhoAe Object is locked skipped
C:\Documents and Settings\SaraS\Local Settings\Temp\me_Zvz36jchpvarqgs Object is locked skipped
C:\Documents and Settings\SaraS\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\SaraS\ntuser.dat Object is locked skipped
C:\Documents and Settings\SaraS\NTUSER.DAT.LOG Object is locked skipped
C:\Program Files\codec_setup.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.bxn skipped
C:\Program Files\codec_setup.exe/stream Infected: Trojan-Downloader.Win32.Zlob.bxn skipped
C:\Program Files\codec_setup.exe NSIS: infected - 2 skipped
C:\Program Files\func.exe Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.me Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.mm Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\cache.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000001.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log Object is locked skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From otto__humanize31@web39f.gl.okayml.net][Date Fri, 4 Jun 2004 07:57:09 -0500]/UNNAMED/data.zip Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From otto__humanize31@web39f.gl.okayml.net][Date Fri, 4 Jun 2004 07:57:09 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From lnapiwocki@cuna.com][Date Fri, 4 Jun 2004 08:03:40 -0500]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From lnapiwocki@cuna.com][Date Fri, 4 Jun 2004 08:03:40 -0500]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From lnapiwocki@cuna.com][Date Fri, 4 Jun 2004 08:03:40 -0500]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From lnapiwocki@cuna.com][Date Fri, 4 Jun 2004 08:03:40 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From Mail Delivery Subsystem <MAILER-DAEMON@voyager.net>][Date Fri, 4 Jun 2004 09:16:35 -0400 (EDT)]/UNNAMED/[From c68.190.87.50.mad.wi.charter.com [68.190.87.50]]/UNNAMED/[From sassysls@charter.net][Date Fri, 4 Jun 2004 08:16:33 -0500]/message.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From Mail Delivery Subsystem <MAILER-DAEMON@voyager.net>][Date Fri, 4 Jun 2004 09:16:35 -0400 (EDT)]/UNNAMED/[From c68.190.87.50.mad.wi.charter.com [68.190.87.50]]/UNNAMED/[From sassysls@charter.net][Date Fri, 4 Jun 2004 08:16:33 -0500]/message.zip Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From Mail Delivery Subsystem <MAILER-DAEMON@voyager.net>][Date Fri, 4 Jun 2004 09:16:35 -0400 (EDT)]/UNNAMED/[From c68.190.87.50.mad.wi.charter.com [68.190.87.50]]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From Mail Delivery Subsystem <MAILER-DAEMON@voyager.net>][Date Fri, 4 Jun 2004 09:16:35 -0400 (EDT)]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From par@acronet.net][Date Fri, 4 Jun 2004 15:01:21 -0500]/UNNAMED/report01.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From par@acronet.net][Date Fri, 4 Jun 2004 15:01:21 -0500]/UNNAMED/report01.zip Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From par@acronet.net][Date Fri, 4 Jun 2004 15:01:21 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From pinkeepunk@mediaone.net][Date Fri, 4 Jun 2004 16:17:18 -0500]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From pinkeepunk@mediaone.net][Date Fri, 4 Jun 2004 16:17:18 -0500]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From pinkeepunk@mediaone.net][Date Fri, 4 Jun 2004 16:17:18 -0500]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From pinkeepunk@mediaone.net][Date Fri, 4 Jun 2004 16:17:18 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From mahle54@aol.com][Date Sat, 5 Jun 2004 00:59:52 -0500]/UNNAMED/id04009.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From mahle54@aol.com][Date Sat, 5 Jun 2004 00:59:52 -0500]/UNNAMED/id04009.zip Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From mahle54@aol.com][Date Sat, 5 Jun 2004 00:59:52 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From mgi-support@tech.angel.co.jp][Date Sat, 5 Jun 2004 08:13:31 -0500]/UNNAMED/msg.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From mgi-support@tech.angel.co.jp][Date Sat, 5 Jun 2004 08:13:31 -0500]/UNNAMED/msg.zip Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From mgi-support@tech.angel.co.jp][Date Sat, 5 Jun 2004 08:13:31 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From nater_everson@hotmail.com][Date Thu, 3 Jun 2004 05:07:26 -0500]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From nater_everson@hotmail.com][Date Thu, 3 Jun 2004 05:07:26 -0500]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From nater_everson@hotmail.com][Date Thu, 3 Jun 2004 05:07:26 -0500]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From nater_everson@hotmail.com][Date Thu, 3 Jun 2004 05:07:26 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From ktpanda@hotmail.com][Date Thu, 3 Jun 2004 17:21:27 -0500]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From ktpanda@hotmail.com][Date Thu, 3 Jun 2004 17:21:27 -0500]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From ktpanda@hotmail.com][Date Thu, 3 Jun 2004 17:21:27 -0500]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From ktpanda@hotmail.com][Date Thu, 3 Jun 2004 17:21:27 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From kristen_reader25@hotmail.com][Date Thu, 3 Jun 2004 17:21:32 -0500]/UNNAMED/doc01.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From kristen_reader25@hotmail.com][Date Thu, 3 Jun 2004 17:21:32 -0500]/UNNAMED/doc01.zip Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From kristen_reader25@hotmail.com][Date Thu, 3 Jun 2004 17:21:32 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: infected - 46, suspicious - 28 skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\SaraS\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\SaraS\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\SaraS\Local Settings\Temp\me_8Wd1QZtzTjIX5eS Object is locked skipped
C:\Documents and Settings\SaraS\Local Settings\Temp\me_FFdgP1v7YbMWy9y Object is locked skipped
C:\Documents and Settings\SaraS\Local Settings\Temp\me_fKBydkdap2KyiEx Object is locked skipped
C:\Documents and Settings\SaraS\Local Settings\Temp\me_LMEfHDvvbClhoAe Object is locked skipped
C:\Documents and Settings\SaraS\Local Settings\Temp\me_Zvz36jchpvarqgs Object is locked skipped
C:\Documents and Settings\SaraS\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\SaraS\ntuser.dat Object is locked skipped
C:\Documents and Settings\SaraS\NTUSER.DAT.LOG Object is locked skipped
C:\Program Files\codec_setup.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.bxn skipped
C:\Program Files\codec_setup.exe/stream Infected: Trojan-Downloader.Win32.Zlob.bxn skipped
C:\Program Files\codec_setup.exe NSIS: infected - 2 skipped
C:\Program Files\func.exe Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.me Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.mm Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\cache.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000001.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log Object is locked skipped
iamthetboz
New member
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0343043.exe Infected: Trojan.Win32.Pakes.bn skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0343044.exe Infected: Email-Worm.Win32.Zhelatin.gg skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0343049.exe Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0343050.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0343051.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0343056.exe Infected: Trojan-Proxy.Win32.Xorpix.be skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0343057.exe Infected: Trojan-Downloader.Win32.Small.cxx skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0343059.exe Infected: Email-Worm.Win32.Zhelatin.gd skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0343060.exe Infected: Email-Worm.Win32.Zhelatin.gg skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0343061.exe Infected: Email-Worm.Win32.Zhelatin.ge skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0344048.exe Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0344050.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0344051.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0344055.exe Infected: Trojan-Downloader.Win32.Small.cxx skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0344056.exe Infected: Email-Worm.Win32.Zhelatin.gg skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0344058.exe Infected: Trojan.Win32.Pakes.bn skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0344059.exe Infected: Trojan-Proxy.Win32.Xorpix.be skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0344060.exe Infected: Email-Worm.Win32.Zhelatin.gd skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0344061.exe Infected: Email-Worm.Win32.Zhelatin.ge skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0344062.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0344065.exe Infected: Email-Worm.Win32.Zhelatin.ge skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0344066.exe Infected: Email-Worm.Win32.Zhelatin.gg skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0344071.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0344072.sys Infected: Rootkit.Win32.Agent.ea skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0345042.exe Infected: Trojan.Win32.Pakes.bn skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0345043.exe Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0345044.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0345045.exe Infected: Trojan-Downloader.Win32.VB.ang skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0345048.exe Infected: Email-Worm.Win32.Zhelatin.gg skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0345051.exe Infected: Email-Worm.Win32.Zhelatin.gg skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0345053.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0345054.exe Infected: Email-Worm.Win32.Zhelatin.gg skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0345055.exe Infected: Email-Worm.Win32.Zhelatin.ge skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0345056.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0345057.exe Infected: Email-Worm.Win32.Zhelatin.gg skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0345058.exe Infected: Email-Worm.Win32.Zhelatin.gg skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0345063.exe Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0345064.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0345066.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0345095.exe Infected: Trojan.Win32.Small.oa skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0346043.exe Infected: Trojan-Downloader.Win32.Zlob.bqw skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0346045.exe Infected: Trojan-Downloader.Win32.PurityScan.ej skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0347046.exe Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0347047.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0347048.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0347055.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0349046.exe Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0349047.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0349048.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0350046.exe Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0350047.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0350048.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0352046.exe Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0352047.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0352048.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0353046.exe Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0353047.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0353048.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0353049.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0353050.exe Infected: Trojan-Clicker.Win32.Small.mv skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0354056.exe Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0354057.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0354058.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0355056.exe Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0355057.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0355058.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356056.exe Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356057.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356058.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356061.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356062.exe Infected: Trojan-Downloader.Win32.Small.cxx skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356063.exe Infected: Email-Worm.Win32.Zhelatin.gd skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356064.exe Infected: Trojan-Proxy.Win32.Xorpix.be skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356065.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356066.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356067.exe Infected: Email-Worm.Win32.Zhelatin.gg skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356068.exe Infected: Email-Worm.Win32.Zhelatin.gg skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356069.exe Infected: Email-Worm.Win32.Zhelatin.gg skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356070.exe Infected: Email-Worm.Win32.Zhelatin.gg skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356071.exe Infected: Email-Worm.Win32.Zhelatin.gg skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356074.exe/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356074.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356075.sys Infected: Rootkit.Win32.Agent.dp skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356076.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356077.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356085.dll Infected: Trojan.Win32.Agent.qt skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356088.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356089.exe Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356090.exe Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356091.exe Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356093.dll Infected: Trojan-Clicker.Win32.Small.cf skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356094.dll Infected: Trojan-Downloader.Win32.Small.dxm skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356096.exe Infected: Trojan.Win32.Agent.qt skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356101.exe Infected: Trojan-Downloader.Win32.Alphabet.p skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356106.exe Infected: Trojan-Clicker.Win32.Small.mv skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356115.exe Infected: Email-Worm.Win32.Zhelatin.gg skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356116.sys Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356117.exe Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356118.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356119.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP558\A0357111.exe Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP558\A0357112.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP558\A0357113.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP559\A0358111.exe Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP559\A0358112.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP559\A0358115.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP559\A0359115.exe Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP559\A0359116.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP559\A0359117.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP559\A0360113.exe Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP559\A0360114.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP559\A0360116.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP559\A0361134.sys Infected: Rootkit.Win32.Agent.ea skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP559\A0361135.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP559\A0361136.sys Infected: Rootkit.Win32.Agent.ea skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP560\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0343043.exe Infected: Trojan.Win32.Pakes.bn skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0343044.exe Infected: Email-Worm.Win32.Zhelatin.gg skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0343049.exe Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0343050.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0343051.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0343056.exe Infected: Trojan-Proxy.Win32.Xorpix.be skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0343057.exe Infected: Trojan-Downloader.Win32.Small.cxx skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0343059.exe Infected: Email-Worm.Win32.Zhelatin.gd skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0343060.exe Infected: Email-Worm.Win32.Zhelatin.gg skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0343061.exe Infected: Email-Worm.Win32.Zhelatin.ge skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0344048.exe Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0344050.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0344051.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0344055.exe Infected: Trojan-Downloader.Win32.Small.cxx skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0344056.exe Infected: Email-Worm.Win32.Zhelatin.gg skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0344058.exe Infected: Trojan.Win32.Pakes.bn skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0344059.exe Infected: Trojan-Proxy.Win32.Xorpix.be skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0344060.exe Infected: Email-Worm.Win32.Zhelatin.gd skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0344061.exe Infected: Email-Worm.Win32.Zhelatin.ge skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0344062.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0344065.exe Infected: Email-Worm.Win32.Zhelatin.ge skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0344066.exe Infected: Email-Worm.Win32.Zhelatin.gg skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0344071.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0344072.sys Infected: Rootkit.Win32.Agent.ea skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0345042.exe Infected: Trojan.Win32.Pakes.bn skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0345043.exe Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0345044.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0345045.exe Infected: Trojan-Downloader.Win32.VB.ang skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0345048.exe Infected: Email-Worm.Win32.Zhelatin.gg skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0345051.exe Infected: Email-Worm.Win32.Zhelatin.gg skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0345053.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0345054.exe Infected: Email-Worm.Win32.Zhelatin.gg skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0345055.exe Infected: Email-Worm.Win32.Zhelatin.ge skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0345056.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0345057.exe Infected: Email-Worm.Win32.Zhelatin.gg skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0345058.exe Infected: Email-Worm.Win32.Zhelatin.gg skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0345063.exe Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0345064.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0345066.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0345095.exe Infected: Trojan.Win32.Small.oa skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0346043.exe Infected: Trojan-Downloader.Win32.Zlob.bqw skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0346045.exe Infected: Trojan-Downloader.Win32.PurityScan.ej skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0347046.exe Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0347047.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0347048.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0347055.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0349046.exe Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0349047.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0349048.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0350046.exe Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0350047.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0350048.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0352046.exe Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0352047.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0352048.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0353046.exe Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0353047.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0353048.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0353049.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0353050.exe Infected: Trojan-Clicker.Win32.Small.mv skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0354056.exe Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0354057.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0354058.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0355056.exe Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0355057.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0355058.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356056.exe Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356057.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356058.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356061.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356062.exe Infected: Trojan-Downloader.Win32.Small.cxx skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356063.exe Infected: Email-Worm.Win32.Zhelatin.gd skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356064.exe Infected: Trojan-Proxy.Win32.Xorpix.be skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356065.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356066.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356067.exe Infected: Email-Worm.Win32.Zhelatin.gg skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356068.exe Infected: Email-Worm.Win32.Zhelatin.gg skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356069.exe Infected: Email-Worm.Win32.Zhelatin.gg skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356070.exe Infected: Email-Worm.Win32.Zhelatin.gg skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356071.exe Infected: Email-Worm.Win32.Zhelatin.gg skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356074.exe/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356074.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356075.sys Infected: Rootkit.Win32.Agent.dp skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356076.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356077.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356085.dll Infected: Trojan.Win32.Agent.qt skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356088.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356089.exe Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356090.exe Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356091.exe Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356093.dll Infected: Trojan-Clicker.Win32.Small.cf skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356094.dll Infected: Trojan-Downloader.Win32.Small.dxm skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356096.exe Infected: Trojan.Win32.Agent.qt skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356101.exe Infected: Trojan-Downloader.Win32.Alphabet.p skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356106.exe Infected: Trojan-Clicker.Win32.Small.mv skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356115.exe Infected: Email-Worm.Win32.Zhelatin.gg skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356116.sys Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356117.exe Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356118.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP556\A0356119.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP558\A0357111.exe Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP558\A0357112.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP558\A0357113.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP559\A0358111.exe Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP559\A0358112.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP559\A0358115.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP559\A0359115.exe Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP559\A0359116.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP559\A0359117.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP559\A0360113.exe Infected: Packed.Win32.Tibs.ap skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP559\A0360114.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP559\A0360116.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP559\A0361134.sys Infected: Rootkit.Win32.Agent.ea skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP559\A0361135.sys Infected: Trojan.Win32.Patched.ad skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP559\A0361136.sys Infected: Rootkit.Win32.Agent.ea skipped
C:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP560\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
iamthetboz
New member
C:\WINDOWS\gsvjy0578.exe Infected: Trojan-Downloader.Win32.Small.dxm skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\dllcache\tcpip.sys Infected: Trojan.Win32.Patched.ad skipped
C:\WINDOWS\system32\drivers\Qie28.sys Infected: Rootkit.Win32.Agent.ea skipped
C:\WINDOWS\system32\drivers\symavc32.sys Infected: Rootkit.Win32.Agent.ea skipped
C:\WINDOWS\system32\drivers\Xrx49.sys Infected: Rootkit.Win32.Agent.ea skipped
C:\WINDOWS\system32\drvsat.dll Infected: Trojan.Win32.Agent.qt skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wdfmzrx.exe Infected: Packed.Win32.Tibs.ap skipped
C:\WINDOWS\wdfmzrx.exe Infected: Email-Worm.Win32.Zhelatin.ge skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP560\change.log Object is locked skipped
Scan process completed.
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\dllcache\tcpip.sys Infected: Trojan.Win32.Patched.ad skipped
C:\WINDOWS\system32\drivers\Qie28.sys Infected: Rootkit.Win32.Agent.ea skipped
C:\WINDOWS\system32\drivers\symavc32.sys Infected: Rootkit.Win32.Agent.ea skipped
C:\WINDOWS\system32\drivers\Xrx49.sys Infected: Rootkit.Win32.Agent.ea skipped
C:\WINDOWS\system32\drvsat.dll Infected: Trojan.Win32.Agent.qt skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wdfmzrx.exe Infected: Packed.Win32.Tibs.ap skipped
C:\WINDOWS\wdfmzrx.exe Infected: Email-Worm.Win32.Zhelatin.ge skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\_restore{0D88D122-87C1-4F73-8FBD-BC817F24E4EA}\RP560\change.log Object is locked skipped
Scan process completed.
Yeah, you are storing a lot of infected junk? Why?
I can post links to lots of scanners which may or may not find the junk Kaspersky has if you wish, you can reformat if you wish or you can clean the junk off your computer. Before I spend a lot of my time, why don't you look closely at what Kaspersky has located and tell me what you what to do.
(I just posted one of these, there are many as you can see if you look)
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From charitykirchberg@hotmail.com][Date Wed, 2 Jun 2004 16:46:03 -0500]/UNNAMED/message.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
That infected item appears to have been setting in the Outlook Express Deleted Items.dbx since Wed, 2 Jun 2004 16:46:03
C:\Documents and Settings\LocalService\Local Settings\Temp\bot9B0B.tmp Infected: Trojan-Proxy.Win32.Xorpix.be skipped
you have a load of infected junk stored in your TEMP folders which should be cleaned on a regular basis.
C:\System Volume Information\_restore
Your System Restore files are badly infected, but this can not harm you unless you do a System Restore. These can be cleaned with no problem.
C:\WINDOWS\gsvjy0578.exe <<< and a few are just leftover infected files that the tools are missing, but Kaspersky did not, they can be deleted manually.
C:\WINDOWS\system32\dllcache\tcpip.sys Infected: Trojan.Win32.Patched.ad skipped
C:\WINDOWS\system32\drivers\Qie28.sys Infected: Rootkit.Win32.Agent.ea skipped
C:\WINDOWS\system32\drivers\symavc32.sys Infected: Rootkit.Win32.Agent.ea skipped
C:\WINDOWS\system32\drivers\Xrx49.sys Infected: Rootkit.Win32.Agent.ea skipped
C:\WINDOWS\system32\drvsat.dll Infected: Trojan.Win32.Agent.qt skipped
Once again you can see the infected tcpip.sys file, without having a clean copy or the Operating System CD I am not sure how to advise you more than I already have.
C:\WINDOWS\system32\wdfmzrx.exe Infected: Packed.Win32.Tibs.ap skipped
C:\WINDOWS\wdfmzrx.exe Infected: Email-Worm.Win32.Zhelatin.ge skipped
Thanks
I can post links to lots of scanners which may or may not find the junk Kaspersky has if you wish, you can reformat if you wish or you can clean the junk off your computer. Before I spend a lot of my time, why don't you look closely at what Kaspersky has located and tell me what you what to do.
(I just posted one of these, there are many as you can see if you look)
C:\Documents and Settings\SaraS\Local Settings\Application Data\Identities\{88D752F8-A13E-4CFD-98FA-A4F6E011A4A7}\Microsoft\Outlook Express\Deleted Items.dbx/[From charitykirchberg@hotmail.com][Date Wed, 2 Jun 2004 16:46:03 -0500]/UNNAMED/message.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
That infected item appears to have been setting in the Outlook Express Deleted Items.dbx since Wed, 2 Jun 2004 16:46:03
C:\Documents and Settings\LocalService\Local Settings\Temp\bot9B0B.tmp Infected: Trojan-Proxy.Win32.Xorpix.be skipped
you have a load of infected junk stored in your TEMP folders which should be cleaned on a regular basis.
C:\System Volume Information\_restore
Your System Restore files are badly infected, but this can not harm you unless you do a System Restore. These can be cleaned with no problem.
C:\WINDOWS\gsvjy0578.exe <<< and a few are just leftover infected files that the tools are missing, but Kaspersky did not, they can be deleted manually.
C:\WINDOWS\system32\dllcache\tcpip.sys Infected: Trojan.Win32.Patched.ad skipped
C:\WINDOWS\system32\drivers\Qie28.sys Infected: Rootkit.Win32.Agent.ea skipped
C:\WINDOWS\system32\drivers\symavc32.sys Infected: Rootkit.Win32.Agent.ea skipped
C:\WINDOWS\system32\drivers\Xrx49.sys Infected: Rootkit.Win32.Agent.ea skipped
C:\WINDOWS\system32\drvsat.dll Infected: Trojan.Win32.Agent.qt skipped
Once again you can see the infected tcpip.sys file, without having a clean copy or the Operating System CD I am not sure how to advise you more than I already have.
C:\WINDOWS\system32\wdfmzrx.exe Infected: Packed.Win32.Tibs.ap skipped
C:\WINDOWS\wdfmzrx.exe Infected: Email-Worm.Win32.Zhelatin.ge skipped
Thanks
iamthetboz
New member
You are right. Tons of infected junk. Tons of plain old junk for that matter. This is my fiancee's computer and she has never even thought about organizing it or cleaning it up. Most likely not even aware of any of this stuff. So anyway, I've copied the files off that she wanted and am reformatting to get a fresh, clean start. I'll be monitoring her computer close from now on. I had no idea it was this bad.
Thank you for all your help. I would not have been able to get to this point without you.
-Tboz
Thank you for all your help. I would not have been able to get to this point without you.
-Tboz
That is exactly what I would do if it were my computer, and a reformat is not a bad thing. I have an eight year old Compaq with Win98SE on it that runs like new. I don't take it out of the garage often. Here is information that may help her avoid problems in the future:
Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
iamthetboz
New member
Good morning,
Those are great articles and will definitely help us stay clean moving forward. I have a bit of an issue unrelated to malware. I reformated Windows last night and everything went fine. This morning I tried to change the resolution apparently too high. Or maybe the driver wasn't updated or something. Anyway, the computer start booting up but then brings up the message 'Attention Out the Range H:72.00kHz V:72.00 Hz'. I booted into safe mode and deleted the account where I tried to change the resolution but it still won't get past the bootup screen before giving the frozen up attention message. Any ideas? Sorry to bug you with this. You have done enough already but I'm stuck here.
Thanks again,
-Tboz
Those are great articles and will definitely help us stay clean moving forward. I have a bit of an issue unrelated to malware. I reformated Windows last night and everything went fine. This morning I tried to change the resolution apparently too high. Or maybe the driver wasn't updated or something. Anyway, the computer start booting up but then brings up the message 'Attention Out the Range H:72.00kHz V:72.00 Hz'. I booted into safe mode and deleted the account where I tried to change the resolution but it still won't get past the bootup screen before giving the frozen up attention message. Any ideas? Sorry to bug you with this. You have done enough already but I'm stuck here.
Thanks again,
-Tboz
Out of my area but I would say to use your Google: http://www.google.com/
make sure you enter the error message exactly as it occurs, word for word.
Since I am returning nothing I will guess the message it not verbatim, Google returns much information 99.9% of the time when it is. Look at this:
http://www.sharpened.net/helpcenter/answer.php?15
Let me know what you find, with more information I would have a better idea of what help forum to suggest also.
Thanks
make sure you enter the error message exactly as it occurs, word for word.
Since I am returning nothing I will guess the message it not verbatim, Google returns much information 99.9% of the time when it is. Look at this:
http://www.sharpened.net/helpcenter/answer.php?15
Let me know what you find, with more information I would have a better idea of what help forum to suggest also.
Thanks
iamthetboz
New member
Unfortunately, that is verbatim. Most of what I saw in google is related to gaming. I guess I could always reformat again. It just takes so long.
Thanks,
-Tboz
Thanks,
-Tboz
As the problem appears to be resolved this topic has been closed.
If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.
Anyone else with similar problems please start a new topic.
If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.
Anyone else with similar problems please start a new topic.
- Status