Both were run in normal mode, not safe mode. Ran the HJT after the scan was done.
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, September 11, 2006 12:53:36 PM
Operating System: Microsoft Windows NT, Service Pack 6a (Build 1381)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 11/09/2006
Kaspersky Anti-Virus database records: 222410
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
F:\
M:\
Scan Statistics:
Total number of scanned objects: 96481
Number of viruses found: 16
Number of infected objects: 165 / 0
Number of suspicious objects: 12
Duration of the scan process: 02:10:36
Infected Object Name / Virus Name / Last Action
C:\WINNT\system32\config\system Object is locked skipped
C:\WINNT\system32\config\software Object is locked skipped
C:\WINNT\system32\config\default Object is locked skipped
C:\WINNT\system32\config\software.LOG Object is locked skipped
C:\WINNT\system32\config\default.LOG Object is locked skipped
C:\WINNT\system32\config\SECURITY Object is locked skipped
C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped
C:\WINNT\system32\config\SYSTEM.ALT Object is locked skipped
C:\WINNT\system32\config\SAM Object is locked skipped
C:\WINNT\system32\config\SAM.LOG Object is locked skipped
C:\WINNT\system32\psexec.exe Infected: not-a-virus:RiskTool.Win32.PsExec.131 skipped
C:\WINNT\system32\scansql.exe Infected: not-a-virus:NetTool.Win32.SQLAccount.180 skipped
C:\WINNT\JET1.tmp Object is locked skipped
C:\WINNT\Profiles\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01660000.VBN Infected: Trojan.BAT.NoShare.p skipped
C:\WINNT\Profiles\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\WINNT\Profiles\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\WINNT\Profiles\Administrator\ntuser.dat.LOG Object is locked skipped
C:\WINNT\Profiles\Administrator\Cookies\index.dat Object is locked skipped
C:\WINNT\Profiles\Administrator\History\History.IE5\index.dat Object is locked skipped
C:\WINNT\Profiles\Administrator\History\History.IE5\MSHist012006091120060912\index.dat Object is locked skipped
C:\WINNT\Profiles\Administrator\ntuser.dat Object is locked skipped
C:\WINNT\NETLOGON.CHG Object is locked skipped
C:\WINNT\~DFB884.tmp Object is locked skipped
C:\WINNT\SchedLog.Txt Object is locked skipped
C:\TEMP\~DFE725.tmp Object is locked skipped
D:\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\XOutlook Express2\cleanup.log Object is locked skipped
D:\XOutlook Express2\Deleted Items.dbx/[From PayPal <service@paypal.com>][Date Mon, 11 Sep 2006 02:54:37 +0200]/UNNAMED/text Infected: Trojan-Spy.HTML.Paylap.jf skipped
D:\XOutlook Express2\Deleted Items.dbx/[From PayPal <service@paypal.com>][Date Mon, 11 Sep 2006 02:54:37 +0200]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.jf skipped
D:\XOutlook Express2\Deleted Items.dbx Mail MS Outlook 5: infected - 2 skipped
D:\XOutlook Express2\Company4.dbx Object is locked skipped
D:\XOutlook Express2\Folders.dbx Object is locked skipped
D:\XOutlook Express2\Offline.dbx Object is locked skipped
D:\XOutlook Express2\Pop3uidl.dbx Object is locked skipped
D:\XOutlook Express2\Company2.dbx/[From
renigade@mediaone.net][Date Mon, 28 Aug 2006 09:02:44 -0500]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\XOutlook Express2\Company2.dbx/[From
renigade@mediaone.net][Date Mon, 28 Aug 2006 09:02:44 -0500]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\XOutlook Express2\Company2.dbx/[From
renigade@mediaone.net][Date Mon, 28 Aug 2006 09:02:44 -0500]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2\Company2.dbx/[From
renigade@mediaone.net][Date Mon, 28 Aug 2006 09:02:44 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2\Company2.dbx/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Mon, 28 Aug 2006 09:42:10 -0500]/UNNAMED/id04009.txt Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2\Company2.dbx/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Mon, 28 Aug 2006 09:42:10 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2\Company2.dbx/[From 0.2 NO_REAL_NAME From: does not include a real name][Date Tue, 29 Aug 2006 09:30:57 -0500]/UNNAMED/website.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2\Company2.dbx/[From 0.2 NO_REAL_NAME From: does not include a real name][Date Tue, 29 Aug 2006 09:30:57 -0500]/UNNAMED/website.zip Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2\Company2.dbx/[From 0.2 NO_REAL_NAME From: does not include a real name][Date Tue, 29 Aug 2006 09:30:57 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2\Company2.dbx/[From 1.0 FROM_ENDS_IN_NUMS From: ends in numbers][Date Tue, 29 Aug 2006 09:31:07 -0500]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\XOutlook Express2\Company2.dbx/[From 1.0 FROM_ENDS_IN_NUMS From: ends in numbers][Date Tue, 29 Aug 2006 09:31:07 -0500]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\XOutlook Express2\Company2.dbx/[From 1.0 FROM_ENDS_IN_NUMS From: ends in numbers][Date Tue, 29 Aug 2006 09:31:07 -0500]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2\Company2.dbx/[From 1.0 FROM_ENDS_IN_NUMS From: ends in numbers][Date Tue, 29 Aug 2006 09:31:07 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2\Company2.dbx/[From 0.2 NO_REAL_NAME From: does not include a real name][Date Tue, 5 Sep 2006 09:33:06 -0500]/UNNAMED/about_you_info.doc.scr Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2\Company2.dbx/[From 0.2 NO_REAL_NAME From: does not include a real name][Date Tue, 5 Sep 2006 09:33:06 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2\Company2.dbx/[From
ccc@vallnet.com][Date Tue, 5 Sep 2006 09:33:14 -0500]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\XOutlook Express2\Company2.dbx/[From
ccc@vallnet.com][Date Tue, 5 Sep 2006 09:33:14 -0500]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\XOutlook Express2\Company2.dbx/[From
ccc@vallnet.com][Date Tue, 5 Sep 2006 09:33:14 -0500]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2\Company2.dbx/[From
ccc@vallnet.com][Date Tue, 5 Sep 2006 09:33:14 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2\Company2.dbx/[From 0.2 NO_REAL_NAME From: does not include a real name][Date Wed, 6 Sep 2006 09:21:28 -0500]/UNNAMED/document05.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2\Company2.dbx/[From 0.2 NO_REAL_NAME From: does not include a real name][Date Wed, 6 Sep 2006 09:21:28 -0500]/UNNAMED/document05.zip Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2\Company2.dbx/[From 0.2 NO_REAL_NAME From: does not include a real name][Date Wed, 6 Sep 2006 09:21:28 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2\Company2.dbx/[From 0.2 NO_REAL_NAME From: does not include a real name][Date Wed, 6 Sep 2006 09:21:44 -0500]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\XOutlook Express2\Company2.dbx/[From 0.2 NO_REAL_NAME From: does not include a real name][Date Wed, 6 Sep 2006 09:21:44 -0500]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\XOutlook Express2\Company2.dbx/[From 0.2 NO_REAL_NAME From: does not include a real name][Date Wed, 6 Sep 2006 09:21:44 -0500]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2\Company2.dbx/[From 0.2 NO_REAL_NAME From: does not include a real name][Date Wed, 6 Sep 2006 09:21:44 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2\Company2.dbx Mail MS Outlook 5: infected - 18, suspicious - 8 skipped
D:\XOutlook Express2_off_060904\at_2004.dbx/[From
info@travelgrenada.com][Date Thu, 23 Dec 2004 23:33:08 GMT]/auto__mail.travelgrenada4682.TXT.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
D:\XOutlook Express2_off_060904\at_2004.dbx/[From
info@travelgrenada.com][Date Thu, 23 Dec 2004 23:33:08 GMT]/auto__mail.travelgrenada4682.TXT.zip Infected: Email-Worm.Win32.Sober.i skipped
D:\XOutlook Express2_off_060904\at_2004.dbx/[From
re-mail_system@addynamix.com][Date Fri, 24 Dec 2004 00:40:36 UTC]/UNNAMED/addynamix_585.eml.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
D:\XOutlook Express2_off_060904\at_2004.dbx/[From
re-mail_system@addynamix.com][Date Fri, 24 Dec 2004 00:40:36 UTC]/UNNAMED/addynamix_585.eml.zip Infected: Email-Worm.Win32.Sober.i skipped
D:\XOutlook Express2_off_060904\at_2004.dbx/[From
re-mail_system@addynamix.com][Date Fri, 24 Dec 2004 00:40:36 UTC]/UNNAMED Infected: Email-Worm.Win32.Sober.i skipped
D:\XOutlook Express2_off_060904\at_2004.dbx Mail MS Outlook 5: infected - 5 skipped
D:\XOutlook Express2_off_060904\at_2005.dbx/[From
dougdouglass@webtv.net][Date Thu, 3 Nov 2005 07:58:21 -0600]/moonlight.scr Infected: Email-Worm.Win32.NetSky.c skipped
D:\XOutlook Express2_off_060904\at_2005.dbx/[From "Rebeca" <rebeca@artnet.com.br>][Date Fri, 04 Nov 2005 09:44:45 -0400]/Fish.scr Infected: Email-Worm.Win32.Bagle.ai skipped
D:\XOutlook Express2_off_060904\at_2005.dbx Mail MS Outlook 5: infected - 2 skipped
D:\XOutlook Express2_off_060904\dg_2005.dbx/[From "Raul Simmons" <EdC@compuserve.com>][Date Sun, 28 Aug 2005 01:13:34 +0800]/job.zip/payment.info .scr Infected: Net-Worm.Win32.Mytob.cq skipped
D:\XOutlook Express2_off_060904\dg_2005.dbx/[From "Raul Simmons" <EdC@compuserve.com>][Date Sun, 28 Aug 2005 01:13:34 +0800]/job.zip Infected: Net-Worm.Win32.Mytob.cq skipped
D:\XOutlook Express2_off_060904\dg_2005.dbx Mail MS Outlook 5: infected - 2 skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
-67@giraffe.xyzdns.net][Date Tue, 30 Nov 2004 18:10:50 -0500]/UNNAMED/details03.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
-67@giraffe.xyzdns.net][Date Tue, 30 Nov 2004 18:10:50 -0500]/UNNAMED/details03.zip Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
-67@giraffe.xyzdns.net][Date Tue, 30 Nov 2004 18:10:50 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
jay@islandsuntimes.com][Date Tue, 30 Nov 2004 18:11:09 -0500]/UNNAMED/news01.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
jay@islandsuntimes.com][Date Tue, 30 Nov 2004 18:11:09 -0500]/UNNAMED/news01.zip Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
jay@islandsuntimes.com][Date Tue, 30 Nov 2004 18:11:09 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From noreply@info][Date Wed, 1 Dec 2004 08:34:44 -0500]/UNNAMED/readme_info.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From noreply@info][Date Wed, 1 Dec 2004 08:34:44 -0500]/UNNAMED/readme_info.zip Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From noreply@info][Date Wed, 1 Dec 2004 08:34:44 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
rashah@paypal.com][Date Wed, 1 Dec 2004 14:34:39 -0500]/UNNAMED/about_you.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
rashah@paypal.com][Date Wed, 1 Dec 2004 14:34:39 -0500]/UNNAMED/about_you.zip Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
rashah@paypal.com][Date Wed, 1 Dec 2004 14:34:39 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
-000546-3x@giraffe.xyzdns.net][Date Wed, 1 Dec 2004 17:23:48 -0500]/UNNAMED/msg.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
-000546-3x@giraffe.xyzdns.net][Date Wed, 1 Dec 2004 17:23:48 -0500]/UNNAMED/msg.zip Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
-000546-3x@giraffe.xyzdns.net][Date Wed, 1 Dec 2004 17:23:48 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From .archie@tropitan.biz][Date Wed, 1 Dec 2004 17:23:59 -0500]/UNNAMED/document_info.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From .archie@tropitan.biz][Date Wed, 1 Dec 2004 17:23:59 -0500]/UNNAMED/document_info.zip Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From .archie@tropitan.biz][Date Wed, 1 Dec 2004 17:23:59 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
-67@giraffe.xyzdns.net][Date Wed, 1 Dec 2004 17:24:03 -0500]/UNNAMED/message_imso.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
-67@giraffe.xyzdns.net][Date Wed, 1 Dec 2004 17:24:03 -0500]/UNNAMED/message_imso.zip Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
-67@giraffe.xyzdns.net][Date Wed, 1 Dec 2004 17:24:03 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
-3r@giraffe.xyzdns.net][Date Wed, 1 Dec 2004 18:53:05 -0500]/UNNAMED/message.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
-3r@giraffe.xyzdns.net][Date Wed, 1 Dec 2004 18:53:05 -0500]/UNNAMED/message.zip Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
-3r@giraffe.xyzdns.net][Date Wed, 1 Dec 2004 18:53:05 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
reinhold@islandsuntimes.com][Date Wed, 1 Dec 2004 18:53:23 -0500]/UNNAMED/document_imso.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
reinhold@islandsuntimes.com][Date Wed, 1 Dec 2004 18:53:23 -0500]/UNNAMED/document_imso.zip Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
reinhold@islandsuntimes.com][Date Wed, 1 Dec 2004 18:53:23 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
postmaster@auvl.de][Date Wed, 1 Dec 2004 19:48:40 -0500]/UNNAMED/data.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
postmaster@auvl.de][Date Wed, 1 Dec 2004 19:48:40 -0500]/UNNAMED/data.zip Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
postmaster@auvl.de][Date Wed, 1 Dec 2004 19:48:40 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
z@giraffe.xyzdns.net][Date Wed, 1 Dec 2004 19:48:43 -0500]/UNNAMED/data.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
z@giraffe.xyzdns.net][Date Wed, 1 Dec 2004 19:48:43 -0500]/UNNAMED/data.zip Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
z@giraffe.xyzdns.net][Date Wed, 1 Dec 2004 19:48:43 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
kathleen.a.rudolph@usps.org][Date Wed, 1 Dec 2004 20:26:14 -0500]/UNNAMED/report01_rebeca.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
kathleen.a.rudolph@usps.org][Date Wed, 1 Dec 2004 20:26:14 -0500]/UNNAMED/report01_rebeca.zip Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
kathleen.a.rudolph@usps.org][Date Wed, 1 Dec 2004 20:26:14 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
jaycin@comcast.net][Date Wed, 1 Dec 2004 20:26:26 -0500]/UNNAMED/letter43.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
jaycin@comcast.net][Date Wed, 1 Dec 2004 20:26:26 -0500]/UNNAMED/letter43.zip Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
jaycin@comcast.net][Date Wed, 1 Dec 2004 20:26:26 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
o@giraffe.xyzdns.net][Date Fri, 3 Dec 2004 08:12:11 -0500]/UNNAMED/document.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
o@giraffe.xyzdns.net][Date Fri, 3 Dec 2004 08:12:11 -0500]/UNNAMED/document.zip Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
o@giraffe.xyzdns.net][Date Fri, 3 Dec 2004 08:12:11 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
e-30@giraffe.xyzdns.net][Date Fri, 3 Dec 2004 10:13:14 -0500]/document.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
e-30@giraffe.xyzdns.net][Date Fri, 3 Dec 2004 10:13:14 -0500]/document.zip Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
mguilbert@earthlink.net][Date Fri, 3 Dec 2004 10:01:12 -0800]/UNNAMED/Data.zip/Data.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
mguilbert@earthlink.net][Date Fri, 3 Dec 2004 10:01:12 -0800]/UNNAMED/Data.zip Infected: Email-Worm.Win32.NetSky.aa skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
mguilbert@earthlink.net][Date Fri, 3 Dec 2004 10:01:12 -0800]/UNNAMED Infected: Email-Worm.Win32.NetSky.aa skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
malebranchs@telcordia.com][Date Sat, 4 Dec 2004 12:13:55 -0500]/postcard.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
malebranchs@telcordia.com][Date Sat, 4 Dec 2004 12:13:55 -0500]/postcard.zip Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
mailer-daemon@giraffe.xyzdns.net][Date Mon, 6 Dec 2004 09:24:23 -0500]/UNNAMED/document.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
mailer-daemon@giraffe.xyzdns.net][Date Mon, 6 Dec 2004 09:24:23 -0500]/UNNAMED/document.zip Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
mailer-daemon@giraffe.xyzdns.net][Date Mon, 6 Dec 2004 09:24:23 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
john@gohelios.com][Date Mon, 6 Dec 2004 09:24:45 -0500]/UNNAMED/id09509_imso.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
john@gohelios.com][Date Mon, 6 Dec 2004 09:24:45 -0500]/UNNAMED/id09509_imso.zip Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
john@gohelios.com][Date Mon, 6 Dec 2004 09:24:45 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
e1cn9ki-0005o5-iv@giraffe.xyzdns.net][Date Mon, 6 Dec 2004 10:03:38 -0500]/UNNAMED/your_doc.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
e1cn9ki-0005o5-iv@giraffe.xyzdns.net][Date Mon, 6 Dec 2004 10:03:38 -0500]/UNNAMED/your_doc.zip Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
e1cn9ki-0005o5-iv@giraffe.xyzdns.net][Date Mon, 6 Dec 2004 10:03:38 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
-00007w-09@giraffe.xyzdns.net][Date Mon, 6 Dec 2004 10:04:06 -0500]/UNNAMED/priv.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
-00007w-09@giraffe.xyzdns.net][Date Mon, 6 Dec 2004 10:04:06 -0500]/UNNAMED/priv.zip Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
-00007w-09@giraffe.xyzdns.net][Date Mon, 6 Dec 2004 10:04:06 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
hucakrisda@hotmail.com][Date Mon, 6 Dec 2004 12:08:03 -0500]/UNNAMED/document_orders.exe Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
hucakrisda@hotmail.com][Date Mon, 6 Dec 2004 12:08:03 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From noreply@help][Date Mon, 6 Dec 2004 12:08:13 -0500]/UNNAMED/details.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From noreply@help][Date Mon, 6 Dec 2004 12:08:13 -0500]/UNNAMED/details.zip Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From noreply@help][Date Mon, 6 Dec 2004 12:08:13 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
valerie1516@yahoo.com][Date Mon, 6 Dec 2004 12:08:17 -0500]/UNNAMED/details.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
valerie1516@yahoo.com][Date Mon, 6 Dec 2004 12:08:17 -0500]/UNNAMED/details.zip Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
valerie1516@yahoo.com][Date Mon, 6 Dec 2004 12:08:17 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
reinhold@islandsuntimes.com][Date Wed, 1 Dec 2004 18:53:23 -0500]/UNNAMED/document_imso.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
reinhold@islandsuntimes.com][Date Wed, 1 Dec 2004 18:53:23 -0500]/UNNAMED/document_imso.zip Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
reinhold@islandsuntimes.com][Date Wed, 1 Dec 2004 18:53:23 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
abuse@gov.us][Date Tue, 7 Dec 2004 08:44:02 -0500]/UNNAMED/details.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
abuse@gov.us][Date Tue, 7 Dec 2004 08:44:02 -0500]/UNNAMED/details.zip Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
abuse@gov.us][Date Tue, 7 Dec 2004 08:44:02 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
x@giraffe.xyzdns.net][Date Tue, 7 Dec 2004 08:44:16 -0500]/UNNAMED/websites01.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
x@giraffe.xyzdns.net][Date Tue, 7 Dec 2004 08:44:16 -0500]/UNNAMED/websites01.zip Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx/[From
x@giraffe.xyzdns.net][Date Tue, 7 Dec 2004 08:44:16 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Mook.dbx Mail MS Outlook 5: infected - 78 skipped
D:\XOutlook Express2_off_060904\Mortgage_Direct-Gold (1).dbx/[From "Tyana" <tyana@direct-gold.com>][Date Tue, 11 May 2004 23:30:59 -0500]/UNNAMED/Loves_money.vbs Infected: Email-Worm.Win32.Bagle.z skipped
D:\XOutlook Express2_off_060904\Mortgage_Direct-Gold (1).dbx/[From "Tyana" <tyana@direct-gold.com>][Date Tue, 11 May 2004 23:30:59 -0500]/UNNAMED Infected: Email-Worm.Win32.Bagle.z skipped
D:\XOutlook Express2_off_060904\Mortgage_Direct-Gold (1).dbx Mail MS Outlook 5: infected - 2 skipped
D:\XOutlook Express2_off_060904\Company2 (1).dbx/[From
renigade@mediaone.net][Date Mon, 28 Aug 2006 09:02:44 -0500]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\XOutlook Express2_off_060904\Company2 (1).dbx/[From
renigade@mediaone.net][Date Mon, 28 Aug 2006 09:02:44 -0500]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\XOutlook Express2_off_060904\Company2 (1).dbx/[From
renigade@mediaone.net][Date Mon, 28 Aug 2006 09:02:44 -0500]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Company2 (1).dbx/[From
renigade@mediaone.net][Date Mon, 28 Aug 2006 09:02:44 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Company2 (1).dbx/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Mon, 28 Aug 2006 09:42:10 -0500]/UNNAMED/id04009.txt Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Company2 (1).dbx/[From 0.3 NO_REAL_NAME From: does not include a real name][Date Mon, 28 Aug 2006 09:42:10 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Company2 (1).dbx/[From 0.2 NO_REAL_NAME From: does not include a real name][Date Tue, 29 Aug 2006 09:30:57 -0500]/UNNAMED/website.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Company2 (1).dbx/[From 0.2 NO_REAL_NAME From: does not include a real name][Date Tue, 29 Aug 2006 09:30:57 -0500]/UNNAMED/website.zip Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Company2 (1).dbx/[From 0.2 NO_REAL_NAME From: does not include a real name][Date Tue, 29 Aug 2006 09:30:57 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Company2 (1).dbx/[From 1.0 FROM_ENDS_IN_NUMS From: ends in numbers][Date Tue, 29 Aug 2006 09:31:07 -0500]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\XOutlook Express2_off_060904\Company2 (1).dbx/[From 1.0 FROM_ENDS_IN_NUMS From: ends in numbers][Date Tue, 29 Aug 2006 09:31:07 -0500]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
D:\XOutlook Express2_off_060904\Company2 (1).dbx/[From 1.0 FROM_ENDS_IN_NUMS From: ends in numbers][Date Tue, 29 Aug 2006 09:31:07 -0500]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Company2 (1).dbx/[From 1.0 FROM_ENDS_IN_NUMS From: ends in numbers][Date Tue, 29 Aug 2006 09:31:07 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\Company2 (1).dbx Mail MS Outlook 5: infected - 9, suspicious - 4 skipped
D:\XOutlook Express2_off_060904\sw_2004.dbx/[From <stay@treedimensions.co.nz>][Date Sun, 14 Nov 2004 14:48:46 +0200]/UNNAMED/creme_de_gruyere.zip/creme_de_gruyere.jpg .scr Infected: Email-Worm.Win32.Mabutu.a skipped
D:\XOutlook Express2_off_060904\sw_2004.dbx/[From <stay@treedimensions.co.nz>][Date Sun, 14 Nov 2004 14:48:46 +0200]/UNNAMED/creme_de_gruyere.zip Infected: Email-Worm.Win32.Mabutu.a skipped
D:\XOutlook Express2_off_060904\sw_2004.dbx/[From <stay@treedimensions.co.nz>][Date Sun, 14 Nov 2004 14:48:46 +0200]/UNNAMED Infected: Email-Worm.Win32.Mabutu.a skipped
D:\XOutlook Express2_off_060904\sw_2004.dbx/[From
imso@Company5.com][Date Thu, 3 Jun 2004 09:04:46 -0400]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\sw_2004.dbx/[From
imso@Company5.com][Date Thu, 3 Jun 2004 09:04:46 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
D:\XOutlook Express2_off_060904\sw_2004.dbx Mail MS Outlook 5: infected - 5 skipped
F:\FTPServer\back-up\ftpserver-v1.8-040119.zip/FTPServer.exe Infected: not-a-virus:Server-FTP.Win32.FileZilla.a skipped
F:\FTPServer\back-up\ftpserver-v1.8-040119.zip ZIP: infected - 1 skipped
F:\FTPServer\back-up\FTPServer.exe Infected: not-a-virus:Server-FTP.Win32.FileZilla.a skipped
F:\FTPServer\ftptrace.txt Object is locked skipped
F:\FTPServer\Old Servers & Logs\ftpserver-v1.8-040119.zip/FTPServer.exe Infected: not-a-virus:Server-FTP.Win32.FileZilla.a skipped
F:\FTPServer\Old Servers & Logs\ftpserver-v1.8-040119.zip ZIP: infected - 1 skipped
F:\Program Files\1st Class Mail Server\Company1.com\Store\general.mmb Object is locked skipped
F:\Program Files\1st Class Mail Server\Company1.com\Store\info.mmb Object is locked skipped
F:\Program Files\1st Class Mail Server\Company1.com\Store\mark.mmb/[From
support@ebay.com][Date Mon, 7 Aug 2006 04:05:11 +0180]/html Infected: Trojan-Spy.HTML.Bayfraud.kx skipped
F:\Program Files\1st Class Mail Server\Company1.com\Store\mark.mmb Mail: infected - 1 skipped
F:\Program Files\1st Class Mail Server\Company1.com\Store\xx_general.mmb/[From "Automatic Email Delivery Software" <postmaster@Company1.com>][Date Sat, 12 Aug 2006 05:20:50 -0400]/UNNAMED/Company1.com Infected: Email-Worm.Win32.Mydoom.m skipped
F:\Program Files\1st Class Mail Server\Company1.com\Store\xx_general.mmb/[From "Automatic Email Delivery Software" <postmaster@Company1.com>][Date Sat, 12 Aug 2006 05:20:50 -0400]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m skipped
F:\Program Files\1st Class Mail Server\Company1.com\Store\xx_general.mmb/[From
nakts@latnet.lv][Date Sat, 12 Aug 2006 12:14:38 -0400]/UNNAMED/Company1.com Infected: Email-Worm.Win32.Mydoom.m skipped
F:\Program Files\1st Class Mail Server\Company1.com\Store\xx_general.mmb/[From
nakts@latnet.lv][Date Sat, 12 Aug 2006 12:14:38 -0400]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m skipped
F:\Program Files\1st Class Mail Server\Comapny1.com\Store\xx_general.mmb Mail: infected - 4 skipped
F:\Program Files\1st Class Mail Server_ZZ\logfiles\1cislog09112006.txt Object is locked skipped
F:\Program Files\Apache Group\Apache\logs\access.log Object is locked skipped
F:\Program Files\Apache Group\Apache\logs\error.log Object is locked skipped
F:\Program Files\Copy of 1st Class Mail Server\Company1.com\Store\general.mmb/[From "Automatic Email Delivery Software" <postmaster@Comapny1.com>][Date Sat, 12 Aug 2006 05:20:50 -0400]/UNNAMED/Company1.com Infected: Email-Worm.Win32.Mydoom.m skipped
F:\Program Files\Copy of 1st Class Mail Server\Company1.com\Store\general.mmb/[From "Automatic Email Delivery Software" <postmaster@Company1.com>][Date Sat, 12 Aug 2006 05:20:50 -0400]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m skipped
F:\Program Files\Copy of 1st Class Mail Server\Company1.com\Store\general.mmb/[From
nakts@latnet.lv][Date Sat, 12 Aug 2006 12:14:38 -0400]/UNNAMED/Company1.com Infected: Email-Worm.Win32.Mydoom.m skipped
F:\Program Files\Copy of 1st Class Mail Server\Company1.com\Store\general.mmb/[From
nakts@latnet.lv][Date Sat, 12 Aug 2006 12:14:38 -0400]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m skipped
F:\Program Files\Copy of 1st Class Mail Server\Company1.com\Store\general.mmb Mail: infected - 4 skipped
F:\Program Files\Copy of 1st Class Mail Server\Comapnay1.com\Store\mark.mmb/[From
phiferb@ten-nash.ten.k12.tn.us][Date Tue, 29 Aug 2006 09:30:57 -0500]/UNNAMED/website.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
F:\Program Files\Copy of 1st Class Mail Server\Company1.com\Store\mark.mmb/[From
phiferb@ten-nash.ten.k12.tn.us][Date Tue, 29 Aug 2006 09:30:57 -0500]/UNNAMED/website.zip Infected: Email-Worm.Win32.NetSky.q skipped
F:\Program Files\Copy of 1st Class Mail Server\Company1.com\Store\mark.mmb/[From
phiferb@ten-nash.ten.k12.tn.us][Date Tue, 29 Aug 2006 09:30:57 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
F:\Program Files\Copy of 1st Class Mail Server\Company1.com\Store\mark.mmb/[From
phiferb@ten-nash.ten.k12.tn.us][Date Tue, 29 Aug 2006 09:30:57 -0500]/UNNAMED/website.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
F:\Program Files\Copy of 1st Class Mail Server\Company1.com\Store\mark.mmb/[From
phiferb@ten-nash.ten.k12.tn.us][Date Tue, 29 Aug 2006 09:30:57 -0500]/UNNAMED/website.zip Infected: Email-Worm.Win32.NetSky.q skipped
F:\Program Files\Copy of 1st Class Mail Server\Company1.com\Store\mark.mmb/[From
phiferb@ten-nash.ten.k12.tn.us][Date Tue, 29 Aug 2006 09:30:57 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
F:\Program Files\Copy of 1st Class Mail Server\Company1.com\Store\mark.mmb/[From
support@ebay.com][Date Mon, 7 Aug 2006 04:05:11 +0180]/html Infected: Trojan-Spy.HTML.Bayfraud.kx skipped
F:\Program Files\Copy of 1st Class Mail Server\Company1.com\Store\mark.mmb Mail: infected - 7 skipped
F:\Program Files\x1st Class Mail Server\Company1.com\Store\general.mmb/[From "Automatic Email Delivery Software" <postmaster@Company1.com>][Date Sat, 12 Aug 2006 05:20:50 -0400]/UNNAMED/Company1.com Infected: Email-Worm.Win32.Mydoom.m skipped
F:\Program Files\x1st Class Mail Server\Company1.com\Store\general.mmb/[From "Automatic Email Delivery Software" <postmaster@Company1.com>][Date Sat, 12 Aug 2006 05:20:50 -0400]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m skipped
F:\Program Files\x1st Class Mail Server\Company1.com\Store\general.mmb/[From
nakts@latnet.lv][Date Sat, 12 Aug 2006 12:14:38 -0400]/UNNAMED/Company1.com Infected: Email-Worm.Win32.Mydoom.m skipped
F:\Program Files\x1st Class Mail Server\Company1.com\Store\general.mmb/[From
nakts@latnet.lv][Date Sat, 12 Aug 2006 12:14:38 -0400]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m skipped
F:\Program Files\x1st Class Mail Server\Company1.com\Store\general.mmb Mail: infected - 4 skipped
Scan process completed.
=================
Logfile of HijackThis v1.99.1
Scan saved at 1:02:15 PM, on 9/11/06
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\spoolss.exe
F:\PROGRA~1\1STCLA~1\inetmail.exe
C:\WINNT\System32\nddeagnt.exe
C:\WINNT\Explorer.EXE
F:\Program Files\Apache Group\Apache\Apache.exe
F:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\WINNT\System32\loadwc.exe
C:\WINNT\System32\atiptaxx.exe
F:\Program Files\Apache Group\Apache\Apache.exe
F:\PROGRA~1\NavNT\vptray.exe
F:\PROGRA~1\Grisoft\AVG7\avgcc.exe
F:\Program Files\TrojanHunter 4.6\THGuard.exe
F:\Program Files\RFA\rfagent.exe
F:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
F:\mookmail_quickmerge\Queued_E-Mail_Poller.EXE
F:\FTPServer\FTPServer.exe
F:\LaunchPad\lnchpd32.exe
F:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\System32\LOCATOR.EXE
C:\WINNT\system32\RpcSs.exe
F:\Program Files\Simple DNS Plus\sdnsmain.exe
c:\winnt\system32\pstores.exe
C:\WINNT\system32\MSTask.exe
F:\SysInternals\Process Explorer v6.03\procexp.exe
F:\Program Files\Simple DNS Plus\sdnsgui.exe
D:\Program Files\No Spam Today!\noSPAMtoday.exe
F:\Program Files\NavNT\rtvscan.exe
C:\WINNT\System32\MsgSys.EXE
C:\hjt\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.msnbc.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Simple DNS Plus] F:\Program Files\Simple DNS Plus\sdnsplus.exe -s
O4 - HKLM\..\Run: [SvW NT4Logon] "F:\Program Files\SvW NT4Logon\SvW NT4Logon.exe" NoUserInput
O4 - HKLM\..\Run: [vptray] F:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [THGuard] "F:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [rfagent] "F:\Program Files\RFA\rfagent.exe"
O4 - Startup: Queued_E-Mail_Poller.EXE.lnk = F:\mookmail_quickmerge\Queued_E-Mail_Poller.EXE
O4 - Startup: Quick'n Easy FTP Server.lnk = F:\FTPServer\FTPServer.exe
O4 - Startup: Restore 'layout1.sl'.lnk = F:\Program Files\PACT Save Layout\sl.exe
O4 - Startup: lnchpd32.exe.lnk = F:\LaunchPad\lnchpd32.exe
O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\PROGRA~1\Plus!\MICROS~1\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O15 - Trusted Zone:
http://www.kaspersky.com
O15 - Trusted Zone:
http://www.msnbc.msn.com
O15 - Trusted Zone:
http://www.techsupportforum.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -
http://ax.emsisoft.com/asquared.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4846/mcfscan.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 198.6.1.2 198.6.100.53
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 198.6.1.2 198.6.100.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 198.6.1.2 198.6.100.53
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: 1st Class Mail Server (1cms) - Unknown owner - F:\PROGRA~1\1STCLA~1\\inetmail.exe
O23 - Service: Apache Server (ApacheServer) - Unknown owner - F:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - F:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: DefWatch - Symantec Corporation - F:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - F:\Program Files\NavNT\rtvscan.exe
O23 - Service: Norton SpeedDisk - Unknown owner - F:\PROGRA~1\NORTON~1\System\SDSRV.EXE
O23 - Service: No Spam Today! Service (NoSpamTodayService) - Unknown owner - D:\Program Files\No Spam Today!\noSPAMtoday.exe
O23 - Service: Simple DNS Plus (sdnsplus) - JH Software - F:\Program Files\Simple DNS Plus\sdnsmain.exe