Help, my computer has been hijacked!

Cookie Monster · 11-25-2007, 01:34 PM

This is a PC running Windows XP Pro sp2 and Norton Antivirus 2005.
Something took over this computer and expired my Norton AV subscription even though there is still 8 or 9 months left to it. I tried reactivating Norton once but it lasted all but 30 seconds and expired again. The culprits have also hijacked my browser and installed a toolbar titled "Security Toolbar 7.1" which states I have a security level of 4 out of 10. Popups keep telling me I have a virus and ask me to click Okay if I want to download antivirus software to remove it. Can someone help?

Incident Status Location

Spyware:Spyware/Virtumonde Not disinfected C:\windows\system32\obxvrmxk.dll
Adware:Adware/Yazzle Not disinfected c:\windows\mrofinu1188.exe
Spyware:Spyware/Virtumonde Not disinfected C:\windows\system32\bqirdjtw.exe
Spyware:Spyware/Virtumonde Not disinfected C:\windows\system32\eorkllwp.dll
Spyware:Spyware/Virtumonde Not disinfected C:\windows\system32\vvwaubit.dll
Spyware:Spyware/Vundo Not disinfected C:\windows\system32\nnnopom.dll
Spyware:Spyware/Virtumonde Not disinfected C:\windows\system32\mstnpjjt.dll
Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
Potentially unwanted tool:application/myglobalsearch Not disinfected c:\program files\MyGlobalSearch
Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Adware:adware/ist.istbar Not disinfected Windows Registry
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Dan the Man\Cookies\dan the man@247realmedia[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Dan the Man\Cookies\dan the man@adrevolver[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Dan the Man\Cookies\dan the man@adrevolver[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Dan the Man\Cookies\dan the man@ads.pointroll[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Dan the Man\Cookies\dan the man@adserver.easyad[1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Dan the Man\Cookies\dan the man@adultfriendfinder[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Dan the Man\Cookies\dan the man@advertising[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Dan the Man\Cookies\dan the man@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Dan the Man\Cookies\dan the man@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Dan the Man\Cookies\dan the man@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Dan the Man\Cookies\dan the man@azjmp[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Dan the Man\Cookies\dan the man@bs.serving-sys[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Dan the Man\Cookies\dan the man@ccbill[1].txt
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Dan the Man\Cookies\dan the man@citi.bridgetrack[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Dan the Man\Cookies\dan the man@com[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Dan the Man\Cookies\dan the man@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Dan the Man\Cookies\dan the man@fastclick[2].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Dan the Man\Cookies\dan the man@findwhat[1].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Dan the Man\Cookies\dan the man@hc2.humanclick[2].txt
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Dan the Man\Cookies\dan the man@hotlog[1].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Dan the Man\Cookies\dan the man@landing.domainsponsor[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Dan the Man\Cookies\dan the man@overture[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Dan the Man\Cookies\dan the man@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Dan the Man\Cookies\dan the man@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Dan the Man\Cookies\dan the man@realmedia[1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Dan the Man\Cookies\dan the man@revenue[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Dan the Man\Cookies\dan the man@searchportal.information[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Dan the Man\Cookies\dan the man@server.iad.liveperson[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Dan the Man\Cookies\dan the man@serving-sys[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Dan the Man\Cookies\dan the man@statcounter[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Dan the Man\Cookies\dan the man@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Dan the Man\Cookies\dan the man@tribalfusion[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Dan the Man\Cookies\dan the man@www.burstbeacon[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Dan the Man\Cookies\dan the man@xiti[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Dan the Man\Cookies\dan the man@yadro[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Dan the Man\Cookies\dan the man@zedo[2].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Dan the Man\Desktop\Downloads\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Dan the Man\Desktop\Downloads\ComboFix.exe[nircmd.cfexe]
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Dan the Man\Local Settings\Temp\jvyqgatw.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Dan the Man\Local Settings\Temp\mofugclq.exe
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Dan the Man\Local Settings\Temp\sbbvtwtc.exe
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Dan the Man\Local Settings\Temporary Internet Files\Content.IE5\MFKZ6LSB\pochki20071106[1]
Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\Dan the Man\Local Settings\Temporary Internet Files\Content.IE5\WT8949KL\mrofinu[1].zip[mrofinu.exe]
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Dan the Man\Shared\us topo mapsource windows Bittorrent downloader.zip[BitDownload fastets Bittorrent downloader.exe]
Virus:Generic Trojan Not disinfected C:\Documents and Settings\Dan the Man\Shared\us topo mapsource windows Bittorrent downloader.zip[BitDownload fastets Bittorrent downloader.exe][sn_minime_1.exe]
Spyware:Cookie/Go Not disinfected C:\Old Files\Dad's Old Computer\DONOTUSE\Cookies\ken leisure@go(1).txt
Spyware:Cookie/Go Not disinfected C:\Old Files\Dad's Old Computer\DONOTUSE\Cookies\ken leisure@go.txt
Spyware:Cookie/Go Not disinfected C:\Old Files\Dad's Old Computer\WINDOWS\Cookies\ken leisure@go[1].txt
Spyware:Cookie/Kount Not disinfected C:\Old Files\Dad's Old Computer\WINDOWS\Cookies\ken leisure@kount[1].txt
Spyware:Cookie/Overture Not disinfected C:\Old Files\Dad's Old Computer\WINDOWS\Cookies\ken leisure@overture[1].txt
Spyware:Cookie/Overture Not disinfected C:\Old Files\Dad's Old Computer\WINDOWS\Cookies\ken leisure@overture[2].txt
Spyware:Cookie/Overture Not disinfected C:\Old Files\Dad's Old Computer\WINDOWS\Cookies\ken leisure@overture[3].txt
Spyware:Cookie/Overture Not disinfected C:\Old Files\Dad's Old Computer\WINDOWS\Cookies\ken leisure@overture[4].txt
Spyware:Cookie/Overture Not disinfected C:\Old Files\Dad's Old Computer\WINDOWS\Cookies\ken leisure@perf.overture[1].txt
Spyware:Cookie/Tickle Not disinfected C:\Old Files\Dad's Old Computer\WINDOWS\Cookies\ken leisure@tickle[1].txt
Spyware:Cookie/Tickle Not disinfected C:\Old Files\Dad's Old Computer\WINDOWS\Cookies\ken leisure@tickle[2].txt
Spyware:Cookie/MyWay Not disinfected C:\Old Files\Dad's Old Computer\WINDOWS\Cookies\ken leisure@www.xzoomy[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Old Files\Previous Gateway Files\FILE00CB.CHK
Adware:Adware/SaveNow Not disinfected C:\Old Files\Program Files\BearShare\Installer\BSINSTALL.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ixemyies.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\lblblemh.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\medaevlo.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\tbexaqcu.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\txrlemhk.exe
Spyware:Cookie/Go Not disinfected H:\Documents and Settings\All Users\Documents\Dad's Old Computer\DONOTUSE\Cookies\ken leisure@go(1).txt
Spyware:Cookie/Go Not disinfected H:\Documents and Settings\All Users\Documents\Dad's Old Computer\DONOTUSE\Cookies\ken leisure@go.txt
Spyware:Cookie/Go Not disinfected H:\Documents and Settings\All Users\Documents\Dad's Old Computer\WINDOWS\Cookies\ken leisure@go[1].txt
Spyware:Cookie/Kount Not disinfected H:\Documents and Settings\All Users\Documents\Dad's Old Computer\WINDOWS\Cookies\ken leisure@kount[1].txt
Spyware:Cookie/Overture Not disinfected H:\Documents and Settings\All Users\Documents\Dad's Old Computer\WINDOWS\Cookies\ken leisure@overture[1].txt
Spyware:Cookie/Overture Not disinfected H:\Documents and Settings\All Users\Documents\Dad's Old Computer\WINDOWS\Cookies\ken leisure@overture[2].txt
Spyware:Cookie/Overture Not disinfected H:\Documents and Settings\All Users\Documents\Dad's Old Computer\WINDOWS\Cookies\ken leisure@overture[3].txt
Spyware:Cookie/Overture Not disinfected H:\Documents and Settings\All Users\Documents\Dad's Old Computer\WINDOWS\Cookies\ken leisure@overture[4].txt
Spyware:Cookie/Overture Not disinfected H:\Documents and Settings\All Users\Documents\Dad's Old Computer\WINDOWS\Cookies\ken leisure@perf.overture[1].txt
Spyware:Cookie/Tickle Not disinfected H:\Documents and Settings\All Users\Documents\Dad's Old Computer\WINDOWS\Cookies\ken leisure@tickle[1].txt
Spyware:Cookie/Tickle Not disinfected H:\Documents and Settings\All Users\Documents\Dad's Old Computer\WINDOWS\Cookies\ken leisure@tickle[2].txt
Spyware:Cookie/MyWay Not disinfected H:\Documents and Settings\All Users\Documents\Dad's Old Computer\WINDOWS\Cookies\ken leisure@www.xzoomy[1].txt
Spyware:Cookie/Tribalfusion Not disinfected H:\Documents and Settings\All Users\Documents\Previous Gateway Files\FILE00CB.CHK
Adware:Adware/SaveNow Not disinfected H:\Documents and Settings\All Users\Documents\Program Files\BearShare\Installer\BSINSTALL.exe
Potentially unwanted tool:Application/KillApp.B Not disinfected H:\hp\bin\KillIt.exe
Virus:Generic Malware Disinfected H:\Program Files\BearShare\Installer\BSInstall5.2.1.2.exe

Deckard's System Scanner v20070905.67
Run by Dan the Man on 2007-11-25 14:11:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 511 MiB (512 MiB recommended).

-- HijackThis (run as Dan the Man.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:13:47 PM, on 11/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\windows\system32\bqirdjtw.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\windows\system32\igfxtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\hkcmd.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\windows\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\windows\system32\taskmgr.exe
C:\windows\mrofinu.exe
C:\Documents and Settings\Dan the Man\Desktop\Downloads\dss.exe
C:\DOCUME~1\DANTHE~1\Desktop\DOWNLO~1\DANTHE~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://defendingyourfaith.org/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {b474b19f-b32e-1b49-24a4-91d679ce8f74} - {47f8ec97-6d19-4a42-94b1-e23bf91b474b} - C:\windows\system32\hiotoytu.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\windows\system32\mstnpjjt.dll
O2 - BHO: (no name) - {BCC73622-F72D-4277-803C-D65565A0947F} - C:\windows\system32\nnnopom.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D3EED661-33CB-4FB3-83A7-537DF135C495} - C:\windows\system32\yayxw.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\windows\system32\mstnpjjt.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [user bib mp3 plan] C:\Documents and Settings\All Users\Application Data\Amok Copy User Bib\great bind.exe
O4 - HKLM\..\Run: [JUMP RECT SAVE PLAN] C:\Documents and Settings\All Users\Application Data\bags amen plan amok\1 Help Debug.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [runner1] C:\windows\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD325762E902BC9ED7286138F77F0F2CAD4EA481EF7F506DCD610837F810EBCA9D775A67
O4 - HKLM\..\Run: [Host Process] C:\windows\Fonts\svchost.exe
O4 - HKLM\..\Run: [c40b9bcf] rundll32.exe "C:\windows\system32\nrauutat.dll",b
O4 - HKCU\..\Run: [interrdr] C:\DOCUME~1\DANTHE~1\APPLIC~1\BROWSE~1\live close pile.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1146072999566
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D3D83E08-54D1-4E9D-8EAF-9F979D139294} (MaxisSimCityScapeTeleX Control) - http://simcity.ea.com/scape/teleport...ScapeTeleX.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O20 - Winlogon Notify: mstnpjjt - C:\windows\SYSTEM32\mstnpjjt.dll
O20 - Winlogon Notify: nnnopom - C:\windows\SYSTEM32\nnnopom.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DomainService - - C:\windows\system32\bqirdjtw.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8911 bytes

-- Files created between 2007-10-25 and 2007-11-25 -----------------------------

2007-11-25 14:09:08 79936 --a------ C:\windows\system32\hiotoytu.dll
2007-11-25 14:08:42 85056 --a------ C:\windows\system32\nrauutat.dll
2007-11-25 14:08:36 71232 --a------ C:\windows\system32\enbeexia.exe <Not Verified; ; DDC>
2007-11-25 14:08:18 71232 --a------ C:\windows\system32\jxocxnbi.exe <Not Verified; ; DDC>
2007-11-24 13:45:03 79936 --a------ C:\windows\system32\tvwpgfmh.dll
2007-11-24 13:44:18 85056 -----n--- C:\windows\system32\obxvrmxk.dll
2007-11-24 13:43:21 71232 --a------ C:\windows\system32\txrlemhk.exe <Not Verified; ; DDC>
2007-11-22 21:54:31 0 d-------- C:\Program Files\CCleaner
2007-11-22 21:53:17 85056 -----n--- C:\windows\system32\eorkllwp.dll
2007-11-22 21:53:11 79936 --a------ C:\windows\system32\krfswwxw.dll
2007-11-17 19:03:00 71232 --a------ C:\windows\system32\ixemyies.exe <Not Verified; ; DDC>
2007-11-16 18:05:54 79936 --a------ C:\windows\system32\uuattdjf.dll
2007-11-16 18:05:50 85056 -----n--- C:\windows\system32\vvwaubit.dll
2007-11-16 18:05:38 71232 --a------ C:\windows\system32\tbexaqcu.exe <Not Verified; ; DDC>
2007-11-16 00:43:27 436924 ---hs---- C:\windows\system32\wxyay.ini2
2007-11-15 16:15:51 0 d-------- C:\windows\system32\ActiveScan
2007-11-15 14:30:30 15 --a------ C:\windows\system32\c40b8941
2007-11-14 17:01:28 85056 --a------ C:\windows\system32\lblblemh.dll
2007-11-14 16:58:34 79424 --a------ C:\windows\system32\fvqetudd.dll
2007-11-14 16:57:52 35840 -ra------ C:\windows\mrofinu1188.exe
2007-11-14 15:57:54 79424 --a------ C:\windows\system32\lcbscxor.dll
2007-11-14 15:54:51 85056 --a------ C:\windows\system32\medaevlo.dll
2007-11-14 15:50:55 145984 --a------ C:\windows\system32\mstnpjjt.dll
2007-11-14 15:46:21 71232 --a------ C:\windows\system32\bqirdjtw.exe <Not Verified; ; DDC>
2007-11-14 15:38:01 36352 --a------ C:\windows\system32\nnnmnkj.dll
2007-11-14 15:22:53 79424 --a------ C:\windows\system32\jgbuqvrt.dll
2007-11-14 15:21:00 0 --a------ C:\Documents and Settings\Dan the Man\x.dat
2007-11-14 15:19:54 2152 --a------ C:\Documents and Settings\Dan the Man\z.dat
2007-11-10 08:13:29 433840 --ahs---- C:\windows\system32\wxyay.bak2
2007-11-08 20:12:05 445604 ---hs---- C:\windows\system32\wxyay.bak1
2007-11-08 20:09:01 316000 --a------ C:\windows\system32\yayxw.dll
2007-11-08 20:07:15 147456 --a------ C:\windows\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2007-11-08 20:04:08 134 --a------ C:\n.bat
2007-11-08 20:03:51 35328 --a------ C:\windows\system32\nnnopom.dll
2007-11-08 20:03:48 0 --a------ C:\x.dat
2007-11-08 20:03:33 0 --a------ C:\z.dat
2007-11-08 20:02:11 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-01 21:55:55 0 d-------- C:\Program Files\InterActual
2007-11-01 21:28:28 0 d-------- C:\Program Files\DIFX

-- Find3M Report ---------------------------------------------------------------

2007-11-25 03:30:37 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-24 19:01:02 0 d-------- C:\Program Files\QuickTime
2007-11-24 19:00:17 0 d-------- C:\Program Files\Norton AntiVirus
2007-11-24 18:49:28 0 d-------- C:\Program Files\iTunes
2007-11-24 18:48:14 0 d-------- C:\Program Files\Common Files\Teleca Shared
2007-11-22 21:48:27 0 d-------- C:\Program Files\Common Files
2007-11-22 21:17:08 0 d-------- C:\Documents and Settings\Dan the Man\Application Data\U3
2007-11-14 21:33:26 0 d-------- C:\Documents and Settings\Dan the Man\Application Data\LimeWire
2007-11-14 21:30:19 0 d-------- C:\Program Files\LimeWire
2007-10-24 23:10:23 0 d-------- C:\Documents and Settings\Dan the Man\Application Data\DivX
2007-10-24 23

49 0 d-------- C:\Program Files\DivX
2007-10-19 20:20:12 0 d-------- C:\Documents and Settings\Dan the Man\Application Data\Wal-Mart Digital Photo Manager
2007-10-19 20:19:54 0 d-------- C:\Program Files\Common Files\HP
2007-10-19 20:19:49 0 d-------- C:\Program Files\Wal-Mart
2007-10-19 20:18:53 0 d-------- C:\Documents and Settings\Dan the Man\Application Data\Wal-Mart Digital Photo Viewer
2007-09-28 09:07:52 3596288 --a------ C:\windows\system32\qt-dx331.dll
2007-09-28 09:05:50 196608 --a------ C:\windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-09-28 09:05:50 81920 --a------ C:\windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-09-28 09:05:40 802816 --a------ C:\windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-09-28 09:05:40 823296 --a------ C:\windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-28 09:05:40 823296 --a------ C:\windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-28 09:05:40 739840 --a------ C:\windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-28 09:05:08 12288 --a------ C:\windows\system32\DivXWMPExtType.dll

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47f8ec97-6d19-4a42-94b1-e23bf91b474b}]
11/25/2007 02:09 PM 79936 --a------ C:\windows\system32\hiotoytu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
11/14/2007 03:50 PM 145984 --a------ C:\windows\system32\mstnpjjt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCC73622-F72D-4277-803C-D65565A0947F}]
11/08/2007 08:03 PM 35328 --a------ C:\windows\system32\nnnopom.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D3EED661-33CB-4FB3-83A7-537DF135C495}]
11/08/2007 08:09 PM 316000 --a------ C:\windows\system32\yayxw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\windows\system32\mstnpjjt.dll [11/14/2007 03:50 PM 145984]

[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [11/15/2001 10:00 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 10:46 PM]
"@"="" []
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [10/26/2005 05:17 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/2007 09:54 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/14/2007 06:05 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 03:00 AM]
"KernelFaultCheck"="C:\windows\system32\dumprep 0 -k" []
"IgfxTray"="C:\windows\system32\igfxtray.exe" [08/07/2001 11:25 PM]
"HotKeysCmds"="C:\windows\system32\hkcmd.exe" [08/07/2001 10:36 PM]
"user bib mp3 plan"="C:\Documents and Settings\All Users\Application Data\Amok Copy User Bib\great bind.exe" [11/15/2007 03:50 PM]
"JUMP RECT SAVE PLAN"="C:\Documents and Settings\All Users\Application Data\bags amen plan amok\1 Help Debug.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 04:32 PM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [08/20/2007 10:53 AM]
"runner1"="C:\windows\mrofinu1188.exe" [11/23/2007 12:14 PM]
"Host Process"="C:\windows\Fonts\svchost.exe" []
"c40b9bcf"="C:\windows\system32\nrauutat.dll" [11/25/2007 02:08 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"interrdr"="C:\DOCUME~1\DANTHE~1\APPLIC~1\BROWSE~1\live close pile.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [05/31/2005 12:04 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/31/2006 11:58:14 AM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 1:05:56 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BCC73622-F72D-4277-803C-D65565A0947F}"= C:\windows\system32\nnnopom.dll [11/08/2007 08:03 PM 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mstnpjjt]
mstnpjjt.dll 11/14/2007 03:50 PM 145984 C:\WINDOWS\system32\mstnpjjt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnopom]
nnnopom.dll 11/08/2007 08:03 PM 35328 C:\WINDOWS\system32\nnnopom.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\windows\system32\yayxw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"BearShare"="C:\Program Files\BearShare\BearShare.exe" /pause

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf8b1cb4-8ff9-11db-a2f6-0001032879e4}]
AutoRun\command- J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf8b1cb5-8ff9-11db-a2f6-0001032879e4}]
AutoRun\command- K:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db054670-cb41-11da-a28c-806d6172696f}]
AutoRun\command- C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

-- End of Deckard's System Scanner: finished at 2007-11-25 14:15:13 ------------

**Glaswegian** · 11-27-2007, 01:44 PM

Hi and welcome to the Security Forum.

Apologies for any delay in replying, but we have been rather busy lately, and, of course, all our helpers are volunteers.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your log is clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Combofix
Download ComboFix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
See here for a guide to disabling AV, Firewall and Anti-malware programmes.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the log C:\ComboFix.txt along with a fresh HijackThis Log for further review.

NOTE: ComboFix should not take more than 20 minutes to run - this includes the reboot if malware is found. If it does:

Open Task Manager (Ctrl+Alt+Del) and go to the Processes Tab
End any processes called indstr, find, sed or swreg,
ComboFix should now contimue.

Please advise me if you had to end any Processes in this way, and let me know the Process Names.

Do not mouseclick combofix's window whilst it's running. This may cause it to stall.

Cookie Monster · 11-27-2007, 06:05 PM

Iain, Thanks for your help! While I was waiting for someone to respond I came across a post for users self help which had a download link and instructions for the Trojan Vundo called VundoFix.exe. I ran it lastnight and by this morning it had finished. It found 4 files and removed 3 of them, and as per the instructions I re-booted and I am right now running it again during boot-up. Hopefully it will remove the last file in my system32 folder and I will post the info you need as soon as that's done and let you know how it turned out. I ran Panda's ActiveScan before this and if you could believe it, it found and disinfected around 5,000 viruses! It also found around 80 something spyware and 6 rootkits that are still invading. This is a hand-me-down desktop I picked up for my one of my kids to do their homework assignments and surf My Space. Thanks again for responding. Pete

Cookie Monster · 11-27-2007, 08:36 PM

Iain, Thanks for your help! While I was waiting for someone to respond I came across a post for users self help which had a download link and instructions for the Trojan Vundo called VundoFix.exe. I ran it lastnight and by this morning it had finished. It found 4 files and removed 3 of them, and as per the instructions I re-booted and I am right now running it again during boot-up. Hopefully it will remove the last file in my system32 folder and I will post the info you need as soon as that's done and let you know how it turned out. I ran Panda's ActiveScan before this and if you could believe it, it found and disinfected around 5,000 viruses! It also found around 80 something spyware and 6 rootkits that are still invading. This is a hand-me-down desktop I picked up for my one of my kids to do their homework assignments and surf My Space. Thanks again for responding. Pete

**Glaswegian** · 11-28-2007, 01:13 PM

Good to hear.

Combofix will help clear out any stragglers, as Vundo has become rather persistent recently. Don't do anything else for now (apart from Combofix), so that I can see the machine's state from the logs. Then we can clear up whatever may be left.

Cookie Monster · 11-28-2007, 04:45 PM

Iain, I ran ComboFix as instructed. Disabled my Norton AV. When it rebooted the Norton AV restarted stating Mlicious Script Detected with a drop down list of options to perform. I clicked on the drop down list to choose to allow the entire script to run, but as soon as I clicked the drop down box to reveal the list my computer froze. I rebooted because that became my only option. ComboFix did produce a log report. I will send it along with the HijackThis Log.

Cookie Monster · 11-28-2007, 04:53 PM

I hope this will work.

ComboFix 07-11-19.4C - Dan the Man 2007-11-28 16:44:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.71 [GMT -7:00]
Running from: C:\Documents and Settings\Dan the Man\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Dan the Man\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Dan the Man\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Dan the Man\Favorites\Online Security Guide.lnk
C:\Program Files\Common Files\kffz\kffza.exe
C:\Program Files\Common Files\kffz\kffza.lck
C:\Program Files\Common Files\kffz\kffzd\class-barrel
C:\Program Files\Common Files\kffz\kffzd\kffzc.dll
C:\Program Files\Common Files\kffz\kffzd\vocabulary
C:\Program Files\Common Files\kffz\kffzl.exe
C:\Program Files\Common Files\kffz\kffzl.lck
C:\Program Files\Common Files\kffz\kffzm.exe
C:\Program Files\Common Files\kffz\kffzm.lck
C:\Program Files\Common Files\kffz\kffzp.exe
C:\Program Files\inetget2
C:\Program Files\myglobalsearch
C:\Program Files\Words
C:\Program Files\Words\list.txt
C:\Program Files\Words\UnInstall.exe
C:\Program Files\Words\Words.exe
C:\windows\b143.exe
C:\windows\cookies.ini
C:\windows\kffz
C:\windows\kffz\kffz.dat
C:\windows\kffz\wu
C:\windows\mrofinu1188.exe
C:\windows\system32\tsuninst.exe
C:\WINDOWS\system32\wxyay.bak1
C:\WINDOWS\system32\wxyay.bak2
C:\WINDOWS\system32\wxyay.ini
C:\WINDOWS\system32\wxyay.ini2
C:\WINDOWS\system32\wxyay.tmp
C:\windows\system32\yayxw.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-28 )))))))))))))))))))))))))))))))
.

2007-11-26 22:01 <DIR> d-------- C:\VundoFix Backups
2007-11-26 14:12 80,960 --a------ C:\WINDOWS\system32\sgaaghmh.dll
2007-11-26 14:09 780,914 --ahs---- C:\WINDOWS\system32\qcmobqkx.ini
2007-11-26 14:09 71,232 --a------ C:\WINDOWS\system32\blvnuywu.exe
2007-11-25 14:11 <DIR> d-------- C:\Deckard
2007-11-25 14:09 79,936 --a------ C:\WINDOWS\system32\hiotoytu.dll
2007-11-25 14:08 71,232 --a------ C:\WINDOWS\system32\jxocxnbi.exe
2007-11-25 14:08 71,232 --a------ C:\WINDOWS\system32\enbeexia.exe
2007-11-24 13:44 741,850 --ahs---- C:\WINDOWS\system32\kxmrvxbo.ini
2007-11-22 21:54 <DIR> d-------- C:\Program Files\CCleaner
2007-11-22 21:53 741,790 --ahs---- C:\WINDOWS\system32\pwllkroe.ini
2007-11-22 21:53 79,936 --a------ C:\WINDOWS\system32\krfswwxw.dll
2007-11-17 19:03 71,232 --a------ C:\WINDOWS\system32\ixemyies.exe
2007-11-15 16:16 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-11-15 16:16 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-11-15 16:15 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-15 14:30 15 --a------ C:\WINDOWS\system32\c40b8941
2007-11-14 17:01 671,136 --ahs---- C:\WINDOWS\system32\hmelblbl.ini
2007-11-14 17:01 85,056 --a------ C:\WINDOWS\system32\lblblemh.dll
2007-11-14 16:58 79,424 --a------ C:\WINDOWS\system32\fvqetudd.dll
2007-11-14 15:57 79,424 --a------ C:\WINDOWS\system32\lcbscxor.dll
2007-11-14 15:55 671,127 --ahs---- C:\WINDOWS\system32\olveadem.ini
2007-11-14 15:54 85,056 --a------ C:\WINDOWS\system32\medaevlo.dll
2007-11-14 15:46 71,232 --a------ C:\WINDOWS\system32\bqirdjtw.exe
2007-11-14 15:38 36,352 --a------ C:\WINDOWS\system32\nnnmnkj.dll
2007-11-14 15:22 79,424 --a------ C:\WINDOWS\system32\jgbuqvrt.dll
2007-11-14 15:21 0 --a------ C:\Documents and Settings\Dan the Man\x.dat
2007-11-14 15:19 2,152 --a------ C:\Documents and Settings\Dan the Man\z.dat
2007-11-13 16:05 8,454,656 --a------ C:\WINDOWS\system32\SET3C.tmp
2007-11-13 16:05 115,712 --a------ C:\WINDOWS\system32\SET3D.tmp
2007-11-08 20:04 134 --a------ C:\n.bat
2007-11-08 20:03 0 --a------ C:\z.dat
2007-11-08 20:03 0 --a------ C:\x.dat
2007-11-08 20:02 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-01 21:55 <DIR> d-------- C:\Program Files\InterActual
2007-11-01 21:28 <DIR> d-------- C:\Program Files\DIFX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-28 23:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-27 05:01 --------- d-----w C:\Documents and Settings\Dan the Man\Application Data\U3
2007-11-25 02:01 --------- d-----w C:\Program Files\QuickTime
2007-11-25 02:00 --------- d-----w C:\Program Files\Norton AntiVirus
2007-11-25 01:49 --------- d-----w C:\Program Files\iTunes
2007-11-25 01:48 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-11-24 02:15 22 ----a-w C:\WINDOWS\Fonts\zia03516
2007-11-24 02:15 22 ----a-w C:\WINDOWS\Fonts\a.zip
2007-11-15 04:33 --------- d-----w C:\Documents and Settings\Dan the Man\Application Data\LimeWire
2007-11-15 04:30 --------- d-----w C:\Program Files\LimeWire
2007-11-15 00:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-25 06:10 --------- d-----w C:\Documents and Settings\Dan the Man\Application Data\DivX
2007-10-25 06:06 --------- d-----w C:\Program Files\DivX
2007-10-20 03:20 --------- d-----w C:\Documents and Settings\Dan the Man\Application Data\Wal-Mart Digital Photo Manager
2007-10-20 03:19 --------- d-----w C:\Program Files\Wal-Mart
2007-10-20 03:19 --------- d-----w C:\Program Files\Common Files\HP
2007-10-20 03:18 --------- d-----w C:\Documents and Settings\Dan the Man\Application Data\Wal-Mart Digital Photo Viewer
2007-09-28 16:07 9,464 ------w C:\windows\system32\drivers\cdralw2k.sys
2007-09-28 16:07 9,336 ------w C:\windows\system32\drivers\cdr4_xp.sys
2007-09-28 16:07 43,528 ------w C:\windows\system32\drivers\PxHelp20.sys
1998-12-09 02:53 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL
1998-12-09 02:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0cc55c1a-46ea-422c-9fd4-8d62678f1586}]
2007-11-26 14:12 80960 --a------ C:\windows\system32\sgaaghmh.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"interrdr"="C:\DOCUME~1\DANTHE~1\APPLIC~1\BROWSE~1\live close pile.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 00:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-15 10:00]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 18:05]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"IgfxTray"="C:\windows\system32\igfxtray.exe" [2001-08-07 23:25]
"HotKeysCmds"="C:\windows\system32\hkcmd.exe" [2001-08-07 22:36]
"user bib mp3 plan"="C:\Documents and Settings\All Users\Application Data\Amok Copy User Bib\great bind.exe" [2007-11-28 17:03]
"JUMP RECT SAVE PLAN"="C:\Documents and Settings\All Users\Application Data\bags amen plan amok\1 Help Debug.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 16:32]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-08-20 10:53]
"Host Process"="C:\windows\Fonts\svchost.exe" []
"c40b9bcf"="C:\windows\system32\xkqbomcq.dll" []

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:47, on 2007-11-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\windows\system32\igfxtray.exe
C:\windows\system32\hkcmd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\windows\System32\svchost.exe
C:\windows\system32\taskmgr.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Documents and Settings\Dan the Man\Desktop\Downloads\Dan the Man.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://defendingyourfaith.org/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {6851f876-26d8-4df9-c224-ae64a1c55cc0} - {0cc55c1a-46ea-422c-9fd4-8d62678f1586} - C:\windows\system32\sgaaghmh.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [user bib mp3 plan] C:\Documents and Settings\All Users\Application Data\Amok Copy User Bib\great bind.exe
O4 - HKLM\..\Run: [JUMP RECT SAVE PLAN] C:\Documents and Settings\All Users\Application Data\bags amen plan amok\1 Help Debug.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Host Process] C:\windows\Fonts\svchost.exe
O4 - HKLM\..\Run: [c40b9bcf] rundll32.exe "C:\windows\system32\xkqbomcq.dll",b
O4 - HKCU\..\Run: [interrdr] C:\DOCUME~1\DANTHE~1\APPLIC~1\BROWSE~1\live close pile.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1146072999566
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D3D83E08-54D1-4E9D-8EAF-9F979D139294} (MaxisSimCityScapeTeleX Control) - http://simcity.ea.com/scape/teleport...ScapeTeleX.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8030 bytes

**Glaswegian** · 11-29-2007, 01:18 PM

Hi again

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your log is clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

IMPORTANT!

The infection on your system is designed to steal information. This includes all passwords, log ins to Forums such as this one, e-mail details and any online Banking passwords. It is therefore vital that, once cleaned, you contact your Bank or financial institution and inform them that your details have most likely been stolen. You should also find a clean PC and use it to change all passwords.

P2P - I see you have P2P software (i.e. XXX) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. Although the P2P application itself may be 'clean', the files you download may well contain malware. P2P is often used as a method of distributing malware. This page will give you further information.

Downloads
Please Download NoLop to your desktop from here or here

First close any other programs you have running as this will require a reboot
Double click NoLop.exe to run it
Now click the button labelled "Search and Destroy"
<<your computer will now be scanned for infected files>>
When scanning is finished you will be prompted to reboot only if infected, Click OK
Now click the "REBOOT" Button.
A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log

--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program. --

Combofix

Close any open browsers.
Open notepad and copy/paste the text in the box below into it:

Code:

File::
C:\windows\system32\sgaaghmh.dll
C:\windows\system32\qcmobqkx.ini
C:\windows\system32\blvnuywu.exe
C:\windows\system32\hiotoytu.dll
C:\windows\system32\jxocxnbi.exe
C:\windows\system32\enbeexia.exe
C:\windows\system32\kxmrvxbo.ini
C:\windows\system32\pwllkroe.ini
C:\windows\system32\krfswwxw.dll
C:\windows\system32\ixemyies.exe
C:\windows\system32\pavas.ico
C:\windows\system32\Help.ico
C:\windows\system32\c40b8941
C:\windows\system32\hmelblbl.ini
C:\windows\system32\lblblemh.dll
C:\windows\system32\fvqetudd.dll
C:\windows\system32\lcbscxor.dll
C:\windows\system32\olveadem.ini
C:\windows\system32\medaevlo.dll
C:\windows\system32\bqirdjtw.exe
C:\windows\system32\nnnmnkj.dll
C:\windows\system32\jgbuqvrt.dll
C:\Documents and Settings\Dan the Man\x.dat
C:\Documents and Settings\Dan the Man\z.dat
C:\windows\system32\SET3C.tmp
C:\windows\system32\SET3D.tmp
C:\n.bat
C:\z.dat
C:\x.dat
C:\windows\Fonts\a.zip
C:\windows\Fonts\svchost.exe

Folder::
C:\windows\Fonts\zia03516

Looking at the image below as an example

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at "C:\ComboFix.txt"

Do not mouseclick combofix's window whilst it's running. This may cause it to stall.

Please post the log C:\ComboFix.txt along with a fresh HijackThis Log for further review.

Logs required
C:\NoLop.log
C:\Combofix.txt
HijackThis Log

Cookie Monster · 11-29-2007, 06:50 PM

Iain, I did have some trouble with NoLop.exe and ComboFix.exe although they both managed to produce logs.
With NoLop it kept getting a Runtime error '76' Path Not Found and would stop 3/4 of the way through. I ran a CCleaner Registry Repair. It found a bunch of fixes and fixed them, but NoLop still stopped on the same Runtime error, so I deleted a task in the C:/Windows/tasks folder that it seemed to be getting the error from. No Flop completed and produced a log a split second before the Runtime error popped up again.
Then I ran into the same problem with ComboFix as the other day. I turned off Norton AV set it for 1 hour instead of reboot but I spent so much time witn NoLop that I lost track of the time and the hour ran out after ComboFix had been running for 8 or 10 minutes. Norton AV halted ComboFix before it finished, treated it as Malicious Script and locked up the computer but it did produce a log. I'm sorry I'm so stupid. I hope we can still get through this OK. Pete

NoLop! Log by Skate_Punk_21

Please Note: any existing old logs will have now been renamed to NoLop!OLD.log

Fix running from: C:\Documents and Settings\Dan the Man\Desktop\Downloads
[2007-11-29]
[18:48:46]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

ComboFix 07-11-19.4C - Dan the Man 2007-11-29 19:01:34.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.180 [GMT -7:00]
Running from: C:\Documents and Settings\Dan the Man\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dan the Man\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Documents and Settings\Dan the Man\x.dat
C:\Documents and Settings\Dan the Man\z.dat
C:\n.bat
C:\windows\Fonts\a.zip
C:\windows\Fonts\svchost.exe
C:\windows\system32\blvnuywu.exe
C:\windows\system32\bqirdjtw.exe
C:\windows\system32\c40b8941
C:\windows\system32\enbeexia.exe
C:\windows\system32\fvqetudd.dll
C:\windows\system32\Help.ico
C:\windows\system32\hiotoytu.dll
C:\windows\system32\hmelblbl.ini
C:\windows\system32\ixemyies.exe
C:\windows\system32\jgbuqvrt.dll
C:\windows\system32\jxocxnbi.exe
C:\windows\system32\krfswwxw.dll
C:\windows\system32\kxmrvxbo.ini
C:\windows\system32\lblblemh.dll
C:\windows\system32\lcbscxor.dll
C:\windows\system32\medaevlo.dll
C:\windows\system32\nnnmnkj.dll
C:\windows\system32\olveadem.ini
C:\windows\system32\pavas.ico
C:\windows\system32\pwllkroe.ini
C:\windows\system32\qcmobqkx.ini
C:\windows\system32\SET3C.tmp
C:\windows\system32\SET3D.tmp
C:\windows\system32\sgaaghmh.dll
C:\x.dat
C:\z.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Dan the Man\x.dat
C:\Documents and Settings\Dan the Man\z.dat
C:\n.bat
C:\windows\Fonts\a.zip
C:\windows\system32\blvnuywu.exe
C:\windows\system32\bqirdjtw.exe
C:\windows\system32\c40b8941
C:\windows\system32\enbeexia.exe
C:\windows\system32\fvqetudd.dll
C:\windows\system32\Help.ico
C:\windows\system32\hiotoytu.dll
C:\windows\system32\hmelblbl.ini
C:\windows\system32\ixemyies.exe
C:\windows\system32\jgbuqvrt.dll
C:\windows\system32\jxocxnbi.exe
C:\windows\system32\krfswwxw.dll
C:\windows\system32\kxmrvxbo.ini
C:\windows\system32\lcbscxor.dll
C:\windows\system32\olveadem.ini
C:\windows\system32\pavas.ico
C:\windows\system32\pwllkroe.ini
C:\windows\system32\qcmobqkx.ini
C:\windows\system32\SET3C.tmp
C:\windows\system32\SET3D.tmp
C:\x.dat
C:\z.dat
I:\Autorun.inf
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Dan the Man\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Dan the Man\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Dan the Man\Favorites\Online Security Guide.lnk
C:\Program Files\Common Files\kffz\kffza.exe
C:\Program Files\Common Files\kffz\kffza.lck
C:\Program Files\Common Files\kffz\kffzd\class-barrel
C:\Program Files\Common Files\kffz\kffzd\kffzc.dll
C:\Program Files\Common Files\kffz\kffzd\vocabulary
C:\Program Files\Common Files\kffz\kffzl.exe
C:\Program Files\Common Files\kffz\kffzl.lck
C:\Program Files\Common Files\kffz\kffzm.exe
C:\Program Files\Common Files\kffz\kffzm.lck
C:\Program Files\Common Files\kffz\kffzp.exe
C:\Program Files\inetget2
C:\Program Files\myglobalsearch
C:\Program Files\Words
C:\Program Files\Words\list.txt
C:\Program Files\Words\UnInstall.exe
C:\Program Files\Words\Words.exe
C:\windows\b143.exe
C:\windows\cookies.ini
C:\windows\kffz
C:\windows\kffz\kffz.dat
C:\windows\kffz\wu
C:\windows\mrofinu1188.exe
C:\windows\system32\tsuninst.exe
C:\WINDOWS\system32\wxyay.bak1
C:\WINDOWS\system32\wxyay.bak2
C:\WINDOWS\system32\wxyay.ini
C:\WINDOWS\system32\wxyay.ini2
C:\WINDOWS\system32\wxyay.tmp
C:\windows\system32\yayxw.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-30 )))))))))))))))))))))))))))))))
.

2007-11-29 16:12 <DIR> d-------- C:\NoLopBackups
2007-11-29 16:10 530 --a------ C:\delete.bat
2007-11-26 22:01 <DIR> d-------- C:\VundoFix Backups
2007-11-25 14:11 <DIR> d-------- C:\Deckard
2007-11-22 21:54 <DIR> d-------- C:\Program Files\CCleaner
2007-11-15 16:15 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-08 20:02 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-01 21:55 <DIR> d-------- C:\Program Files\InterActual
2007-11-01 21:28 <DIR> d-------- C:\Program Files\DIFX
2007-10-24 23:10 <DIR> d-------- C:\Documents and Settings\Dan the Man\Application Data\DivX
2007-10-24 23:06 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2007-10-24 23:06 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-10-24 23:06 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-10-19 20:20 <DIR> d-------- C:\Documents and Settings\Dan the Man\Application Data\Wal-Mart Digital Photo Manager
2007-10-19 20:19 <DIR> d-------- C:\Program Files\Wal-Mart
2007-10-19 20:19 <DIR> d-------- C:\Program Files\Common Files\HP
2007-10-19 20:17 <DIR> d-------- C:\Documents and Settings\Dan the Man\Application Data\Wal-Mart Digital Photo Viewer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-29 23:22 --------- d-----w C:\Program Files\Google
2007-11-29 01:01 --------- d-----w C:\Program Files\Norton AntiVirus
2007-11-29 00:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-27 05:01 --------- d-----w C:\Documents and Settings\Dan the Man\Application Data\U3
2007-11-25 02:01 --------- d-----w C:\Program Files\QuickTime
2007-11-25 01:49 --------- d-----w C:\Program Files\iTunes
2007-11-25 01:48 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-11-24 02:15 22 ----a-w C:\WINDOWS\Fonts\zia03516
2007-11-15 04:33 --------- d-----w C:\Documents and Settings\Dan the Man\Application Data\LimeWire
2007-11-15 04:30 --------- d-----w C:\Program Files\LimeWire
2007-11-15 00:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-25 06:06 --------- d-----w C:\Program Files\DivX
2007-09-28 16:07 43,528 ------w C:\windows\system32\drivers\PxHelp20.sys
1998-12-09 02:53 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL
1998-12-09 02:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL
.

((((((((((((((((((((((((((((( snapshot@2007-11-28_17.01.04.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-05-02 18:32:04 182,512 ----a-w C:\windows\system32\Macromed\Director\SWDIR.DLL
+ 2007-08-08 00:20:44 182,248 ----a-w C:\windows\system32\Macromed\Director\SWDIR.DLL
- 2007-04-30 23:11:28 585,728 ----a-w C:\windows\system32\Macromed\Shockwave 10\Control.dll
+ 2007-08-07 20:35:56 585,728 ----a-w C:\windows\system32\Macromed\Shockwave 10\Control.dll
- 2007-04-30 22:08:40 1,490,944 ----a-w C:\windows\system32\Macromed\Shockwave 10\dirapi.dll
+ 2007-08-07 20:19:40 1,490,944 ----a-w C:\windows\system32\Macromed\Shockwave 10\dirapi.dll
- 2007-04-30 22:30:38 24,576 ----a-w C:\windows\system32\Macromed\Shockwave 10\DynaPlayer.dll
+ 2007-08-07 20:36:32 24,576 ----a-w C:\windows\system32\Macromed\Shockwave 10\DynaPlayer.dll
- 2007-04-30 22:47:02 1,089,024 ----a-w C:\windows\system32\Macromed\Shockwave 10\gi.dll
+ 2007-08-07 23:52:32 1,113,600 ----a-w C:\windows\system32\Macromed\Shockwave 10\gi.dll
- 2007-07-04 17:02:58 1,145,896 ----atw C:\windows\system32\Macromed\Shockwave 10\gt.exe
+ 2007-11-29 23:22:38 1,145,896 ----atw C:\windows\system32\Macromed\Shockwave 10\gt.exe
- 2007-04-30 21:47:42 52,288 ----a-w C:\windows\system32\Macromed\Shockwave 10\gtapi.dll
+ 2007-08-07 20:08:48 52,288 ----a-w C:\windows\system32\Macromed\Shockwave 10\gtapi.dll
- 2007-04-30 22:05:32 606,208 ----a-w C:\windows\system32\Macromed\Shockwave 10\iml32.dll
+ 2007-08-07 20:17:24 606,208 ----a-w C:\windows\system32\Macromed\Shockwave 10\iml32.dll
- 2007-04-30 23:11:22 339,968 ----a-w C:\windows\system32\Macromed\Shockwave 10\Plugin.dll
+ 2007-08-07 20:35:22 339,968 ----a-w C:\windows\system32\Macromed\Shockwave 10\Plugin.dll
- 2007-04-30 23:11:24 483,328 ----a-w C:\windows\system32\Macromed\Shockwave 10\PluginPing.dll
+ 2007-08-07 20:35:32 483,328 ----a-w C:\windows\system32\Macromed\Shockwave 10\PluginPing.dll
- 2007-04-30 23:11:30 180,224 ----a-w C:\windows\system32\Macromed\Shockwave 10\Proj.dll
+ 2007-08-07 20:28:38 180,224 ----a-w C:\windows\system32\Macromed\Shockwave 10\Proj.dll
+ 2007-08-08 00:20:28 391,144 ----a-w C:\windows\system32\Macromed\Shockwave 10\SwHelper_1020023.exe
- 2007-04-30 22:33:00 77,824 ----a-w C:\windows\system32\Macromed\Shockwave 10\SwInit.exe
+ 2007-08-07 20:37:56 77,824 ----a-w C:\windows\system32\Macromed\Shockwave 10\SwInit.exe
- 2007-04-30 22:29:00 86,016 ----a-w C:\windows\system32\Macromed\Shockwave 10\SwMenu.dll
+ 2007-08-07 20:35:18 86,016 ----a-w C:\windows\system32\Macromed\Shockwave 10\SwMenu.dll
- 2007-04-30 22:33:00 98,304 ----a-w C:\windows\system32\Macromed\Shockwave 10\SwOnce.dll
+ 2007-08-07 20:37:58 98,304 ----a-w C:\windows\system32\Macromed\Shockwave 10\SwOnce.dll
+ 2007-08-07 20:08:46 50,808 ----a-w C:\windows\system32\Macromed\Shockwave 10\SYMCCHECKER.DLL
- 1999-06-25 16:55:30 149,504 ----a-w C:\windows\system32\Macromed\Shockwave 10\UNWISE.EXE
+ 1999-06-25 17:55:30 149,504 ----a-w C:\windows\system32\Macromed\Shockwave 10\UNWISE.EXE
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0cc55c1a-46ea-422c-9fd4-8d62678f1586}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 00:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-15 10:00]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 18:05]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"IgfxTray"="C:\windows\system32\igfxtray.exe" [2001-08-07 23:25]
"HotKeysCmds"="C:\windows\system32\hkcmd.exe" [2001-08-07 22:36]
"user bib mp3 plan"="C:\Documents and Settings\All Users\Application Data\Amok Copy User Bib\great bind.exe" [2007-11-29 16:21]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 16:32]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-08-20 10:53]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-31 11:58:14]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 13:05:56]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:26, on 2007-11-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\windows\system32\igfxtray.exe
C:\windows\system32\hkcmd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\windows\System32\svchost.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Dan the Man\Desktop\Downloads\Dan the Man.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://defendingyourfaith.org/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {6851f876-26d8-4df9-c224-ae64a1c55cc0} - {0cc55c1a-46ea-422c-9fd4-8d62678f1586} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [user bib mp3 plan] C:\Documents and Settings\All Users\Application Data\Amok Copy User Bib\great bind.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1146072999566
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D3D83E08-54D1-4E9D-8EAF-9F979D139294} - http://simcity.ea.com/scape/teleport...ScapeTeleX.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 7954 bytes

**Glaswegian** · 11-30-2007, 01:38 PM

Hi again Pete

You have to make sure that your AV is off before running CF – see the link in the CF instructions.

Please do not run any tools without my instructions – I need to see progressive logs from each tool, otherwise I could end up giving you instructions that would completely bork your machine.

Things are looking better though – how is your system running now?

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Show Hidden Files
Go to My Computer > Tools > Folder Options > View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System files and Folders are showing / visible. Uncheck the Hide protected operating system files option.

We’ll try another tool to check for Lop.

Download fl.zip You will use this later.

Reboot
Reboot your system in Safe Mode.

Restart the computer. The computer begins processing a set of instructions known as BIOS.
After hearing your computer beep once during startup, but before the Windows icon appears, press F8 (dependent on your system this may be F5 or another key)
Instead of Windows loading as normal, a menu should appear
Use the arrow key to highlight Safe Mode and press Enter.

HijackThis Entries
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

O2 - BHO: {6851f876-26d8-4df9-c224-ae64a1c55cc0} - {0cc55c1a-46ea-422c-9fd4-8d62678f1586} - (no file)
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O4 - HKLM\..\Run: [user bib mp3 plan] C:\Documents and Settings\All Users\Application Data\Amok Copy User Bib\great bind.exe

Please remember to close all other windows, including browsers then click Fix checked.

Folder Deletions
Delete the following Folders indicated in BLUE if they still exist.

C:\Documents and Settings\All Users\Application Data\Amok Copy User Bib
C:\WINDOWS\Fonts\zia03516

Reboot
Reboot your system in Normal Mode.

Find LOP
Extract the contents of fl.zip to a new folder on your Desktop.
Within the folder, locate & double-click fl.bat.
It should produce a report at c:\findlop.txt. Post the contents of the report in your next reply.

Online Scan
Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky WebScanner

Next Click on Kaspersky Online Scanner

A Welcome screen will appear - click 'Accept' at the bottom. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:

Scan using the following Anti-Virus database:

Extended

Scan Options:

Scan Archives
Scan Mail Bases

Click OK

Now under select a target to scan: Select My Computer

This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:

Save the file to your desktop.
Copy and paste that information in your next post.

Take note of the name(s) and location(s) of any file(s) it detects but fails to clean.

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.

Logs required
c:\finlop.txt
Kaspersky Log
HijackThis Log

Cookie Monster · 12-01-2007, 09:46 PM

Here they are, thanks again!

I had to send it in two pieces because of its size

Volume in drive C is DSK1_VOL1
Volume Serial Number is C40B-9B60

Directory of C:\Documents and Settings\All Users\Application Data

2007-02-15 23:23 <DIR> Adobe
2007-03-12 22:59 <DIR> Apple Computer
2007-08-18 00:56 <DIR> bags amen plan amok
2007-11-29 16:22 <DIR> Google
2007-08-19 21:01 <DIR> IDS_COMPANY_NAME
2007-11-12 11:03 3,746 QTSBandwidthCache
2006-03-31 11:46 <DIR> SBT
2006-12-27 12:15 <DIR> Sony Ericsson
2007-11-14 17:26 <DIR> Spybot - Search & Destroy
2007-08-19 21:15 <DIR> Symantec
2006-12-27 12:15 <DIR> Teleca
2007-11-14 16:50 <DIR> TEMP
2007-08-20 11:05 <DIR> Viewrealcdromtons
2006-06-25 17:40 <DIR> Windows Genuine Advantage
2007-09-21 09:42 <DIR> x3watch
2006-05-05 15:27 <DIR> Yahoo! Companion
2006-03-30 14:02 <DIR> Zero Knowledge
1 File(s) 3,746 bytes
16 Dir(s) 32,076,783,616 bytes free
Volume in drive C is DSK1_VOL1
Volume Serial Number is C40B-9B60

Directory of C:\Documents and Settings\Dad\Application Data

2006-03-31 12:27 <DIR> Help
2006-03-31 12:24 <DIR> Identities
2006-03-31 12:24 <DIR> Macromedia
2007-04-19 23:00 <DIR> Teleca
2006-03-31 12:24 <DIR> Zero Knowledge
0 File(s) 0 bytes
5 Dir(s) 32,076,783,616 bytes free
Volume in drive C is DSK1_VOL1
Volume Serial Number is C40B-9B60

Directory of C:\Documents and Settings\Dan the Man\Application Data

2007-05-03 18:39 <DIR> Adobe
2006-05-05 15:21 <DIR> AdobeAUM
2007-02-17 01:31 <DIR> AdobeUM
2006-04-08 12:57 <DIR> Apple Computer
2007-04-20 10:38 <DIR> BitDownload
2007-09-01 09:59 <DIR> browse that
2007-10-24 23:10 <DIR> DivX
2007-11-29 16:29 <DIR> Google
2006-03-31 12:20 <DIR> Help
2006-03-30 13:31 <DIR> Identities
2006-10-18 15:28 <DIR> Leadertech
2007-11-14 21:33 <DIR> LimeWire
2007-07-04 10:05 <DIR> Macromedia
2006-03-31 11:36 <DIR> Microsoft Web Folders
2007-01-21 17:54 <DIR> SoundSpectrum
2007-08-14 16:41 <DIR> Sun
2007-08-19 21:30 <DIR> Symantec
2006-12-27 12:20 <DIR> Teleca
2006-04-25 16:47 <DIR> The Learning Company
2007-11-26 22:01 <DIR> U3
2007-10-19 20:20 <DIR> Wal-Mart Digital Photo Manager
2007-10-19 20:18 <DIR> Wal-Mart Digital Photo Viewer
2007-08-21 11:46 <DIR> x3watch
2006-03-30 14:04 <DIR> Zero Knowledge
0 File(s) 0 bytes
24 Dir(s) 32,076,783,616 bytes free
Volume in drive C is DSK1_VOL1
Volume Serial Number is C40B-9B60

Directory of C:\Documents and Settings\Guest\Application Data

2006-10-09 14:31 <DIR> .
2006-10-09 14:31 <DIR> ..
0 File(s) 0 bytes
2 Dir(s) 32,076,783,616 bytes free
Volume in drive C is DSK1_VOL1
Volume Serial Number is C40B-9B60

Directory of C:\Documents and Settings\Default User\Application Data

2006-03-30 05:59 <DIR> .
2006-03-30 05:59 <DIR> ..
2006-04-20 22:01 62 desktop.ini
1 File(s) 62 bytes
2 Dir(s) 32,076,783,616 bytes free
Volume in drive C is DSK1_VOL1
Volume Serial Number is C40B-9B60

Directory of C:\Documents and Settings\LocalService\Application Data

Volume in drive C is DSK1_VOL1
Volume Serial Number is C40B-9B60

Directory of C:\Documents and Settings\NetworkService\Application Data

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2007-12-01 22:15
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/12/2007
Kaspersky Anti-Virus database records: 469690
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 526849
Number of viruses found: 55
Number of infected objects: 501
Number of suspicious objects: 0
Duration of the scan process: 17:04:10

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WhenUSaveNow1.zip/ACM.dll Infected: not-a-virus:AdTool.Win32.WhenU.g skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WhenUSaveNow1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WhenUSaveNow2.zip/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.br skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WhenUSaveNow2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-11-30_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\Dan the Man\Application Data\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt Object is locked skipped
C:\Documents and Settings\Dan the Man\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Dan the Man\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dan the Man\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dan the Man\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dan the Man\Local Settings\History\History.IE5\MSHist012007120120071202\index.dat Object is locked skipped
C:\Documents and Settings\Dan the Man\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dan the Man\ntuser.dat Object is locked skipped
C:\Documents and Settings\Dan the Man\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\Dan the Man\Shared\01 Track 1 (musical).wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\Dan the Man\Shared\03 Track 3 (album).wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\Dan the Man\Shared\diamond location.wm Infected: Trojan-Downloader.WMA.Wimad.m skipped
C:\Documents and Settings\Dan the Man\Shared\Top of Charts - 2005 (musical).wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\Dan the Man\Shared\us topo mapsource windows Bittorrent downloader.zip/BitDownload fastets Bittorrent downloader.exe/data0007 Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Dan the Man\Shared\us topo mapsource windows Bittorrent downloader.zip/BitDownload fastets Bittorrent downloader.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Dan the Man\Shared\us topo mapsource windows Bittorrent downloader.zip ZIP: infected - 2 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0021.BIN/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0021.BIN/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0028.BIN Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0031.BIN Infected: not-a-virus:AdWare.Win32.MyWay.j skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0032.BIN/wbhshare.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0032.BIN/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0032.BIN/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0032.BIN/whieshm.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0032.BIN/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.290 skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0032.BIN Infected: not-a-virus:AdWare.Win32.WebHancer.290 skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0034.BIN Infected: Trojan-Downloader.Win32.Agent.v skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0041.BIN Infected: not-a-virus:AdWare.Win32.SideStep.c skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0045.BIN Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0046.BIN Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe WiseSFX: infected - 15 skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe WiseSFX Dropper: infected - 15 skipped
C:\Old Files\Backup Gateway\Program Files\Loan Calculator\lnpl2132.exe/LNPLS232.EXE/EXE-file Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Loan Calculator\lnpl2132.exe/LNPLS232.EXE Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Loan Calculator\lnpl2132.exe ZIP: infected - 2 skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digi ... /[From Mail Admini ... /[From <peter_mancini@faa.gov>][Date Thu, 09 Jul 98 15:57:50 ... ... /EXE-file Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digi ... /[From Mail Admini ... /[From <peter_mancini@faa.gov>][Date Thu, 09 Jul 98 15:57:50 ... /LNPLS232.EXE Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digi ... /[From Mail Admini ... /[From <peter_mancini@faa.gov>][Date Thu, 09 Jul 98 15:57:50 ... /lnpl2132.exe Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digi ... /[From Mail Admini ... /[From <peter_mancini@faa.gov>][Date Thu, 09 Jul 98 15:57:50 -0500]/loancl.zip Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digi ... /[From Mail Administrator<Postmaster@proxy.ssofti.com>][Date Sun, 31 May 1998 19:38:36 -0600]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digit ... /[Fro ... /[From Pe ... /[From CMG12498 <CMG12498@aol.com>][Date Fri, 24 Apr 1998 02:40:33 EDT]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digit ... /[Fro ... /[From Peter Mancini <Peter.Mancini@faa.dot.gov>][Date 21 Apr 1998 13:48:12 -0400]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digit ... /[Fro ... /[From "Peter Mancini" <Peter@mail.ssofti.com>][Date Sun, 19 Apr 1998 13:27:24 -0400]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digit ... /[From Mail Administrator<Postmaster@proxy.ssofti.com>][Date Thu, 9 Apr 1998 18:47:46 -0600]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digital ID C . ... /[From "Gerry Weitz" <Gerry@mail.ssofti.com>][Date Sun, 15 Feb 1998 00:32:48 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digital ID C ... /[From "Maria Quijano" <Maria@mail.ssofti.com>][Date Sun, 15 Feb 1998 00:18:50 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digital ID Center <onlineca@verisign.com>][Date Sat, 14 Feb 1998 22:44:49 -0800]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox Mail Berkeley mbox: infected - 16 skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From ... /[From <peter_mancini@faa.gov>][Date Thu, 09 Jul 98 15:57:50 ... ... /EXE-file Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From ... /[From <peter_mancini@faa.gov>][Date Thu, 09 Jul 98 15:57:50 ... /LNPLS232.EXE Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From ... /[From <peter_mancini@faa.gov>][Date Thu, 09 Jul 98 15:57:50 ... /lnpl2132.exe Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From ... /[From <peter_mancini@faa.gov>][Date Thu, 09 Jul 98 15:57:50 -0500]/loancl.zip Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From "Peter Mancini" <Peter@mail.ssofti.com>][Date Fri, 21 Aug 1998 10

40 -0400]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From The Receptionist <Receptionist@nctm.org>][Date Fri, 25 Sep 1998 15:58:29 -0400]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[Fro ... /[From wmancini@bellatlantic.net][Date Thu, 04 Feb 1999 09:57:29 -0500]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[Fro ... /[From wmancini@bellatlantic.net][Date Tue, 29 Jun 1999 17:44:00 -0400]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[Fro ... /[From wmancini@bellatlantic.net][Date Fri, 02 Jul 1999 20:47:11 -0400]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From "Mike Nield" <Mike@mail.ssofti.com>][Date Fri, 02 Jul 1999 22:54:15 -0500]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From d ... /[From wmancini@bellatlantic.net][Date Mon, 05 Jul 1999 20:53:27 -0400]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From derek demarzo <demarzo@nctimes.net>][Date Mon, 04 Oct 1999 22:34:08 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From "Carole Mancini" <CMancini@nctm.org>][Date Wed, 06 Oct 1999 13:04:33 -0400]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From "Carole Man ... /[From Heritagenet@aol.com][Date Tue, 2 Nov 1999 18:55:00 EST]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From "Carole Mancini" <CMancini@nctm.org>][Date Fri, 12 Nov 1999 14:12:34 -0500]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From "Carl Porter" <carl@mail.ssofti.com>][Date Tue, 14 Dec 1999 17:13:42 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[ ... /[From derek demarzo <demarzo@flash.net>][Date Thu, 23 Dec 1999 22:38:44 -0700]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[ ... /[From derek demarzo <demarzo@flash.net>][Date Sat, 01 Jan 2000 10:50:33 -0700]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From "Gerry Weitz" <Gerry@mail.ssofti.com>][Date Thu, 06 Jan 2000 11:04:44 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From ... /[From wmancini@bellatlantic.net][Date Thu, 03 Feb 2000 17:19:42 -0500]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From ... /[From wmancini@bellatlantic.net][Date Sun, 06 Feb 2000 09:01:57 -0500]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From "Gerry Weitz" ... /[From AMCRADIO@aol.com][Date Mon, 14 Feb 2000 20:09:24 EST]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From "Gerry Weitz" <Gerry@mail.ssofti.com>][Date Wed, 16 Feb 2000 20:37:22 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriSign Customer Service <id-support@verisign.com>][Date Fri, 18 Feb 2000 05:37:08 -0800 (PST)]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date Fri, 18 Feb 2000 ... /[From "Peter Mancini" <Peter@mail.ssofti.com>][Date Fri, 18 Feb 2000 06:46:41 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date Fri, 18 Feb 2000 08 ... /[From "Carl Porter" <carl@mail.ssofti.com>][Date Fri, 18 Feb 2000 06:53:34 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date Fri, 18 Feb 2000 08:34:45 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal Mail Berkeley mbox: infected - 31 skipped
C:\Old Files\Dad's Old Computer\Program Files\Online Services\PRODIGY\pisetup.exe/SETUP32.EXE/WISE0042.BIN Infected: Trojan.Win32.Dialer.mv skipped
C:\Old Files\Dad's Old Computer\Program Files\Online Services\PRODIGY\pisetup.exe/SETUP32.EXE Infected: Trojan.Win32.Dialer.mv skipped
C:\Old Files\Dad's Old Computer\Program Files\Online Services\PRODIGY\pisetup.exe ZIP: infected - 2 skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0021.BIN/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0021.BIN/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0028.BIN Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0031.BIN Infected: not-a-virus:AdWare.Win32.MyWay.j skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0032.BIN/wbhshare.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0032.BIN/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0032.BIN/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0032.BIN/whieshm.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0032.BIN/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.290 skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0032.BIN Infected: not-a-virus:AdWare.Win32.WebHancer.290 skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0034.BIN Infected: Trojan-Downloader.Win32.Agent.v skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0041.BIN Infected: not-a-virus:AdWare.Win32.SideStep.c skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0045.BIN Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0046.BIN Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe WiseSFX: infected - 15 skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe WiseSFX Dropper: infected - 15 skipped
C:\Old Files\Program Files\BearShare\Installer\BSINSTALL.exe/WISE0024.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Old Files\Program Files\BearShare\Installer\BSINSTALL.exe WiseSFX: infected - 1 skipped
C:\Old Files\Program Files\BearShare\Installer\BSINSTALL.exe WiseSFX Dropper: infected - 1 skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton AntiVirus\Quarantine\00211625.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Program Files\Norton AntiVirus\Quarantine\09756196.vir Infected: Trojan-Downloader.Win32.TSUpdate.l skipped
C:\Program Files\Norton AntiVirus\Quarantine\097F5F8B.vir Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\Program Files\Norton AntiVirus\Quarantine\09863384.vir Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CF01A0E.tmp Infected: not-a-virus:AdWare.Win32.Rond.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\110200FE.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\Program Files\Norton AntiVirus\Quarantine\111C50E2.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\Program Files\Norton AntiVirus\Quarantine\11743E81.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped
C:\Program Files\Norton AntiVirus\Quarantine\13B6072A.DLL Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\Program Files\Norton AntiVirus\Quarantine\17080C16.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\Program Files\Norton AntiVirus\Quarantine\17185E04.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\Program Files\Norton AntiVirus\Quarantine\22175490.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\Program Files\Norton AntiVirus\Quarantine\22C778AB.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\Program Files\Norton AntiVirus\Quarantine\2ED74689.tmp Infected: Trojan-Downloader.Win32.Agent.fjn skipped
C:\Program Files\Norton AntiVirus\Quarantine\38E27C44 Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Program Files\Norton AntiVirus\Quarantine\38E62641.exe Infected: not-a-virus:AdWare.Win32.Rond.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\38E9503D Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Program Files\Norton AntiVirus\Quarantine\3A381204.IE5 Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\Program Files\Norton AntiVirus\Quarantine\3A593826.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Program Files\Norton AntiVirus\Quarantine\3C6142FC.IE5 Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\Program Files\Norton AntiVirus\Quarantine\3EF7098E.vir Infected: Trojan-Downloader.Win32.TSUpdate.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\435A7FF7.tmp Infected: Trojan-Downloader.Win32.Agent.ezc skipped
C:\Program Files\Norton AntiVirus\Quarantine\45CD7D45.tmp Infected: Trojan-Downloader.Win32.Agent.fjv skipped
C:\Program Files\Norton AntiVirus\Quarantine\473C6BAF.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\Program Files\Norton AntiVirus\Quarantine\4827428E.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Program Files\Norton AntiVirus\Quarantine\482A6C8A.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Program Files\Norton AntiVirus\Quarantine\482D1687.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Program Files\Norton AntiVirus\Quarantine\48B90C0E.tmp Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\Program Files\Norton AntiVirus\Quarantine\4CF57F65.cmt Infected: Trojan-Downloader.Win32.Agent.fak skipped
C:\Program Files\Norton AntiVirus\Quarantine\51121519.exe Infected: not-a-virus:AdWare.Win32.Lop.bw skipped
C:\Program Files\Norton AntiVirus\Quarantine\523E2BCE.exe Infected: not-a-virus:AdWare.Win32.Lop.bw skipped
C:\Program Files\Norton AntiVirus\Quarantine\53C9041B.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Program Files\Norton AntiVirus\Quarantine\57771270.exe Infected: Trojan-Downloader.Win32.Small.gll skipped
C:\Program Files\Norton AntiVirus\Quarantine\58D76ACF.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\Program Files\Norton AntiVirus\Quarantine\6F285A91 Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Program Files\Norton AntiVirus\Quarantine\6F392C7F.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\Program Files\Norton AntiVirus\Quarantine\6FC15A2C.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\Program Files\Norton AntiVirus\Quarantine\7638579E.exe/WISE0009.BIN Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\Program Files\Norton AntiVirus\Quarantine\7638579E.exe/WISE0010.BIN Infected: Trojan-Downloader.Win32.TSUpdate.p skipped
C:\Program Files\Norton AntiVirus\Quarantine\7638579E.exe/WISE0011.BIN Infected: Trojan-Downloader.Win32.TSUpdate.l skipped
C:\Program Files\Norton AntiVirus\Quarantine\7638579E.exe/WISE0012.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\7638579E.exe WiseSFX: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\7638579E.exe CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\7649298C.exe/WISE0009.BIN Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\Program Files\Norton AntiVirus\Quarantine\7649298C.exe/WISE0010.BIN Infected: Trojan-Downloader.Win32.TSUpdate.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\7649298C.exe/WISE0011.BIN Infected: Trojan-Downloader.Win32.TSUpdate.l skipped
C:\Program Files\Norton AntiVirus\Quarantine\7649298C.exe/WISE0012.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\7649298C.exe WiseSFX: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\7649298C.exe CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\76A32863.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\Program Files\Norton AntiVirus\Quarantine\76FB1602.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\Program Files\Norton AntiVirus\Quarantine\79F81736.tmp Infected: Trojan-Downloader.Win32.Agent.fhv skipped
C:\Program Files\Norton AntiVirus\Quarantine\7E995740.vir Infected: Trojan-Downloader.Win32.Agent.fjx skipped
C:\Program Files\Norton AntiVirus\Quarantine\7F8B7A36.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ahq skipped
C:\qoobox\Quarantine\C\Program Files\Words\Words.exe.vir Infected: not-a-virus:AdWare.Win32.Agent.tj skipped
C:\qoobox\Quarantine\C\WINDOWS\b143.exe.vir Infected: Trojan-Downloader.Win32.Agent.epl skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\blvnuywu.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\bqirdjtw.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\enbeexia.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ixemyies.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\jxocxnbi.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\RECYCLER\S-1-5-21-329068152-484763869-1957994488-1003\Dc129.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\RECYCLER\S-1-5-21-329068152-484763869-1957994488-1003\Dc130.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\RECYCLER\S-1-5-21-329068152-484763869-1957994488-1003\Dc131.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\RECYCLER\S-1-5-21-329068152-484763869-1957994488-1003\Dc138\great bind.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP489\A0073473.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP489\A0073474.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP490\A0073476.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP490\A0073477.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP491\A0073485.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP491\A0073486.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP492\A0073491.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP492\A0073496.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP493\A0073589.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP493\A0073597.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP493\A0074597.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP493\A0074599.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP494\A0074600.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP494\A0074603.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP495\A0074615.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP495\A0074622.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP495\A0074637.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP495\A0074638.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP496\A0074640.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP497\A0074646.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP497\A0075635.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP497\A0075642.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP498\A0075805.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP498\A0075818.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP498\A0075969.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP498\A0075994.exe Infected: not-a-virus:AdWare.Win32.Lop.bw skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP498\A0075995.exe Infected: not-a-virus:AdWare.Win32.Lop.bw skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP509\A0076084.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP509\A0076085.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP509\A0076086.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP509\A0076087.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP511\A0076123.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP541\A0077244.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP546\A0079244.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP550\A0079351.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP550\A0079360.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP550\A0079379.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP550\A0080382.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP553\A0081389.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP553\A0081398.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP553\A0082398.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP555\A0082413.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP571\A0082642.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP571\A0082650.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP571\A0082658.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP573\A0082702.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP574\A0082788.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP577\A0083941.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP578\A0083961.exe Infected: Trojan-Downloader.Win32.Agent.fak skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP579\A0084963.exe Infected: Trojan-Downloader.Win32.Agent.fak skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP580\A0089959.exe Infected: Trojan-Downloader.Win32.Agent.fak skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0089976.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0089977.exe Infected: Trojan-Downloader.Win32.Agent.fak skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0089978.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090002.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090004.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090011.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090014.exe Infected: Trojan-Downloader.Win32.Agent.fak skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090015.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ajq skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090018.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090019.exe Infected: Trojan-Downloader.Win32.Agent.fjv skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090021.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090022.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090023.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090024.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090024.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090024.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090024.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090025.exe Infected: Trojan-Downloader.Win32.Agent.ezc skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090027.exe Infected: not-a-virus:AdWare.Win32.Insider.a skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090028.exe Infected: Trojan-Downloader.Win32.Agent.fjn skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090040.exe Infected: Trojan-Downloader.Win32.Agent.fak skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090041.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ajq skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090044.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.i skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090045.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090047.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090048.exe Infected: Trojan-Downloader.Win32.Adload.ni skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090049.exe Infected: Trojan.Win32.Agent.crf skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090050.exe Infected: Trojan-Downloader.Win32.Agent.erf skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090051.exe Infected: Trojan-Downloader.Win32.Agent.fak skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090052.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ajq skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090053.exe Infected: Trojan-Dropper.Win32.Agent.chq skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090054.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090056.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090057.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090058.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090068.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090077.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0091062.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP583\A0091099.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP583\A0091100.exe Infected: Trojan-Downloader.Win32.Agent.fak skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP583\A0091116.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP584\A0091125.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP584\A0091130.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP584\A0091141.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP592\A0092399.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP592\A0092400.exe Infected: not-a-virus:PSWTool.Win32.PassView.l skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP594\A0092413.exe Infected: Trojan-Downloader.Win32.Agent.fhv skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP595\A0093365.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP595\A0093366.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP595\A0093367.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP595\A0093368.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP595\A0094382.exe Infected: not-a-virus:AdWare.Win32.Rond.d skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP596\A0094384.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP596\A0094389.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ahq skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP596\A0094396.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP597\A0094411.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP597\A0094412.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP598\A0094431.exe Infected: Trojan-Downloader.Win32.Agent.epl skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP598\A0094434.exe Infected: not-a-virus:AdWare.Win32.Agent.tj skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP598\A0094435.exe Infected: Trojan-Downloader.Win32.TSUpdate.l skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP598\A0094436.exe Infected: Trojan-Downloader.Win32.TSUpdate.r skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP598\A0094438.exe Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP598\A0094439.exe Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP598\A0094443.exe Infected: Trojan-Downloader.Win32.Agent.fjx skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP598\A0094459.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP598\A0095455.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP598\A0095466.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP598\A0095471.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP598\A0095472.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP598\A0095473.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP599\A0095484.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP600\A0095554.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP600\A0095555.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP600\A0095556.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP600\A0095561.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP600\A0095563.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP601\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\pfirewall.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\tbexaqcu.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\WINDOWS\system32\txrlemhk.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

This is where the scan ended for the C drive, the rest is in the next post.

Cookie Monster · 12-01-2007, 09:47 PM

Here they are, thanks again!

I had to send it in two pieces because of its size

Volume in drive C is DSK1_VOL1
Volume Serial Number is C40B-9B60

Directory of C:\Documents and Settings\All Users\Application Data

2007-02-15 23:23 <DIR> Adobe
2007-03-12 22:59 <DIR> Apple Computer
2007-08-18 00:56 <DIR> bags amen plan amok
2007-11-29 16:22 <DIR> Google
2007-08-19 21:01 <DIR> IDS_COMPANY_NAME
2007-11-12 11:03 3,746 QTSBandwidthCache
2006-03-31 11:46 <DIR> SBT
2006-12-27 12:15 <DIR> Sony Ericsson
2007-11-14 17:26 <DIR> Spybot - Search & Destroy
2007-08-19 21:15 <DIR> Symantec
2006-12-27 12:15 <DIR> Teleca
2007-11-14 16:50 <DIR> TEMP
2007-08-20 11:05 <DIR> Viewrealcdromtons
2006-06-25 17:40 <DIR> Windows Genuine Advantage
2007-09-21 09:42 <DIR> x3watch
2006-05-05 15:27 <DIR> Yahoo! Companion
2006-03-30 14:02 <DIR> Zero Knowledge
1 File(s) 3,746 bytes
16 Dir(s) 32,076,783,616 bytes free
Volume in drive C is DSK1_VOL1
Volume Serial Number is C40B-9B60

Directory of C:\Documents and Settings\Dad\Application Data

2006-03-31 12:27 <DIR> Help
2006-03-31 12:24 <DIR> Identities
2006-03-31 12:24 <DIR> Macromedia
2007-04-19 23:00 <DIR> Teleca
2006-03-31 12:24 <DIR> Zero Knowledge
0 File(s) 0 bytes
5 Dir(s) 32,076,783,616 bytes free
Volume in drive C is DSK1_VOL1
Volume Serial Number is C40B-9B60

Directory of C:\Documents and Settings\Dan the Man\Application Data

2007-05-03 18:39 <DIR> Adobe
2006-05-05 15:21 <DIR> AdobeAUM
2007-02-17 01:31 <DIR> AdobeUM
2006-04-08 12:57 <DIR> Apple Computer
2007-04-20 10:38 <DIR> BitDownload
2007-09-01 09:59 <DIR> browse that
2007-10-24 23:10 <DIR> DivX
2007-11-29 16:29 <DIR> Google
2006-03-31 12:20 <DIR> Help
2006-03-30 13:31 <DIR> Identities
2006-10-18 15:28 <DIR> Leadertech
2007-11-14 21:33 <DIR> LimeWire
2007-07-04 10:05 <DIR> Macromedia
2006-03-31 11:36 <DIR> Microsoft Web Folders
2007-01-21 17:54 <DIR> SoundSpectrum
2007-08-14 16:41 <DIR> Sun
2007-08-19 21:30 <DIR> Symantec
2006-12-27 12:20 <DIR> Teleca
2006-04-25 16:47 <DIR> The Learning Company
2007-11-26 22:01 <DIR> U3
2007-10-19 20:20 <DIR> Wal-Mart Digital Photo Manager
2007-10-19 20:18 <DIR> Wal-Mart Digital Photo Viewer
2007-08-21 11:46 <DIR> x3watch
2006-03-30 14:04 <DIR> Zero Knowledge
0 File(s) 0 bytes
24 Dir(s) 32,076,783,616 bytes free
Volume in drive C is DSK1_VOL1
Volume Serial Number is C40B-9B60

Directory of C:\Documents and Settings\Guest\Application Data

2006-10-09 14:31 <DIR> .
2006-10-09 14:31 <DIR> ..
0 File(s) 0 bytes
2 Dir(s) 32,076,783,616 bytes free
Volume in drive C is DSK1_VOL1
Volume Serial Number is C40B-9B60

Directory of C:\Documents and Settings\Default User\Application Data

2006-03-30 05:59 <DIR> .
2006-03-30 05:59 <DIR> ..
2006-04-20 22:01 62 desktop.ini
1 File(s) 62 bytes
2 Dir(s) 32,076,783,616 bytes free
Volume in drive C is DSK1_VOL1
Volume Serial Number is C40B-9B60

Directory of C:\Documents and Settings\LocalService\Application Data

Volume in drive C is DSK1_VOL1
Volume Serial Number is C40B-9B60

Directory of C:\Documents and Settings\NetworkService\Application Data

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2007-12-01 22:15
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/12/2007
Kaspersky Anti-Virus database records: 469690
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 526849
Number of viruses found: 55
Number of infected objects: 501
Number of suspicious objects: 0
Duration of the scan process: 17:04:10

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WhenUSaveNow1.zip/ACM.dll Infected: not-a-virus:AdTool.Win32.WhenU.g skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WhenUSaveNow1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WhenUSaveNow2.zip/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.br skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WhenUSaveNow2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-11-30_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\Dan the Man\Application Data\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt Object is locked skipped
C:\Documents and Settings\Dan the Man\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Dan the Man\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dan the Man\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dan the Man\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dan the Man\Local Settings\History\History.IE5\MSHist012007120120071202\index.dat Object is locked skipped
C:\Documents and Settings\Dan the Man\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dan the Man\ntuser.dat Object is locked skipped
C:\Documents and Settings\Dan the Man\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\Dan the Man\Shared\01 Track 1 (musical).wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\Dan the Man\Shared\03 Track 3 (album).wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\Dan the Man\Shared\diamond location.wm Infected: Trojan-Downloader.WMA.Wimad.m skipped
C:\Documents and Settings\Dan the Man\Shared\Top of Charts - 2005 (musical).wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\Dan the Man\Shared\us topo mapsource windows Bittorrent downloader.zip/BitDownload fastets Bittorrent downloader.exe/data0007 Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Dan the Man\Shared\us topo mapsource windows Bittorrent downloader.zip/BitDownload fastets Bittorrent downloader.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Dan the Man\Shared\us topo mapsource windows Bittorrent downloader.zip ZIP: infected - 2 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0021.BIN/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0021.BIN/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0028.BIN Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0031.BIN Infected: not-a-virus:AdWare.Win32.MyWay.j skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0032.BIN/wbhshare.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0032.BIN/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0032.BIN/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0032.BIN/whieshm.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0032.BIN/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.290 skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0032.BIN Infected: not-a-virus:AdWare.Win32.WebHancer.290 skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0034.BIN Infected: Trojan-Downloader.Win32.Agent.v skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0041.BIN Infected: not-a-virus:AdWare.Win32.SideStep.c skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0045.BIN Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0046.BIN Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe WiseSFX: infected - 15 skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe WiseSFX Dropper: infected - 15 skipped
C:\Old Files\Backup Gateway\Program Files\Loan Calculator\lnpl2132.exe/LNPLS232.EXE/EXE-file Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Loan Calculator\lnpl2132.exe/LNPLS232.EXE Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Loan Calculator\lnpl2132.exe ZIP: infected - 2 skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digi ... /[From Mail Admini ... /[From <peter_mancini@faa.gov>][Date Thu, 09 Jul 98 15:57:50 ... ... /EXE-file Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digi ... /[From Mail Admini ... /[From <peter_mancini@faa.gov>][Date Thu, 09 Jul 98 15:57:50 ... /LNPLS232.EXE Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digi ... /[From Mail Admini ... /[From <peter_mancini@faa.gov>][Date Thu, 09 Jul 98 15:57:50 ... /lnpl2132.exe Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digi ... /[From Mail Admini ... /[From <peter_mancini@faa.gov>][Date Thu, 09 Jul 98 15:57:50 -0500]/loancl.zip Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digi ... /[From Mail Administrator<Postmaster@proxy.ssofti.com>][Date Sun, 31 May 1998 19:38:36 -0600]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digit ... /[Fro ... /[From Pe ... /[From CMG12498 <CMG12498@aol.com>][Date Fri, 24 Apr 1998 02:40:33 EDT]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digit ... /[Fro ... /[From Peter Mancini <Peter.Mancini@faa.dot.gov>][Date 21 Apr 1998 13:48:12 -0400]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digit ... /[Fro ... /[From "Peter Mancini" <Peter@mail.ssofti.com>][Date Sun, 19 Apr 1998 13:27:24 -0400]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digit ... /[From Mail Administrator<Postmaster@proxy.ssofti.com>][Date Thu, 9 Apr 1998 18:47:46 -0600]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digital ID C . ... /[From "Gerry Weitz" <Gerry@mail.ssofti.com>][Date Sun, 15 Feb 1998 00:32:48 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digital ID C ... /[From "Maria Quijano" <Maria@mail.ssofti.com>][Date Sun, 15 Feb 1998 00:18:50 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digital ID Center <onlineca@verisign.com>][Date Sat, 14 Feb 1998 22:44:49 -0800]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox Mail Berkeley mbox: infected - 16 skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From ... /[From <peter_mancini@faa.gov>][Date Thu, 09 Jul 98 15:57:50 ... ... /EXE-file Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From ... /[From <peter_mancini@faa.gov>][Date Thu, 09 Jul 98 15:57:50 ... /LNPLS232.EXE Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From ... /[From <peter_mancini@faa.gov>][Date Thu, 09 Jul 98 15:57:50 ... /lnpl2132.exe Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From ... /[From <peter_mancini@faa.gov>][Date Thu, 09 Jul 98 15:57:50 -0500]/loancl.zip Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From "Peter Mancini" <Peter@mail.ssofti.com>][Date Fri, 21 Aug 1998 10

40 -0400]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From The Receptionist <Receptionist@nctm.org>][Date Fri, 25 Sep 1998 15:58:29 -0400]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[Fro ... /[From wmancini@bellatlantic.net][Date Thu, 04 Feb 1999 09:57:29 -0500]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[Fro ... /[From wmancini@bellatlantic.net][Date Tue, 29 Jun 1999 17:44:00 -0400]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[Fro ... /[From wmancini@bellatlantic.net][Date Fri, 02 Jul 1999 20:47:11 -0400]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From "Mike Nield" <Mike@mail.ssofti.com>][Date Fri, 02 Jul 1999 22:54:15 -0500]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From d ... /[From wmancini@bellatlantic.net][Date Mon, 05 Jul 1999 20:53:27 -0400]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From derek demarzo <demarzo@nctimes.net>][Date Mon, 04 Oct 1999 22:34:08 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From "Carole Mancini" <CMancini@nctm.org>][Date Wed, 06 Oct 1999 13:04:33 -0400]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From "Carole Man ... /[From Heritagenet@aol.com][Date Tue, 2 Nov 1999 18:55:00 EST]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From "Carole Mancini" <CMancini@nctm.org>][Date Fri, 12 Nov 1999 14:12:34 -0500]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From "Carl Porter" <carl@mail.ssofti.com>][Date Tue, 14 Dec 1999 17:13:42 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[ ... /[From derek demarzo <demarzo@flash.net>][Date Thu, 23 Dec 1999 22:38:44 -0700]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[ ... /[From derek demarzo <demarzo@flash.net>][Date Sat, 01 Jan 2000 10:50:33 -0700]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From "Gerry Weitz" <Gerry@mail.ssofti.com>][Date Thu, 06 Jan 2000 11:04:44 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From ... /[From wmancini@bellatlantic.net][Date Thu, 03 Feb 2000 17:19:42 -0500]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From ... /[From wmancini@bellatlantic.net][Date Sun, 06 Feb 2000 09:01:57 -0500]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From "Gerry Weitz" ... /[From AMCRADIO@aol.com][Date Mon, 14 Feb 2000 20:09:24 EST]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From "Gerry Weitz" <Gerry@mail.ssofti.com>][Date Wed, 16 Feb 2000 20:37:22 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriSign Customer Service <id-support@verisign.com>][Date Fri, 18 Feb 2000 05:37:08 -0800 (PST)]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date Fri, 18 Feb 2000 ... /[From "Peter Mancini" <Peter@mail.ssofti.com>][Date Fri, 18 Feb 2000 06:46:41 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date Fri, 18 Feb 2000 08 ... /[From "Carl Porter" <carl@mail.ssofti.com>][Date Fri, 18 Feb 2000 06:53:34 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date Fri, 18 Feb 2000 08:34:45 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal Mail Berkeley mbox: infected - 31 skipped
C:\Old Files\Dad's Old Computer\Program Files\Online Services\PRODIGY\pisetup.exe/SETUP32.EXE/WISE0042.BIN Infected: Trojan.Win32.Dialer.mv skipped
C:\Old Files\Dad's Old Computer\Program Files\Online Services\PRODIGY\pisetup.exe/SETUP32.EXE Infected: Trojan.Win32.Dialer.mv skipped
C:\Old Files\Dad's Old Computer\Program Files\Online Services\PRODIGY\pisetup.exe ZIP: infected - 2 skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0021.BIN/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0021.BIN/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0028.BIN Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0031.BIN Infected: not-a-virus:AdWare.Win32.MyWay.j skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0032.BIN/wbhshare.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0032.BIN/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0032.BIN/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0032.BIN/whieshm.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0032.BIN/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.290 skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0032.BIN Infected: not-a-virus:AdWare.Win32.WebHancer.290 skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0034.BIN Infected: Trojan-Downloader.Win32.Agent.v skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0041.BIN Infected: not-a-virus:AdWare.Win32.SideStep.c skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0045.BIN Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0046.BIN Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe WiseSFX: infected - 15 skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe WiseSFX Dropper: infected - 15 skipped
C:\Old Files\Program Files\BearShare\Installer\BSINSTALL.exe/WISE0024.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Old Files\Program Files\BearShare\Installer\BSINSTALL.exe WiseSFX: infected - 1 skipped
C:\Old Files\Program Files\BearShare\Installer\BSINSTALL.exe WiseSFX Dropper: infected - 1 skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton AntiVirus\Quarantine\00211625.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Program Files\Norton AntiVirus\Quarantine\09756196.vir Infected: Trojan-Downloader.Win32.TSUpdate.l skipped
C:\Program Files\Norton AntiVirus\Quarantine\097F5F8B.vir Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\Program Files\Norton AntiVirus\Quarantine\09863384.vir Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CF01A0E.tmp Infected: not-a-virus:AdWare.Win32.Rond.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\110200FE.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\Program Files\Norton AntiVirus\Quarantine\111C50E2.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\Program Files\Norton AntiVirus\Quarantine\11743E81.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped
C:\Program Files\Norton AntiVirus\Quarantine\13B6072A.DLL Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\Program Files\Norton AntiVirus\Quarantine\17080C16.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\Program Files\Norton AntiVirus\Quarantine\17185E04.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\Program Files\Norton AntiVirus\Quarantine\22175490.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\Program Files\Norton AntiVirus\Quarantine\22C778AB.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\Program Files\Norton AntiVirus\Quarantine\2ED74689.tmp Infected: Trojan-Downloader.Win32.Agent.fjn skipped
C:\Program Files\Norton AntiVirus\Quarantine\38E27C44 Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Program Files\Norton AntiVirus\Quarantine\38E62641.exe Infected: not-a-virus:AdWare.Win32.Rond.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\38E9503D Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Program Files\Norton AntiVirus\Quarantine\3A381204.IE5 Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\Program Files\Norton AntiVirus\Quarantine\3A593826.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Program Files\Norton AntiVirus\Quarantine\3C6142FC.IE5 Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\Program Files\Norton AntiVirus\Quarantine\3EF7098E.vir Infected: Trojan-Downloader.Win32.TSUpdate.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\435A7FF7.tmp Infected: Trojan-Downloader.Win32.Agent.ezc skipped
C:\Program Files\Norton AntiVirus\Quarantine\45CD7D45.tmp Infected: Trojan-Downloader.Win32.Agent.fjv skipped
C:\Program Files\Norton AntiVirus\Quarantine\473C6BAF.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\Program Files\Norton AntiVirus\Quarantine\4827428E.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Program Files\Norton AntiVirus\Quarantine\482A6C8A.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Program Files\Norton AntiVirus\Quarantine\482D1687.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Program Files\Norton AntiVirus\Quarantine\48B90C0E.tmp Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\Program Files\Norton AntiVirus\Quarantine\4CF57F65.cmt Infected: Trojan-Downloader.Win32.Agent.fak skipped
C:\Program Files\Norton AntiVirus\Quarantine\51121519.exe Infected: not-a-virus:AdWare.Win32.Lop.bw skipped
C:\Program Files\Norton AntiVirus\Quarantine\523E2BCE.exe Infected: not-a-virus:AdWare.Win32.Lop.bw skipped
C:\Program Files\Norton AntiVirus\Quarantine\53C9041B.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Program Files\Norton AntiVirus\Quarantine\57771270.exe Infected: Trojan-Downloader.Win32.Small.gll skipped
C:\Program Files\Norton AntiVirus\Quarantine\58D76ACF.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\Program Files\Norton AntiVirus\Quarantine\6F285A91 Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Program Files\Norton AntiVirus\Quarantine\6F392C7F.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\Program Files\Norton AntiVirus\Quarantine\6FC15A2C.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\Program Files\Norton AntiVirus\Quarantine\7638579E.exe/WISE0009.BIN Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\Program Files\Norton AntiVirus\Quarantine\7638579E.exe/WISE0010.BIN Infected: Trojan-Downloader.Win32.TSUpdate.p skipped
C:\Program Files\Norton AntiVirus\Quarantine\7638579E.exe/WISE0011.BIN Infected: Trojan-Downloader.Win32.TSUpdate.l skipped
C:\Program Files\Norton AntiVirus\Quarantine\7638579E.exe/WISE0012.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\7638579E.exe WiseSFX: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\7638579E.exe CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\7649298C.exe/WISE0009.BIN Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\Program Files\Norton AntiVirus\Quarantine\7649298C.exe/WISE0010.BIN Infected: Trojan-Downloader.Win32.TSUpdate.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\7649298C.exe/WISE0011.BIN Infected: Trojan-Downloader.Win32.TSUpdate.l skipped
C:\Program Files\Norton AntiVirus\Quarantine\7649298C.exe/WISE0012.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\7649298C.exe WiseSFX: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\7649298C.exe CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\76A32863.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\Program Files\Norton AntiVirus\Quarantine\76FB1602.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\Program Files\Norton AntiVirus\Quarantine\79F81736.tmp Infected: Trojan-Downloader.Win32.Agent.fhv skipped
C:\Program Files\Norton AntiVirus\Quarantine\7E995740.vir Infected: Trojan-Downloader.Win32.Agent.fjx skipped
C:\Program Files\Norton AntiVirus\Quarantine\7F8B7A36.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ahq skipped
C:\qoobox\Quarantine\C\Program Files\Words\Words.exe.vir Infected: not-a-virus:AdWare.Win32.Agent.tj skipped
C:\qoobox\Quarantine\C\WINDOWS\b143.exe.vir Infected: Trojan-Downloader.Win32.Agent.epl skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\blvnuywu.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\bqirdjtw.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\enbeexia.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ixemyies.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\jxocxnbi.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\RECYCLER\S-1-5-21-329068152-484763869-1957994488-1003\Dc129.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\RECYCLER\S-1-5-21-329068152-484763869-1957994488-1003\Dc130.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\RECYCLER\S-1-5-21-329068152-484763869-1957994488-1003\Dc131.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\RECYCLER\S-1-5-21-329068152-484763869-1957994488-1003\Dc138\great bind.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP489\A0073473.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP489\A0073474.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP490\A0073476.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP490\A0073477.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP491\A0073485.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP491\A0073486.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP492\A0073491.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP492\A0073496.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP493\A0073589.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP493\A0073597.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP493\A0074597.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP493\A0074599.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP494\A0074600.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP494\A0074603.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP495\A0074615.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP495\A0074622.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP495\A0074637.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP495\A0074638.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP496\A0074640.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP497\A0074646.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP497\A0075635.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP497\A0075642.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP498\A0075805.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP498\A0075818.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP498\A0075969.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP498\A0075994.exe Infected: not-a-virus:AdWare.Win32.Lop.bw skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP498\A0075995.exe Infected: not-a-virus:AdWare.Win32.Lop.bw skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP509\A0076084.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP509\A0076085.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP509\A0076086.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP509\A0076087.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP511\A0076123.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP541\A0077244.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP546\A0079244.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP550\A0079351.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP550\A0079360.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP550\A0079379.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP550\A0080382.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP553\A0081389.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP553\A0081398.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP553\A0082398.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP555\A0082413.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP571\A0082642.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP571\A0082650.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP571\A0082658.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP573\A0082702.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP574\A0082788.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP577\A0083941.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP578\A0083961.exe Infected: Trojan-Downloader.Win32.Agent.fak skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP579\A0084963.exe Infected: Trojan-Downloader.Win32.Agent.fak skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP580\A0089959.exe Infected: Trojan-Downloader.Win32.Agent.fak skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0089976.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0089977.exe Infected: Trojan-Downloader.Win32.Agent.fak skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0089978.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090002.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090004.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090011.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090014.exe Infected: Trojan-Downloader.Win32.Agent.fak skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090015.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ajq skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090018.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090019.exe Infected: Trojan-Downloader.Win32.Agent.fjv skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090021.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090022.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090023.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090024.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090024.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090024.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090024.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090025.exe Infected: Trojan-Downloader.Win32.Agent.ezc skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090027.exe Infected: not-a-virus:AdWare.Win32.Insider.a skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090028.exe Infected: Trojan-Downloader.Win32.Agent.fjn skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090040.exe Infected: Trojan-Downloader.Win32.Agent.fak skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090041.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ajq skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090044.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.i skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090045.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090047.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090048.exe Infected: Trojan-Downloader.Win32.Adload.ni skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090049.exe Infected: Trojan.Win32.Agent.crf skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090050.exe Infected: Trojan-Downloader.Win32.Agent.erf skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090051.exe Infected: Trojan-Downloader.Win32.Agent.fak skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090052.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ajq skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090053.exe Infected: Trojan-Dropper.Win32.Agent.chq skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090054.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090056.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090057.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090058.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090068.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090077.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0091062.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP583\A0091099.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP583\A0091100.exe Infected: Trojan-Downloader.Win32.Agent.fak skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP583\A0091116.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP584\A0091125.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP584\A0091130.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP584\A0091141.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP592\A0092399.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP592\A0092400.exe Infected: not-a-virus:PSWTool.Win32.PassView.l skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP594\A0092413.exe Infected: Trojan-Downloader.Win32.Agent.fhv skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP595\A0093365.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP595\A0093366.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP595\A0093367.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP595\A0093368.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP595\A0094382.exe Infected: not-a-virus:AdWare.Win32.Rond.d skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP596\A0094384.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP596\A0094389.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ahq skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP596\A0094396.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP597\A0094411.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP597\A0094412.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP598\A0094431.exe Infected: Trojan-Downloader.Win32.Agent.epl skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP598\A0094434.exe Infected: not-a-virus:AdWare.Win32.Agent.tj skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP598\A0094435.exe Infected: Trojan-Downloader.Win32.TSUpdate.l skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP598\A0094436.exe Infected: Trojan-Downloader.Win32.TSUpdate.r skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP598\A0094438.exe Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP598\A0094439.exe Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP598\A0094443.exe Infected: Trojan-Downloader.Win32.Agent.fjx skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP598\A0094459.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP598\A0095455.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP598\A0095466.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP598\A0095471.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP598\A0095472.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP598\A0095473.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP599\A0095484.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP600\A0095554.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP600\A0095555.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP600\A0095556.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP600\A0095561.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP600\A0095563.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP601\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\pfirewall.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\tbexaqcu.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\WINDOWS\system32\txrlemhk.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

This is where the scan ended for the C drive, the rest is in the next post.

Cookie Monster · 12-01-2007, 09:50 PM

Here they are, thanks again!

I had to send it in two pieces because of its size

Volume in drive C is DSK1_VOL1
Volume Serial Number is C40B-9B60

Directory of C:\Documents and Settings\All Users\Application Data

2007-02-15 23:23 <DIR> Adobe
2007-03-12 22:59 <DIR> Apple Computer
2007-08-18 00:56 <DIR> bags amen plan amok
2007-11-29 16:22 <DIR> Google
2007-08-19 21:01 <DIR> IDS_COMPANY_NAME
2007-11-12 11:03 3,746 QTSBandwidthCache
2006-03-31 11:46 <DIR> SBT
2006-12-27 12:15 <DIR> Sony Ericsson
2007-11-14 17:26 <DIR> Spybot - Search & Destroy
2007-08-19 21:15 <DIR> Symantec
2006-12-27 12:15 <DIR> Teleca
2007-11-14 16:50 <DIR> TEMP
2007-08-20 11:05 <DIR> Viewrealcdromtons
2006-06-25 17:40 <DIR> Windows Genuine Advantage
2007-09-21 09:42 <DIR> x3watch
2006-05-05 15:27 <DIR> Yahoo! Companion
2006-03-30 14:02 <DIR> Zero Knowledge
1 File(s) 3,746 bytes
16 Dir(s) 32,076,783,616 bytes free
Volume in drive C is DSK1_VOL1
Volume Serial Number is C40B-9B60

Directory of C:\Documents and Settings\Dad\Application Data

2006-03-31 12:27 <DIR> Help
2006-03-31 12:24 <DIR> Identities
2006-03-31 12:24 <DIR> Macromedia
2007-04-19 23:00 <DIR> Teleca
2006-03-31 12:24 <DIR> Zero Knowledge
0 File(s) 0 bytes
5 Dir(s) 32,076,783,616 bytes free
Volume in drive C is DSK1_VOL1
Volume Serial Number is C40B-9B60

Directory of C:\Documents and Settings\Dan the Man\Application Data

2007-05-03 18:39 <DIR> Adobe
2006-05-05 15:21 <DIR> AdobeAUM
2007-02-17 01:31 <DIR> AdobeUM
2006-04-08 12:57 <DIR> Apple Computer
2007-04-20 10:38 <DIR> BitDownload
2007-09-01 09:59 <DIR> browse that
2007-10-24 23:10 <DIR> DivX
2007-11-29 16:29 <DIR> Google
2006-03-31 12:20 <DIR> Help
2006-03-30 13:31 <DIR> Identities
2006-10-18 15:28 <DIR> Leadertech
2007-11-14 21:33 <DIR> LimeWire
2007-07-04 10:05 <DIR> Macromedia
2006-03-31 11:36 <DIR> Microsoft Web Folders
2007-01-21 17:54 <DIR> SoundSpectrum
2007-08-14 16:41 <DIR> Sun
2007-08-19 21:30 <DIR> Symantec
2006-12-27 12:20 <DIR> Teleca
2006-04-25 16:47 <DIR> The Learning Company
2007-11-26 22:01 <DIR> U3
2007-10-19 20:20 <DIR> Wal-Mart Digital Photo Manager
2007-10-19 20:18 <DIR> Wal-Mart Digital Photo Viewer
2007-08-21 11:46 <DIR> x3watch
2006-03-30 14:04 <DIR> Zero Knowledge
0 File(s) 0 bytes
24 Dir(s) 32,076,783,616 bytes free
Volume in drive C is DSK1_VOL1
Volume Serial Number is C40B-9B60

Directory of C:\Documents and Settings\Guest\Application Data

2006-10-09 14:31 <DIR> .
2006-10-09 14:31 <DIR> ..
0 File(s) 0 bytes
2 Dir(s) 32,076,783,616 bytes free
Volume in drive C is DSK1_VOL1
Volume Serial Number is C40B-9B60

Directory of C:\Documents and Settings\Default User\Application Data

2006-03-30 05:59 <DIR> .
2006-03-30 05:59 <DIR> ..
2006-04-20 22:01 62 desktop.ini
1 File(s) 62 bytes
2 Dir(s) 32,076,783,616 bytes free
Volume in drive C is DSK1_VOL1
Volume Serial Number is C40B-9B60

Directory of C:\Documents and Settings\LocalService\Application Data

Volume in drive C is DSK1_VOL1
Volume Serial Number is C40B-9B60

Directory of C:\Documents and Settings\NetworkService\Application Data

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2007-12-01 22:15
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/12/2007
Kaspersky Anti-Virus database records: 469690
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 526849
Number of viruses found: 55
Number of infected objects: 501
Number of suspicious objects: 0
Duration of the scan process: 17:04:10

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WhenUSaveNow1.zip/ACM.dll Infected: not-a-virus:AdTool.Win32.WhenU.g skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WhenUSaveNow1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WhenUSaveNow2.zip/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.br skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WhenUSaveNow2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-11-30_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\Dan the Man\Application Data\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt Object is locked skipped
C:\Documents and Settings\Dan the Man\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Dan the Man\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dan the Man\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dan the Man\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dan the Man\Local Settings\History\History.IE5\MSHist012007120120071202\index.dat Object is locked skipped
C:\Documents and Settings\Dan the Man\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dan the Man\ntuser.dat Object is locked skipped
C:\Documents and Settings\Dan the Man\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\Dan the Man\Shared\01 Track 1 (musical).wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\Dan the Man\Shared\03 Track 3 (album).wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\Dan the Man\Shared\diamond location.wm Infected: Trojan-Downloader.WMA.Wimad.m skipped
C:\Documents and Settings\Dan the Man\Shared\Top of Charts - 2005 (musical).wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\Dan the Man\Shared\us topo mapsource windows Bittorrent downloader.zip/BitDownload fastets Bittorrent downloader.exe/data0007 Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Dan the Man\Shared\us topo mapsource windows Bittorrent downloader.zip/BitDownload fastets Bittorrent downloader.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Dan the Man\Shared\us topo mapsource windows Bittorrent downloader.zip ZIP: infected - 2 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0021.BIN/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0021.BIN/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0028.BIN Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0031.BIN Infected: not-a-virus:AdWare.Win32.MyWay.j skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0032.BIN/wbhshare.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0032.BIN/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0032.BIN/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0032.BIN/whieshm.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0032.BIN/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.290 skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0032.BIN Infected: not-a-virus:AdWare.Win32.WebHancer.290 skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0034.BIN Infected: Trojan-Downloader.Win32.Agent.v skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0041.BIN Infected: not-a-virus:AdWare.Win32.SideStep.c skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0045.BIN Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0046.BIN Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe WiseSFX: infected - 15 skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe WiseSFX Dropper: infected - 15 skipped
C:\Old Files\Backup Gateway\Program Files\Loan Calculator\lnpl2132.exe/LNPLS232.EXE/EXE-file Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Loan Calculator\lnpl2132.exe/LNPLS232.EXE Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Loan Calculator\lnpl2132.exe ZIP: infected - 2 skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digi ... /[From Mail Admini ... /[From <peter_mancini@faa.gov>][Date Thu, 09 Jul 98 15:57:50 ... ... /EXE-file Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digi ... /[From Mail Admini ... /[From <peter_mancini@faa.gov>][Date Thu, 09 Jul 98 15:57:50 ... /LNPLS232.EXE Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digi ... /[From Mail Admini ... /[From <peter_mancini@faa.gov>][Date Thu, 09 Jul 98 15:57:50 ... /lnpl2132.exe Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digi ... /[From Mail Admini ... /[From <peter_mancini@faa.gov>][Date Thu, 09 Jul 98 15:57:50 -0500]/loancl.zip Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digi ... /[From Mail Administrator<Postmaster@proxy.ssofti.com>][Date Sun, 31 May 1998 19:38:36 -0600]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digit ... /[Fro ... /[From Pe ... /[From CMG12498 <CMG12498@aol.com>][Date Fri, 24 Apr 1998 02:40:33 EDT]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digit ... /[Fro ... /[From Peter Mancini <Peter.Mancini@faa.dot.gov>][Date 21 Apr 1998 13:48:12 -0400]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digit ... /[Fro ... /[From "Peter Mancini" <Peter@mail.ssofti.com>][Date Sun, 19 Apr 1998 13:27:24 -0400]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digit ... /[From Mail Administrator<Postmaster@proxy.ssofti.com>][Date Thu, 9 Apr 1998 18:47:46 -0600]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digital ID C . ... /[From "Gerry Weitz" <Gerry@mail.ssofti.com>][Date Sun, 15 Feb 1998 00:32:48 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digital ID C ... /[From "Maria Quijano" <Maria@mail.ssofti.com>][Date Sun, 15 Feb 1998 00:18:50 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digital ID Center <onlineca@verisign.com>][Date Sat, 14 Feb 1998 22:44:49 -0800]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox Mail Berkeley mbox: infected - 16 skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From ... /[From <peter_mancini@faa.gov>][Date Thu, 09 Jul 98 15:57:50 ... ... /EXE-file Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From ... /[From <peter_mancini@faa.gov>][Date Thu, 09 Jul 98 15:57:50 ... /LNPLS232.EXE Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From ... /[From <peter_mancini@faa.gov>][Date Thu, 09 Jul 98 15:57:50 ... /lnpl2132.exe Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From ... /[From <peter_mancini@faa.gov>][Date Thu, 09 Jul 98 15:57:50 -0500]/loancl.zip Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From "Peter Mancini" <Peter@mail.ssofti.com>][Date Fri, 21 Aug 1998 10

40 -0400]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From The Receptionist <Receptionist@nctm.org>][Date Fri, 25 Sep 1998 15:58:29 -0400]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[Fro ... /[From wmancini@bellatlantic.net][Date Thu, 04 Feb 1999 09:57:29 -0500]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[Fro ... /[From wmancini@bellatlantic.net][Date Tue, 29 Jun 1999 17:44:00 -0400]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[Fro ... /[From wmancini@bellatlantic.net][Date Fri, 02 Jul 1999 20:47:11 -0400]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From "Mike Nield" <Mike@mail.ssofti.com>][Date Fri, 02 Jul 1999 22:54:15 -0500]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From d ... /[From wmancini@bellatlantic.net][Date Mon, 05 Jul 1999 20:53:27 -0400]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From derek demarzo <demarzo@nctimes.net>][Date Mon, 04 Oct 1999 22:34:08 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From "Carole Mancini" <CMancini@nctm.org>][Date Wed, 06 Oct 1999 13:04:33 -0400]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From "Carole Man ... /[From Heritagenet@aol.com][Date Tue, 2 Nov 1999 18:55:00 EST]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From "Carole Mancini" <CMancini@nctm.org>][Date Fri, 12 Nov 1999 14:12:34 -0500]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From "Carl Porter" <carl@mail.ssofti.com>][Date Tue, 14 Dec 1999 17:13:42 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[ ... /[From derek demarzo <demarzo@flash.net>][Date Thu, 23 Dec 1999 22:38:44 -0700]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[ ... /[From derek demarzo <demarzo@flash.net>][Date Sat, 01 Jan 2000 10:50:33 -0700]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From "Gerry Weitz" <Gerry@mail.ssofti.com>][Date Thu, 06 Jan 2000 11:04:44 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From ... /[From wmancini@bellatlantic.net][Date Thu, 03 Feb 2000 17:19:42 -0500]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From ... /[From wmancini@bellatlantic.net][Date Sun, 06 Feb 2000 09:01:57 -0500]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From "Gerry Weitz" ... /[From AMCRADIO@aol.com][Date Mon, 14 Feb 2000 20:09:24 EST]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From "Gerry Weitz" <Gerry@mail.ssofti.com>][Date Wed, 16 Feb 2000 20:37:22 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriSign Customer Service <id-support@verisign.com>][Date Fri, 18 Feb 2000 05:37:08 -0800 (PST)]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date Fri, 18 Feb 2000 ... /[From "Peter Mancini" <Peter@mail.ssofti.com>][Date Fri, 18 Feb 2000 06:46:41 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date Fri, 18 Feb 2000 08 ... /[From "Carl Porter" <carl@mail.ssofti.com>][Date Fri, 18 Feb 2000 06:53:34 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date Fri, 18 Feb 2000 08:34:45 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal Mail Berkeley mbox: infected - 31 skipped
C:\Old Files\Dad's Old Computer\Program Files\Online Services\PRODIGY\pisetup.exe/SETUP32.EXE/WISE0042.BIN Infected: Trojan.Win32.Dialer.mv skipped
C:\Old Files\Dad's Old Computer\Program Files\Online Services\PRODIGY\pisetup.exe/SETUP32.EXE Infected: Trojan.Win32.Dialer.mv skipped
C:\Old Files\Dad's Old Computer\Program Files\Online Services\PRODIGY\pisetup.exe ZIP: infected - 2 skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0021.BIN/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0021.BIN/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0028.BIN Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0031.BIN Infected: not-a-virus:AdWare.Win32.MyWay.j skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0032.BIN/wbhshare.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0032.BIN/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0032.BIN/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0032.BIN/whieshm.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0032.BIN/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.290 skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0032.BIN Infected: not-a-virus:AdWare.Win32.WebHancer.290 skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0034.BIN Infected: Trojan-Downloader.Win32.Agent.v skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0041.BIN Infected: not-a-virus:AdWare.Win32.SideStep.c skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0045.BIN Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe/WISE0046.BIN Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe WiseSFX: infected - 15 skipped
C:\Old Files\My Documents Recovered\My Download Files\grokstersetupg.exe WiseSFX Dropper: infected - 15 skipped
C:\Old Files\Program Files\BearShare\Installer\BSINSTALL.exe/WISE0024.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Old Files\Program Files\BearShare\Installer\BSINSTALL.exe WiseSFX: infected - 1 skipped
C:\Old Files\Program Files\BearShare\Installer\BSINSTALL.exe WiseSFX Dropper: infected - 1 skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton AntiVirus\Quarantine\00211625.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Program Files\Norton AntiVirus\Quarantine\09756196.vir Infected: Trojan-Downloader.Win32.TSUpdate.l skipped
C:\Program Files\Norton AntiVirus\Quarantine\097F5F8B.vir Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\Program Files\Norton AntiVirus\Quarantine\09863384.vir Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CF01A0E.tmp Infected: not-a-virus:AdWare.Win32.Rond.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\110200FE.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\Program Files\Norton AntiVirus\Quarantine\111C50E2.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\Program Files\Norton AntiVirus\Quarantine\11743E81.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped
C:\Program Files\Norton AntiVirus\Quarantine\13B6072A.DLL Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\Program Files\Norton AntiVirus\Quarantine\17080C16.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\Program Files\Norton AntiVirus\Quarantine\17185E04.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\Program Files\Norton AntiVirus\Quarantine\22175490.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\Program Files\Norton AntiVirus\Quarantine\22C778AB.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\Program Files\Norton AntiVirus\Quarantine\2ED74689.tmp Infected: Trojan-Downloader.Win32.Agent.fjn skipped
C:\Program Files\Norton AntiVirus\Quarantine\38E27C44 Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Program Files\Norton AntiVirus\Quarantine\38E62641.exe Infected: not-a-virus:AdWare.Win32.Rond.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\38E9503D Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Program Files\Norton AntiVirus\Quarantine\3A381204.IE5 Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\Program Files\Norton AntiVirus\Quarantine\3A593826.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Program Files\Norton AntiVirus\Quarantine\3C6142FC.IE5 Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\Program Files\Norton AntiVirus\Quarantine\3EF7098E.vir Infected: Trojan-Downloader.Win32.TSUpdate.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\435A7FF7.tmp Infected: Trojan-Downloader.Win32.Agent.ezc skipped
C:\Program Files\Norton AntiVirus\Quarantine\45CD7D45.tmp Infected: Trojan-Downloader.Win32.Agent.fjv skipped
C:\Program Files\Norton AntiVirus\Quarantine\473C6BAF.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\Program Files\Norton AntiVirus\Quarantine\4827428E.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Program Files\Norton AntiVirus\Quarantine\482A6C8A.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Program Files\Norton AntiVirus\Quarantine\482D1687.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Program Files\Norton AntiVirus\Quarantine\48B90C0E.tmp Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\Program Files\Norton AntiVirus\Quarantine\4CF57F65.cmt Infected: Trojan-Downloader.Win32.Agent.fak skipped
C:\Program Files\Norton AntiVirus\Quarantine\51121519.exe Infected: not-a-virus:AdWare.Win32.Lop.bw skipped
C:\Program Files\Norton AntiVirus\Quarantine\523E2BCE.exe Infected: not-a-virus:AdWare.Win32.Lop.bw skipped
C:\Program Files\Norton AntiVirus\Quarantine\53C9041B.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Program Files\Norton AntiVirus\Quarantine\57771270.exe Infected: Trojan-Downloader.Win32.Small.gll skipped
C:\Program Files\Norton AntiVirus\Quarantine\58D76ACF.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\Program Files\Norton AntiVirus\Quarantine\6F285A91 Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Program Files\Norton AntiVirus\Quarantine\6F392C7F.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\Program Files\Norton AntiVirus\Quarantine\6FC15A2C.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\Program Files\Norton AntiVirus\Quarantine\7638579E.exe/WISE0009.BIN Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\Program Files\Norton AntiVirus\Quarantine\7638579E.exe/WISE0010.BIN Infected: Trojan-Downloader.Win32.TSUpdate.p skipped
C:\Program Files\Norton AntiVirus\Quarantine\7638579E.exe/WISE0011.BIN Infected: Trojan-Downloader.Win32.TSUpdate.l skipped
C:\Program Files\Norton AntiVirus\Quarantine\7638579E.exe/WISE0012.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\7638579E.exe WiseSFX: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\7638579E.exe CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\7649298C.exe/WISE0009.BIN Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\Program Files\Norton AntiVirus\Quarantine\7649298C.exe/WISE0010.BIN Infected: Trojan-Downloader.Win32.TSUpdate.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\7649298C.exe/WISE0011.BIN Infected: Trojan-Downloader.Win32.TSUpdate.l skipped
C:\Program Files\Norton AntiVirus\Quarantine\7649298C.exe/WISE0012.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\7649298C.exe WiseSFX: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\7649298C.exe CryptFF: infected - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\76A32863.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\Program Files\Norton AntiVirus\Quarantine\76FB1602.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\Program Files\Norton AntiVirus\Quarantine\79F81736.tmp Infected: Trojan-Downloader.Win32.Agent.fhv skipped
C:\Program Files\Norton AntiVirus\Quarantine\7E995740.vir Infected: Trojan-Downloader.Win32.Agent.fjx skipped
C:\Program Files\Norton AntiVirus\Quarantine\7F8B7A36.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ahq skipped
C:\qoobox\Quarantine\C\Program Files\Words\Words.exe.vir Infected: not-a-virus:AdWare.Win32.Agent.tj skipped
C:\qoobox\Quarantine\C\WINDOWS\b143.exe.vir Infected: Trojan-Downloader.Win32.Agent.epl skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\blvnuywu.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\bqirdjtw.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\enbeexia.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ixemyies.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\jxocxnbi.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\RECYCLER\S-1-5-21-329068152-484763869-1957994488-1003\Dc129.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\RECYCLER\S-1-5-21-329068152-484763869-1957994488-1003\Dc130.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\RECYCLER\S-1-5-21-329068152-484763869-1957994488-1003\Dc131.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\RECYCLER\S-1-5-21-329068152-484763869-1957994488-1003\Dc138\great bind.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP489\A0073473.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP489\A0073474.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP490\A0073476.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP490\A0073477.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP491\A0073485.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP491\A0073486.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP492\A0073491.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP492\A0073496.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP493\A0073589.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP493\A0073597.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP493\A0074597.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP493\A0074599.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP494\A0074600.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP494\A0074603.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP495\A0074615.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP495\A0074622.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP495\A0074637.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP495\A0074638.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP496\A0074640.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP497\A0074646.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP497\A0075635.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP497\A0075642.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP498\A0075805.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP498\A0075818.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP498\A0075969.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP498\A0075994.exe Infected: not-a-virus:AdWare.Win32.Lop.bw skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP498\A0075995.exe Infected: not-a-virus:AdWare.Win32.Lop.bw skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP509\A0076084.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP509\A0076085.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP509\A0076086.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP509\A0076087.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP511\A0076123.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP541\A0077244.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP546\A0079244.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP550\A0079351.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP550\A0079360.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP550\A0079379.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP550\A0080382.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP553\A0081389.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP553\A0081398.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP553\A0082398.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP555\A0082413.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP571\A0082642.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP571\A0082650.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP571\A0082658.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP573\A0082702.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP574\A0082788.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP577\A0083941.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP578\A0083961.exe Infected: Trojan-Downloader.Win32.Agent.fak skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP579\A0084963.exe Infected: Trojan-Downloader.Win32.Agent.fak skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP580\A0089959.exe Infected: Trojan-Downloader.Win32.Agent.fak skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0089976.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0089977.exe Infected: Trojan-Downloader.Win32.Agent.fak skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0089978.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090002.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090004.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090011.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090014.exe Infected: Trojan-Downloader.Win32.Agent.fak skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090015.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ajq skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090018.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090019.exe Infected: Trojan-Downloader.Win32.Agent.fjv skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090021.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090022.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090023.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090024.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090024.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090024.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090024.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090025.exe Infected: Trojan-Downloader.Win32.Agent.ezc skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090027.exe Infected: not-a-virus:AdWare.Win32.Insider.a skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090028.exe Infected: Trojan-Downloader.Win32.Agent.fjn skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090040.exe Infected: Trojan-Downloader.Win32.Agent.fak skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090041.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ajq skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090044.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.i skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090045.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090047.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090048.exe Infected: Trojan-Downloader.Win32.Adload.ni skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090049.exe Infected: Trojan.Win32.Agent.crf skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090050.exe Infected: Trojan-Downloader.Win32.Agent.erf skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090051.exe Infected: Trojan-Downloader.Win32.Agent.fak skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090052.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ajq skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090053.exe Infected: Trojan-Dropper.Win32.Agent.chq skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090054.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090056.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090057.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090058.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090068.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0090077.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP582\A0091062.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP583\A0091099.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP583\A0091100.exe Infected: Trojan-Downloader.Win32.Agent.fak skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP583\A0091116.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP584\A0091125.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP584\A0091130.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP584\A0091141.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP592\A0092399.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP592\A0092400.exe Infected: not-a-virus:PSWTool.Win32.PassView.l skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP594\A0092413.exe Infected: Trojan-Downloader.Win32.Agent.fhv skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP595\A0093365.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP595\A0093366.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP595\A0093367.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP595\A0093368.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP595\A0094382.exe Infected: not-a-virus:AdWare.Win32.Rond.d skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP596\A0094384.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP596\A0094389.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ahq skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP596\A0094396.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP597\A0094411.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP597\A0094412.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP598\A0094431.exe Infected: Trojan-Downloader.Win32.Agent.epl skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP598\A0094434.exe Infected: not-a-virus:AdWare.Win32.Agent.tj skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP598\A0094435.exe Infected: Trojan-Downloader.Win32.TSUpdate.l skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP598\A0094436.exe Infected: Trojan-Downloader.Win32.TSUpdate.r skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP598\A0094438.exe Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP598\A0094439.exe Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP598\A0094443.exe Infected: Trojan-Downloader.Win32.Agent.fjx skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP598\A0094459.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP598\A0095455.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP598\A0095466.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP598\A0095471.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP598\A0095472.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP598\A0095473.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP599\A0095484.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP600\A0095554.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP600\A0095555.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP600\A0095556.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP600\A0095561.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP600\A0095563.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{D1CCE950-A925-4C2A-8AFC-D7EBA2E6959B}\RP601\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\pfirewall.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\tbexaqcu.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\WINDOWS\system32\txrlemhk.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

This is where the scan ended for the C drive, the rest is in the next post.

Cookie Monster · 12-01-2007, 09:57 PM

Here they are, thanks again!

I had to send it in pieces because of its size

Volume in drive C is DSK1_VOL1
Volume Serial Number is C40B-9B60

Directory of C:\Documents and Settings\All Users\Application Data

2007-02-15 23:23 <DIR> Adobe
2007-03-12 22:59 <DIR> Apple Computer
2007-08-18 00:56 <DIR> bags amen plan amok
2007-11-29 16:22 <DIR> Google
2007-08-19 21:01 <DIR> IDS_COMPANY_NAME
2007-11-12 11:03 3,746 QTSBandwidthCache
2006-03-31 11:46 <DIR> SBT
2006-12-27 12:15 <DIR> Sony Ericsson
2007-11-14 17:26 <DIR> Spybot - Search & Destroy
2007-08-19 21:15 <DIR> Symantec
2006-12-27 12:15 <DIR> Teleca
2007-11-14 16:50 <DIR> TEMP
2007-08-20 11:05 <DIR> Viewrealcdromtons
2006-06-25 17:40 <DIR> Windows Genuine Advantage
2007-09-21 09:42 <DIR> x3watch
2006-05-05 15:27 <DIR> Yahoo! Companion
2006-03-30 14:02 <DIR> Zero Knowledge
1 File(s) 3,746 bytes
16 Dir(s) 32,076,783,616 bytes free
Volume in drive C is DSK1_VOL1
Volume Serial Number is C40B-9B60

Directory of C:\Documents and Settings\Dad\Application Data

2006-03-31 12:27 <DIR> Help
2006-03-31 12:24 <DIR> Identities
2006-03-31 12:24 <DIR> Macromedia
2007-04-19 23:00 <DIR> Teleca
2006-03-31 12:24 <DIR> Zero Knowledge
0 File(s) 0 bytes
5 Dir(s) 32,076,783,616 bytes free
Volume in drive C is DSK1_VOL1
Volume Serial Number is C40B-9B60

Directory of C:\Documents and Settings\Dan the Man\Application Data

2007-05-03 18:39 <DIR> Adobe
2006-05-05 15:21 <DIR> AdobeAUM
2007-02-17 01:31 <DIR> AdobeUM
2006-04-08 12:57 <DIR> Apple Computer
2007-04-20 10:38 <DIR> BitDownload
2007-09-01 09:59 <DIR> browse that
2007-10-24 23:10 <DIR> DivX
2007-11-29 16:29 <DIR> Google
2006-03-31 12:20 <DIR> Help
2006-03-30 13:31 <DIR> Identities
2006-10-18 15:28 <DIR> Leadertech
2007-11-14 21:33 <DIR> LimeWire
2007-07-04 10:05 <DIR> Macromedia
2006-03-31 11:36 <DIR> Microsoft Web Folders
2007-01-21 17:54 <DIR> SoundSpectrum
2007-08-14 16:41 <DIR> Sun
2007-08-19 21:30 <DIR> Symantec
2006-12-27 12:20 <DIR> Teleca
2006-04-25 16:47 <DIR> The Learning Company
2007-11-26 22:01 <DIR> U3
2007-10-19 20:20 <DIR> Wal-Mart Digital Photo Manager
2007-10-19 20:18 <DIR> Wal-Mart Digital Photo Viewer
2007-08-21 11:46 <DIR> x3watch
2006-03-30 14:04 <DIR> Zero Knowledge
0 File(s) 0 bytes
24 Dir(s) 32,076,783,616 bytes free
Volume in drive C is DSK1_VOL1
Volume Serial Number is C40B-9B60

Directory of C:\Documents and Settings\Guest\Application Data

2006-10-09 14:31 <DIR> .
2006-10-09 14:31 <DIR> ..
0 File(s) 0 bytes
2 Dir(s) 32,076,783,616 bytes free
Volume in drive C is DSK1_VOL1
Volume Serial Number is C40B-9B60

Directory of C:\Documents and Settings\Default User\Application Data

2006-03-30 05:59 <DIR> .
2006-03-30 05:59 <DIR> ..
2006-04-20 22:01 62 desktop.ini
1 File(s) 62 bytes
2 Dir(s) 32,076,783,616 bytes free
Volume in drive C is DSK1_VOL1
Volume Serial Number is C40B-9B60

Directory of C:\Documents and Settings\LocalService\Application Data

Volume in drive C is DSK1_VOL1
Volume Serial Number is C40B-9B60

Directory of C:\Documents and Settings\NetworkService\Application Data

Here comes the next piece

Cookie Monster · 12-01-2007, 09:59 PM

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2007-12-01 22:15
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/12/2007
Kaspersky Anti-Virus database records: 469690
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 526849
Number of viruses found: 55
Number of infected objects: 501
Number of suspicious objects: 0
Duration of the scan process: 17:04:10

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WhenUSaveNow1.zip/ACM.dll Infected: not-a-virus:AdTool.Win32.WhenU.g skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WhenUSaveNow1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WhenUSaveNow2.zip/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.br skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WhenUSaveNow2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-11-30_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\Dan the Man\Application Data\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt Object is locked skipped
C:\Documents and Settings\Dan the Man\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Dan the Man\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dan the Man\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dan the Man\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dan the Man\Local Settings\History\History.IE5\MSHist012007120120071202\index.dat Object is locked skipped
C:\Documents and Settings\Dan the Man\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dan the Man\ntuser.dat Object is locked skipped
C:\Documents and Settings\Dan the Man\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\Dan the Man\Shared\01 Track 1 (musical).wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\Dan the Man\Shared\03 Track 3 (album).wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\Dan the Man\Shared\diamond location.wm Infected: Trojan-Downloader.WMA.Wimad.m skipped
C:\Documents and Settings\Dan the Man\Shared\Top of Charts - 2005 (musical).wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\Dan the Man\Shared\us topo mapsource windows Bittorrent downloader.zip/BitDownload fastets Bittorrent downloader.exe/data0007 Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Dan the Man\Shared\us topo mapsource windows Bittorrent downloader.zip/BitDownload fastets Bittorrent downloader.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Dan the Man\Shared\us topo mapsource windows Bittorrent downloader.zip ZIP: infected - 2 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0021.BIN/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0021.BIN/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0028.BIN Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0031.BIN Infected: not-a-virus:AdWare.Win32.MyWay.j skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0032.BIN/wbhshare.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0032.BIN/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0032.BIN/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0032.BIN/whieshm.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0032.BIN/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.290 skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0032.BIN Infected: not-a-virus:AdWare.Win32.WebHancer.290 skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0034.BIN Infected: Trojan-Downloader.Win32.Agent.v skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0041.BIN Infected: not-a-virus:AdWare.Win32.SideStep.c skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0045.BIN Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe/WISE0046.BIN Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe WiseSFX: infected - 15 skipped
C:\Old Files\Backup Gateway\My Documents\My Download Files\grokstersetupg.exe WiseSFX Dropper: infected - 15 skipped
C:\Old Files\Backup Gateway\Program Files\Loan Calculator\lnpl2132.exe/LNPLS232.EXE/EXE-file Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Loan Calculator\lnpl2132.exe/LNPLS232.EXE Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Loan Calculator\lnpl2132.exe ZIP: infected - 2 skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digi ... /[From Mail Admini ... /[From <peter_mancini@faa.gov>][Date Thu, 09 Jul 98 15:57:50 ... ... /EXE-file Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digi ... /[From Mail Admini ... /[From <peter_mancini@faa.gov>][Date Thu, 09 Jul 98 15:57:50 ... /LNPLS232.EXE Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digi ... /[From Mail Admini ... /[From <peter_mancini@faa.gov>][Date Thu, 09 Jul 98 15:57:50 ... /lnpl2132.exe Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digi ... /[From Mail Admini ... /[From <peter_mancini@faa.gov>][Date Thu, 09 Jul 98 15:57:50 -0500]/loancl.zip Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digi ... /[From Mail Administrator<Postmaster@proxy.ssofti.com>][Date Sun, 31 May 1998 19:38:36 -0600]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digit ... /[Fro ... /[From Pe ... /[From CMG12498 <CMG12498@aol.com>][Date Fri, 24 Apr 1998 02:40:33 EDT]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digit ... /[Fro ... /[From Peter Mancini <Peter.Mancini@faa.dot.gov>][Date 21 Apr 1998 13:48:12 -0400]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digit ... /[Fro ... /[From "Peter Mancini" <Peter@mail.ssofti.com>][Date Sun, 19 Apr 1998 13:27:24 -0400]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digit ... /[From Mail Administrator<Postmaster@proxy.ssofti.com>][Date Thu, 9 Apr 1998 18:47:46 -0600]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digital ID C . ... /[From "Gerry Weitz" <Gerry@mail.ssofti.com>][Date Sun, 15 Feb 1998 00:32:48 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digital ID C ... /[From "Maria Quijano" <Maria@mail.ssofti.com>][Date Sun, 15 Feb 1998 00:18:50 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED/[From VeriSign Digital ID Center <onlineca@verisign.com>][Date Sat, 14 Feb 1998 22:44:49 -0800]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED/[From "Carl Porter" <carl@mail.ssofti.com>][Date Sat, 14 Feb 1998 23:35:54 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text/[From "Rodger Garcia" <Rodger@mail.ssofti.com>][Date Sat, 14 Feb 1998 22:59:20 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED/[From "Sergio Arciniegas" <Sergio@mail.ssofti.com>][Date Sat, 14 Feb 1998 15:36:55 -0700]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox/[From "In-box Direct" <info@netscape.com>][Date Mon, 02 Jun 1997 13:00:00 -0800]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Inbox Mail Berkeley mbox: infected - 16 skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From ... /[From <peter_mancini@faa.gov>][Date Thu, 09 Jul 98 15:57:50 ... ... /EXE-file Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From ... /[From <peter_mancini@faa.gov>][Date Thu, 09 Jul 98 15:57:50 ... /LNPLS232.EXE Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From ... /[From <peter_mancini@faa.gov>][Date Thu, 09 Jul 98 15:57:50 ... /lnpl2132.exe Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From ... /[From <peter_mancini@faa.gov>][Date Thu, 09 Jul 98 15:57:50 -0500]/loancl.zip Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From "Peter Mancini" <Peter@mail.ssofti.com>][Date Fri, 21 Aug 1998 10

40 -0400]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From The Receptionist <Receptionist@nctm.org>][Date Fri, 25 Sep 1998 15:58:29 -0400]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[Fro ... /[From wmancini@bellatlantic.net][Date Thu, 04 Feb 1999 09:57:29 -0500]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[Fro ... /[From wmancini@bellatlantic.net][Date Tue, 29 Jun 1999 17:44:00 -0400]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[Fro ... /[From wmancini@bellatlantic.net][Date Fri, 02 Jul 1999 20:47:11 -0400]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From "Mike Nield" <Mike@mail.ssofti.com>][Date Fri, 02 Jul 1999 22:54:15 -0500]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From d ... /[From wmancini@bellatlantic.net][Date Mon, 05 Jul 1999 20:53:27 -0400]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From derek demarzo <demarzo@nctimes.net>][Date Mon, 04 Oct 1999 22:34:08 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From "Carole Mancini" <CMancini@nctm.org>][Date Wed, 06 Oct 1999 13:04:33 -0400]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From "Carole Man ... /[From Heritagenet@aol.com][Date Tue, 2 Nov 1999 18:55:00 EST]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From "Carole Mancini" <CMancini@nctm.org>][Date Fri, 12 Nov 1999 14:12:34 -0500]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From "Carl Porter" <carl@mail.ssofti.com>][Date Tue, 14 Dec 1999 17:13:42 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[ ... /[From derek demarzo <demarzo@flash.net>][Date Thu, 23 Dec 1999 22:38:44 -0700]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[ ... /[From derek demarzo <demarzo@flash.net>][Date Sat, 01 Jan 2000 10:50:33 -0700]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From "Gerry Weitz" <Gerry@mail.ssofti.com>][Date Thu, 06 Jan 2000 11:04:44 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From ... /[From wmancini@bellatlantic.net][Date Thu, 03 Feb 2000 17:19:42 -0500]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From ... /[From wmancini@bellatlantic.net][Date Sun, 06 Feb 2000 09:01:57 -0500]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From "Gerry Weitz" ... /[From AMCRADIO@aol.com][Date Mon, 14 Feb 2000 20:09:24 EST]/text Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriS ... /[From "Gerry Weitz" <Gerry@mail.ssofti.com>][Date Wed, 16 Feb 2000 20:37:22 -0700]/UNNAMED Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Old Files\Backup Gateway\Program Files\Netscape\Users\Peter\Mail\Personal/[From "Carl Porter" <carl@mail.ssofti.com>][Date Wed, 26 Apr 2000 06:32:56 -0600]/UNNAMED/[From LizDeMarzo@aol.com][Date Sun, 23 Apr 2000 22:46:23 EDT]/text/[From "Carl Porter" <carl@mail.ssofti.com>][Date Mon, 13 Mar 2000 22:41:24 -0700]/UNNAMED/[From derek demarzo <demarzo@flash.net>][Date Mon, 13 Mar 2000 19:00:10 -0700]/text/[From "Mike Nield" <Mike@mail.ssofti.com>][Date F ... /[From VeriSign Customer Service <id-supp

11-27-2007, 01:44 PM	#2 (permalink)
Glaswegian Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic Join Date: Sep 2005 Location: Glasgow Posts: 23,940 OS: Win XP Pro SP3 / Win 7 RC My System Blog Entries: 10	Re: Help, my computer has been hijacked! Hi and welcome to the Security Forum. Apologies for any delay in replying, but we have been rather busy lately, and, of course, all our helpers are volunteers. My name is Iain and I will be helping you clean your system. You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply. Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below. Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your log is clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean. If there is anything you don't understand, please ask BEFORE proceeding with the fixes. Please ensure that you follow the instructions in the order I have them listed. Combofix Download ComboFix and save it to your desktop. Note: It is important that it is saved directly to your desktop 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. *See here for a guide to disabling AV, Firewall and Anti-malware programmes.* Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Please post the log C:\ComboFix.txt along with a fresh HijackThis Log for further review. NOTE: ComboFix should not take more than 20 minutes to run - this includes the reboot if malware is found. If it does: Open Task Manager (Ctrl+Alt+Del) and go to the Processes Tab End any processes called indstr, find, sed or swreg, ComboFix should now contimue. Please advise me if you had to end any Processes in this way, and let me know the Process Names. Do not mouseclick combofix's window whilst it's running. This may cause it to stall. __________________ Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums. Ad-Aware::SpywareBlaster::SpyBot::SpywareGuard::SnoopFree::AVG Free::HOSTS File::HijackThis::Donate::Photographers Corner

11-27-2007, 06:05 PM	#3 (permalink)
Cookie Monster Registered User Join Date: Sep 2007 Location: Colorado Posts: 27 OS: XP Pro	Re: Help, my computer has been hijacked! Iain, Thanks for your help! While I was waiting for someone to respond I came across a post for users self help which had a download link and instructions for the Trojan Vundo called VundoFix.exe. I ran it lastnight and by this morning it had finished. It found 4 files and removed 3 of them, and as per the instructions I re-booted and I am right now running it again during boot-up. Hopefully it will remove the last file in my system32 folder and I will post the info you need as soon as that's done and let you know how it turned out. I ran Panda's ActiveScan before this and if you could believe it, it found and disinfected around 5,000 viruses! It also found around 80 something spyware and 6 rootkits that are still invading. This is a hand-me-down desktop I picked up for my one of my kids to do their homework assignments and surf My Space. Thanks again for responding. Pete

11-27-2007, 08:36 PM	#4 (permalink)
Cookie Monster Registered User Join Date: Sep 2007 Location: Colorado Posts: 27 OS: XP Pro	Re: Help, my computer has been hijacked! Iain, Thanks for your help! While I was waiting for someone to respond I came across a post for users self help which had a download link and instructions for the Trojan Vundo called VundoFix.exe. I ran it lastnight and by this morning it had finished. It found 4 files and removed 3 of them, and as per the instructions I re-booted and I am right now running it again during boot-up. Hopefully it will remove the last file in my system32 folder and I will post the info you need as soon as that's done and let you know how it turned out. I ran Panda's ActiveScan before this and if you could believe it, it found and disinfected around 5,000 viruses! It also found around 80 something spyware and 6 rootkits that are still invading. This is a hand-me-down desktop I picked up for my one of my kids to do their homework assignments and surf My Space. Thanks again for responding. Pete

11-28-2007, 01:13 PM	#5 (permalink)
Glaswegian Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic Join Date: Sep 2005 Location: Glasgow Posts: 23,940 OS: Win XP Pro SP3 / Win 7 RC My System Blog Entries: 10	Re: Help, my computer has been hijacked! Good to hear. Combofix will help clear out any stragglers, as Vundo has become rather persistent recently. Don't do anything else for now (apart from Combofix), so that I can see the machine's state from the logs. Then we can clear up whatever may be left. __________________ Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums. Ad-Aware::SpywareBlaster::SpyBot::SpywareGuard::SnoopFree::AVG Free::HOSTS File::HijackThis::Donate::Photographers Corner

11-28-2007, 04:45 PM	#6 (permalink)
Cookie Monster Registered User Join Date: Sep 2007 Location: Colorado Posts: 27 OS: XP Pro	Re: Help, my computer has been hijacked! Iain, I ran ComboFix as instructed. Disabled my Norton AV. When it rebooted the Norton AV restarted stating Mlicious Script Detected with a drop down list of options to perform. I clicked on the drop down list to choose to allow the entire script to run, but as soon as I clicked the drop down box to reveal the list my computer froze. I rebooted because that became my only option. ComboFix did produce a log report. I will send it along with the HijackThis Log.

11-28-2007, 04:53 PM	#7 (permalink)
Cookie Monster Registered User Join Date: Sep 2007 Location: Colorado Posts: 27 OS: XP Pro	Re: Help, my computer has been hijacked! I hope this will work. ComboFix 07-11-19.4C - Dan the Man 2007-11-28 16:44:25.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.71 [GMT -7:00] Running from: C:\Documents and Settings\Dan the Man\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk C:\Documents and Settings\Dan the Man\Desktop\Live Safety Center.lnk C:\Documents and Settings\Dan the Man\Desktop\Online Security Guide.lnk C:\Documents and Settings\Dan the Man\Favorites\Online Security Guide.lnk C:\Program Files\Common Files\kffz\kffza.exe C:\Program Files\Common Files\kffz\kffza.lck C:\Program Files\Common Files\kffz\kffzd\class-barrel C:\Program Files\Common Files\kffz\kffzd\kffzc.dll C:\Program Files\Common Files\kffz\kffzd\vocabulary C:\Program Files\Common Files\kffz\kffzl.exe C:\Program Files\Common Files\kffz\kffzl.lck C:\Program Files\Common Files\kffz\kffzm.exe C:\Program Files\Common Files\kffz\kffzm.lck C:\Program Files\Common Files\kffz\kffzp.exe C:\Program Files\inetget2 C:\Program Files\myglobalsearch C:\Program Files\Words C:\Program Files\Words\list.txt C:\Program Files\Words\UnInstall.exe C:\Program Files\Words\Words.exe C:\windows\b143.exe C:\windows\cookies.ini C:\windows\kffz C:\windows\kffz\kffz.dat C:\windows\kffz\wu C:\windows\mrofinu1188.exe C:\windows\system32\tsuninst.exe C:\WINDOWS\system32\wxyay.bak1 C:\WINDOWS\system32\wxyay.bak2 C:\WINDOWS\system32\wxyay.ini C:\WINDOWS\system32\wxyay.ini2 C:\WINDOWS\system32\wxyay.tmp C:\windows\system32\yayxw.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE -------\DomainService ((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-28 ))))))))))))))))))))))))))))))) . 2007-11-26 22:01 <DIR> d-------- C:\VundoFix Backups 2007-11-26 14:12 80,960 --a------ C:\WINDOWS\system32\sgaaghmh.dll 2007-11-26 14:09 780,914 --ahs---- C:\WINDOWS\system32\qcmobqkx.ini 2007-11-26 14:09 71,232 --a------ C:\WINDOWS\system32\blvnuywu.exe 2007-11-25 14:11 <DIR> d-------- C:\Deckard 2007-11-25 14:09 79,936 --a------ C:\WINDOWS\system32\hiotoytu.dll 2007-11-25 14:08 71,232 --a------ C:\WINDOWS\system32\jxocxnbi.exe 2007-11-25 14:08 71,232 --a------ C:\WINDOWS\system32\enbeexia.exe 2007-11-24 13:44 741,850 --ahs---- C:\WINDOWS\system32\kxmrvxbo.ini 2007-11-22 21:54 <DIR> d-------- C:\Program Files\CCleaner 2007-11-22 21:53 741,790 --ahs---- C:\WINDOWS\system32\pwllkroe.ini 2007-11-22 21:53 79,936 --a------ C:\WINDOWS\system32\krfswwxw.dll 2007-11-17 19:03 71,232 --a------ C:\WINDOWS\system32\ixemyies.exe 2007-11-15 16:16 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2007-11-15 16:16 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-11-15 16:15 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-11-15 14:30 15 --a------ C:\WINDOWS\system32\c40b8941 2007-11-14 17:01 671,136 --ahs---- C:\WINDOWS\system32\hmelblbl.ini 2007-11-14 17:01 85,056 --a------ C:\WINDOWS\system32\lblblemh.dll 2007-11-14 16:58 79,424 --a------ C:\WINDOWS\system32\fvqetudd.dll 2007-11-14 15:57 79,424 --a------ C:\WINDOWS\system32\lcbscxor.dll 2007-11-14 15:55 671,127 --ahs---- C:\WINDOWS\system32\olveadem.ini 2007-11-14 15:54 85,056 --a------ C:\WINDOWS\system32\medaevlo.dll 2007-11-14 15:46 71,232 --a------ C:\WINDOWS\system32\bqirdjtw.exe 2007-11-14 15:38 36,352 --a------ C:\WINDOWS\system32\nnnmnkj.dll 2007-11-14 15:22 79,424 --a------ C:\WINDOWS\system32\jgbuqvrt.dll 2007-11-14 15:21 0 --a------ C:\Documents and Settings\Dan the Man\x.dat 2007-11-14 15:19 2,152 --a------ C:\Documents and Settings\Dan the Man\z.dat 2007-11-13 16:05 8,454,656 --a------ C:\WINDOWS\system32\SET3C.tmp 2007-11-13 16:05 115,712 --a------ C:\WINDOWS\system32\SET3D.tmp 2007-11-08 20:04 134 --a------ C:\n.bat 2007-11-08 20:03 0 --a------ C:\z.dat 2007-11-08 20:03 0 --a------ C:\x.dat 2007-11-08 20:02 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-11-01 21:55 <DIR> d-------- C:\Program Files\InterActual 2007-11-01 21:28 <DIR> d-------- C:\Program Files\DIFX . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-28 23:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-11-27 05:01 --------- d-----w C:\Documents and Settings\Dan the Man\Application Data\U3 2007-11-25 02:01 --------- d-----w C:\Program Files\QuickTime 2007-11-25 02:00 --------- d-----w C:\Program Files\Norton AntiVirus 2007-11-25 01:49 --------- d-----w C:\Program Files\iTunes 2007-11-25 01:48 --------- d-----w C:\Program Files\Common Files\Teleca Shared 2007-11-24 02:15 22 ----a-w C:\WINDOWS\Fonts\zia03516 2007-11-24 02:15 22 ----a-w C:\WINDOWS\Fonts\a.zip 2007-11-15 04:33 --------- d-----w C:\Documents and Settings\Dan the Man\Application Data\LimeWire 2007-11-15 04:30 --------- d-----w C:\Program Files\LimeWire 2007-11-15 00:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-10-25 06:10 --------- d-----w C:\Documents and Settings\Dan the Man\Application Data\DivX 2007-10-25 06:06 --------- d-----w C:\Program Files\DivX 2007-10-20 03:20 --------- d-----w C:\Documents and Settings\Dan the Man\Application Data\Wal-Mart Digital Photo Manager 2007-10-20 03:19 --------- d-----w C:\Program Files\Wal-Mart 2007-10-20 03:19 --------- d-----w C:\Program Files\Common Files\HP 2007-10-20 03:18 --------- d-----w C:\Documents and Settings\Dan the Man\Application Data\Wal-Mart Digital Photo Viewer 2007-09-28 16:07 9,464 ------w C:\windows\system32\drivers\cdralw2k.sys 2007-09-28 16:07 9,336 ------w C:\windows\system32\drivers\cdr4_xp.sys 2007-09-28 16:07 43,528 ------w C:\windows\system32\drivers\PxHelp20.sys 1998-12-09 02:53 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL 1998-12-09 02:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL 1998-12-09 02:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL 1998-12-09 02:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL 1998-12-09 02:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL 1998-12-09 02:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0cc55c1a-46ea-422c-9fd4-8d62678f1586}] 2007-11-26 14:12 80960 --a------ C:\windows\system32\sgaaghmh.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "interrdr"="C:\DOCUME~1\DANTHE~1\APPLIC~1\BROWSE~1\live close pile.exe" [] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 00:04] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-15 10:00] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 18:05] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00] "IgfxTray"="C:\windows\system32\igfxtray.exe" [2001-08-07 23:25] "HotKeysCmds"="C:\windows\system32\hkcmd.exe" [2001-08-07 22:36] "user bib mp3 plan"="C:\Documents and Settings\All Users\Application Data\Amok Copy User Bib\great bind.exe" [2007-11-28 17:03] "JUMP RECT SAVE PLAN"="C:\Documents and Settings\All Users\Application Data\bags amen plan amok\1 Help Debug.exe" [] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 16:32] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-08-20 10:53] "Host Process"="C:\windows\Fonts\svchost.exe" [] "c40b9bcf"="C:\windows\system32\xkqbomcq.dll" [] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:47, on 2007-11-28 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\windows\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\windows\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\windows\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\windows\system32\igfxtray.exe C:\windows\system32\hkcmd.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\windows\System32\svchost.exe C:\windows\system32\taskmgr.exe C:\windows\system32\wuauclt.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Documents and Settings\Dan the Man\Desktop\Downloads\Dan the Man.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://defendingyourfaith.org/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost; O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: {6851f876-26d8-4df9-c224-ae64a1c55cc0} - {0cc55c1a-46ea-422c-9fd4-8d62678f1586} - C:\windows\system32\sgaaghmh.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe O4 - HKLM\..\Run: [user bib mp3 plan] C:\Documents and Settings\All Users\Application Data\Amok Copy User Bib\great bind.exe O4 - HKLM\..\Run: [JUMP RECT SAVE PLAN] C:\Documents and Settings\All Users\Application Data\bags amen plan amok\1 Help Debug.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Host Process] C:\windows\Fonts\svchost.exe O4 - HKLM\..\Run: [c40b9bcf] rundll32.exe "C:\windows\system32\xkqbomcq.dll",b O4 - HKCU\..\Run: [interrdr] C:\DOCUME~1\DANTHE~1\APPLIC~1\BROWSE~1\live close pile.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1146072999566 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {D3D83E08-54D1-4E9D-8EAF-9F979D139294} (MaxisSimCityScapeTeleX Control) - http://simcity.ea.com/scape/teleport...ScapeTeleX.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326 O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 8030 bytes

11-29-2007, 01:18 PM	#8 (permalink)
Glaswegian Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic Join Date: Sep 2005 Location: Glasgow Posts: 23,940 OS: Win XP Pro SP3 / Win 7 RC My System Blog Entries: 10	Re: Help, my computer has been hijacked! Hi again Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below. Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your log is clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean. If there is anything you don't understand, please ask BEFORE proceeding with the fixes. Please ensure that you follow the instructions in the order I have them listed. IMPORTANT! The infection on your system is designed to steal information. This includes all passwords, log ins to Forums such as this one, e-mail details and any online Banking passwords. It is therefore vital that, once cleaned, you contact your Bank or financial institution and inform them that your details have most likely been stolen. You should also find a clean PC and use it to change all passwords. P2P - I see you have P2P software (i.e. XXX) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. Although the P2P application itself may be 'clean', the files you download may well contain malware. P2P is often used as a method of distributing malware. This page will give you further information. Downloads Please Download NoLop to your desktop from here or here First close any other programs you have running as this will require a reboot Double click NoLop.exe to run it Now click the button labelled "Search and Destroy" <<your computer will now be scanned for infected files>> When scanning is finished you will be prompted to reboot only if infected, Click OK Now click the "REBOOT" Button. A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log --If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program. -- Combofix Close any open browsers. Open notepad and copy/paste the text in the box below into it: Code: File:: C:\windows\system32\sgaaghmh.dll C:\windows\system32\qcmobqkx.ini C:\windows\system32\blvnuywu.exe C:\windows\system32\hiotoytu.dll C:\windows\system32\jxocxnbi.exe C:\windows\system32\enbeexia.exe C:\windows\system32\kxmrvxbo.ini C:\windows\system32\pwllkroe.ini C:\windows\system32\krfswwxw.dll C:\windows\system32\ixemyies.exe C:\windows\system32\pavas.ico C:\windows\system32\Help.ico C:\windows\system32\c40b8941 C:\windows\system32\hmelblbl.ini C:\windows\system32\lblblemh.dll C:\windows\system32\fvqetudd.dll C:\windows\system32\lcbscxor.dll C:\windows\system32\olveadem.ini C:\windows\system32\medaevlo.dll C:\windows\system32\bqirdjtw.exe C:\windows\system32\nnnmnkj.dll C:\windows\system32\jgbuqvrt.dll C:\Documents and Settings\Dan the Man\x.dat C:\Documents and Settings\Dan the Man\z.dat C:\windows\system32\SET3C.tmp C:\windows\system32\SET3D.tmp C:\n.bat C:\z.dat C:\x.dat C:\windows\Fonts\a.zip C:\windows\Fonts\svchost.exe Folder:: C:\windows\Fonts\zia03516 Looking at the image below as an example Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it will produce a log for you at "C:\ComboFix.txt" Do not mouseclick combofix's window whilst it's running. This may cause it to stall. Please post the log C:\ComboFix.txt along with a fresh HijackThis Log for further review. Logs required C:\NoLop.log C:\Combofix.txt HijackThis Log __________________ Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums. Ad-Aware::SpywareBlaster::SpyBot::SpywareGuard::SnoopFree::AVG Free::HOSTS File::HijackThis::Donate::Photographers Corner

11-30-2007, 01:38 PM	#10 (permalink)
Glaswegian Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic Join Date: Sep 2005 Location: Glasgow Posts: 23,940 OS: Win XP Pro SP3 / Win 7 RC My System Blog Entries: 10	Re: Help, my computer has been hijacked! Hi again Pete You have to make sure that your AV is off before running CF – see the link in the CF instructions. Please do not run any tools without my instructions – I need to see progressive logs from each tool, otherwise I could end up giving you instructions that would completely bork your machine. Things are looking better though – how is your system running now? Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below. Show Hidden Files Go to My Computer > Tools > Folder Options > View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System files and Folders are showing / visible. Uncheck the Hide protected operating system files option. We’ll try another tool to check for Lop. Download fl.zip You will use this later. Reboot Reboot your system in Safe Mode. Restart the computer. The computer begins processing a set of instructions known as BIOS. After hearing your computer beep once during startup, but before the Windows icon appears, press F8 (dependent on your system this may be F5 or another key) Instead of Windows loading as normal, a menu should appear Use the arrow key to highlight Safe Mode and press Enter. HijackThis Entries Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any) O2 - BHO: {6851f876-26d8-4df9-c224-ae64a1c55cc0} - {0cc55c1a-46ea-422c-9fd4-8d62678f1586} - (no file) O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file) O4 - HKLM\..\Run: [user bib mp3 plan] C:\Documents and Settings\All Users\Application Data\Amok Copy User Bib\great bind.exe Please remember to close all other windows, including browsers then click Fix checked. Folder Deletions Delete the following Folders indicated in BLUE if they still exist. C:\Documents and Settings\All Users\Application Data\Amok Copy User Bib C:\WINDOWS\Fonts\zia03516 Reboot Reboot your system in Normal Mode. Find LOP Extract the contents of fl.zip to a new folder on your Desktop. Within the folder, locate & double-click fl.bat. It should produce a report at c:\findlop.txt. Post the contents of the report in your next reply. Online Scan Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky WebScanner Next Click on Kaspersky Online Scanner A Welcome screen will appear - click 'Accept' at the bottom. You will be prompted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan: Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. Copy and paste that information in your next post. Take note of the name(s) and location(s) of any file(s) it detects but fails to clean. * Turn off the real time scanner of any existing antivirus program while performing the online scan Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%. Logs required c:\finlop.txt Kaspersky Log HijackThis Log __________________ Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums. Ad-Aware::SpywareBlaster::SpyBot::SpywareGuard::SnoopFree::AVG Free::HOSTS File::HijackThis::Donate::Photographers Corner

12-01-2007, 09:57 PM	#14 (permalink)
Cookie Monster Registered User Join Date: Sep 2007 Location: Colorado Posts: 27 OS: XP Pro	Re: Help, my computer has been hijacked! Here they are, thanks again! I had to send it in pieces because of its size Volume in drive C is DSK1_VOL1 Volume Serial Number is C40B-9B60 Directory of C:\Documents and Settings\All Users\Application Data 2007-02-15 23:23 <DIR> Adobe 2007-03-12 22:59 <DIR> Apple Computer 2007-08-18 00:56 <DIR> bags amen plan amok 2007-11-29 16:22 <DIR> Google 2007-08-19 21:01 <DIR> IDS_COMPANY_NAME 2007-11-12 11:03 3,746 QTSBandwidthCache 2006-03-31 11:46 <DIR> SBT 2006-12-27 12:15 <DIR> Sony Ericsson 2007-11-14 17:26 <DIR> Spybot - Search & Destroy 2007-08-19 21:15 <DIR> Symantec 2006-12-27 12:15 <DIR> Teleca 2007-11-14 16:50 <DIR> TEMP 2007-08-20 11:05 <DIR> Viewrealcdromtons 2006-06-25 17:40 <DIR> Windows Genuine Advantage 2007-09-21 09:42 <DIR> x3watch 2006-05-05 15:27 <DIR> Yahoo! Companion 2006-03-30 14:02 <DIR> Zero Knowledge 1 File(s) 3,746 bytes 16 Dir(s) 32,076,783,616 bytes free Volume in drive C is DSK1_VOL1 Volume Serial Number is C40B-9B60 Directory of C:\Documents and Settings\Dad\Application Data 2006-03-31 12:27 <DIR> Help 2006-03-31 12:24 <DIR> Identities 2006-03-31 12:24 <DIR> Macromedia 2007-04-19 23:00 <DIR> Teleca 2006-03-31 12:24 <DIR> Zero Knowledge 0 File(s) 0 bytes 5 Dir(s) 32,076,783,616 bytes free Volume in drive C is DSK1_VOL1 Volume Serial Number is C40B-9B60 Directory of C:\Documents and Settings\Dan the Man\Application Data 2007-05-03 18:39 <DIR> Adobe 2006-05-05 15:21 <DIR> AdobeAUM 2007-02-17 01:31 <DIR> AdobeUM 2006-04-08 12:57 <DIR> Apple Computer 2007-04-20 10:38 <DIR> BitDownload 2007-09-01 09:59 <DIR> browse that 2007-10-24 23:10 <DIR> DivX 2007-11-29 16:29 <DIR> Google 2006-03-31 12:20 <DIR> Help 2006-03-30 13:31 <DIR> Identities 2006-10-18 15:28 <DIR> Leadertech 2007-11-14 21:33 <DIR> LimeWire 2007-07-04 10:05 <DIR> Macromedia 2006-03-31 11:36 <DIR> Microsoft Web Folders 2007-01-21 17:54 <DIR> SoundSpectrum 2007-08-14 16:41 <DIR> Sun 2007-08-19 21:30 <DIR> Symantec 2006-12-27 12:20 <DIR> Teleca 2006-04-25 16:47 <DIR> The Learning Company 2007-11-26 22:01 <DIR> U3 2007-10-19 20:20 <DIR> Wal-Mart Digital Photo Manager 2007-10-19 20:18 <DIR> Wal-Mart Digital Photo Viewer 2007-08-21 11:46 <DIR> x3watch 2006-03-30 14:04 <DIR> Zero Knowledge 0 File(s) 0 bytes 24 Dir(s) 32,076,783,616 bytes free Volume in drive C is DSK1_VOL1 Volume Serial Number is C40B-9B60 Directory of C:\Documents and Settings\Guest\Application Data 2006-10-09 14:31 <DIR> . 2006-10-09 14:31 <DIR> .. 0 File(s) 0 bytes 2 Dir(s) 32,076,783,616 bytes free Volume in drive C is DSK1_VOL1 Volume Serial Number is C40B-9B60 Directory of C:\Documents and Settings\Default User\Application Data 2006-03-30 05:59 <DIR> . 2006-03-30 05:59 <DIR> .. 2006-04-20 22:01 62 desktop.ini 1 File(s) 62 bytes 2 Dir(s) 32,076,783,616 bytes free Volume in drive C is DSK1_VOL1 Volume Serial Number is C40B-9B60 Directory of C:\Documents and Settings\LocalService\Application Data Volume in drive C is DSK1_VOL1 Volume Serial Number is C40B-9B60 Directory of C:\Documents and Settings\NetworkService\Application Data Here comes the next piece