Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hi, here is my Log File then...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby breeze » February 17th, 2006, 11:23 am

amateur wrote:Hi Breeze, :D

Thanks for the logs. :D The HijackThis log and the Ewido log look good. However, the fact that Trendmicro came up with some more bad files which you say you deleted, concerns me. I would really like to see the result from one of the online scans that you've done. I know you don't like them because they take a long time, but it's very important. I am also going to ask you to do two more things:

1. Open HijackThis and go into the Config option when you start HijackThis, and then click on the Misc Tools button at the top. You will then click on the button labeled "Generate StartupList Log". Once you click that button, the program will automatically open up a notepad filled with the Startup items from your computer. Copy and paste the list here please.

2. While you are still on Open the Misc Tools section.
Click on Open Uninstall Manager…
In the final window, click on Save list... and save it to your Desktop.
Copy and paste this file: uninstall_list.txt into your next reply.

So, I'll be waiting for

1. Oneline virus scan results
2. Startup List
3. Uninstall List

Please hang in there. We want to make sure that your computer is free of any malware. :)


OK, I shall do as you ask, thank you for being so thorough......Legend :lol:

You wish for these in that particular order?

B.
breeze
Regular Member
 
Posts: 41
Joined: February 10th, 2006, 10:08 am
Advertisement
Register to Remove

Unread postby amateur » February 17th, 2006, 11:36 am

You wish for these in that particular order?


In any order you can is fine in this case. :)
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby breeze » February 17th, 2006, 11:39 am

StartupList report, 17/02/2006, 15:41:52
StartupList version: 1.52.2
Started from : C:\Program Files\HIJACKTHIS\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\iNet Protector\IProtectorService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$PROVIDUSSTD\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PGPserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\PRISMSVR.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\Marketing Tips Messenger.exe
C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe
C:\Program Files\iNet Protector\iprotect.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\WEBPOS~1\WPSched3.exe
C:\PROGRA~1\WEBPOS~1\WPSched3.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\Monitor.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\BT Voyager\BT Voyager Wireless\WLM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HIJACKTHIS\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Justin\Start Menu\Programs\Startup]
OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
3Com Wireless 11g PC Card.lnk = C:\Program Files\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\Monitor.exe
Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
BT Voyager Wireless Utility.lnk = ?
EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
PGPtray.lnk = ?
WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = userinit.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

AGRSMMSG = AGRSMMSG.exe
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
eabconfg.cpl = C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
UpdateManager = "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
dla = C:\WINDOWS\system32\dla\tfswctrl.exe
CamMonitor = C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
HPHUPD05 = c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
HPHmon05 = C:\WINDOWS\System32\hphmon05.exe
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
SmcService = C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
HP Component Manager = "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
FileZilla Server Interface = "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
PRISMSVR.EXE = "C:\Program Files\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\PRISMSVR.EXE" /APPLY
HP Software Update = C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
AS00_WPN511 = C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe -hide
inetprot = "C:\Program Files\iNet Protector\iprotect.exe" tray
StopSignSsTsMon = Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
BigDogPath = C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
AVGCtrl = "C:\Program Files\AVPersonal\AVGNT.EXE" /min

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

NVIEW = rundll32.exe nview.dll,nViewLoadHook
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
Skype = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
WPSched3 = "C:\PROGRA~1\WEBPOS~1\WPSched3.exe" MINIMIZE
IBP =
googletalk = "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Download Program Files:

[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[CKAVWebScan Object]
InProcServer32 = C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\kavwebscan.dll
CODEBASE = http://www.kaspersky.com/kos/english/ka ... nicode.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shoc ... tor/sw.cab

[Cult3D ActiveX Player]
InProcServer32 = C:\WINDOWS\system32\Cult3D\IECult.dll
CODEBASE = http://www.cult3d.com/download/cult.cab

[{62475759-9E84-458E-A1AB-5D2C442ADFDE}]
CODEBASE = http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe

[Housecall ActiveX 6.5]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll
CODEBASE = http://housecall65.trendmicro.com/house ... hcImpl.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://acs.pandasoftware.com/activescan ... asinst.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\macromed\flash\Flash.ocx
CODEBASE = http://fpdownload.macromedia.com/pub/sh ... wflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 9,705 bytes
Report generated in 0.390 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
breeze
Regular Member
 
Posts: 41
Joined: February 10th, 2006, 10:08 am

Unread postby breeze » February 17th, 2006, 11:46 am

Uninstall List:

3Com OfficeConnect Wireless 11g PC Card
3ds max 7
3ds max 7 Reference Files
Abacast Client
AbsoluteTelnet
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
Adobe Illustrator 10.0.3
Adobe Photoshop 7.0
Adobe Reader 7.0
Adobe SVG Viewer 3.0
Adobe Type Manager 4.1
Advanced Page Rank Analyzer 2.0
Advanced Website Position Reporter
AgentWebRanking Professional
Agere Systems AC'97 Modem
AMD Athlon 64 Processor Driver
AntiVir/XP
ARELIS 4.4.2
Article Equalizer
ASPRunner Professional 3.2
Back Link Analyzer v2.0
BT Voyager Wireless Utility
Business Edition
CoffeeCup Free DHTML Menu Builder
Compress 2000 1.2
CSE HTML Validator Professional v6.52 Trial
CSVed
DBManager Professional Freeware
DH
DHTML Menu Builder 4.9
Dynamic Bid Maximizer Advance V3.0
Dynamic Submission V7.0
DzSoft Perl Editor 5.6
e3KWDCheck
eBook Pro Viewer 5.54
e-Promo-CarD Designer
EPSON Printer Software
ewido anti-malware
FileZilla (remove only)
FileZilla Server (remove only)
Form1 Builder
Forms To Go 2.6.5
FTP Surfer
Funnel Web Analyzer (Free) 5.0
Funnel Web Profiler 2.0
Good Keywords v2.0.111205
Google Earth
Google Talk (remove only)
GRKda: GRSoftware Keyword Density Analyzer V2.1.73
GSiteCrawler
HijackThis 1.99.1
HP Deskjet Preloaded Printer Drivers
HP DLA
HP Help and Support
HP Photo & Imaging 3.1
HP Photo and Imaging 2.0 - Photosmart Cameras
HP PSC & OfficeJet 3.0
HP Software Update
HTML Source Bar
Hyperseek
IBP 8.1
iNet Protector 2.0
InterActual Player
Internet Business Promoter 4.1.5
InterVideo WinDVD
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment Standard Edition v1.3.1_11
Java 2 Runtime Environment, SE v1.4.2_03
Kaspersky On-line Scanner
kd Autumn VI 2003
KnockOut 2
Lavasoft VX2 Cleaner
Link Checker Pro
Link Popularity Check 3.0
LinkExplore 2.0
Mach5 Mailer 4
Macromedia Contribute
Macromedia Contribute 2
Macromedia Dreamweaver 8
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Fireworks MX
Macromedia Flash MX
Macromedia Flash Paper
Macromedia FreeHand MX
Macromedia Shockwave Player
Market Research Wizard
Marketing Tips Messenger
MD 40820
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Access 2000 Runtime
Microsoft Data Access Components KB870669
Microsoft Office 2000 Professional
Microsoft Office Project Professional 2003
mIRC
Mozilla Firefox (1.5)
Mozilla Thunderbird (1.0)
MSN Messenger 7.0
NavStudio
NETGEAR RangeMax(TM) Wireless PC Card WPN511
NVIDIA GART Driver
NVIDIA Windows 2000/XP Display Drivers
OpenOffice.org 2.0
Opera
overland
Panda ActiveScan
PCI 1620 Cardbus Controller and Software
PGP 8.1
Photosmart 140,240,7200,7600,7700,7900 Series
PHPRunner 2.0
Popularity OnSnap
pranker
PremiumSoft Navicat MySQL 7.1
Product Idea Profitabilty Evaluator
Quick Launch Buttons 4.20 C4
QuickTime
Readerware
RealPlayer
RecordNow!
Robot-Manager 3.1
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
SharpReader 0.9.5.1
ShellRun
ShopFactory V6 Demo
Site Content Analyzer 2.2
Sizer (remove only)
Skypeâ„¢ 1.0
Smart Explorer 6.1
SmartSound Quicktracks Plugin
Sonic Update Manager
Sothink DHTMLMenu
SoundMAX
Spy Sweeper
Spybot - Search & Destroy 1.4
SpyderOpts
Sygate Personal Firewall
TextPad 4.7
TotalSpoof v1.4.3
Ufindus Rapidsite
Ulead VideoStudio 8.0 Trial
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Vimicro USB PC Camera
Web Link Validator 4.0 build 403
Web Scraper Plus+ Web Spider Edition
WebBug
webcamXP (remove only)
WebEx
WildTangent Web Driver
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinHTTrack Website Copier 3.33
WinRAR archiver
WinSCP 2.3
WinZip
XAMPP 1.4.9


The online one is going on now.

Best Regards

B.

P.S. gonna send you a private message regarding, putting a permalink on my forum.
breeze
Regular Member
 
Posts: 41
Joined: February 10th, 2006, 10:08 am

Unread postby amateur » February 17th, 2006, 4:12 pm

Hi breeze, :)

Startup log and the Uninstall log look OK. :) You may like to check this regarding the following startup item.

StopSignSsTsMon = Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus

Since you have and will have better alternatives, I would suggest you uninstall it from the Start>Control Panel>Add/Remove Programs. Then, using Windows Explorer, navigate and delete the associated folder.C:\Program Files\Acceleration Software While you are there, please remove the older versions of Java (Latest version is Java Runtime Environment Version 5.0 Update 6 ).

I think MySQL41 is needed for your web based business and we'll leave it alone.

Another item is WildTangent Web Driver in your uninstall list. Note that Wild Tanget's privacy policy states they also collect and share individuals' information. It's up to you to keep it or leave it. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although it’s not technically considered spyware, it does have built in components to update itself and gather information about the computer system including
1. Operating System Version
2. CPU Type and Speed
3. Memory Amount
Video Card type and Driver Version
4. Sound Card type and Driver Version
5. DirectX Version
Location that the Web Driver was installed from
6. It is also a MAJOR resource hog.

How did the online virus scan fared? Can I get the results please?
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby breeze » February 20th, 2006, 5:26 am

amateur wrote:Hi breeze, :)

Startup log and the Uninstall log look OK. :) You may like to check this regarding the following startup item.

StopSignSsTsMon = Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus

Since you have and will have better alternatives, I would suggest you uninstall it from the Start>Control Panel>Add/Remove Programs. Then, using Windows Explorer, navigate and delete the associated folder.C:\Program Files\Acceleration Software While you are there, please remove the older versions of Java (Latest version is Java Runtime Environment Version 5.0 Update 6 ).

I think MySQL41 is needed for your web based business and we'll leave it alone.

Another item is WildTangent Web Driver in your uninstall list. Note that Wild Tanget's privacy policy states they also collect and share individuals' information. It's up to you to keep it or leave it. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although it’s not technically considered spyware, it does have built in components to update itself and gather information about the computer system including
1. Operating System Version
2. CPU Type and Speed
3. Memory Amount
Video Card type and Driver Version
4. Sound Card type and Driver Version
5. DirectX Version
Location that the Web Driver was installed from
6. It is also a MAJOR resource hog.

How did the online virus scan fared? Can I get the results please?


Morning Amateur,

I will do this just now, in the mean time here is the log from my online scan.

Best Regards
B.
breeze
Regular Member
 
Posts: 41
Joined: February 10th, 2006, 10:08 am

Unread postby breeze » February 20th, 2006, 5:26 am

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, February 20, 2006 9:26:03 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 17/02/2006
Kaspersky Anti-Virus database records: 166390
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
X:\
Y:\
Z:\

Scan Statistics:
Total number of scanned objects: 218321
Number of viruses found: 8
Number of infected objects: 102
Number of suspicious objects: 52
Duration of the scan process: 10:46:19

Infected Object Name / Virus Name / Last Action
C:\Program Files\atk2.0.zip/atk-2.0/atk.exe Infected: HackTool.Win32.AttKit.c skipped
C:\Program Files\atk2.0.zip ZIP: infected - 1 skipped
X:\act emails\NSNAIWKP.ima/[From "Paul Gray"<paul.gray@jumpforfun.net>][Date Tue, 13 Dec 2005 15:56:00 +0000]/question_list.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
X:\act emails\NSNAIWKP.ima/[From "Paul Gray"<paul.gray@jumpforfun.net>][Date Tue, 13 Dec 2005 15:56:00 +0000]/question_list.zip Infected: Email-Worm.Win32.Sober.y skipped
X:\act emails\NSNAIWKP.ima Mail: infected - 2 skipped
X:\Contacts100106.zip/NSNAIWKP.ima/[From "Paul Gray"<paul.gray@jumpforfun.net>][Date Tue, 13 Dec 2005 15:56:00 +0000]/question_list.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
X:\Contacts100106.zip/NSNAIWKP.ima/[From "Paul Gray"<paul.gray@jumpforfun.net>][Date Tue, 13 Dec 2005 15:56:00 +0000]/question_list.zip Infected: Email-Worm.Win32.Sober.y skipped
X:\Contacts100106.zip/NSNAIWKP.ima Infected: Email-Worm.Win32.Sober.y skipped
X:\Contacts100106.zip ZIP: infected - 3 skipped
X:\Contacts1612.zip/NSNAIWKP.ima/[From "Paul Gray"<paul.gray@jumpforfun.net>][Date Tue, 13 Dec 2005 15:56:00 +0000]/question_list.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
X:\Contacts1612.zip/NSNAIWKP.ima/[From "Paul Gray"<paul.gray@jumpforfun.net>][Date Tue, 13 Dec 2005 15:56:00 +0000]/question_list.zip Infected: Email-Worm.Win32.Sober.y skipped
X:\Contacts1612.zip/NSNAIWKP.ima Infected: Email-Worm.Win32.Sober.y skipped
X:\Contacts1612.zip ZIP: infected - 3 skipped
X:\Contacts180106.zip/NSNAIWKP.ima/[From "Paul Gray"<paul.gray@jumpforfun.net>][Date Tue, 13 Dec 2005 15:56:00 +0000]/question_list.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
X:\Contacts180106.zip/NSNAIWKP.ima/[From "Paul Gray"<paul.gray@jumpforfun.net>][Date Tue, 13 Dec 2005 15:56:00 +0000]/question_list.zip Infected: Email-Worm.Win32.Sober.y skipped
X:\Contacts180106.zip/NSNAIWKP.ima Infected: Email-Worm.Win32.Sober.y skipped
X:\Contacts180106.zip ZIP: infected - 3 skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost . ... ... /[ ... /[From "Griffinpark.org Forums" <admin2@griffinpark.org>][Date 24 Mar 2005 20:51:27 -000 ... /html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost . ... ... /[ ... /[From "Griffinpark.org Forums" <admin2@griffinpark.org>][Date 24 Mar 2005 20:51:27 -0000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost . ... ... /[Fro . ... / ... /[From "katie rudd" <katierudd1@msn.com>][Date Fri, 25 Mar 2005 22:15:16 +000 ... /html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost . ... ... /[Fro . ... / ... /[From "katie rudd" <katierudd1@msn.com>][Date Fri, 25 Mar 2005 22:15:16 +0000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost . ... ... /[Fro . ... / ... /[From "Tom Lu" <tjrs@public1.tpt.tj.cn>][Date Sat, 26 Mar 2005 00:45:26 +0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost . ... ... /[Fro . ... /[From Peter Guntrip <Peter@data-direct.co.uk>][Date Fri, 25 Mar 2005 11:23:26 -0000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost . ... ... /[Fro . ... /[Fro ... /[From "Dieter Verdegem" <dv@cft.be>][Date Thu, 24 Mar 2005 13:20:29 +0100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost . . ... /[From "alan j ... /[From "Paul Rodney" ... /[From a-z0-9@.-][Date Sun, 27 Mar 2005 22:51:14 +010 ... /html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost . . ... /[From "alan j ... /[From "Paul Rodney" ... /[From a-z0-9@.-][Date Sun, 27 Mar 2005 22:51:14 +0100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost . . ... /[From "alan j ... /[From "Paul Rodney" <paulrodney@f2s.com>][Date Tue, 29 Mar 2005 21:56:57 +0100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost . . ... /[From "alan john greenwood" <mayfieldinnorfolk@hotmail.com>][Date Tue, 29 Mar 2005 21:15:51 +0000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost . ... ... /[ ... ... /[From Peter Guntrip <Peter@data-direct.co.uk>][Date Tue, 29 Mar 2005 16:12:49 +0100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost . ... ... /[ ... /[From "Alison Seaman" <alisonseaman@sbcglobal.net>][Date Mon, 28 Mar 2005 21:44:01 -0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost . ... ... /[ ... /[From "Alison Seaman" <alisonseaman@sbcglobal.net>][Date Mon, 28 Mar 2005 19:18:23 -0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost . ... ... /[Fro . ... /[Fr ... /[From "katie rudd" <katierudd1@msn.com>][Date Sat, 26 Mar 2005 16:05:55 +0000]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost . ... ... /[Fro . ... /[From Peter Guntrip ... /[From e@webnooze.com][Date Sat, 26 Mar 2005 14:33:40 + .. ... /html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost . ... ... /[Fro . ... /[From Peter Guntrip ... /[From e@webnooze.com][Date Sat, 26 Mar 2005 14:33:40 + ... /UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost . ... ... /[Fro . ... /[From Peter Guntrip ... /[From e@webnooze.com][Date Sat, 26 Mar 2005 14:33:40 +0000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost . ... ... /[Fro . ... ... /[From 1800138@mwinf3208.me.freeserve.com][Date Thu, 31 Mar 2005 21:42:19 +010 ... /html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost . ... ... /[Fro . ... ... /[From 1800138@mwinf3208.me.freeserve.com][Date Thu, 31 Mar 2005 21:42:19 +0100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost . ... ... /[Fro . ... /[From Peter Guntrip <Peter@data-direct.co.uk>][Date Thu, 31 Mar 2005 16:58:59 +0100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost . ... ... /[Fro . ... /[From Peter Guntrip <Peter@data-direct.co.uk>][Date Thu, 31 Mar 2005 16:48:21 +0100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost . ... ... /[Fro . ... /[From Peter ... /[From Geoffandvictoria@aol.com][Date Tue, 29 Mar 2005 13:07:12 EST]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/ ... /[From from 8bit to quote ... /[From Peter Gunt ... /[From kevinp@biznet.net][Date Thu, 7 Apr 2005 12:57:59 +0100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/ ... /[From from 8bit to quote ... /[From Peter Guntrip <Peter@data-direct.co.uk>][Date Thu, 7 Apr 2005 11:14:00 +0100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/ ... /[From from 8bit to quote ... /[From "anarchy" <anarchy@anarchyintheuk.com>][Date Wed, 6 Apr 2005 23:23:11 +0000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/ ... /[From from 8bit to quote ... ... /[From "anarchy" <anarchy@anarchyintheuk.com>][Date Tue, 5 Apr 2005 16:29:21 +0000]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/ ... /[From from 8bit to quote ... /[From Peter Guntrip <Peter@data-direct.co.uk>][Date Tue, 5 Apr 2005 16:20:04 +0100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/ ... /[From from 8bit to quoted-p ... /[From "KOGEE-Arthur" <arthur@kogee.com.tw>][Date Tue, 5 Apr 2005 23:00:21 +0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/ ... /[From from 8bit to quoted-printable by host.wrcworldwide.com id j350Yebp031366][Date Tue, 5 Apr 2005 00:34:40 +0000]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost . ... ... /[From ... /[From Peter Guntrip <Peter@data-direct.co.uk>][Date Mon, 4 Apr 2005 15:11:04 +0100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost . ... ... /[From ... /[From Peter Guntrip <Peter@data-direct.co.uk>][Date Mon, 4 Apr 2005 15:05:23 +0100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost . ... ... /[From "alan john greenwood" <mayfieldinnorfolk@hotmail.com>][Date Sat, 02 Apr 2005 20:12:26 +0000]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost . ... ... /[Fro . ... /[ ... /[From "Tom Lu" <tjrs@public1.tpt.tj.cn>][Date Fri, 1 Apr 2005 13:22:07 +0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost . ... ... /[Fro . ... /[From "Uzzel ... /[From speroni@engimatic.com][Date Wed, 6 Apr 2005 21:57:43 +010 ... /html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost . ... ... /[Fro . ... /[From "Uzzel ... /[From speroni@engimatic.com][Date Wed, 6 Apr 2005 21:57:43 +0100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost . ... ... /[Fro . ... /[From "Uzzell, Jason" <Jason.Uzzell@drkw.com>][Date Thu, 7 Apr 2005 12:16:07 +0200]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost . ... ... /[Fro . ... /[From Peter ... /[From IanOsborne@HBOSplc.com][Date Thu, 7 Apr 2005 11:56:56 +0100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost . ... ... /[Fro . ... /[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 23 Mar 2005 12:28:40 -0000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost . ... ... /[Fro ... /[From "SBS Worldwide" <bulletin@sbsworldwide.com>][Date Wed, 23 Mar 2005 11:03:27 -00]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost . ... ... /[From System Administrator <postmaster@data-direct.co.uk>][Date Mon, 21 Mar 2005 18:18:51 -0000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost . ... /[From "pos ... / ... /[From "BigBee" <bigbee@globalnet.co.uk>][Date Mon, 21 Mar 2005 18:51:08 -0000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost . ... /[From "pos ... /[From Peter Guntrip <Peter@data-direct.co.uk>][Date Tue, 22 Mar 2005 16:31:19 -0000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost . ... /[From "pos ... /[From "Beverley Stevens" <bev@foursys.co.uk>][Date Tue, 22 Mar 2005 13:22:08 -0000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost . ... /[From "pos ... /[From Peter Guntrip <Peter@data-direct.co.uk>][Date Fri, 18 Mar 2005 11:44:43 -0000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost . ... /[From "postmaster@jumpforfun.net" <postmaster@jumpforfun.net>][Date Thu, 17 Mar 2005 19:31:12 +0000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost ... /[From " ... ... /[From Peter Guntrip <Peter@data-direct.co.uk>][Date Thu, 17 Mar 2005 14:39:36 -0000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost ... /[From " ... / ... /[From Peter Guntrip <Peter@data-direct.co.uk>][Date Fri, 4 Mar 2005 17:39:50 -0000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost ... /[From " ... / ... /[From Peter Guntrip <Peter@data-direct.co.uk>][Date Fri, 4 Mar 2005 16:59:54 -0000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost ... /[From " ... / ... /[From Peter Guntrip <Peter@data-direct.co.uk>][Date Fri, 4 Mar 2005 16:00:27 -0000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost ... /[From .. ... /[Fro ... /[From "BigBee" <bigbee@globalnet.co.uk> ... /[From - Thu May 05 12:28:00 200 ... /html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost ... /[From .. ... /[Fro ... /[From "BigBee" <bigbee@globalnet.co.uk> ... /[From - Thu May 05 12:28:00 2005]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost ... /[From .. ... /[Fro ... /[From "BigBee" <bigbee@globalnet.co ... /[From - Thu May 05 12:28:00 2005]/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost ... /[From .. ... /[From "jump for fun sales" <sales@jumpforfun ... /[From - Fri May 06 12:29:26 2005]/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[Fro ... /[From "Mutua ... ... /[From "jump for fun ... /[From orders@uk.worldpay.com][Date Mon, 17 Jan 2005 19:38:08 GMT]/html Infected: Trojan-Spy.HTML.Smitfraud.c skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[Fro ... /[From "Mutua ... ... /[From "jump for fun team" <sales@jumpforfun.net>][Date Mon, 17 Jan 2005 11:15:20 -0000]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[Fro ... /[From "Mutua ... /[Fr ... /[From Paul.Gervaise-Brazier@hsh-nordbank.co.gg][Date Mon, 17 Jan 2005 10:07:41 +0000]/text Infected: Trojan-Spy.HTML.Smitfraud.c skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[Fro ... /[From "Mutua ... /[From "Mark Robertson" <robertson247@btinternet.com>][Date Sun, 16 Jan 2005 18:39:00 -0000]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[Fro ... /[From "MutualPoin ... /[Fro .. ... /[From ... /[From orders@uk.worldpay.com][Date Sun, 16 Jan 2005 12:02:29 GMT]/text Infected: Trojan-Spy.HTML.Smitfraud.c skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[Fro ... /[From "MutualPoin ... /[Fro .. ... /[From Graham Like <graham@emigan.com>][Date Sat, 15 Jan 2005 15:34:08 -0000]/text Infected: Trojan-Spy.HTML.Smitfraud.c skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[Fro ... /[From "MutualPoin ... /[Fro ... /[From Graham Like <graham@emigan.com>][Date Sat, 15 Jan 2005 15:32:59 -0000]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[Fro ... /[From "Mutua ... ... /[From "jump for fun ... /[From orders@uk.worldpay.com][Date Mon, 17 Jan 2005 19:38:08 GMT]/html Infected: Trojan-Spy.HTML.Smitfraud.c skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[Fro ... /[From "Mutua ... ... /[From "jump for fun team" <sales@jumpforfun.net>][Date Mon, 17 Jan 2005 11:15:20 -0000]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[Fro ... /[From "Mutua ... /[Fr ... /[From Paul.Gervaise-Brazier@hsh-nordbank.co.gg][Date Mon, 17 Jan 2005 10:07:41 +0000]/text Infected: Trojan-Spy.HTML.Smitfraud.c skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[Fro ... /[From "Mutua ... /[From "Mark Robertson" <robertson247@btinternet.com>][Date Sun, 16 Jan 2005 18:39:00 -0000]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[Fro ... /[From "MutualPoin ... /[Fro .. ... /[From ... /[From orders@uk.worldpay.com][Date Sun, 16 Jan 2005 12:02:29 GMT]/text Infected: Trojan-Spy.HTML.Smitfraud.c skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[Fro ... /[From "MutualPoin ... /[Fro .. ... /[From Graham Like <graham@emigan.com>][Date Sat, 15 Jan 2005 15:34:08 -0000]/text Infected: Trojan-Spy.HTML.Smitfraud.c skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[Fro ... /[From "MutualPoin ... /[Fro ... /[From Graham Like <graham@emigan.com>][Date Sat, 15 Jan 2005 15:32:59 -0000]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[Fro ... /[From "MutualPoin ... /[From "SBS Worldwide" <bulletin@sbsworldwide.com>][Date Fri, 14 Jan 2005 18:25:04 -00]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[Fro ... /[From "MutualPoints RewardMail" <mutualpoints@iron030.mutualpoints.com>][Date Mon, 7 Feb 2005 16:46:28 +0000]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost ... /[From .. ... /[From "jump for fun sales" <sales@jumpforfun.net ... /[From - Fri May 06 13:57:06 2005]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost ... /[From .. ... /[From "jump for fun sales" <sales@jumpforfun.net>][Date Fri, 6 May 2005 12:03:09 +0100]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost ... /[From .. ... /[From "jump for fun sales" <sales@jumpforfun.net>][Date Fri, 6 May 2005 12:00:38 +0100]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost ... /[From .. ... /[From "jump for fun sales" <sales@jumpforfun.net>][Date Thu, 5 May 2005 17:53:31 +0100]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost ... /[From ... /[From "Julia Lee" <julia@allthelees.freeserve.co.uk>][Date Thu, 5 May 2005 16:27:27 +0100]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost ... /[From .. . ... /[From "Point Systems" <info@in4mationtech.info>][Date Thu, 27 Jan 2005 14:15:11 +0000]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost ... /[From .. ... /[Fro ... /[From "BigBee" <bigbee@globalnet.co.uk>][Date Wed, 20 Apr 2005 15:01:31 +0100]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost ... /[From .. ... /[From "jump for ... ... /[From Helendolton@aol.com][Date Wed, 20 Apr 2005 17:44:56 EDT]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost ... /[From .. ... /[From "jump for ... /[From support@jumpforfun.net][Date Thu, 21 Apr 2005 15:50:57 +0100]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost ... /[From .. ... /[From "jump for fun sales" <sales@jumpforfun.net>][Date Thu, 21 Apr 2005 18:30:23 +0100]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost ... /[From ... / ... /[From "Tim Perks" <tim.perks@blueyonder.co.uk>][Date Sun, 24 Apr 2005 20:37:55 +0100]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost ... /[From ... /[From MARK WHITAKER <ticker349@btinternet.com>][Date Sun, 24 Apr 2005 21:41:44 +0100 (BST)]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost ... /[From ... /[From MARK WHITAKER <ticker349@btinternet.com>][Date Sun, 24 Apr 2005 21:49:44 +0100 (BST)]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost ... /[From " ... /[From "Chris Clarke ... /[From MarionBurnet@aol.com][Date Mon, 25 Apr 2005 12:08:18 EDT]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost ... /[From " ... /[From "Chris Clarke" <chrisclarke106@hotmail.com>][Date Tue, 26 Apr 2005 09:01:42 +0100]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost ... /[From " ... /[From Brentford Football Club <lists@premiumtv.co.uk>][Date Fri, 4 Mar 2005 11:56:33 GMT]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rost ... /[From "Debbie Berger-North" <djberger-north@st-neots-prep.co.uk>][Date Fri, 4 Mar 2005 11:33:40 -0000]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rostone" ... /[From Richard Springett <RSpringett@carmarthenshire.gov.uk>][Date Thu, 3 Mar 2005 15:31:03 -0000]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rostone" <rosto ... /[From "Phil Shefford" <philipshefford@aqcgroup.co.uk>][Date Thu, 3 Mar 2005 16:33:10 -0000]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rostone" <rostone@publ ... /[From Adrian Hayes <adrian.hayes@worldpay.com>][Date Thu, 3 Mar 2005 13:46:25 +0000]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:25 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:32:20 -0000]/UNNAMED/[From Argos <argos@argos-email.co.uk>][Date Wed, 2 Mar 2005 11:17:42 +0000 (GMT)]/UNNAMED/[From "rostone" <rostone@public.tpt.tj.cn>][Date Wed, 2 Mar 2005 22:31:42 +0800]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox/[From Peter Guntrip <Peter@data-direct.co.uk>][Date Wed, 2 Mar 2005 12:18:00 -0000]/UNNAMED/[From Peter Guntrip <Peter@data-direct.co.uk>][Date We
breeze
Regular Member
 
Posts: 41
Joined: February 10th, 2006, 10:08 am

Unread postby amateur » February 20th, 2006, 10:26 am

Hi Breeze,



This looks like a scan from another machine with another drive, User Name is Linda (X:\IT Support\User Data\Linda\email\Thunderbird\Profiles\yiisqtla.default\Mail\Local Folders\Inbox). It has a hacktool (detection and removal : http://www.pestpatrol.com/zks/pestinfo/ ... delf_c.asp) in addition to some email worms and exploits.

It's infected with an email worm W32Sober.y, ( You can read about it here: http://www.nod32.com/msgs/sobery.htm. removal tool: http://www.pandasoftware.com/download/utilities/) Email-Worm.Win32.NetSky.q (removal tool: http://www.sophos.com/support/disinfection/netskyb.html) and Smitfraud, which requires a special fix, in
January,March, April, May and December of 2005 received from several sources like: Peter Guntrip and Paul Grey, Argos, Griffinpark.org Forums, BigBee, via thunderbird; and also some UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload. You can read about it here: (http://www.f-secure.com/v-descs/iframe.shtml)

Trend Micro claims to remove some of these. Please ask her to first delete the messages flagged in the log in her inbox received in Jan, March, April, May and December of 2005. Then scan with http://housecall.trendmicro.com/, as well as using the tools above.

Smitfraud would require a special fix. She needs to submit her HijackThis log in a different thread.

She should also remove the following zip folder:

C:\Program Files\atk2.0.zip
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby breeze » February 21st, 2006, 5:24 am

[quote="amateur"]Hi breeze, :)

Startup log and the Uninstall log look OK. :) You may like to check this regarding the following startup item.

StopSignSsTsMon = Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus

Since you have and will have better alternatives, I would suggest you uninstall it from the Start>Control Panel>Add/Remove Programs. Then, using Windows Explorer, navigate and delete the associated folder.C:\Program Files\Acceleration Software

I can't seem to find this in C:\Program Files?

While you are there, please remove the older versions of Java (Latest version is Java Runtime Environment Version 5.0 Update 6 ).

No problem

Another item is WildTangent Web Driver in your uninstall list.

[i]I can't seem to find this either?


Apart from these, I am have the all clear?

B.[/i]
breeze
Regular Member
 
Posts: 41
Joined: February 10th, 2006, 10:08 am

Unread postby amateur » February 21st, 2006, 8:22 am

Hi Breeze,

Apart from these, I am have the all clear?


I still haven't received the virus scan result from your computer.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby breeze » February 22nd, 2006, 4:57 am

Morning Amateur,

Here is my log from Kaspersky:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, February 22, 2006 8:58:29 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 21/02/2006
Kaspersky Anti-Virus database records: 167089
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - Folders:
C:\

Scan Statistics:
Total number of scanned objects: 115732
Number of viruses found: 1
Number of infected objects: 2
Number of suspicious objects: 0
Duration of the scan process: 07:29:02

Infected Object Name / Virus Name / Last Action
C:\Program Files\atk2.0.zip/atk-2.0/atk.exe Infected: HackTool.Win32.AttKit.c skipped
C:\Program Files\atk2.0.zip ZIP: infected - 1 skipped

Scan process completed.


Best Regards

B.
breeze
Regular Member
 
Posts: 41
Joined: February 10th, 2006, 10:08 am

Unread postby amateur » February 22nd, 2006, 10:37 am

Hi Breeze,

You, too, have the same infected zip folder in your Program Files folder. Please delete it.

C:\Program Files\atk2.0.zip . Then, empty your recycle bin.

The last HijackThis log I looked at was dated February 17, 06. Since it has been several days it would be a good idea to check it one more time. Can you please post a new HijackThis log.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby breeze » February 22nd, 2006, 11:12 am

C:\Program Files\atk2.0.zip . Then, empty your recycle bin.
Done

Logfile of HijackThis v1.99.1
Scan saved at 15:14:33, on 22/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\iNet Protector\IProtectorService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$PROVIDUSSTD\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PGPserv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\PRISMSVR.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\Marketing Tips Messenger.exe
C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\iNet Protector\iprotect.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\WEBPOS~1\WPSched3.exe
C:\PROGRA~1\WEBPOS~1\WPSched3.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\Monitor.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\BT Voyager\BT Voyager Wireless\WLM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinSCP2\WinSCP2.exe
C:\Program Files\HIJACKTHIS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Marketing Tips Messenger] C:\WINDOWS\Marketing Tips Messenger.exe
O4 - HKLM\..\Run: [AS00_WPN511] C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe -hide
O4 - HKLM\..\Run: [inetprot] "C:\Program Files\iNet Protector\iprotect.exe" tray
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WPSched3] "C:\PROGRA~1\WEBPOS~1\WPSched3.exe" MINIMIZE
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: 3Com Wireless 11g PC Card.lnk = C:\Program Files\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\Monitor.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Voyager Wireless Utility.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PGPtray.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C762DC2-C685-4C5E-A179-16A42DF48735}: NameServer = 217.13.128.17,217.13.128.27
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF929751-7500-461A-A08E-4AA733344717}: NameServer = 192.168.0.2,217.13.128.17
O18 - Protocol: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\WINDOWS\system32\wowctl2.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Internet Protector System Service (InternetProtectorService) - Unknown owner - C:\Program Files\iNet Protector\IProtectorService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL41 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\WINDOWS\Pointdev\VNC\WinVNC.exe" -service (file missing)

;) ;)
breeze
Regular Member
 
Posts: 41
Joined: February 10th, 2006, 10:08 am

Unread postby amateur » February 22nd, 2006, 11:44 am

Hi Breeze, :D

The log is clean. :thumbright:

Now that you are clean, or seem to be, please follow these simple steps in order to keep your computer clean and secure.

Note: Ewido is a free trial product for 14 days. Since Ewido is a trial version, the realtime guard and automatic update will stop functioning after 14 days that is why we are not installing the guard so it will not interfere with the cleanup or the malware removal process. You can use Ewido as an on-demand scanner (recommended) but you will have to manually update the definition file each time you scan. If you decide to purchase Ewido, you can enable the 'Realtime Protect' and 'Automatic Update' functions by clicking on the 'Status' bar (Top left) and clicking on both items under "Your Security Status".

Remember to hide your system files again.

Start>My Computer>Tools>Folder Options>View
Under the Hidden files and Folders heading uncheck Show hidden files and folders.
check the Hide protected operating system files (recommended) option.
Click Yes to confirm.
check the Hide file extensions for known file types.
Click OK.

Disable and Enable System Restore If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point. Because Windows regularly sets restorepoints, it's very possible that the malware, you have removed, is still present in the System Restore. If you put Windows back to such a restorepoint, this malware will be put back, as well.

This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)
1. Right-click My Computer, and then click Properties.
2. On the System Restore tab, put a check mark in the 'Turn Off System Restore' check box.
3. Click OK, and then click Yes.

4. Restart the computer.
5. Repeat steps 1 - 2, this time clearing the box beside 'Turn Off System Restore', click 'OK'.

Reboot normally.

You can also find instructions on how to disable and re enable system restore here:
Windows XP System Restore Guide

And that's all. But to help protect you against further infections, and also to help prevent criminals using your computer to infect other people's computers on the web, I recommend the following: (You may already have some of the items)

Make your Internet Explorer more secure - This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Avoid illegal sites, because that's where most malware is present.

* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware.

Keep your antivirus-program up-to-date and do regular scans with it. Please make sure that you have only one active antivirus program on your system.
If you haven't got a antivirus, you can download and install one of the following free ones: Make sure that you have only ONE antivirus running on your computer as more than one would cause conflict and render the computer vulnerable.

AVG Free here
AntiVir here
Avast here

It is essential to keep the anti-virus program fully updated. New virus infections are being produced all the time, and unless the program downloads the latest 'definitions', it cannot protect you against the newer versions. If you want to check for updates manually I'd recommended doing so at least once a week. However, a better option is to set the program to download and install updates automatically every time you are connected to the Internet. The first time you use it, please set it to perform a full system scan.
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site <http://windowsupdate.microsoft.com/> to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site <http://office.microsoft.com/officeupdate/maincatalog.aspx?lc=en-us> and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Keep your pestware-scanners up-to-date and do regular scans with them.

To keep your computer free of Spyware, Adware, Hijackers etc., download and install the following free pestware-scanners (if you haven't installed them allready):
AdAware here
Spybot here Remember to "immunize" after each update
Microsoft Antispyware here

Install realtime pestware-scanners and keep them up-to-date.

The following free realtime pestscanners prevent a number of malware-variants from entering your computer, in the first place:

SpywareBlaster here Remember to "enable all protection" after each update.
SpywareGuard here

If you haven't got one, already, install a firewall and keep it up-to-date. Please make sure that you have only one active firewall on your system.

A firewall will prevent unauthorized contact between your computer and internet.
If there is no firewall installed on your computer, you can download and install one of the following free firewalls:
ZoneAlarm here
Sygate here
Kerio Personal Firewall here
Outpost here
Important: (Windows XP only) If you install a firewall, be sure to turn off the WinXP-firewall!

Test your firewall here to make sure that it's working properly

Install these programs, to make surfing with Internet Explorer safer:

A popup-blocker, f.e. Google Toolbar here: A popup-blocker prevents popup-windows from opening, when you come along a websites that uses them, during internet-surfing.

IE-SPYAD here: This utility adds a long list of known bad sites to Internet Explorer's Restricted Sites zone. This prevents those sites from executing their malicious programs on your computer.

SiteHound by Firetrust
here:

Firetrust introduces the SiteHound Toolbar - the safe way to browse the Internet. With SiteHound, when you browse the Internet, you're shown a warning page every time you go to a site which is a known scam, potentially loads viruses or spyware on to your computer, has questionable content or anything you would not consider reasonable. You are shown a warning page with information about that site. From there you can choose to enter the site or go back. SiteHound is a free add-on to Internet Explorer. (Users of Firefox - a version for you is coming soon.) SiteHound's comprehensive database gathers the knowledge from other users and respected experts from the online security community to tell you which sites are real and which are bogus.

SiteHound will alert you when you enter a site which is known to contain:
· Fraudulent claims or scams
· Offensive material
· Security vulnerabilities
· Spyware or Adware
· Spam related material
· or other content deemed to be unsafe
Specifically, SiteHound blocks these categories:

• Adult • Spyware • Spam Advertising • Phishing • Possible scam or fraud • Misleading or False Advertising
• Pharming • Rogue or Suspect Product • Adware • Malware or Virus

System Requirements:
Internet Explorer 5.5+ and Windows 95/98/NT 4/ME/2000/XP

Install and use an alternative browser to surf on the internet.

Because Internet Explorer is the most-used browser on the planet, most of the hijackers, adware and spyware are made to abuse your computer thru Internet Explorer.
Here are some good alternative browsers:
Mozilla Suite here
Mozilla Firefox here
Opera here
Netscape here
Important: You can not uninstall Internet Explorer.
First of all, it's part of Windows and you'll need it to download and install Windows Updates.
Secondly, There are some sites that are only accessable with Internet Explorer, e.g. most of the Online Malware-scanners.

But above all, keep all your software UP-TO-DATE at all time!!

Also, I would recommend reading the excellent advice by Tony Klein: So how did I get infected in the first place

Happy and safe surfing. ;)
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby breeze » February 22nd, 2006, 11:52 am

Nice one Amateur, thank you very much for your time and effort in helping me reach a level of cleanliness that my computer deserves. :lol:

I will stay away from all theose dodgy sites from now on :P

P.S.

You were gonna draft something up for me forum, is that gonna be ok?

Best Regards

Breeze.
breeze
Regular Member
 
Posts: 41
Joined: February 10th, 2006, 10:08 am
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 60 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware