Could not find
O23 - Service: Windows Desktop Multimedia (ntkrnl) - Unknown owner - ntkrnl.exe (file missing)
Could not find
C:\Program Files\CNNIC
Here's the reports
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, October 04, 2006 9:16:20 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 5/10/2006
Kaspersky Anti-Virus database records: 228878
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
Scan Statistics:
Total number of scanned objects: 108557
Number of viruses found: 18
Number of infected objects: 78 / 0
Number of suspicious objects: 38
Duration of the scan process: 01:19:52
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{00472A1D-CE6D-48DB-B2C1-340E763F99AD}\Microsoft\Outlook Express\Deleted Items.dbx/[From
jhight@rdmail.rural.usda.gov][Date Fri, 26 Mar 2004 11:41:57 -0500]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{00472A1D-CE6D-48DB-B2C1-340E763F99AD}\Microsoft\Outlook Express\Deleted Items.dbx/[From
jhight@rdmail.rural.usda.gov][Date Fri, 26 Mar 2004 11:41:57 -0500]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{00472A1D-CE6D-48DB-B2C1-340E763F99AD}\Microsoft\Outlook Express\Deleted Items.dbx/[From
jhight@rdmail.rural.usda.gov][Date Fri, 26 Mar 2004 11:41:57 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{00472A1D-CE6D-48DB-B2C1-340E763F99AD}\Microsoft\Outlook Express\Deleted Items.dbx/[From
wjwashington@msn.com][Date Wed, 07 Apr 2004 13:54:36 -0400]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{00472A1D-CE6D-48DB-B2C1-340E763F99AD}\Microsoft\Outlook Express\Deleted Items.dbx/[From
wjwashington@msn.com][Date Wed, 07 Apr 2004 13:54:36 -0400]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{00472A1D-CE6D-48DB-B2C1-340E763F99AD}\Microsoft\Outlook Express\Deleted Items.dbx/[From
wjwashington@msn.com][Date Wed, 07 Apr 2004 13:54:36 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{00472A1D-CE6D-48DB-B2C1-340E763F99AD}\Microsoft\Outlook Express\Deleted Items.dbx/[From
janslowp@hotmail.com][Date Tue, 13 Apr 2004 12:12:20 -0400]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{00472A1D-CE6D-48DB-B2C1-340E763F99AD}\Microsoft\Outlook Express\Deleted Items.dbx/[From
janslowp@hotmail.com][Date Tue, 13 Apr 2004 12:12:20 -0400]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{00472A1D-CE6D-48DB-B2C1-340E763F99AD}\Microsoft\Outlook Express\Deleted Items.dbx/[From
janslowp@hotmail.com][Date Tue, 13 Apr 2004 12:12:20 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{00472A1D-CE6D-48DB-B2C1-340E763F99AD}\Microsoft\Outlook Express\Deleted Items.dbx/[From
wjwashington@msn.com][Date Wed, 07 Apr 2004 13:54:36 -0400]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{00472A1D-CE6D-48DB-B2C1-340E763F99AD}\Microsoft\Outlook Express\Deleted Items.dbx/[From
wjwashington@msn.com][Date Wed, 07 Apr 2004 13:54:36 -0400]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{00472A1D-CE6D-48DB-B2C1-340E763F99AD}\Microsoft\Outlook Express\Deleted Items.dbx/[From
wjwashington@msn.com][Date Wed, 07 Apr 2004 13:54:36 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{00472A1D-CE6D-48DB-B2C1-340E763F99AD}\Microsoft\Outlook Express\Deleted Items.dbx/[From
janslowp@hotmail.com][Date Tue, 13 Apr 2004 12:12:20 -0400]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{00472A1D-CE6D-48DB-B2C1-340E763F99AD}\Microsoft\Outlook Express\Deleted Items.dbx/[From
janslowp@hotmail.com][Date Tue, 13 Apr 2004 12:12:20 -0400]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{00472A1D-CE6D-48DB-B2C1-340E763F99AD}\Microsoft\Outlook Express\Deleted Items.dbx/[From
janslowp@hotmail.com][Date Tue, 13 Apr 2004 12:12:20 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{00472A1D-CE6D-48DB-B2C1-340E763F99AD}\Microsoft\Outlook Express\Deleted Items.dbx/[From eBay <aw-confirm@eBay.com>][Date Sat, 02 Apr 2005 18:14:44 -0500]/html Infected: Trojan-Spy.HTML.Bayfraud.co skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{00472A1D-CE6D-48DB-B2C1-340E763F99AD}\Microsoft\Outlook Express\Deleted Items.dbx/[From
lmwenger@hotmail.com][Date Thu, 22 Apr 2004 13:59:26 -0400]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{00472A1D-CE6D-48DB-B2C1-340E763F99AD}\Microsoft\Outlook Express\Deleted Items.dbx/[From
lmwenger@hotmail.com][Date Thu, 22 Apr 2004 13:59:26 -0400]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{00472A1D-CE6D-48DB-B2C1-340E763F99AD}\Microsoft\Outlook Express\Deleted Items.dbx/[From
lmwenger@hotmail.com][Date Thu, 22 Apr 2004 13:59:26 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{00472A1D-CE6D-48DB-B2C1-340E763F99AD}\Microsoft\Outlook Express\Deleted Items.dbx/[From
asteger@ncswim.org][Date Fri, 30 Apr 2004 12:50:00 -0400]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{00472A1D-CE6D-48DB-B2C1-340E763F99AD}\Microsoft\Outlook Express\Deleted Items.dbx/[From
asteger@ncswim.org][Date Fri, 30 Apr 2004 12:50:00 -0400]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{00472A1D-CE6D-48DB-B2C1-340E763F99AD}\Microsoft\Outlook Express\Deleted Items.dbx/[From
asteger@ncswim.org][Date Fri, 30 Apr 2004 12:50:00 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{00472A1D-CE6D-48DB-B2C1-340E763F99AD}\Microsoft\Outlook Express\Deleted Items.dbx/[From
dlogan@clintongroup.com][Date Mon, 03 May 2004 13:08:28 -0400]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{00472A1D-CE6D-48DB-B2C1-340E763F99AD}\Microsoft\Outlook Express\Deleted Items.dbx/[From
dlogan@clintongroup.com][Date Mon, 03 May 2004 13:08:28 -0400]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{00472A1D-CE6D-48DB-B2C1-340E763F99AD}\Microsoft\Outlook Express\Deleted Items.dbx/[From
dlogan@clintongroup.com][Date Mon, 03 May 2004 13:08:28 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{00472A1D-CE6D-48DB-B2C1-340E763F99AD}\Microsoft\Outlook Express\Deleted Items.dbx/[From eBay Inc <support_refnum_643082@ebay.com>][Date Thu, 17 Nov 2005 07:20:24 +0600]/UNNAMED/html Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{00472A1D-CE6D-48DB-B2C1-340E763F99AD}\Microsoft\Outlook Express\Deleted Items.dbx/[From eBay Inc <support_refnum_643082@ebay.com>][Date Thu, 17 Nov 2005 07:20:24 +0600]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{00472A1D-CE6D-48DB-B2C1-340E763F99AD}\Microsoft\Outlook Express\Deleted Items.dbx/[From Pastorwally <pastorwally@stpaulsokc.com>][Date Tue, 20 Dec 2005 15:26:26 +0100]/UNNAMED/Harrye.zip/S3700026.exe Infected: Email-Worm.Win32.Bagle.fb skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{00472A1D-CE6D-48DB-B2C1-340E763F99AD}\Microsoft\Outlook Express\Deleted Items.dbx/[From Pastorwally <pastorwally@stpaulsokc.com>][Date Tue, 20 Dec 2005 15:26:26 +0100]/UNNAMED/Harrye.zip Infected: Email-Worm.Win32.Bagle.fb skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{00472A1D-CE6D-48DB-B2C1-340E763F99AD}\Microsoft\Outlook Express\Deleted Items.dbx/[From Pastorwally <pastorwally@stpaulsokc.com>][Date Tue, 20 Dec 2005 15:26:26 +0100]/UNNAMED Infected: Email-Worm.Win32.Bagle.fb skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{00472A1D-CE6D-48DB-B2C1-340E763F99AD}\Microsoft\Outlook Express\Deleted Items.dbx/[From Comerica Bank <aw-confirm@comerica.com>][Date Mon, 20 Feb 2006 02:13:29 -0500]/UNNAMED/html Infected: Trojan-Spy.HTML.Bankfraud.ny skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{00472A1D-CE6D-48DB-B2C1-340E763F99AD}\Microsoft\Outlook Express\Deleted Items.dbx/[From Comerica Bank <aw-confirm@comerica.com>][Date Mon, 20 Feb 2006 02:13:29 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ny skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{00472A1D-CE6D-48DB-B2C1-340E763F99AD}\Microsoft\Outlook Express\Deleted Items.dbx/[From Comerica Bank <pw-confirm@comerica.com>][Date Mon, 20 Feb 2006 03:14:45 -0500]/UNNAMED/html Infected: Trojan-Spy.HTML.Bankfraud.ny skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{00472A1D-CE6D-48DB-B2C1-340E763F99AD}\Microsoft\Outlook Express\Deleted Items.dbx/[From Comerica Bank <pw-confirm@comerica.com>][Date Mon, 20 Feb 2006 03:14:45 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ny skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{00472A1D-CE6D-48DB-B2C1-340E763F99AD}\Microsoft\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: infected - 10, suspicious - 24 skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{6089EFF9-EB0B-4DCB-B1AE-37711F9F1B4E}\Microsoft\Outlook Express\Deleted Items.dbx/[From
aw-confirm@ebay.com][Date Tue, 12 Apr 2005 09:20:36 -0700]/UNNAMED/text Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{6089EFF9-EB0B-4DCB-B1AE-37711F9F1B4E}\Microsoft\Outlook Express\Deleted Items.dbx/[From
aw-confirm@ebay.com][Date Tue, 12 Apr 2005 09:20:36 -0700]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{6089EFF9-EB0B-4DCB-B1AE-37711F9F1B4E}\Microsoft\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: infected - 2 skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{6089EFF9-EB0B-4DCB-B1AE-37711F9F1B4E}\Microsoft\Outlook Express\ebay.dbx/[From
aw-confirm@ebay.com][Date Sun, 10 Apr 2005 14:42:35 -0700]/UNNAMED/text Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{6089EFF9-EB0B-4DCB-B1AE-37711F9F1B4E}\Microsoft\Outlook Express\ebay.dbx/[From
aw-confirm@ebay.com][Date Sun, 10 Apr 2005 14:42:35 -0700]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{6089EFF9-EB0B-4DCB-B1AE-37711F9F1B4E}\Microsoft\Outlook Express\ebay.dbx/[From
aw-confirm@ebay.com][Date Mon, 11 Apr 2005 08:48:20 -0700]/UNNAMED/text Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{6089EFF9-EB0B-4DCB-B1AE-37711F9F1B4E}\Microsoft\Outlook Express\ebay.dbx/[From
aw-confirm@ebay.com][Date Mon, 11 Apr 2005 08:48:20 -0700]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{6089EFF9-EB0B-4DCB-B1AE-37711F9F1B4E}\Microsoft\Outlook Express\ebay.dbx/[From
aw-confirm@ebay.com][Date Tue, 05 Apr 2005 05:26:58 -0700]/UNNAMED/text Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{6089EFF9-EB0B-4DCB-B1AE-37711F9F1B4E}\Microsoft\Outlook Express\ebay.dbx/[From
aw-confirm@ebay.com][Date Tue, 05 Apr 2005 05:26:58 -0700]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{6089EFF9-EB0B-4DCB-B1AE-37711F9F1B4E}\Microsoft\Outlook Express\ebay.dbx/[From
aw-confirm@ebay.com][Date Tue, 05 Apr 2005 07:48:08 -0700]/UNNAMED/text Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{6089EFF9-EB0B-4DCB-B1AE-37711F9F1B4E}\Microsoft\Outlook Express\ebay.dbx/[From
aw-confirm@ebay.com][Date Tue, 05 Apr 2005 07:48:08 -0700]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{6089EFF9-EB0B-4DCB-B1AE-37711F9F1B4E}\Microsoft\Outlook Express\ebay.dbx Mail MS Outlook 5: infected - 8 skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{6089EFF9-EB0B-4DCB-B1AE-37711F9F1B4E}\Microsoft\Outlook Express\Inbox.dbx/[From
aw-confirm@ebay.com][Date Thu, 14 Apr 2005 13:40:15 -0700]/UNNAMED/text Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{6089EFF9-EB0B-4DCB-B1AE-37711F9F1B4E}\Microsoft\Outlook Express\Inbox.dbx/[From
aw-confirm@ebay.com][Date Thu, 14 Apr 2005 13:40:15 -0700]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{6089EFF9-EB0B-4DCB-B1AE-37711F9F1B4E}\Microsoft\Outlook Express\Inbox.dbx/[From
aw-confirm@ebay.com][Date Thu, 14 Apr 2005 17:42:14 -0700]/UNNAMED/text Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{6089EFF9-EB0B-4DCB-B1AE-37711F9F1B4E}\Microsoft\Outlook Express\Inbox.dbx/[From
aw-confirm@ebay.com][Date Thu, 14 Apr 2005 17:42:14 -0700]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{6089EFF9-EB0B-4DCB-B1AE-37711F9F1B4E}\Microsoft\Outlook Express\Inbox.dbx/[From
aw-confirm@ebay.com][Date Fri, 15 Apr 2005 05:27:14 -0700]/UNNAMED/text Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{6089EFF9-EB0B-4DCB-B1AE-37711F9F1B4E}\Microsoft\Outlook Express\Inbox.dbx/[From
aw-confirm@ebay.com][Date Fri, 15 Apr 2005 05:27:14 -0700]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{6089EFF9-EB0B-4DCB-B1AE-37711F9F1B4E}\Microsoft\Outlook Express\Inbox.dbx/[From
aw-confirm@ebay.com][Date Mon, 25 Apr 2005 08:43:17 -0700]/UNNAMED/text Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{6089EFF9-EB0B-4DCB-B1AE-37711F9F1B4E}\Microsoft\Outlook Express\Inbox.dbx/[From
aw-confirm@ebay.com][Date Mon, 25 Apr 2005 08:43:17 -0700]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{6089EFF9-EB0B-4DCB-B1AE-37711F9F1B4E}\Microsoft\Outlook Express\Inbox.dbx/[From
aw-confirm@ebay.com][Date Fri, 15 Apr 2005 05:27:14 -0700]/UNNAMED/text Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{6089EFF9-EB0B-4DCB-B1AE-37711F9F1B4E}\Microsoft\Outlook Express\Inbox.dbx/[From
aw-confirm@ebay.com][Date Fri, 15 Apr 2005 05:27:14 -0700]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{6089EFF9-EB0B-4DCB-B1AE-37711F9F1B4E}\Microsoft\Outlook Express\Inbox.dbx/[From
aw-confirm@ebay.com][Date Mon, 25 Apr 2005 08:43:17 -0700]/UNNAMED/text Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{6089EFF9-EB0B-4DCB-B1AE-37711F9F1B4E}\Microsoft\Outlook Express\Inbox.dbx/[From
aw-confirm@ebay.com][Date Mon, 25 Apr 2005 08:43:17 -0700]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{6089EFF9-EB0B-4DCB-B1AE-37711F9F1B4E}\Microsoft\Outlook Express\Inbox.dbx Mail MS Outlook 5: infected - 12 skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{C9C2A126-0C86-4BC5-BBBB-5F8AC13766C0}\Microsoft\Outlook Express\Deleted Items.dbx/[From
cbradshaw@forsyth.cc.nc.us][Date Thu, 25 Mar 2004 09:00:34 -0500]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{C9C2A126-0C86-4BC5-BBBB-5F8AC13766C0}\Microsoft\Outlook Express\Deleted Items.dbx/[From
cbradshaw@forsyth.cc.nc.us][Date Thu, 25 Mar 2004 09:00:34 -0500]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{C9C2A126-0C86-4BC5-BBBB-5F8AC13766C0}\Microsoft\Outlook Express\Deleted Items.dbx/[From
cbradshaw@forsyth.cc.nc.us][Date Thu, 25 Mar 2004 09:00:34 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{C9C2A126-0C86-4BC5-BBBB-5F8AC13766C0}\Microsoft\Outlook Express\Deleted Items.dbx/[From
jhight@rdmail.rural.usda.gov][Date Fri, 26 Mar 2004 11:41:57 -0500]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{C9C2A126-0C86-4BC5-BBBB-5F8AC13766C0}\Microsoft\Outlook Express\Deleted Items.dbx/[From
jhight@rdmail.rural.usda.gov][Date Fri, 26 Mar 2004 11:41:57 -0500]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{C9C2A126-0C86-4BC5-BBBB-5F8AC13766C0}\Microsoft\Outlook Express\Deleted Items.dbx/[From
jhight@rdmail.rural.usda.gov][Date Fri, 26 Mar 2004 11:41:57 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{C9C2A126-0C86-4BC5-BBBB-5F8AC13766C0}\Microsoft\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: suspicious - 6 skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{C9C2A126-0C86-4BC5-BBBB-5F8AC13766C0}\Microsoft\Outlook Express\Inbox.dbx/[From
wjwashington@msn.com][Date Wed, 07 Apr 2004 13:54:36 -0400]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{C9C2A126-0C86-4BC5-BBBB-5F8AC13766C0}\Microsoft\Outlook Express\Inbox.dbx/[From
wjwashington@msn.com][Date Wed, 07 Apr 2004 13:54:36 -0400]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{C9C2A126-0C86-4BC5-BBBB-5F8AC13766C0}\Microsoft\Outlook Express\Inbox.dbx/[From
wjwashington@msn.com][Date Wed, 07 Apr 2004 13:54:36 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{C9C2A126-0C86-4BC5-BBBB-5F8AC13766C0}\Microsoft\Outlook Express\Inbox.dbx/[From
janslowp@hotmail.com][Date Tue, 13 Apr 2004 12:12:20 -0400]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{C9C2A126-0C86-4BC5-BBBB-5F8AC13766C0}\Microsoft\Outlook Express\Inbox.dbx/[From
janslowp@hotmail.com][Date Tue, 13 Apr 2004 12:12:20 -0400]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{C9C2A126-0C86-4BC5-BBBB-5F8AC13766C0}\Microsoft\Outlook Express\Inbox.dbx/[From
janslowp@hotmail.com][Date Tue, 13 Apr 2004 12:12:20 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{C9C2A126-0C86-4BC5-BBBB-5F8AC13766C0}\Microsoft\Outlook Express\Inbox.dbx Mail MS Outlook 5: suspicious - 6 skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\B3DJ7TSW\wbk44.tmp Infected: Trojan-Spy.HTML.Citifraud.ae skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CRRVEOX5\wbk18.tmp Infected: Trojan-Spy.HTML.Citifraud.ae skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D40ZHD85\wbk3F.tmp Infected: Trojan-Spy.HTML.Bayfraud.hl skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WZ5ZY2ZX\wbk3F.tmp Infected: Trojan-Spy.HTML.Bankfraud.ny skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WZ5ZY2ZX\wbk41.tmp Infected: Trojan-Spy.HTML.Bankfraud.ny skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WZ5ZY2ZX\wbk43.tmp Infected: Trojan-Spy.HTML.Bankfraud.ny skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-07282006-110315.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UD3D7QQM\dmplayer[1].zip/dmplayer.dll Infected: not-a-virus:AdWare.Win32.Dm.p skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UD3D7QQM\dmplayer[1].zip ZIP: infected - 1 skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Prophet's Reward\Application Data\Mozilla\Firefox\Profiles\0jhj6s3j.default\cert8.db Object is locked skipped
C:\Documents and Settings\Prophet's Reward\Application Data\Mozilla\Firefox\Profiles\0jhj6s3j.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Prophet's Reward\Application Data\Mozilla\Firefox\Profiles\0jhj6s3j.default\history.dat Object is locked skipped
C:\Documents and Settings\Prophet's Reward\Application Data\Mozilla\Firefox\Profiles\0jhj6s3j.default\key3.db Object is locked skipped
C:\Documents and Settings\Prophet's Reward\Application Data\Mozilla\Firefox\Profiles\0jhj6s3j.default\parent.lock Object is locked skipped
C:\Documents and Settings\Prophet's Reward\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Prophet's Reward\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Prophet's Reward\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Prophet's Reward\Local Settings\Application Data\Mozilla\Firefox\Profiles\0jhj6s3j.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Prophet's Reward\Local Settings\Application Data\Mozilla\Firefox\Profiles\0jhj6s3j.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Prophet's Reward\Local Settings\Application Data\Mozilla\Firefox\Profiles\0jhj6s3j.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Prophet's Reward\Local Settings\Application Data\Mozilla\Firefox\Profiles\0jhj6s3j.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Prophet's Reward\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Prophet's Reward\Local Settings\Temp\176c75.msi/bdprof.cab.AE3C3951_7A91_4185_B6E7_BA9F78BFE365/regspy.sys Infected: not-a-virus:Monitor.Win32.PCAcme.61 skipped
C:\Documents and Settings\Prophet's Reward\Local Settings\Temp\176c75.msi/bdprof.cab.AE3C3951_7A91_4185_B6E7_BA9F78BFE365 Infected: not-a-virus:Monitor.Win32.PCAcme.61 skipped
C:\Documents and Settings\Prophet's Reward\Local Settings\Temp\176c75.msi Embedded: infected - 2 skipped
C:\Documents and Settings\Prophet's Reward\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Prophet's Reward\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Prophet's Reward\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Prophet's Reward\scto.exe/data0002 Infected: not-a-virus:AdWare.Win32.SeeCha.a skipped
C:\Documents and Settings\Prophet's Reward\scto.exe NSIS: infected - 1 skipped
C:\Program Files\Common Files\Softwin\Setup Information\{A4E55645-B82F-44DD-90D8-6B2B9BEA7F85}\bdantispy.msi/bdprof.cab.AE3C3951_7A91_4185_B6E7_BA9F78BFE365/regspy.sys Infected: not-a-virus:Monitor.Win32.PCAcme.61 skipped
C:\Program Files\Common Files\Softwin\Setup Information\{A4E55645-B82F-44DD-90D8-6B2B9BEA7F85}\bdantispy.msi/bdprof.cab.AE3C3951_7A91_4185_B6E7_BA9F78BFE365 Infected: not-a-virus:Monitor.Win32.PCAcme.61 skipped
C:\Program Files\Common Files\Softwin\Setup Information\{A4E55645-B82F-44DD-90D8-6B2B9BEA7F85}\bdantispy.msi Embedded: infected - 2 skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped
C:\Program Files\Common Files\System\aekheif.dat Infected: not-a-virus:AdWare.Win32.IEHlpr.o skipped
C:\Program Files\DoDoorRSSFinder\BandObjs.dll Infected: not-a-virus:AdWare.Win32.AdMedia.g skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped
C:\System Volume Information\catalog.wci\00010003.ci Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped
C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{FA845A7B-6586-42B0-9312-3813A36F967B}\RP448\A0046539.exe Infected: Worm.Win32.RJump.c skipped
C:\System Volume Information\_restore{FA845A7B-6586-42B0-9312-3813A36F967B}\RP472\A0047782.msi/bdprof.cab.AE3C3951_7A91_4185_B6E7_BA9F78BFE365/regspy.sys Infected: not-a-virus:Monitor.Win32.PCAcme.61 skipped
C:\System Volume Information\_restore{FA845A7B-6586-42B0-9312-3813A36F967B}\RP472\A0047782.msi/bdprof.cab.AE3C3951_7A91_4185_B6E7_BA9F78BFE365 Infected: not-a-virus:Monitor.Win32.PCAcme.61 skipped
C:\System Volume Information\_restore{FA845A7B-6586-42B0-9312-3813A36F967B}\RP472\A0047782.msi Embedded: infected - 2 skipped
C:\System Volume Information\_restore{FA845A7B-6586-42B0-9312-3813A36F967B}\RP472\A0047815.EXE Infected: Worm.Win32.RJump.c skipped
C:\System Volume Information\_restore{FA845A7B-6586-42B0-9312-3813A36F967B}\RP472\A0047816.dll Infected: not-a-virus:AdWare.Win32.Dm.e skipped
C:\System Volume Information\_restore{FA845A7B-6586-42B0-9312-3813A36F967B}\RP474\A0048624.sys Infected: not-a-virus:Monitor.Win32.PCAcme.61 skipped
C:\System Volume Information\_restore{FA845A7B-6586-42B0-9312-3813A36F967B}\RP475\A0048951.exe Infected: not-a-virus:AdWare.Win32.IEHlpr.k skipped
C:\System Volume Information\_restore{FA845A7B-6586-42B0-9312-3813A36F967B}\RP479\A0051311.exe Infected: not-a-virus:AdWare.Win32.IEHlpr.k skipped
C:\System Volume Information\_restore{FA845A7B-6586-42B0-9312-3813A36F967B}\RP483\A0051382.exe Infected: not-a-virus:AdWare.Win32.IEHlpr.n skipped
C:\System Volume Information\_restore{FA845A7B-6586-42B0-9312-3813A36F967B}\RP487\A0051475.exe/bdantispy.msi/bdprof.cab.AE3C3951_7A91_4185_B6E7_BA9F78BFE365/regspy.sys Infected: not-a-virus:Monitor.Win32.PCAcme.61 skipped
C:\System Volume Information\_restore{FA845A7B-6586-42B0-9312-3813A36F967B}\RP487\A0051475.exe/bdantispy.msi/bdprof.cab.AE3C3951_7A91_4185_B6E7_BA9F78BFE365 Infected: not-a-virus:Monitor.Win32.PCAcme.61 skipped
C:\System Volume Information\_restore{FA845A7B-6586-42B0-9312-3813A36F967B}\RP487\A0051475.exe/bdantispy.msi Infected: not-a-virus:Monitor.Win32.PCAcme.61 skipped
C:\System Volume Information\_restore{FA845A7B-6586-42B0-9312-3813A36F967B}\RP487\A0051475.exe CAB: infected - 3 skipped
C:\System Volume Information\_restore{FA845A7B-6586-42B0-9312-3813A36F967B}\RP493\A0051818.exe Infected: not-a-virus:AdWare.Win32.IEHlpr.n skipped
C:\System Volume Information\_restore{FA845A7B-6586-42B0-9312-3813A36F967B}\RP496\A0052080.exe Infected: not-a-virus:AdWare.Win32.IEHlpr.o skipped
C:\System Volume Information\_restore{FA845A7B-6586-42B0-9312-3813A36F967B}\RP497\A0052117.exe Infected: not-a-virus:AdWare.Win32.IEHlpr.o skipped
C:\System Volume Information\_restore{FA845A7B-6586-42B0-9312-3813A36F967B}\RP511\A0052428.exe Infected: not-a-virus:AdWare.Win32.IEHlpr.k skipped
C:\System Volume Information\_restore{FA845A7B-6586-42B0-9312-3813A36F967B}\RP511\A0052429.DLL Infected: not-a-virus:AdWare.Win32.IEHlpr.h skipped
C:\System Volume Information\_restore{FA845A7B-6586-42B0-9312-3813A36F967B}\RP511\A0052430.dll Infected: not-a-virus:AdWare.Win32.IEHlpr.k skipped
C:\System Volume Information\_restore{FA845A7B-6586-42B0-9312-3813A36F967B}\RP511\A0052431.dll Infected: not-a-virus:AdWare.Win32.IEHlpr.k skipped
C:\System Volume Information\_restore{FA845A7B-6586-42B0-9312-3813A36F967B}\RP511\A0052432.DLL Infected: not-a-virus:AdWare.Win32.IEHlpr.h skipped
C:\System Volume Information\_restore{FA845A7B-6586-42B0-9312-3813A36F967B}\RP511\A0052434.DLL Infected: not-a-virus:AdWare.Win32.SeeCha.a skipped
C:\System Volume Information\_restore{FA845A7B-6586-42B0-9312-3813A36F967B}\RP518\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\shlwapi.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\sxs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\wmp.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\2.2.0.0\dmplayer.dll Infected: not-a-virus:AdWare.Win32.Dm.p skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Logfile of HijackThis v1.99.1
Scan saved at 9:17:53 PM, on 10/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PROMon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\SCANJET\PrecisionScanLT\hppwrsav.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Support\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.gatewaybiz.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\nleee.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: FltSetUp Class - {1D49D58D-5C84-4B50-8359-D9809BEB2B32} - C:\Program Files\Internet Explorer\Connection Wizard\icwuti1.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D424FE4E-CAF9-4fdd-BC5F-E6E6B91D53BF} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Bittorrent] C:\WINDOWS\bittorrent.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
http://software-dl.real.com/1706ea21e2f ... xIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 3938095187
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) -
https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe[/b]