whoa! lots going on:
kas scan:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, May 19, 2008 12:34:44 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/05/2008
Kaspersky Anti-Virus database records: 786008
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
F:\
Scan Statistics:
Total number of scanned objects: 79473
Number of viruses found: 28
Number of infected objects: 174
Number of suspicious objects: 40
Duration of the scan process: 02:03:00
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\Captain Andy's\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Captain Andy's\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Captain Andy's\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Captain Andy's\Local Settings\Application Data\Musicmatch\Jukebox\mmjbaltlog.txt Object is locked skipped
C:\Documents and Settings\Captain Andy's\Local Settings\Application Data\Musicmatch\Jukebox\mmjblog.txt Object is locked skipped
C:\Documents and Settings\Captain Andy's\Local Settings\Application Data\Musicmatch\MIM\Database\Default.ldb Object is locked skipped
C:\Documents and Settings\Captain Andy's\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skipped
C:\Documents and Settings\Captain Andy's\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Captain Andy's\Local Settings\Temp\JET57CF.tmp Object is locked skipped
C:\Documents and Settings\Captain Andy's\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Captain Andy's\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Captain Andy's\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\Log\CHANNEL.LOG Object is locked skipped
C:\Program Files\Intuit\QuickBooks Point of Sale 5.0\Update\Patch\Components\DownloadQB16\Pospatch\.update\.QBLock.lck Object is locked skipped
C:\Program Files\Spyware Doctor\NetworkLayer\InterfaceDLL.txt Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\default.htm.vir Infected: not-virus:Hoax.HTML.Secureinvites.b skipped
C:\QooBox\Quarantine\catchme2008-05-09_ 94502.60.zip/clbdriver.sys Infected: Rootkit.Win32.Agent.aii skipped
C:\QooBox\Quarantine\catchme2008-05-09_ 94502.60.zip/clbdll.dll Infected: Trojan-Downloader.Win32.Small.uzg skipped
C:\QooBox\Quarantine\catchme2008-05-09_ 94502.60.zip ZIP: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP849\A0086376.sys Infected: Rootkit.Win32.Agent.aii skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP851\A0086484.exe Infected: not-a-virus:AdWare.Win32.AdBand.w skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP851\A0086486.exe Infected: not-a-virus:AdWare.Win32.AdBand.z skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP852\A0088700.old Infected: Trojan-Downloader.Win32.Small.ixt skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP853\A0089418.sys Infected: Trojan.Win32.Pakes.cwd skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP853\A0089419.exe Infected: Trojan.Win32.Agent.lke skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP853\A0089425.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.AdBand.w skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP853\A0089425.exe/stream Infected: not-a-virus:AdWare.Win32.AdBand.w skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP853\A0089425.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP856\A0089631.old Infected: Trojan-Downloader.Win32.Agent.nua skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP874\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7E0OMQJW\update[1].upd Infected: Trojan-Downloader.Win32.Small.uzg skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\Accounting\ED\DOCUMENTS\SPREADSHEETS\Boat Sales 2008\BOAT SALES - MAY 2008.xls Object is locked skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/13 May 2004 19:31 from L-Soft list server at FEAT (1.8e):Rejecte.eml/[From
andy@capt-andys.com][Date Thu, 13 May 2004 09:45:34 -1000]/UNNAMED/your_website.pif Infected: Email-Worm.Win32.NetSky.d skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/13 May 2004 19:31 from L-Soft list server at FEAT (1.8e):Rejecte.eml/[From
andy@capt-andys.com][Date Thu, 13 May 2004 09:45:34 -1000]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/13 May 2004 19:31 from L-Soft list server at FEAT (1.8e):Rejecte.eml Infected: Email-Worm.Win32.NetSky.d skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/16 Mar 2004 18:01 from Mail Delivery System:Mail delivery failed.eml/[From
andy@capt-andys.com][Date Mon, 15 Mar 2004 22:19:47 -1000]/UNNAMED/document.pif Infected: Email-Worm.Win32.NetSky.d skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/16 Mar 2004 18:01 from Mail Delivery System:Mail delivery failed.eml/[From
andy@capt-andys.com][Date Mon, 15 Mar 2004 22:19:47 -1000]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/16 Mar 2004 18:01 from Mail Delivery System:Mail delivery failed.eml Infected: Email-Worm.Win32.NetSky.d skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/03 Feb 2004 18:01 from
postmaster@minerva.com.au:Delivery failur.eml/[From
andy@capt-andys.com][Date Tue, 3 Feb 2004 04:40:08 -1000]/document.zip/document.txt .exe Infected: Email-Worm.Win32.Mydoom.a skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/03 Feb 2004 18:01 from
postmaster@minerva.com.au:Delivery failur.eml/[From
andy@capt-andys.com][Date Tue, 3 Feb 2004 04:40:08 -1000]/document.zip Infected: Email-Worm.Win32.Mydoom.a skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/03 Feb 2004 18:01 from
postmaster@minerva.com.au:Delivery failur.eml Infected: Email-Worm.Win32.Mydoom.a skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/03 Feb 2004 00:15 from
MAILER-DAEMON@maui.hawaiian.net:failure n.eml/[From
andy@capt-andys.com][Date Mon, 2 Feb 2004 14:23:36 -1000]/UNNAMED/message.exe Infected: Email-Worm.Win32.Mydoom.a skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/03 Feb 2004 00:15 from
MAILER-DAEMON@maui.hawaiian.net:failure n.eml/[From
andy@capt-andys.com][Date Mon, 2 Feb 2004 14:23:36 -1000]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/03 Feb 2004 00:15 from
MAILER-DAEMON@maui.hawaiian.net:failure n.eml Infected: Email-Worm.Win32.Mydoom.a skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/28 Jan 2004 18:02 from
john@discountborders.org:Mail Transaction/data.zip/data.scr Infected: Email-Worm.Win32.Mydoom.a skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/28 Jan 2004 18:02 from
john@discountborders.org:Mail Transaction/data.zip Infected: Email-Worm.Win32.Mydoom.a skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/28 Jan 2004 00:00 from
MAILER-DAEMON@bsdpop.netcarrier.net:failu.eml/[From
andy@capt-andys.com][Date Tue, 27 Jan 2004 14:01:40 -1000]/UNNAMED/text.pif Infected: Email-Worm.Win32.Mydoom.a skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/28 Jan 2004 00:00 from
MAILER-DAEMON@bsdpop.netcarrier.net:failu.eml/[From
andy@capt-andys.com][Date Tue, 27 Jan 2004 14:01:40 -1000]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/28 Jan 2004 00:00 from
MAILER-DAEMON@bsdpop.netcarrier.net:failu.eml Infected: Email-Worm.Win32.Mydoom.a skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/22 Sep 2003 18:01 from MS Network Email System:Failure Report.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/09 Sep 2003 23:00 from jsaito:Re: G03-0724/051003RATES (1).xls.exe Infected: Email-Worm.Win32.Tanatos.b.dam2 skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/26 Jun 2003 20:00 from
GOTANDA@law.villanova.edu:Re: Application/your_details.zip/details.pif Infected: Email-Worm.Win32.Sobig.e skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/26 Jun 2003 20:00 from
GOTANDA@law.villanova.edu:Re: Application/your_details.zip Infected: Email-Worm.Win32.Sobig.e skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/26 Jun 2003 20:00 from
postmaster@royalstate.com:Delivery Status/26 Jun 2003 19:52 from Andrew Evans:Re: Application/your_details.zip/details.pif Infected: Email-Worm.Win32.Sobig.e skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/26 Jun 2003 20:00 from
postmaster@royalstate.com:Delivery Status/26 Jun 2003 19:52 from Andrew Evans:Re: Application/your_details.zip Infected: Email-Worm.Win32.Sobig.e skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/05 Jun 2003 23:15 from Enika Toth:rate request/3m.doc.scr Infected: Email-Worm.Win32.Tanatos.b skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/05 Jun 2003 19:30 from Tom Bartlett:Fw: cwt Wixom Senior Group/ACTIONST.WPD.scr Infected: Email-Worm.Win32.Tanatos.b skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/18 May 2003 22:30 from
support@microsoft.com:Approved (Ref: 3844/password.pif Infected: Email-Worm.Win32.Sobig.b skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/14 Jan 2003 14:01 from real:So cool a flash,enjoy it.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/14 Jan 2003 14:01 from real:So cool a flash,enjoy it/Pyu.pif Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/17 Aug 2002 00:31 from webmaster:New Roman.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/17 Aug 2002 00:31 from webmaster:New Roman/New.pif Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/10 Aug 2002 01:33 from wel3REld:Hello,meeting notice.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/10 Aug 2002 01:33 from wel3REld:Hello,meeting notice/backup4.bat Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/04 Aug 2002 07:01 from postgradstudy:Re:Andy,sos!.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/04 Aug 2002 07:01 from postgradstudy:Re:Andy,sos!/Nfor.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/05 Jul 2002 13:01 from postmaster:Undeliverable mail--"Privacy P/END.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/29 Jun 2002 06:01 from aslanbme:.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/29 Jun 2002 06:01 from aslanbme:/MTSDownloadSites.bat Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/23 Jun 2002 18:01 from Hahaha:Snowhite and the Seven Dwarfs - Th/dwarf4you.exe Infected: Email-Worm.Win32.Hybris.b skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/14 Jun 2002 23:01 from Poppacarl:RealNetworks, Inc..rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/14 Jun 2002 23:01 from Poppacarl:RealNetworks, Inc./Inc..pif Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/22 May 2002 07:16 from Maui Jet Skis Unlimited:You can unload yo/conventional.exe Infected: Email-Worm.Win32.Magistr.b skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/13 May 2002 09:16 from dashiell:Hello,Andy,the Garden of Eden.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/13 May 2002 09:16 from dashiell:Hello,Andy,the Garden of Eden/a.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/13 May 2002 09:16 from tradewind:A very excite game/picacu.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/13 May 2002 06:17 from mkido:Of Service.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/13 May 2002 06:17 from mkido:Of Service/engines.scr Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/12 May 2002 18:16 from shamapua:Club Area to find profiles of yo.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/12 May 2002 18:16 from shamapua:Club Area to find profiles of yo/Dh.bat Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/11 May 2002 20:16 from mirasharan:Hi,Andy,the Garden of Eden.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/11 May 2002 20:16 from mirasharan:Hi,Andy,the Garden of Eden/Fdhg.bat Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/10 May 2002 16:17 from Robert:A new game/play.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/10 May 2002 16:17 from nautilus:Re:andy,look,my beautiful girl f.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/10 May 2002 16:17 from nautilus:Re:andy,look,my beautiful girl f/Setup.bat Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/10 May 2002 16:17 from Phil:Re:some questions.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/10 May 2002 16:17 from Phil:Re:some questions/Pvmc.pif Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/10 May 2002 15:16 from curtinmaritime:Look,my beautiful girl fri.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/10 May 2002 15:16 from curtinmaritime:Look,my beautiful girl fri/Ujx.bat Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/09 May 2002 14:16 from artp:A WinXP patch.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/09 May 2002 14:16 from artp:A WinXP patch/Ol.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/09 May 2002 01:16 from panalberto:A WinXP patch.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/09 May 2002 01:16 from panalberto:A WinXP patch/WERE.bat Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/08 May 2002 20:18 from sailing:W32.Klez.E removal tools/setup.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/07 May 2002 12:16 from dat:Questionnaire.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/07 May 2002 12:16 from dat:Questionnaire/src.scr Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/07 May 2002 00:16 from ismarine:Mar 29 2002 16.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/07 May 2002 00:16 from ismarine:Mar 29 2002 16/Mar 29.scr Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/06 May 2002 23:16 from carolynturpin1:A powful tool/Dm.pif Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/30 Apr 2002 15:16 from fila_faco:Worm Klez.E immunity/Rx.pif Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/30 Apr 2002 03:15 from ossipoff:Meeting notice.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/30 Apr 2002 03:15 from ossipoff:Meeting notice/En.scr Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/26 Apr 2002 07:16 from ayamamoto1:W32.Klez.E removal tools/install.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/26 Apr 2002 01:17 from rezentesc:A humour game/setup.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/26 Apr 2002 01:17 from postmaster:Undeliverable mail--"some ques/Fql.scr Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/25 Apr 2002 02:16 from kimos:Please try again.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/25 Apr 2002 02:16 from kimos:Please try again/Zph.pif Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/24 Apr 2002 20:16 from htf:Re:let's be friends.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/24 Apr 2002 20:16 from htf:Re:let's be friends/Ukd.bat Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/24 Apr 2002 19:16 from pshoji:Sos!.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/24 Apr 2002 19:16 from pshoji:Sos!/Si.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/24 Apr 2002 16:16 from Malia:A special new game/picacu.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/24 Apr 2002 16:16 from endofem:A excite game/snoopy.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/24 Apr 2002 16:16 from soka:A excite game/picacu.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/24 Apr 2002 12:16 from lcollier:Honey.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/24 Apr 2002 12:16 from lcollier:Honey/Ezsd.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/24 Apr 2002 12:16 from bremner3:A IE 6.0 patch/Gxoh.pif Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/24 Apr 2002 09:16 from senmatsunaga:Japanese girl VS playboy.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/24 Apr 2002 09:16 from senmatsunaga:Japanese girl VS playboy/Mv.pif Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/20 Apr 2002 06:18 from shooks:Congratulations.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/20 Apr 2002 06:18 from shooks:Congratulations/Rp.pif Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/20 Apr 2002 06:18 from beherman:So cool a flash,enjoy it.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/20 Apr 2002 06:18 from beherman:So cool a flash,enjoy it/Hpc.scr Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/20 Apr 2002 03:16 from Mezes:A special new website/Glw.pif Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/19 Apr 2002 12:16 from ROwen:Congratulations.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/19 Apr 2002 12:16 from ROwen:Congratulations/text.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/19 Apr 2002 09:16 from lauriejo:A new game/kitty.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/18 Apr 2002 01:16 from Kula Lynn:In the spirit of Act 168, the D/DRAFT.com Infected: Email-Worm.Win32.Magistr.b skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/04 Mar 2002 23:47 from Hahaha:Snowhite and the Seven Dwarfs - Th/sexy virgin.scr Infected: Email-Worm.Win32.Hybris.gen skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/27 Nov 2001 08:46 from George and Noel Walker:Re: Your new nephe/SEARCHURL.MP3.pif Infected: Email-Worm.Win32.BadtransII skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/13 Nov 2001 19:46 from Hahaha:Snowhite and the Seven Dwarfs - Th/midgets.scr Infected: Email-Worm.Win32.Hybris.b skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/11 Nov 2001 22:47 from maggie:Last week ended on such a good not/feeling.pif Infected: Email-Worm.Win32.Magistr.b skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/30 Sep 2001 06:48 from Hahaha:Snowhite and the Seven Dwarfs - Th/midgets.scr Infected: Email-Worm.Win32.Hybris.b skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/31 Aug 2001 21:48 from Candice Ahlstromer:luken lot map/luken lot map.doc.com Infected: Email-Worm.Win32.Sircam.c skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/30 Aug 2001 09:46 from Administrator:Microsoftpop3 guide/Microsoftpop3 guide.doc.bat Infected: Email-Worm.Win32.Sircam.c skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/30 Jul 2001 04:32 from Linda Estes:June 14/June 14.doc.pif Infected: Email-Worm.Win32.Sircam.c skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/10 Jul 2001 19:31 from Toni Marie Davis:Re: RE: hearing testimon/YOU_are_FAT!.TXT.pif Infected: Email-Worm.Win32.Badtrans.a skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/30 May 2001 05:31 from Edie Hafdahl:Homepage/homepage.HTML.vbs Infected: Email-Worm.VBS.Homepage skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Deleted Items/20 Apr 2001 08:30 from Hahaha:Snowhite and the Seven Dwarfs - Th/midgets.scr Infected: Email-Worm.Win32.Hybris.b skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:12 to Toni Kauahi:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:12 to Shelley Anthony:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:12 to Reservations:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:12 to Natalie:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:12 to Microsoft Schedule+ Free/Busy Connector (SE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:12 to Luchelle:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:12 to LAURA ANN PRICE:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to Kukuiula Store:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to Kelly Kupo:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to Jory Mata:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to JENNY FEE:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to fun:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to Ed Philpot:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to Dave Wooley:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to Caroline:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:10 to Andy Evans:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst/Personal Folders/Sent Items/05 Oct 2000 08:10 to Administrator:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Migrated Mail\and\andy.pst MailMSMaill: infected - 97, suspicious - 27 skipped
F:\Migrated Mail\Done\dave.pst/Personal Folders/Deleted Items/29 Jan 2004 18:01 from
leo@roar.com:Server Report/document.zip/document.pif Infected: Email-Worm.Win32.Mydoom.a skipped
F:\Migrated Mail\Done\dave.pst/Personal Folders/Deleted Items/29 Jan 2004 18:01 from
leo@roar.com:Server Report/document.zip Infected: Email-Worm.Win32.Mydoom.a skipped
F:\Migrated Mail\Done\dave.pst/Personal Folders/Deleted Items/29 Jan 2004 18:01 from
brent@verizon.net:Error/document.zip/document.exe Infected: Email-Worm.Win32.Mydoom.a skipped
F:\Migrated Mail\Done\dave.pst/Personal Folders/Deleted Items/29 Jan 2004 18:01 from
brent@verizon.net:Error/document.zip Infected: Email-Worm.Win32.Mydoom.a skipped
F:\Migrated Mail\Done\dave.pst MailMSMaill: infected - 4 skipped
F:\Migrated Mail\Done\ed.pst/Personal Folders/Deleted Items/14 Jan 2003 14:01 from napali:Honey.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\Done\ed.pst/Personal Folders/Deleted Items/14 Jan 2003 14:01 from napali:Honey/Xrhh.bat Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\Done\ed.pst/Personal Folders/Deleted Items/06 Aug 2002 22:02 from Sgampon:W32.Klez.E removal tools/setup.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\Done\ed.pst/Personal Folders/Deleted Items/05 Aug 2002 21:06 from chantal:A good tool/Rxdt.bat Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\Done\ed.pst/Personal Folders/Deleted Items/04 Dec 2001 20:47 from
grallo@dellepro.com:Mom's Poems/Mom's Poems.doc.lnk Infected: Email-Worm.Win32.Sircam.c skipped
F:\Migrated Mail\Done\ed.pst/Personal Folders/Deleted Items/19 Jun 2001 18:30 from Caroline Shaffer:Homepage/homepage.HTML.vbs Infected: Email-Worm.VBS.Homepage skipped
F:\Migrated Mail\Done\ed.pst MailMSMaill: infected - 5, suspicious - 1 skipped
F:\Migrated Mail\Done\fun.pst/Personal Folders/Deleted Items/14 May 2004 21:46 from
junior@hotmail.com:Re: Mail Server/message_fun.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
F:\Migrated Mail\Done\fun.pst/Personal Folders/Deleted Items/14 May 2004 21:46 from
junior@hotmail.com:Re: Mail Server/message_fun.zip Infected: Email-Worm.Win32.NetSky.q skipped
F:\Migrated Mail\Done\fun.pst/Personal Folders/Deleted Items/13 May 2004 13:46 from
su@email.com:Re: List/my_numbers.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
F:\Migrated Mail\Done\fun.pst/Personal Folders/Deleted Items/13 May 2004 13:46 from
su@email.com:Re: List/my_numbers.zip Infected: Email-Worm.Win32.NetSky.q skipped
F:\Migrated Mail\Done\fun.pst/Personal Folders/Inbox/24 Feb 2004 19:45 from
john.henning@dwd.state.wi.us:Accident/textfile.zip/textfile.txt .pif Infected: Email-Worm.Win32.Mydoom.e skipped
F:\Migrated Mail\Done\fun.pst/Personal Folders/Inbox/24 Feb 2004 19:45 from
john.henning@dwd.state.wi.us:Accident/textfile.zip Infected: Email-Worm.Win32.Mydoom.e skipped
F:\Migrated Mail\Done\fun.pst/Personal Folders/Sent Items/24 Feb 2004 21:30 to Kim Olivier:FW: Accident/textfile.zip/textfile.txt .pif Infected: Email-Worm.Win32.Mydoom.e skipped
F:\Migrated Mail\Done\fun.pst/Personal Folders/Sent Items/24 Feb 2004 21:30 to Kim Olivier:FW: Accident/textfile.zip Infected: Email-Worm.Win32.Mydoom.e skipped
F:\Migrated Mail\Done\fun.pst MailMSMaill: infected - 8 skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/06 Aug 2002 22:02 from llike:Introduction on ADSL.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/06 Aug 2002 22:02 from llike:Introduction on ADSL/Toolbar[1].bat Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/06 Aug 2002 09:04 from kuuipookauai:If bSync .rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/06 Aug 2002 09:04 from kuuipookauai:If bSync /Ilbcd.scr Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/06 Aug 2002 09:04 from desiree:NavFrm.SynchTopic(cd).rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/06 Aug 2002 09:04 from desiree:NavFrm.SynchTopic(cd)/kitty.pif Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/06 Aug 2002 06:02 from Sgampon:Look,my beautiful girl friend.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/06 Aug 2002 06:02 from Sgampon:Look,my beautiful girl friend/style.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/06 Aug 2002 05:04 from moesrus1:Hello,eager to see you.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/06 Aug 2002 05:04 from moesrus1:Hello,eager to see you/ClothesWomen[1].pif Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/06 Aug 2002 05:04 from kyler:Marginheight.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/06 Aug 2002 05:04 from kyler:Marginheight/Liqfr.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/06 Aug 2002 01:02 from wshimabu:Re:jenny,sos!.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/06 Aug 2002 01:02 from wshimabu:Re:jenny,sos!/Cojec.pif Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/04 Aug 2002 06:02 from jmata:Worm Klez.E immunity/font.bat Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/03 Aug 2002 10:02 from desiree:Worm Klez.E immunity/we dont.scr Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/02 Aug 2002 09:02 from carmen_cavalotto:Introduction on ADSL.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/02 Aug 2002 09:02 from carmen_cavalotto:Introduction on ADSL/of your.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/02 Aug 2002 08:03 from gregjennydaniel:A WinXP patch.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/02 Aug 2002 08:03 from gregjennydaniel:A WinXP patch/Wmnmk.exe Infected: Email-Worm.Win32.Klez.h skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/05 Dec 2001 22:47 from
grallo@dellepro.com:This concerns an inci/This concerns an incident that happened on 03.doc.lnk Infected: Email-Worm.Win32.Sircam.c skipped
F:\Migrated Mail\Done\jenny.pst/Personal Folders/Deleted Items/19 Sep 2001 13:46 from Hahaha:Snowhite and the Seven Dwarfs - Th/sexy virgin.scr Infected: Email-Worm.Win32.Hybris.gen skipped
F:\Migrated Mail\Done\jenny.pst MailMSMaill: infected - 13, suspicious - 9 skipped
F:\Migrated Mail\Done\kim.pst/Personal Folders/Deleted Items/09 Apr 2004 23:45 from leonardp:Delayed file removal..rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\Done\kim.pst/Personal Folders/Deleted Items/30 Mar 2004 23:15 from skoeppen:Hello,ed,japanese girl VS playbo.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\Done\kim.pst/Personal Folders/Deleted Items/26 Mar 2004 23:45 from BCDC1414:Happy Lady Day.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
F:\Migrated Mail\Done\kim.pst/Personal Folders/Deleted Items/27 Jun 2003 00:42 from Fun:FW: Movie/your_details.zip/details.pif Infected: Email-Worm.Win32.Sobig.e skipped
F:\Migrated Mail\Done\kim.pst/Personal Folders/Deleted Items/27 Jun 2003 00:42 from Fun:FW: Movie/your_details.zip Infected: Email-Worm.Win32.Sobig.e skipped
F:\Migrated Mail\Done\kim.pst/Personal Folders/Inbox/24 Feb 2004 21:30 from Fun:FW: Accident/textfile.zip/textfile.txt .pif Infected: Email-Worm.Win32.Mydoom.e skipped
F:\Migrated Mail\Done\kim.pst/Personal Folders/Inbox/24 Feb 2004 21:30 from Fun:FW: Accident/textfile.zip Infected: Email-Worm.Win32.Mydoom.e skipped
F:\Migrated Mail\Done\kim.pst MailMSMaill: infected - 4, suspicious - 3 skipped
F:\Migrated Mail\Done\laura.pst/Personal Folders/Deleted Items/13 Oct 2001 09:46 from Hahaha:Snowhite and the Seven Dwarfs - Th/dwarf4you.exe Infected: Email-Worm.Win32.Hybris.b skipped
F:\Migrated Mail\Done\laura.pst MailMSMaill: infected - 1 skipped
F:\Migrated Mail\Done\toni.pst/Personal Folders/Inbox/10 May 2004 20:46 from Valenciak:Re: Thank you!/Loves_money.hta Infected: Email-Worm.Win32.Bagle.z skipped
F:\Migrated Mail\Done\toni.pst MailMSMaill: infected - 1 skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:10 to Administrator:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:10 to Andy Evans:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to Caroline:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to Dave Wooley:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to Ed Philpot:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to fun:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to JENNY FEE:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to Jory Mata:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to Kelly Kupo:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:11 to Kukuiula Store:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:12 to LAURA ANN PRICE:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:12 to Luchelle:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:12 to Microsoft Schedule+ Free/Busy Connector (SE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:12 to Natalie:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:12 to Reservations:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:12 to Shelley Anthony:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst/Personal Folders/Sent Items/05 Oct 2000 08:12 to Toni Kauahi:GIMIEE/JEOIRI.JPG.vbs Infected: Email-Worm.VBS.LoveLetter skipped
F:\Misc\backup.pst MailMSMaill: infected - 17 skipped
F:\Program Files\Exchsrvr\mdbdata\priv1.edb Object is locked skipped
F:\Program Files\Exchsrvr\mdbdata\priv1.stm Object is locked skipped
F:\Program Files\TapeWare\database\TW000028.023 Object is locked skipped
F:\Program Files\TapeWare\database\TW000028.F00 Object is locked skipped
F:\Program Files\TapeWare\database\TW000028.F03 Object is locked skipped
F:\Program Files\TapeWare\database\TW6XXINS.TWD Object is locked skipped
F:\Program Files\TapeWare\database\TW6XXMED.TWD Object is locked skipped
F:\Program Files\TapeWare\database\TW6XXOBJ.TWD Object is locked skipped
F:\Program Files\TapeWare\database\TW6XXPRP.TWD Object is locked skipped
F:\Program Files\TapeWare\TwTrace.Txt Object is locked skipped
F:\QBDATA\Zodiac.QBW Object is locked skipped
F:\QBDATA\Zodiac.QBW.TLG Object is locked skipped
Scan process completed.
hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:30 PM, on 5/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.napali.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: printcon.bat
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpg: C:\PROGRA~1\iestuff\PLUGINS\npqtplugin3.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partne ... nicode.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.mcafee.com/molbin/share ... insctl.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{62893D28-0F71-43DC-9500-4DA29213787F}: NameServer = 192.168.2.6
O18 - Protocol: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\WINDOWS\system32\QBPOSProtocol.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
--
End of file - 6880 bytes
thank you!
melissa