Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected - But With What?


  • This topic is locked This topic is locked
2 replies to this topic

#1 rick301

rick301

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 30 May 2008 - 07:16 AM

"I need your help" is an understatement! Thanks in advance.

**************************************
Here is my HijackThis log:
**************************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:21:29 AM, on 5/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\US DOT VPN Client\VPN Client\cvpnd.exe
C:\WINDOWS\system32\lxcjcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\winself.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\vbpdtvdp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
C:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\Rick\Application Data\Microsoft\dtsc\12180.exe
C:\PROGRA~1\MICROS~1\rapimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Safari\Safari.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/runonce2.aspx
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\vbpdtvdp.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - C:\DOCUME~1\Rick\LOCALS~1\Temp\~DP5A.dll (file missing)
O2 - BHO: (no name) - {63209ABE-F56F-438C-9437-B7289206BA98} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {6F76BF10-0DC8-42DB-A9B9-028E6C5DC0EB} - (no file)
O2 - BHO: (no name) - {73154230-EE51-449C-96A7-3909543B0EB9} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {9BBDD717-24CD-49F6-9DBD-9EDDA039FA9C} - (no file)
O2 - BHO: (no name) - {A48CF07A-8192-4198-B7F9-52A246079A10} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: gooochi browser optimizer - {f53bbfd9-305e-3783-f624-aa4aa77a2b1d} - C:\WINDOWS\system32\{e261e1b0-0ed0-6952-3418-5a59d698bdbb}.dll
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcjmon.exe] "C:\Program Files\Lexmark 8300 Series\lxcjmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 8300 Series\ezprint.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [BM03fa57c9] Rundll32.exe "C:\WINDOWS\system32\igqchrpj.dll",s
O4 - HKLM\..\Run: [{aacbee65-09fd-e158-65c0-cb8d16f38b34}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{e261e1b0-0ed0-6952-3418-5a59d698bdbb}.dll" DllStart
O4 - HKLM\..\RunServices: [WinxDiagUpdate] WinxDiagUpdate
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\Rick\Application Data\Microsoft\dtsc\12180.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jpwnw64k.exe
O4 - Startup: SpyHunter.lnk = C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1191455931261
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1191455917642
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://sra.dot.gov/dana-cached/setup/JuniperSetupSP1.cab
O20 - Winlogon Notify: hgggheb - hgggheb.dll (file missing)
O20 - Winlogon Notify: xxyAtsQk - xxyAtsQk.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: US DOT VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\US DOT VPN Client\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcj_device - - C:\WINDOWS\system32\lxcjcoms.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 12781 bytes

**************************************
Here is my Kaspersky Online Scanner report:
**************************************

KASPERSKY ONLINE SCANNER REPORT
Friday, May 30, 2008 7:14:39 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 30/05/2008
Kaspersky Anti-Virus database records: 813686


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
G:\
M:\

Scan Statistics
Total number of scanned objects 161370
Number of viruses found 84
Number of infected objects 341
Number of suspicious objects 28
Duration of the scan process 01:44:00

Infected Object Name Virus Name Last Action
C:\!KillBox\xxyAtsQk.dll( 1).bakk Infected: Trojan-Downloader.Win32.Agent.pfi skipped

C:\!KillBox\xxyAtsQk.dll.bakk Infected: Trojan-Downloader.Win32.Agent.pfi skipped

C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe RAR: infected - 1 skipped

C:\Documents and Settings\Annette\Application Data\Microsoft\Internet Explorer\Desktop.htt Infected: not-virus:Hoax.HTML.Secureinvites.b skipped

C:\Documents and Settings\LocalService\Application Data\Microsoft\Internet Explorer\Desktop.htt Infected: not-virus:Hoax.HTML.Secureinvites.b skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Rick\Application Data\$_hpcst$.hpc Object is locked skipped

C:\Documents and Settings\Rick\Application Data\Apple Computer\Safari\PubSub\Database\Database.sqlite3 Object is locked skipped

C:\Documents and Settings\Rick\Application Data\Microsoft\dtsc\12180.exe Infected: Trojan-Downloader.Win32.Agent.plz skipped

C:\Documents and Settings\Rick\Application Data\Microsoft\Internet Explorer\Desktop.htt Infected: not-virus:Hoax.HTML.Secureinvites.b skipped

C:\Documents and Settings\Rick\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Rick\Desktop\SmitfraudFix.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Rick\Desktop\SmitfraudFix.exe RAR: infected - 1 skipped

C:\Documents and Settings\Rick\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped

C:\Documents and Settings\Rick\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped

C:\Documents and Settings\Rick\Local Settings\Application Data\Ahead\Nero Home\is2.db-journal Object is locked skipped

C:\Documents and Settings\Rick\Local Settings\Application Data\Apple Computer\Safari\Cache.db Object is locked skipped

C:\Documents and Settings\Rick\Local Settings\Application Data\Apple Computer\Safari\WebpageIcons.db Object is locked skipped

C:\Documents and Settings\Rick\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped

C:\Documents and Settings\Rick\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped

C:\Documents and Settings\Rick\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\Rick\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Rick\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Rick\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Rick\Local Settings\Temp\mmonHJ.exe/data0006 Infected: Trojan-Downloader.Win32.VB.epp skipped

C:\Documents and Settings\Rick\Local Settings\Temp\mmonHJ.exe NSIS: infected - 1 skipped

C:\Documents and Settings\Rick\Local Settings\Temp\tmp82.tmp/data0003 Infected: Trojan.Win32.BHO.cmd skipped

C:\Documents and Settings\Rick\Local Settings\Temp\tmp82.tmp NSIS: infected - 1 skipped

C:\Documents and Settings\Rick\Local Settings\Temp\WCESLog.log Object is locked skipped

C:\Documents and Settings\Rick\Local Settings\Temp\~DF89C2.tmp Object is locked skipped

C:\Documents and Settings\Rick\Local Settings\Temp\~tmp143 Infected: Trojan-Clicker.Win32.Agent.tg skipped

C:\Documents and Settings\Rick\Local Settings\Temp\~tmp476 Infected: Trojan-Clicker.Win32.Delf.abt skipped

C:\Documents and Settings\Rick\Local Settings\Temporary Internet Files\Content.IE5\0VTQM4ZY\kb516107[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.tro skipped

C:\Documents and Settings\Rick\Local Settings\Temporary Internet Files\Content.IE5\HRFDTEUE\cm[1].exe Infected: Trojan-Downloader.Win32.Agent.qoq skipped

C:\Documents and Settings\Rick\Local Settings\Temporary Internet Files\Content.IE5\ICHI2BRW\ie[1].exe Infected: Trojan-Clicker.Win32.Delf.abt skipped

C:\Documents and Settings\Rick\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Rick\Local Settings\Temporary Internet Files\Content.IE5\NGPPEJBF\query[1] Infected: Trojan-Downloader.Win32.ConHook.te skipped

C:\Documents and Settings\Rick\Local Settings\Temporary Internet Files\Content.IE5\Q0M3MS7C\kb456456[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.trp skipped

C:\Documents and Settings\Rick\Local Settings\Temporary Internet Files\Content.IE5\SP540QOZ\17PHolmes[1].cmt Infected: Trojan-Downloader.Win32.Homles.bq skipped

C:\Documents and Settings\Rick\Local Settings\Temporary Internet Files\Content.IE5\SP540QOZ\kb456456[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.vjr skipped

C:\Documents and Settings\Rick\Local Settings\Temporary Internet Files\Content.IE5\SP540QOZ\mmonHJ[1].exe/data0006 Infected: Trojan-Downloader.Win32.VB.epp skipped

C:\Documents and Settings\Rick\Local Settings\Temporary Internet Files\Content.IE5\SP540QOZ\mmonHJ[1].exe NSIS: infected - 1 skipped

C:\Documents and Settings\Rick\Local Settings\Temporary Internet Files\Content.IE5\SP540QOZ\td[1].exe Infected: Trojan-Downloader.Win32.Agent.plz skipped

C:\Documents and Settings\Rick\Local Settings\Temporary Internet Files\Content.IE5\VG734LS8\msiexec[1].exe Infected: Trojan-Clicker.Win32.Agent.tg skipped

C:\Documents and Settings\Rick\Local Settings\Temporary Internet Files\Content.IE5\ZTB53DMG\myss_install_2[1].exe/data0003 Infected: Trojan.Win32.BHO.cmd skipped

C:\Documents and Settings\Rick\Local Settings\Temporary Internet Files\Content.IE5\ZTB53DMG\myss_install_2[1].exe NSIS: infected - 1 skipped

C:\Documents and Settings\Rick\My Documents\Downloads\Downloads\SmitfraudFix.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Rick\My Documents\Downloads\Downloads\SmitfraudFix.exe RAR: infected - 1 skipped

C:\Documents and Settings\Rick\ntuser.dat Object is locked skipped

C:\Documents and Settings\Rick\NTUSER.DAT.LOG Object is locked skipped

C:\Program Files\Common Files\System\ServiceUpd.exe Infected: Trojan.Win32.Obfuscated.hf skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{4204187A-1A0B-4D07-8C19-BC886836E434}\RP344\change.log Object is locked skipped

C:\VundoFix Backups\gyvtenxt.dll.bad Infected: Trojan.Win32.Monder.ck skipped

C:\VundoFix Backups\heamjpaj.dll.bad Infected: Trojan.Win32.Monder.bh skipped

C:\VundoFix Backups\mhquwitm.dll.bad Infected: Trojan.Win32.Monder.ao skipped

C:\VundoFix Backups\pbmlxhac.dll.bad Infected: Trojan.Win32.Monder.ai skipped

C:\VundoFix Backups\ssqpq.dll.bad Infected: Trojan.Win32.Monder.gen skipped

C:\VundoFix Backups\ubsxnrrl.dll.bad Infected: Trojan.Win32.Monder.gen skipped

C:\VundoFix Backups\yxkbehiw.dll.bad Infected: Trojan.Win32.Monder.ai skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped

C:\WINDOWS\lfn.exe Infected: not-virus:Hoax.Win32.Renos.coh skipped

C:\WINDOWS\pfirewall.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\1026c\cosDRV3.exe Infected: Trojan.Win32.Agent.lom skipped

C:\WINDOWS\system32\bfltdrtm.dll.bakk Infected: not-a-virus:AdWare.Win32.Virtumonde.tsm skipped

C:\WINDOWS\system32\bsilcywu.dll.bakk Infected: not-a-virus:AdWare.Win32.Virtumonde.tro skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\core.cache.dsk Object is locked skipped

C:\WINDOWS\system32\drivers\usbintell.sys Object is locked skipped

C:\WINDOWS\system32\fyyylbll.dll.bakk Infected: not-a-virus:AdWare.Win32.Virtumonde.tnt skipped

C:\WINDOWS\system32\g28.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Agent.byy skipped

C:\WINDOWS\system32\g28.exe/stream Infected: not-a-virus:AdWare.Win32.Agent.byy skipped

C:\WINDOWS\system32\g28.exe NSIS: infected - 2 skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\jliqtksc.dll.bakk Infected: Trojan.Win32.Monder.gen skipped

C:\WINDOWS\system32\jsqtrpar.dll.bakk Infected: not-a-virus:AdWare.Win32.Virtumonde.ttc skipped

C:\WINDOWS\system32\kxrbdada.dll.bakk Infected: not-a-virus:AdWare.Win32.Virtumonde.trb skipped

C:\WINDOWS\system32\nwrwdmyt.dll.bakk Infected: not-a-virus:AdWare.Win32.Virtumonde.tra skipped

C:\WINDOWS\system32\qggslips.dll.bakk Infected: Trojan.Win32.Monder.gen skipped

C:\WINDOWS\system32\qwkdytpk.dll.bakk Infected: not-a-virus:AdWare.Win32.Virtumonde.tsz skipped

C:\WINDOWS\system32\rmbnjkte.dll.bakk Infected: not-a-virus:AdWare.Win32.Virtumonde.tsk skipped

C:\WINDOWS\system32\rwpnhqgt.dll.bakk Infected: not-a-virus:AdWare.Win32.Virtumonde.sca skipped

C:\WINDOWS\system32\scntqkdm.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.bc skipped

C:\WINDOWS\system32\tnkqypwe.dll.bakk Infected: not-a-virus:AdWare.Win32.Virtumonde.tnx skipped

C:\WINDOWS\system32\vakwvcaw.dll.bakk Infected: not-a-virus:AdWare.Win32.Virtumonde.tbs skipped

C:\WINDOWS\system32\vbpdtvdp.exe Infected: not-virus:Hoax.Win32.Renos.coh skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\wublyfeh.dll.bakk Infected: not-a-virus:AdWare.Win32.Virtumonde.srg skipped

C:\WINDOWS\system32\yjucacvm.dll.bakk Infected: Trojan-Downloader.Win32.ConHook.te skipped

C:\WINDOWS\system32\yucthvgo.dll.bakk Infected: not-a-virus:AdWare.Win32.Virtumonde.srh skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

D:\Limewire\Programs\google navigator - b.zip/Setup.exe Infected: not-a-virus:AdWare.Win32.Agent.zk skipped

D:\Limewire\Programs\google navigator - b.zip ZIP: infected - 1 skipped

D:\Limewire\Programs\google navigator - c.zip/Setup.exe Infected: not-a-virus:AdWare.Win32.Agent.zk skipped

D:\Limewire\Programs\google navigator - c.zip ZIP: infected - 1 skipped

D:\Limewire\Programs\google navigator.zip/setup.exe Infected: not-a-virus:AdWare.Win32.Sahat.cd skipped

D:\Limewire\Programs\google navigator.zip ZIP: infected - 1 skipped

D:\Limewire\Programs\printit new.zip/setup.exe/data0009/stream/data0004 Infected: not-a-virus:AdWare.Win32.NewWeb.ay skipped

D:\Limewire\Programs\printit new.zip/setup.exe/data0009/stream Infected: not-a-virus:AdWare.Win32.NewWeb.ay skipped

D:\Limewire\Programs\printit new.zip/setup.exe/data0009 Infected: not-a-virus:AdWare.Win32.NewWeb.ay skipped

D:\Limewire\Programs\printit new.zip/setup.exe/data0010/stream/data0004 Infected: not-a-virus:AdWare.Win32.BHO.aad skipped

D:\Limewire\Programs\printit new.zip/setup.exe/data0010/stream/data0005 Infected: not-a-virus:AdWare.Win32.BHO.aad skipped

D:\Limewire\Programs\printit new.zip/setup.exe/data0010/stream Infected: not-a-virus:AdWare.Win32.BHO.aad skipped

D:\Limewire\Programs\printit new.zip/setup.exe/data0010 Infected: not-a-virus:AdWare.Win32.BHO.aad skipped

D:\Limewire\Programs\printit new.zip/setup.exe Infected: not-a-virus:AdWare.Win32.BHO.aad skipped

D:\Limewire\Programs\printit new.zip ZIP: infected - 8 skipped

D:\Limewire\Programs\printit wet and wild.zip/setup.exe/data0009/stream/data0004 Infected: not-a-virus:AdWare.Win32.TrafficSol.o skipped

D:\Limewire\Programs\printit wet and wild.zip/setup.exe/data0009/stream Infected: not-a-virus:AdWare.Win32.TrafficSol.o skipped

D:\Limewire\Programs\printit wet and wild.zip/setup.exe/data0009 Infected: not-a-virus:AdWare.Win32.TrafficSol.o skipped

D:\Limewire\Programs\printit wet and wild.zip/setup.exe/data0010/stream/data0005 Infected: not-a-virus:AdWare.Win32.BHO.adj skipped

D:\Limewire\Programs\printit wet and wild.zip/setup.exe/data0010/stream/data0006 Infected: not-a-virus:AdWare.Win32.BHO.ww skipped

D:\Limewire\Programs\printit wet and wild.zip/setup.exe/data0010/stream Infected: not-a-virus:AdWare.Win32.BHO.ww skipped

D:\Limewire\Programs\printit wet and wild.zip/setup.exe/data0010 Infected: not-a-virus:AdWare.Win32.BHO.ww skipped

D:\Limewire\Programs\printit wet and wild.zip/setup.exe Infected: not-a-virus:AdWare.Win32.BHO.ww skipped

D:\Limewire\Programs\printit wet and wild.zip ZIP: infected - 8 skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/26 Mar 2004 19:08 from Mail Delivery System:Mail delivery failed.eml/[From rick.murray@fhwa.dot.gov][Date Fri, 26 Mar 2004 14:01:19 -0500]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/26 Mar 2004 19:08 from Mail Delivery System:Mail delivery failed.eml/[From rick.murray@fhwa.dot.gov][Date Fri, 26 Mar 2004 14:01:19 -0500]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/26 Mar 2004 19:08 from Mail Delivery System:Mail delivery failed.eml/[From rick.murray@fhwa.dot.gov][Date Fri, 26 Mar 2004 14:01:19 -0500]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/26 Mar 2004 19:08 from Mail Delivery System:Mail delivery failed.eml/[From rick.murray@fhwa.dot.gov][Date Fri, 26 Mar 2004 14:01:19 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/26 Mar 2004 19:08 from Mail Delivery System:Mail delivery failed.eml Infected: Email-Worm.Win32.NetSky.q skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/04 Apr 2004 04:31 from Mail Delivery Subsystem:Returned mail: se/04 Apr 2004 04:31 from Murray, Rick:Mail Delivery (failure dave..rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/12 Apr 2004 13:31 from Postmaster:Undeliverable Mail.eml/[From rick.murray@fhwa.dot.gov][Date Mon, 12 Apr 2004 09:21:17 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/12 Apr 2004 13:31 from Postmaster:Undeliverable Mail.eml/[From rick.murray@fhwa.dot.gov][Date Mon, 12 Apr 2004 09:21:17 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/12 Apr 2004 13:31 from Postmaster:Undeliverable Mail.eml Suspicious: Exploit.HTML.Iframe.FileDownload skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/01 May 2004 13:40 from Mail Delivery System:Mail delivery failed.eml/[From rick.murray@fhwa.dot.gov][Date Sat, 1 May 2004 07:42:17 -0600]/UNNAMED/information.rtf.com Infected: Email-Worm.Win32.NetSky.b skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/01 May 2004 13:40 from Mail Delivery System:Mail delivery failed.eml/[From rick.murray@fhwa.dot.gov][Date Sat, 1 May 2004 07:42:17 -0600]/UNNAMED Infected: Email-Worm.Win32.NetSky.b skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/01 May 2004 13:40 from Mail Delivery System:Mail delivery failed.eml Infected: Email-Worm.Win32.NetSky.b skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/01 May 2004 13:40 from Mail Delivery System:Mail delivery failed.eml/[From rick.murray@fhwa.dot.gov][Date Sat, 1 May 2004 07:42:17 -0600]/UNNAMED/information.rtf.com Infected: Email-Worm.Win32.NetSky.b skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/01 May 2004 13:40 from Mail Delivery System:Mail delivery failed.eml/[From rick.murray@fhwa.dot.gov][Date Sat, 1 May 2004 07:42:17 -0600]/UNNAMED Infected: Email-Worm.Win32.NetSky.b skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/01 May 2004 13:40 from Mail Delivery System:Mail delivery failed.eml Infected: Email-Worm.Win32.NetSky.b skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/12 Apr 2004 13:31 from Postmaster:Undeliverable Mail.eml/[From rick.murray@fhwa.dot.gov][Date Mon, 12 Apr 2004 09:21:17 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/12 Apr 2004 13:31 from Postmaster:Undeliverable Mail.eml/[From rick.murray@fhwa.dot.gov][Date Mon, 12 Apr 2004 09:21:17 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/12 Apr 2004 13:31 from Postmaster:Undeliverable Mail.eml Suspicious: Exploit.HTML.Iframe.FileDownload skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/04 Apr 2004 04:31 from Mail Delivery Subsystem:Returned mail: se/04 Apr 2004 04:31 from Murray, Rick:Mail Delivery (failure dave..rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/26 Mar 2004 19:08 from Mail Delivery System:Mail delivery failed.eml/[From rick.murray@fhwa.dot.gov][Date Fri, 26 Mar 2004 14:01:19 -0500]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/26 Mar 2004 19:08 from Mail Delivery System:Mail delivery failed.eml/[From rick.murray@fhwa.dot.gov][Date Fri, 26 Mar 2004 14:01:19 -0500]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/26 Mar 2004 19:08 from Mail Delivery System:Mail delivery failed.eml/[From rick.murray@fhwa.dot.gov][Date Fri, 26 Mar 2004 14:01:19 -0500]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/26 Mar 2004 19:08 from Mail Delivery System:Mail delivery failed.eml/[From rick.murray@fhwa.dot.gov][Date Fri, 26 Mar 2004 14:01:19 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/26 Mar 2004 19:08 from Mail Delivery System:Mail delivery failed.eml Infected: Email-Worm.Win32.NetSky.q skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/24 Mar 2004 14:44 from postmaster@bellevue.com:Delivery Status N/24 Mar 2004 14:00 to eek@bellevue.com:Mail Delivery (failure eek.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/02 Mar 2004 20:18 from Prior, Bob:Katrina/ATT53209.txt Infected: Email-Worm.Win32.Bagle.e.txt skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/28 Aug 2003 15:04 from MAILER-DAEMON@mail19a.dulles19-verio.com:.eml/[From ][Date Thu, 28 Aug 2003 10:51:24 --0400]/UNNAMED/thank_you.pif Infected: Email-Worm.Win32.Sobig.f skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/28 Aug 2003 15:04 from MAILER-DAEMON@mail19a.dulles19-verio.com:.eml/[From ][Date Thu, 28 Aug 2003 10:51:24 --0400]/UNNAMED Infected: Email-Worm.Win32.Sobig.f skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/28 Aug 2003 15:04 from MAILER-DAEMON@mail19a.dulles19-verio.com:.eml Infected: Email-Worm.Win32.Sobig.f skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/25 Aug 2003 20:10 from Mail Delivery System:Mail delivery failed.eml/[From ][Date Mon, 25 Aug 2003 16:10:02 --0400]/UNNAMED/movie0045.pif Infected: Email-Worm.Win32.Sobig.f skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/25 Aug 2003 20:10 from Mail Delivery System:Mail delivery failed.eml/[From ][Date Mon, 25 Aug 2003 16:10:02 --0400]/UNNAMED Infected: Email-Worm.Win32.Sobig.f skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/25 Aug 2003 20:10 from Mail Delivery System:Mail delivery failed.eml Infected: Email-Worm.Win32.Sobig.f skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/25 Aug 2003 15:27 from MAILER-DAEMON@discovery.comsite.net:failu.eml/[From ][Date Mon, 25 Aug 2003 11:27:11 --0400]/UNNAMED/thank_you.pif Infected: Email-Worm.Win32.Sobig.f skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/25 Aug 2003 15:27 from MAILER-DAEMON@discovery.comsite.net:failu.eml/[From ][Date Mon, 25 Aug 2003 11:27:11 --0400]/UNNAMED Infected: Email-Worm.Win32.Sobig.f skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/25 Aug 2003 15:27 from MAILER-DAEMON@discovery.comsite.net:failu.eml Infected: Email-Worm.Win32.Sobig.f skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/25 Aug 2003 13:49 from MAILER-DAEMON@world3.aosoft.com:failure n.eml/[From ][Date Mon, 25 Aug 2003 9:32:59 --0400]/UNNAMED/movie0045.pif Infected: Email-Worm.Win32.Sobig.f skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/25 Aug 2003 13:49 from MAILER-DAEMON@world3.aosoft.com:failure n.eml/[From ][Date Mon, 25 Aug 2003 9:32:59 --0400]/UNNAMED Infected: Email-Worm.Win32.Sobig.f skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/25 Aug 2003 13:49 from MAILER-DAEMON@world3.aosoft.com:failure n.eml Infected: Email-Worm.Win32.Sobig.f skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/19 Aug 2003 16:10 from Mail Delivery System:Mail delivery failed.eml/[From ][Date Tue, 19 Aug 2003 12:09:42 --0400]/UNNAMED/application.pif Infected: Email-Worm.Win32.Sobig.f skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/19 Aug 2003 16:10 from Mail Delivery System:Mail delivery failed.eml/[From ][Date Tue, 19 Aug 2003 12:09:42 --0400]/UNNAMED Infected: Email-Worm.Win32.Sobig.f skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/19 Aug 2003 16:10 from Mail Delivery System:Mail delivery failed.eml Infected: Email-Worm.Win32.Sobig.f skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/24 Mar 2004 14:44 from postmaster@bellevue.com:Delivery Status N/24 Mar 2004 14:00 to eek@bellevue.com:Mail Delivery (failure eek.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/02 Mar 2004 20:18 from Prior, Bob:Katrina/ATT53209.txt Infected: Email-Worm.Win32.Bagle.e.txt skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/28 Aug 2003 15:04 from MAILER-DAEMON@mail19a.dulles19-verio.com:.eml/[From ][Date Thu, 28 Aug 2003 10:51:24 --0400]/UNNAMED/thank_you.pif Infected: Email-Worm.Win32.Sobig.f skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/28 Aug 2003 15:04 from MAILER-DAEMON@mail19a.dulles19-verio.com:.eml/[From ][Date Thu, 28 Aug 2003 10:51:24 --0400]/UNNAMED Infected: Email-Worm.Win32.Sobig.f skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/28 Aug 2003 15:04 from MAILER-DAEMON@mail19a.dulles19-verio.com:.eml Infected: Email-Worm.Win32.Sobig.f skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/25 Aug 2003 20:10 from Mail Delivery System:Mail delivery failed.eml/[From ][Date Mon, 25 Aug 2003 16:10:02 --0400]/UNNAMED/movie0045.pif Infected: Email-Worm.Win32.Sobig.f skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/25 Aug 2003 20:10 from Mail Delivery System:Mail delivery failed.eml/[From ][Date Mon, 25 Aug 2003 16:10:02 --0400]/UNNAMED Infected: Email-Worm.Win32.Sobig.f skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/25 Aug 2003 20:10 from Mail Delivery System:Mail delivery failed.eml Infected: Email-Worm.Win32.Sobig.f skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/25 Aug 2003 15:27 from MAILER-DAEMON@discovery.comsite.net:failu.eml/[From ][Date Mon, 25 Aug 2003 11:27:11 --0400]/UNNAMED/thank_you.pif Infected: Email-Worm.Win32.Sobig.f skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/25 Aug 2003 15:27 from MAILER-DAEMON@discovery.comsite.net:failu.eml/[From ][Date Mon, 25 Aug 2003 11:27:11 --0400]/UNNAMED Infected: Email-Worm.Win32.Sobig.f skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/25 Aug 2003 15:27 from MAILER-DAEMON@discovery.comsite.net:failu.eml Infected: Email-Worm.Win32.Sobig.f skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/25 Aug 2003 13:49 from MAILER-DAEMON@world3.aosoft.com:failure n.eml/[From ][Date Mon, 25 Aug 2003 9:32:59 --0400]/UNNAMED/movie0045.pif Infected: Email-Worm.Win32.Sobig.f skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/25 Aug 2003 13:49 from MAILER-DAEMON@world3.aosoft.com:failure n.eml/[From ][Date Mon, 25 Aug 2003 9:32:59 --0400]/UNNAMED Infected: Email-Worm.Win32.Sobig.f skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/25 Aug 2003 13:49 from MAILER-DAEMON@world3.aosoft.com:failure n.eml Infected: Email-Worm.Win32.Sobig.f skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/19 Aug 2003 16:10 from Mail Delivery System:Mail delivery failed.eml/[From ][Date Tue, 19 Aug 2003 12:09:42 --0400]/UNNAMED/application.pif Infected: Email-Worm.Win32.Sobig.f skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/19 Aug 2003 16:10 from Mail Delivery System:Mail delivery failed.eml/[From ][Date Tue, 19 Aug 2003 12:09:42 --0400]/UNNAMED Infected: Email-Worm.Win32.Sobig.f skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/19 Aug 2003 16:10 from Mail Delivery System:Mail delivery failed.eml Infected: Email-Worm.Win32.Sobig.f skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/01 Sep 2004 04:33 from Hellie, Christian:foto/fotos.zip/foto.htm Infected: Exploit.HTML.CodeBaseExec skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/01 Sep 2004 04:33 from Hellie, Christian:foto/fotos.zip/1/calc.exe Infected: Trojan.Win32.Glieder.gen skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/01 Sep 2004 04:33 from Hellie, Christian:foto/fotos.zip Infected: Trojan.Win32.Glieder.gen skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/31 Aug 2004 21:34 from Hellie, Christian:foto/fotos.zip.ZIP/fotos.zip/foto/foto.html Infected: Exploit.HTML.CodeBaseExec skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/31 Aug 2004 21:34 from Hellie, Christian:foto/fotos.zip.ZIP/fotos.zip/foto/foto/foto1.exe Infected: Trojan.Win32.Glieder.gen skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/31 Aug 2004 21:34 from Hellie, Christian:foto/fotos.zip.ZIP/fotos.zip Infected: Trojan.Win32.Glieder.gen skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/31 Aug 2004 21:34 from Hellie, Christian:foto/fotos.zip.ZIP Infected: Trojan.Win32.Glieder.gen skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/15 Aug 2004 15:51 from US Bank:Important Banking Mail [Sun, 15 A.rtf Infected: Trojan-Spy.HTML.Usbankfraud.p skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/10 Aug 2004 14:56 from Mail Delivery System:Mail delivery failed.eml/[From rick.murray@fhwa.dot.gov][Date Tue, 10 Aug 2004 10:54:12 -0700]/UNNAMED/message.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/10 Aug 2004 14:56 from Mail Delivery System:Mail delivery failed.eml/[From rick.murray@fhwa.dot.gov][Date Tue, 10 Aug 2004 10:54:12 -0700]/UNNAMED/message.zip Infected: Email-Worm.Win32.NetSky.q skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/10 Aug 2004 14:56 from Mail Delivery System:Mail delivery failed.eml/[From rick.murray@fhwa.dot.gov][Date Tue, 10 Aug 2004 10:54:12 -0700]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped

D:\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/10 Aug 2004 14:56 from Mail Delivery System:Mail delivery failed.eml Infected: Email-Worm.Win32.NetSky.q skipped

D:\Outlook\Rick.pst MailMSMaill: infected - 56, suspicious - 14 skipped

D:\Programs\1 Click DVD Copy Pro\1Click DVD Copy Pro 3.1.2.8(NEW-UPDATED)\1Click DVD Copy Pro 3.1.2.8(NEW-UPDATED).rar/1Click DVD Copy Pro 3.1.2.8(NEW-UPDATED)/lg.software.innovations.generic.patch.v0.1-icu.zip/LG.Software.Innovations.Generic.Patch.v0.1-ICU/LG.Software.Innovations.Generic.Patch.v0.1-ICU.exe Infected: Trojan.Win32.Delf.bur skipped

D:\Programs\1 Click DVD Copy Pro\1Click DVD Copy Pro 3.1.2.8(NEW-UPDATED)\1Click DVD Copy Pro 3.1.2.8(NEW-UPDATED).rar/1Click DVD Copy Pro 3.1.2.8(NEW-UPDATED)/lg.software.innovations.generic.patch.v0.1-icu.zip Infected: Trojan.Win32.Delf.bur skipped

D:\Programs\1 Click DVD Copy Pro\1Click DVD Copy Pro 3.1.2.8(NEW-UPDATED)\1Click DVD Copy Pro 3.1.2.8(NEW-UPDATED).rar RAR: infected - 2 skipped

D:\Programs\1 Click DVD to Ipod\1CLICK DVD TO IPOD 1.1.2.7(NEW-with serial key)\Patch\LG.Software.Innovations.Generic.Patch.v0.1-ICU.exe Infected: Trojan.Win32.Delf.bur skipped

D:\Programs\1Click DVD Copy Pro 3.1.3.3\1Click DVD Copy Pro 3.1.3.3\1clickdvdcopyprosetup3.1.3.3.exe Infected: Trojan-Dropper.Win32.Agent.qvx skipped

D:\Programs\1Click DVD Copy Pro 3.1.3.3\1Click DVD Copy Pro 3.1.3.3\Patch\LG.Software.Innovations.Generic.Patch.v0.1-ICU.exe Infected: Trojan.Win32.Delf.bur skipped

D:\Programs\Advanced Archive Password Recovery v3.01.7 + SERIAL\archpr40.zip/setup.exe/data0012 Infected: not-a-virus:PSWTool.Win32.AdvancedPR.c skipped

D:\Programs\Advanced Archive Password Recovery v3.01.7 + SERIAL\archpr40.zip/setup.exe Infected: not-a-virus:PSWTool.Win32.AdvancedPR.c skipped

D:\Programs\Advanced Archive Password Recovery v3.01.7 + SERIAL\archpr40.zip ZIP: infected - 2 skipped

D:\Programs\AVG 2008 Anti Spyware with Crack.rar/AVG 2008 Anti Spyware with Crack/Setup.exe Infected: Trojan-Dropper.Win32.Delf.ake skipped

D:\Programs\AVG 2008 Anti Spyware with Crack.rar RAR: infected - 1 skipped

D:\Programs\AVG Anti-Virus 8.0.93 PRO Edition (latest on 2008-04-14) + Activation key\avg_avwt_stf_all_8_93a1283.exe/data0000.cab/crack.exe Infected: Trojan.Win32.Monder.gen skipped

D:\Programs\AVG Anti-Virus 8.0.93 PRO Edition (latest on 2008-04-14) + Activation key\avg_avwt_stf_all_8_93a1283.exe/data0000.cab Infected: Trojan.Win32.Monder.gen skipped

D:\Programs\AVG Anti-Virus 8.0.93 PRO Edition (latest on 2008-04-14) + Activation key\avg_avwt_stf_all_8_93a1283.exe Rsrc-Package: infected - 2 skipped

D:\Programs\CPUCooL.v8.0.6.zip/CPUCooL.v8.0.6/final2.dat/hosts/hosts.exe Infected: Backdoor.Win32.Small.czo skipped

D:\Programs\CPUCooL.v8.0.6.zip/CPUCooL.v8.0.6/final2.dat/manager.exe Infected: Backdoor.Win32.Small.cvt skipped

D:\Programs\CPUCooL.v8.0.6.zip/CPUCooL.v8.0.6/final2.dat/irc/irc.exe Infected: Backdoor.Win32.Small.cvt skipped

D:\Programs\CPUCooL.v8.0.6.zip/CPUCooL.v8.0.6/final2.dat Infected: Backdoor.Win32.Small.cvt skipped

D:\Programs\CPUCooL.v8.0.6.zip ZIP: infected - 4 skipped

D:\Programs\Diskeeper.Pro.Premier.2008.v12.0.758-DVT\Diskeeper2008_ProPremier.exe/data0000.cab/dongs.exe Infected: Backdoor.Win32.Rbot.ffg skipped

D:\Programs\Diskeeper.Pro.Premier.2008.v12.0.758-DVT\Diskeeper2008_ProPremier.exe/data0000.cab Infected: Backdoor.Win32.Rbot.ffg skipped

D:\Programs\Diskeeper.Pro.Premier.2008.v12.0.758-DVT\Diskeeper2008_ProPremier.exe Rsrc-Package: infected - 2 skipped

D:\Programs\Diskeeper_2008_PP.rar/Diskeeper Setup.EXE/data0000.cab/scvost.exe Infected: Trojan-Downloader.Win32.VB.btb skipped

D:\Programs\Diskeeper_2008_PP.rar/Diskeeper Setup.EXE/data0000.cab Infected: Trojan-Downloader.Win32.VB.btb skipped

D:\Programs\Diskeeper_2008_PP.rar/Diskeeper Setup.EXE Infected: Trojan-Downloader.Win32.VB.btb skipped

D:\Programs\Diskeeper_2008_PP.rar RAR: infected - 3 skipped

D:\Programs\Garmin Unlock Utility\Garmin Unlock Utility.rar/01 - Find the Map_Product ID/04 - MapSetToolKit.exe/data0000.cab/04-MAP~1.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.nki skipped

D:\Programs\Garmin Unlock Utility\Garmin Unlock Utility.rar/01 - Find the Map_Product ID/04 - MapSetToolKit.exe/data0000.cab/is152185.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.lvo skipped

D:\Programs\Garmin Unlock Utility\Garmin Unlock Utility.rar/01 - Find the Map_Product ID/04 - MapSetToolKit.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.lvo skipped

D:\Programs\Garmin Unlock Utility\Garmin Unlock Utility.rar/01 - Find the Map_Product ID/04 - MapSetToolKit.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.lvo skipped

D:\Programs\Garmin Unlock Utility\Garmin Unlock Utility.rar/02 - Garmin Keygen v1.2/Keygen v1.2.exe/data0000.cab/KEYGEN~1.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.nkl skipped

D:\Programs\Garmin Unlock Utility\Garmin Unlock Utility.rar/02 - Garmin Keygen v1.2/Keygen v1.2.exe/data0000.cab/is152185.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.lvo skipped

D:\Programs\Garmin Unlock Utility\Garmin Unlock Utility.rar/02 - Garmin Keygen v1.2/Keygen v1.2.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.lvo skipped

D:\Programs\Garmin Unlock Utility\Garmin Unlock Utility.rar/02 - Garmin Keygen v1.2/Keygen v1.2.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.lvo skipped

D:\Programs\Garmin Unlock Utility\Garmin Unlock Utility.rar/02 - Garmin Keygen v1.3/Keygen v1.3.exe/data0000.cab/KEYGEN~2.EXE/data0000.cab/luxti.EXE/data0000.cab/is152185.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.lvo skipped

D:\Programs\Garmin Unlock Utility\Garmin Unlock Utility.rar/02 - Garmin Keygen v1.3/Keygen v1.3.exe/data0000.cab/KEYGEN~2.EXE/data0000.cab/luxti.EXE/data0000.cab/BIGMAN~1.EXE Infected: Trojan.Win32.Pakes.cgn skipped

D:\Programs\Garmin Unlock Utility\Garmin Unlock Utility.rar/02 - Garmin Keygen v1.3/Keygen v1.3.exe/data0000.cab/KEYGEN~2.EXE/data0000.cab/luxti.EXE/data0000.cab Infected: Trojan.Win32.Pakes.cgn skipped

D:\Programs\Garmin Unlock Utility\Garmin Unlock Utility.rar/02 - Garmin Keygen v1.3/Keygen v1.3.exe/data0000.cab/KEYGEN~2.EXE/data0000.cab/luxti.EXE Infected: Trojan.Win32.Pakes.cgn skipped

D:\Programs\Garmin Unlock Utility\Garmin Unlock Utility.rar/02 - Garmin Keygen v1.3/Keygen v1.3.exe/data0000.cab/KEYGEN~2.EXE/data0000.cab/KEYGEN~1.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.nkl skipped

D:\Programs\Garmin Unlock Utility\Garmin Unlock Utility.rar/02 - Garmin Keygen v1.3/Keygen v1.3.exe/data0000.cab/KEYGEN~2.EXE/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.nkl skipped

D:\Programs\Garmin Unlock Utility\Garmin Unlock Utility.rar/02 - Garmin Keygen v1.3/Keygen v1.3.exe/data0000.cab/KEYGEN~2.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.nkl skipped

D:\Programs\Garmin Unlock Utility\Garmin Unlock Utility.rar/02 - Garmin Keygen v1.3/Keygen v1.3.exe/data0000.cab/is152185.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.lvo skipped

D:\Programs\Garmin Unlock Utility\Garmin Unlock Utility.rar/02 - Garmin Keygen v1.3/Keygen v1.3.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.lvo skipped

D:\Programs\Garmin Unlock Utility\Garmin Unlock Utility.rar/02 - Garmin Keygen v1.3/Keygen v1.3.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.lvo skipped

D:\Programs\Garmin Unlock Utility\Garmin Unlock Utility.rar/03 - IMEI Converter v1.0 - Only needed for Cellphones/IMEI converter.exe/data0000.cab/is152185.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.lvo skipped

D:\Programs\Garmin Unlock Utility\Garmin Unlock Utility.rar/03 - IMEI Converter v1.0 - Only needed for Cellphones/IMEI converter.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.lvo skipped

D:\Programs\Garmin Unlock Utility\Garmin Unlock Utility.rar/03 - IMEI Converter v1.0 - Only needed for Cellphones/IMEI converter.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.lvo skipped

D:\Programs\Garmin Unlock Utility\Garmin Unlock Utility.rar/04 - Garmin License Key Parser v1.7.1 - Verifys License Keys Created/GarminKey_Parser.exe/data0000.cab/is152185.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.lvo skipped

D:\Programs\Garmin Unlock Utility\Garmin Unlock Utility.rar/04 - Garmin License Key Parser v1.7.1 - Verifys License Keys Created/GarminKey_Parser.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.lvo skipped

D:\Programs\Garmin Unlock Utility\Garmin Unlock Utility.rar/04 - Garmin License Key Parser v1.7.1 - Verifys License Keys Created/GarminKey_Parser.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.lvo skipped

D:\Programs\Garmin Unlock Utility\Garmin Unlock Utility.rar/Original Downloads/Garmin KeyGen v1.2/KeyGen v1.2.exe/data0000.cab/is152185.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.lvo skipped

D:\Programs\Garmin Unlock Utility\Garmin Unlock Utility.rar/Original Downloads/Garmin KeyGen v1.2/KeyGen v1.2.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.lvo skipped

D:\Programs\Garmin Unlock Utility\Garmin Unlock Utility.rar/Original Downloads/Garmin KeyGen v1.2/KeyGen v1.2.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.lvo skipped

D:\Programs\Garmin Unlock Utility\Garmin Unlock Utility.rar/Original Downloads/GarminKeygen_v1.3+ IMEI Converter v1.0/IMEI converter.exe/data0000.cab/is152185.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.lvo skipped

D:\Programs\Garmin Unlock Utility\Garmin Unlock Utility.rar/Original Downloads/GarminKeygen_v1.3+ IMEI Converter v1.0/IMEI converter.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.lvo skipped

D:\Programs\Garmin Unlock Utility\Garmin Unlock Utility.rar/Original Downloads/GarminKeygen_v1.3+ IMEI Converter v1.0/IMEI converter.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.lvo skipped

D:\Programs\Garmin Unlock Utility\Garmin Unlock Utility.rar/Original Downloads/GarminKeygen_v1.3+ IMEI Converter v1.0/keygen.exe/data0000.cab/is152185.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.lvo skipped

D:\Programs\Garmin Unlock Utility\Garmin Unlock Utility.rar/Original Downloads/GarminKeygen_v1.3+ IMEI Converter v1.0/keygen.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.lvo skipped

D:\Programs\Garmin Unlock Utility\Garmin Unlock Utility.rar/Original Downloads/GarminKeygen_v1.3+ IMEI Converter v1.0/keygen.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.lvo skipped

D:\Programs\Garmin Unlock Utility\Garmin Unlock Utility.rar RAR: infected - 33 skipped

D:\Programs\Hard Disk Manager 2008 Proffesoinal Extreme Edition(Latest)\Hard Disk Manager 2008 Proffesoinal Extreme Edition(Latest).rar/hdm_setup.exe Infected: Trojan-Dropper.Win32.Agent.qzl skipped

D:\Programs\Hard Disk Manager 2008 Proffesoinal Extreme Edition(Latest)\Hard Disk Manager 2008 Proffesoinal Extreme Edition(Latest).rar RAR: infected - 1 skipped

D:\Programs\Hide IP Platinum 3.5 And Keygen (New Version)\hideippla.EXE/data0000.cab/is68591.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.ks skipped

D:\Programs\Hide IP Platinum 3.5 And Keygen (New Version)\hideippla.EXE/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.ks skipped

D:\Programs\Hide IP Platinum 3.5 And Keygen (New Version)\hideippla.EXE Rsrc-Package: infected - 2 skipped

D:\Programs\Ip Computer hacker\Ip Computer hacker.exe/data0000.cab/IPCOMP~1.EXE Infected: Backdoor.Win32.Ciadoor.13.kb skipped

D:\Programs\Ip Computer hacker\Ip Computer hacker.exe/data0000.cab Infected: Backdoor.Win32.Ciadoor.13.kb skipped

D:\Programs\Ip Computer hacker\Ip Computer hacker.exe Rsrc-Package: infected - 2 skipped

D:\Programs\Latest 2008 Software Make Your USB Storage Device into Bootable.rar/SP27213.exe/data.rar/SP27213.exe Infected: Trojan-Dropper.Win32.Agent.fsn skipped

D:\Programs\Latest 2008 Software Make Your USB Storage Device into Bootable.rar/SP27213.exe/data.rar Infected: Trojan-Dropper.Win32.Agent.fsn skipped

D:\Programs\Latest 2008 Software Make Your USB Storage Device into Bootable.rar/SP27213.exe Infected: Trojan-Dropper.Win32.Agent.fsn skipped

D:\Programs\Latest 2008 Software Make Your USB Storage Device into Bootable.rar RAR: infected - 3 skipped

D:\Programs\Marine FishTank 3D ScreenSaver v1.0 - rG\MeerwasserAquarium3D.rar/MeerwasserAquarium3D.exe Infected: Trojan-Dropper.Win32.Agent.qzl skipped

D:\Programs\Marine FishTank 3D ScreenSaver v1.0 - rG\MeerwasserAquarium3D.rar RAR: infected - 1 skipped

D:\Programs\Mp3.Splitter.and.Joiner.Pro.v3.48.Build.1.Incl.Patch.and.Keygen-Lz0\mp3mate.exe Infected: Trojan.Win32.AntiAV.t skipped

D:\Programs\Nero 8 Keygen Final.exe Infected: Backdoor.Win32.Agent.bmn skipped

D:\Programs\Nero 8 Ultra Edition Keygen-serials\Keygen.exe/data0000 Infected: Backdoor.Win32.Rbot.feh skipped

D:\Programs\Nero 8 Ultra Edition Keygen-serials\Keygen.exe EmbeddedEXE: infected - 1 skipped

D:\Programs\nero-keygen-all versions.exe/dll32.exe Infected: Backdoor.Win32.Iroffer.z skipped

D:\Programs\nero-keygen-all versions.exe/events.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.5001 skipped

D:\Programs\nero-keygen-all versions.exe RAR: infected - 2 skipped

D:\Programs\PDF.Password.Recoverer.ZION.zip/PDF.Password.Recoverer.ZION/Setup PPR.exe Infected: Backdoor.Win32.SdBot.cki skipped

D:\Programs\PDF.Password.Recoverer.ZION.zip ZIP: infected - 1 skipped

D:\Programs\TuneUp.Utilities.2008.v7.0.7992.Winall.Cracked-NoPE.rar/tuneup.utilities.2008.v7.0.7992-nope.exe/data0000.cab/update.exe Infected: Trojan.Win32.Agent.efb skipped

D:\Programs\TuneUp.Utilities.2008.v7.0.7992.Winall.Cracked-NoPE.rar/tuneup.utilities.2008.v7.0.7992-nope.exe/data0000.cab Infected: Trojan.Win32.Agent.efb skipped

D:\Programs\TuneUp.Utilities.2008.v7.0.7992.Winall.Cracked-NoPE.rar/tuneup.utilities.2008.v7.0.7992-nope.exe Infected: Trojan.Win32.Agent.efb skipped

D:\Programs\TuneUp.Utilities.2008.v7.0.7992.Winall.Cracked-NoPE.rar RAR: infected - 3 skipped

D:\Programs\TuneUp_Utilities_2008-beta1.zip/TuneUp_Utilities_2008-beta1.exe/555certigameka232.exe Infected: Backdoor.Win32.Shark.cq skipped

D:\Programs\TuneUp_Utilities_2008-beta1.zip/TuneUp_Utilities_2008-beta1.exe Infected: Backdoor.Win32.Shark.cq skipped

D:\Programs\TuneUp_Utilities_2008-beta1.zip ZIP: infected - 2 skipped

D:\Programs\Ultimate Hacks & Cracks Pack (AIO)\Ultimate Hacks & Cracks Pack (AIO).rar/AutoPlay/Docs/Hacking section.rar/Hacking section/exploits.zip/Blitzkrieg 2 _ 1.21 players kicker VER.zip/blitzkrieg.exe Infected: Exploit.Win32.Kicker.121 skipped

D:\Programs\Ultimate Hacks & Cracks Pack (AIO)\Ultimate Hacks & Cracks Pack (AIO).rar/AutoPlay/Docs/Hacking section.rar/Hacking section/exploits.zip/Blitzkrieg 2 _ 1.21 players kicker VER.zip Infected: Exploit.Win32.Kicker.121 skipped

D:\Programs\Ultimate Hacks & Cracks Pack (AIO)\Ultimate Hacks & Cracks Pack (AIO).rar/AutoPlay/Docs/Hacking section.rar/Hacking section/exploits.zip/MS05-047.exe Infected: Exploit.Win32.RPC.d skipped

D:\Programs\Ultimate Hacks & Cracks Pack (AIO)\Ultimate Hacks & Cracks Pack (AIO).rar/AutoPlay/Docs/Hacking section.rar/Hacking section/exploits.zip/ms05039exploitGUI.rar/ms05039GUI.exe Infected: Exploit.Win32.MS05-039.u skipped

D:\Programs\Ultimate Hacks & Cracks Pack (AIO)\Ultimate Hacks & Cracks Pack (AIO).rar/AutoPlay/Docs/Hacking section.rar/Hacking section/exploits.zip/ms05039exploitGUI.rar Infected: Exploit.Win32.MS05-039.u skipped

D:\Programs\Ultimate Hacks & Cracks Pack (AIO)\Ultimate Hacks & Cracks Pack (AIO).rar/AutoPlay/Docs/Hacking section.rar/Hacking section/exploits.zip/NetDDE Remote Buffer Overflow.zip/HOD-ms04031-netdde-expl.exe Infected: Exploit.Win32.MS04-031.a skipped

D:\Programs\Ultimate Hacks & Cracks Pack (AIO)\Ultimate Hacks & Cracks Pack (AIO).rar/AutoPlay/Docs/Hacking section.rar/Hacking section/exploits.zip/NetDDE Remote Buffer Overflow.zip Infected: Exploit.Win32.MS04-031.a skipped

D:\Programs\Ultimate Hacks & Cracks Pack (AIO)\Ultimate Hacks & Cracks Pack (AIO).rar/AutoPlay/Docs/Hacking section.rar/Hacking section/exploits.zip/phpbbexp.rar/phpbbexp.exe Infected: Exploit.Win32.PhpBB.g skipped

D:\Programs\Ultimate Hacks & Cracks Pack (AIO)\Ultimate Hacks & Cracks Pack (AIO).rar/AutoPlay/Docs/Hacking section.rar/Hacking section/exploits.zip/phpbbexp.rar/sniper.pl Infected: Exploit.Perl.PhpBB.e skipped

D:\Programs\Ultimate Hacks & Cracks Pack (AIO)\Ultimate Hacks & Cracks Pack (AIO).rar/AutoPlay/Docs/Hacking section.rar/Hacking section/exploits.zip/phpbbexp.rar Infected: Exploit.Perl.PhpBB.e skipped

D:\Programs\Ultimate Hacks & Cracks Pack (AIO)\Ultimate Hacks & Cracks Pack (AIO).rar/AutoPlay/Docs/Hacking section.rar/Hacking section/exploits.zip Infected: Exploit.Perl.PhpBB.e skipped

D:\Programs\Ultimate Hacks & Cracks Pack (AIO)\Ultimate Hacks & Cracks Pack (AIO).rar/AutoPlay/Docs/Hacking section.rar Infected: Exploit.Perl.PhpBB.e skipped

D:\Programs\Ultimate Hacks & Cracks Pack (AIO)\Ultimate Hacks & Cracks Pack (AIO).rar RAR: infected - 12 skipped

D:\Programs\Vista Automated Activation Crack v3.0.exe/data0000.cab/TOKERS~1.EXE Infected: Virus.Win32.Parite.b skipped

D:\Programs\Vista Automated Activation Crack v3.0.exe/data0000.cab Infected: Virus.Win32.Parite.b skipped

D:\Programs\Vista Automated Activation Crack v3.0.exe Rsrc-Package: infected - 2 skipped

D:\Programs\VLC.Media.Player + 16 Skins\VLC.Media.Player+ 16 Skins.rar/VLC.Media.Player+ 16 Skins/vlc-0.8.6a-win32.EXE/data0000.cab/is152304.exe Infected: Trojan.Win32.Monder.gen skipped

D:\Programs\VLC.Media.Player + 16 Skins\VLC.Media.Player+ 16 Skins.rar/VLC.Media.Player+ 16 Skins/vlc-0.8.6a-win32.EXE/data0000.cab Infected: Trojan.Win32.Monder.gen skipped

D:\Programs\VLC.Media.Player + 16 Skins\VLC.Media.Player+ 16 Skins.rar/VLC.Media.Player+ 16 Skins/vlc-0.8.6a-win32.EXE Infected: Trojan.Win32.Monder.gen skipped

D:\Programs\VLC.Media.Player + 16 Skins\VLC.Media.Player+ 16 Skins.rar RAR: infected - 3 skipped

D:\Programs\Windows Genuine Activation WinXP-ALL Permanent Crack[WGA]-WOLViSH\Step 2 (create serial).exe Infected: Trojan-Dropper.Win32.Agent.qzl skipped

D:\Programs\Windows Genuine Activation WinXP-ALL Permanent Crack[WGA]-WOLViSH\Step 3 (change serial).exe Infected: Trojan-Dropper.Win32.Agent.qzl skipped

D:\Programs\Windows Genuine Activation WinXP-ALL Permanent Crack[WGA]-WOLViSH\Step 4 (verify).exe Infected: Trojan-Dropper.Win32.Agent.qzl skipped

D:\Programs\Winzip 11.1 multi Language Keygen .exe/is151127.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.bhf skipped

D:\Programs\Winzip 11.1 multi Language Keygen .exe RAR: infected - 1 skipped

D:\Programs\Your Uninstaller 2008 Pro_6.1.1231__Indianboy\yu2008setup.exe Infected: Trojan-Dropper.Win32.Agent.dqt skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

E:\Backedup from D\Limewire\Programs\google navigator - b.zip/Setup.exe Infected: not-a-virus:AdWare.Win32.Agent.zk skipped

E:\Backedup from D\Limewire\Programs\google navigator - b.zip ZIP: infected - 1 skipped

E:\Backedup from D\Limewire\Programs\google navigator - c.zip/Setup.exe Infected: not-a-virus:AdWare.Win32.Agent.zk skipped

E:\Backedup from D\Limewire\Programs\google navigator - c.zip ZIP: infected - 1 skipped

E:\Backedup from D\Limewire\Programs\google navigator.zip/setup.exe Infected: not-a-virus:AdWare.Win32.Sahat.cd skipped

E:\Backedup from D\Limewire\Programs\google navigator.zip ZIP: infected - 1 skipped

E:\Backedup from D\Limewire\Programs\printit new.zip/setup.exe/data0009/stream/data0004 Infected: not-a-virus:AdWare.Win32.NewWeb.ay skipped

E:\Backedup from D\Limewire\Programs\printit new.zip/setup.exe/data0009/stream Infected: not-a-virus:AdWare.Win32.NewWeb.ay skipped

E:\Backedup from D\Limewire\Programs\printit new.zip/setup.exe/data0009 Infected: not-a-virus:AdWare.Win32.NewWeb.ay skipped

E:\Backedup from D\Limewire\Programs\printit new.zip/setup.exe/data0010/stream/data0004 Infected: not-a-virus:AdWare.Win32.BHO.aad skipped

E:\Backedup from D\Limewire\Programs\printit new.zip/setup.exe/data0010/stream/data0005 Infected: not-a-virus:AdWare.Win32.BHO.aad skipped

E:\Backedup from D\Limewire\Programs\printit new.zip/setup.exe/data0010/stream Infected: not-a-virus:AdWare.Win32.BHO.aad skipped

E:\Backedup from D\Limewire\Programs\printit new.zip/setup.exe/data0010 Infected: not-a-virus:AdWare.Win32.BHO.aad skipped

E:\Backedup from D\Limewire\Programs\printit new.zip/setup.exe Infected: not-a-virus:AdWare.Win32.BHO.aad skipped

E:\Backedup from D\Limewire\Programs\printit new.zip ZIP: infected - 8 skipped

E:\Backedup from D\Limewire\Programs\printit wet and wild.zip/setup.exe/data0009/stream/data0004 Infected: not-a-virus:AdWare.Win32.TrafficSol.o skipped

E:\Backedup from D\Limewire\Programs\printit wet and wild.zip/setup.exe/data0009/stream Infected: not-a-virus:AdWare.Win32.TrafficSol.o skipped

E:\Backedup from D\Limewire\Programs\printit wet and wild.zip/setup.exe/data0009 Infected: not-a-virus:AdWare.Win32.TrafficSol.o skipped

E:\Backedup from D\Limewire\Programs\printit wet and wild.zip/setup.exe/data0010/stream/data0005 Infected: not-a-virus:AdWare.Win32.BHO.adj skipped

E:\Backedup from D\Limewire\Programs\printit wet and wild.zip/setup.exe/data0010/stream/data0006 Infected: not-a-virus:AdWare.Win32.BHO.ww skipped

E:\Backedup from D\Limewire\Programs\printit wet and wild.zip/setup.exe/data0010/stream Infected: not-a-virus:AdWare.Win32.BHO.ww skipped

E:\Backedup from D\Limewire\Programs\printit wet and wild.zip/setup.exe/data0010 Infected: not-a-virus:AdWare.Win32.BHO.ww skipped

E:\Backedup from D\Limewire\Programs\printit wet and wild.zip/setup.exe Infected: not-a-virus:AdWare.Win32.BHO.ww skipped

E:\Backedup from D\Limewire\Programs\printit wet and wild.zip ZIP: infected - 8 skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/26 Mar 2004 19:08 from Mail Delivery System:Mail delivery failed.eml/[From rick.murray@fhwa.dot.gov][Date Fri, 26 Mar 2004 14:01:19 -0500]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/26 Mar 2004 19:08 from Mail Delivery System:Mail delivery failed.eml/[From rick.murray@fhwa.dot.gov][Date Fri, 26 Mar 2004 14:01:19 -0500]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/26 Mar 2004 19:08 from Mail Delivery System:Mail delivery failed.eml/[From rick.murray@fhwa.dot.gov][Date Fri, 26 Mar 2004 14:01:19 -0500]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/26 Mar 2004 19:08 from Mail Delivery System:Mail delivery failed.eml/[From rick.murray@fhwa.dot.gov][Date Fri, 26 Mar 2004 14:01:19 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/26 Mar 2004 19:08 from Mail Delivery System:Mail delivery failed.eml Infected: Email-Worm.Win32.NetSky.q skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/04 Apr 2004 04:31 from Mail Delivery Subsystem:Returned mail: se/04 Apr 2004 04:31 from Murray, Rick:Mail Delivery (failure dave..rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/12 Apr 2004 13:31 from Postmaster:Undeliverable Mail.eml/[From rick.murray@fhwa.dot.gov][Date Mon, 12 Apr 2004 09:21:17 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/12 Apr 2004 13:31 from Postmaster:Undeliverable Mail.eml/[From rick.murray@fhwa.dot.gov][Date Mon, 12 Apr 2004 09:21:17 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/12 Apr 2004 13:31 from Postmaster:Undeliverable Mail.eml Suspicious: Exploit.HTML.Iframe.FileDownload skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/01 May 2004 13:40 from Mail Delivery System:Mail delivery failed.eml/[From rick.murray@fhwa.dot.gov][Date Sat, 1 May 2004 07:42:17 -0600]/UNNAMED/information.rtf.com Infected: Email-Worm.Win32.NetSky.b skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/01 May 2004 13:40 from Mail Delivery System:Mail delivery failed.eml/[From rick.murray@fhwa.dot.gov][Date Sat, 1 May 2004 07:42:17 -0600]/UNNAMED Infected: Email-Worm.Win32.NetSky.b skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/01 May 2004 13:40 from Mail Delivery System:Mail delivery failed.eml Infected: Email-Worm.Win32.NetSky.b skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/01 May 2004 13:40 from Mail Delivery System:Mail delivery failed.eml/[From rick.murray@fhwa.dot.gov][Date Sat, 1 May 2004 07:42:17 -0600]/UNNAMED/information.rtf.com Infected: Email-Worm.Win32.NetSky.b skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/01 May 2004 13:40 from Mail Delivery System:Mail delivery failed.eml/[From rick.murray@fhwa.dot.gov][Date Sat, 1 May 2004 07:42:17 -0600]/UNNAMED Infected: Email-Worm.Win32.NetSky.b skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/01 May 2004 13:40 from Mail Delivery System:Mail delivery failed.eml Infected: Email-Worm.Win32.NetSky.b skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/12 Apr 2004 13:31 from Postmaster:Undeliverable Mail.eml/[From rick.murray@fhwa.dot.gov][Date Mon, 12 Apr 2004 09:21:17 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/12 Apr 2004 13:31 from Postmaster:Undeliverable Mail.eml/[From rick.murray@fhwa.dot.gov][Date Mon, 12 Apr 2004 09:21:17 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/12 Apr 2004 13:31 from Postmaster:Undeliverable Mail.eml Suspicious: Exploit.HTML.Iframe.FileDownload skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/04 Apr 2004 04:31 from Mail Delivery Subsystem:Returned mail: se/04 Apr 2004 04:31 from Murray, Rick:Mail Delivery (failure dave..rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/26 Mar 2004 19:08 from Mail Delivery System:Mail delivery failed.eml/[From rick.murray@fhwa.dot.gov][Date Fri, 26 Mar 2004 14:01:19 -0500]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/26 Mar 2004 19:08 from Mail Delivery System:Mail delivery failed.eml/[From rick.murray@fhwa.dot.gov][Date Fri, 26 Mar 2004 14:01:19 -0500]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/26 Mar 2004 19:08 from Mail Delivery System:Mail delivery failed.eml/[From rick.murray@fhwa.dot.gov][Date Fri, 26 Mar 2004 14:01:19 -0500]/UNNAMED/message.scr Infected: Email-Worm.Win32.NetSky.q skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/26 Mar 2004 19:08 from Mail Delivery System:Mail delivery failed.eml/[From rick.murray@fhwa.dot.gov][Date Fri, 26 Mar 2004 14:01:19 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/26 Mar 2004 19:08 from Mail Delivery System:Mail delivery failed.eml Infected: Email-Worm.Win32.NetSky.q skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/24 Mar 2004 14:44 from postmaster@bellevue.com:Delivery Status N/24 Mar 2004 14:00 to eek@bellevue.com:Mail Delivery (failure eek.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/02 Mar 2004 20:18 from Prior, Bob:Katrina/ATT53209.txt Infected: Email-Worm.Win32.Bagle.e.txt skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/28 Aug 2003 15:04 from MAILER-DAEMON@mail19a.dulles19-verio.com:.eml/[From ][Date Thu, 28 Aug 2003 10:51:24 --0400]/UNNAMED/thank_you.pif Infected: Email-Worm.Win32.Sobig.f skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/28 Aug 2003 15:04 from MAILER-DAEMON@mail19a.dulles19-verio.com:.eml/[From ][Date Thu, 28 Aug 2003 10:51:24 --0400]/UNNAMED Infected: Email-Worm.Win32.Sobig.f skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/28 Aug 2003 15:04 from MAILER-DAEMON@mail19a.dulles19-verio.com:.eml Infected: Email-Worm.Win32.Sobig.f skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/25 Aug 2003 20:10 from Mail Delivery System:Mail delivery failed.eml/[From ][Date Mon, 25 Aug 2003 16:10:02 --0400]/UNNAMED/movie0045.pif Infected: Email-Worm.Win32.Sobig.f skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/25 Aug 2003 20:10 from Mail Delivery System:Mail delivery failed.eml/[From ][Date Mon, 25 Aug 2003 16:10:02 --0400]/UNNAMED Infected: Email-Worm.Win32.Sobig.f skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/25 Aug 2003 20:10 from Mail Delivery System:Mail delivery failed.eml Infected: Email-Worm.Win32.Sobig.f skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/25 Aug 2003 15:27 from MAILER-DAEMON@discovery.comsite.net:failu.eml/[From ][Date Mon, 25 Aug 2003 11:27:11 --0400]/UNNAMED/thank_you.pif Infected: Email-Worm.Win32.Sobig.f skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/25 Aug 2003 15:27 from MAILER-DAEMON@discovery.comsite.net:failu.eml/[From ][Date Mon, 25 Aug 2003 11:27:11 --0400]/UNNAMED Infected: Email-Worm.Win32.Sobig.f skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/25 Aug 2003 15:27 from MAILER-DAEMON@discovery.comsite.net:failu.eml Infected: Email-Worm.Win32.Sobig.f skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/25 Aug 2003 13:49 from MAILER-DAEMON@world3.aosoft.com:failure n.eml/[From ][Date Mon, 25 Aug 2003 9:32:59 --0400]/UNNAMED/movie0045.pif Infected: Email-Worm.Win32.Sobig.f skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/25 Aug 2003 13:49 from MAILER-DAEMON@world3.aosoft.com:failure n.eml/[From ][Date Mon, 25 Aug 2003 9:32:59 --0400]/UNNAMED Infected: Email-Worm.Win32.Sobig.f skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/25 Aug 2003 13:49 from MAILER-DAEMON@world3.aosoft.com:failure n.eml Infected: Email-Worm.Win32.Sobig.f skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/19 Aug 2003 16:10 from Mail Delivery System:Mail delivery failed.eml/[From ][Date Tue, 19 Aug 2003 12:09:42 --0400]/UNNAMED/application.pif Infected: Email-Worm.Win32.Sobig.f skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/19 Aug 2003 16:10 from Mail Delivery System:Mail delivery failed.eml/[From ][Date Tue, 19 Aug 2003 12:09:42 --0400]/UNNAMED Infected: Email-Worm.Win32.Sobig.f skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/19 Aug 2003 16:10 from Mail Delivery System:Mail delivery failed.eml Infected: Email-Worm.Win32.Sobig.f skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/24 Mar 2004 14:44 from postmaster@bellevue.com:Delivery Status N/24 Mar 2004 14:00 to eek@bellevue.com:Mail Delivery (failure eek.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/02 Mar 2004 20:18 from Prior, Bob:Katrina/ATT53209.txt Infected: Email-Worm.Win32.Bagle.e.txt skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/28 Aug 2003 15:04 from MAILER-DAEMON@mail19a.dulles19-verio.com:.eml/[From ][Date Thu, 28 Aug 2003 10:51:24 --0400]/UNNAMED/thank_you.pif Infected: Email-Worm.Win32.Sobig.f skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/28 Aug 2003 15:04 from MAILER-DAEMON@mail19a.dulles19-verio.com:.eml/[From ][Date Thu, 28 Aug 2003 10:51:24 --0400]/UNNAMED Infected: Email-Worm.Win32.Sobig.f skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/28 Aug 2003 15:04 from MAILER-DAEMON@mail19a.dulles19-verio.com:.eml Infected: Email-Worm.Win32.Sobig.f skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/25 Aug 2003 20:10 from Mail Delivery System:Mail delivery failed.eml/[From ][Date Mon, 25 Aug 2003 16:10:02 --0400]/UNNAMED/movie0045.pif Infected: Email-Worm.Win32.Sobig.f skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/25 Aug 2003 20:10 from Mail Delivery System:Mail delivery failed.eml/[From ][Date Mon, 25 Aug 2003 16:10:02 --0400]/UNNAMED Infected: Email-Worm.Win32.Sobig.f skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/25 Aug 2003 20:10 from Mail Delivery System:Mail delivery failed.eml Infected: Email-Worm.Win32.Sobig.f skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/25 Aug 2003 15:27 from MAILER-DAEMON@discovery.comsite.net:failu.eml/[From ][Date Mon, 25 Aug 2003 11:27:11 --0400]/UNNAMED/thank_you.pif Infected: Email-Worm.Win32.Sobig.f skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/25 Aug 2003 15:27 from MAILER-DAEMON@discovery.comsite.net:failu.eml/[From ][Date Mon, 25 Aug 2003 11:27:11 --0400]/UNNAMED Infected: Email-Worm.Win32.Sobig.f skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/25 Aug 2003 15:27 from MAILER-DAEMON@discovery.comsite.net:failu.eml Infected: Email-Worm.Win32.Sobig.f skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/25 Aug 2003 13:49 from MAILER-DAEMON@world3.aosoft.com:failure n.eml/[From ][Date Mon, 25 Aug 2003 9:32:59 --0400]/UNNAMED/movie0045.pif Infected: Email-Worm.Win32.Sobig.f skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/25 Aug 2003 13:49 from MAILER-DAEMON@world3.aosoft.com:failure n.eml/[From ][Date Mon, 25 Aug 2003 9:32:59 --0400]/UNNAMED Infected: Email-Worm.Win32.Sobig.f skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/25 Aug 2003 13:49 from MAILER-DAEMON@world3.aosoft.com:failure n.eml Infected: Email-Worm.Win32.Sobig.f skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/19 Aug 2003 16:10 from Mail Delivery System:Mail delivery failed.eml/[From ][Date Tue, 19 Aug 2003 12:09:42 --0400]/UNNAMED/application.pif Infected: Email-Worm.Win32.Sobig.f skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/19 Aug 2003 16:10 from Mail Delivery System:Mail delivery failed.eml/[From ][Date Tue, 19 Aug 2003 12:09:42 --0400]/UNNAMED Infected: Email-Worm.Win32.Sobig.f skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/19 Aug 2003 16:10 from Mail Delivery System:Mail delivery failed.eml Infected: Email-Worm.Win32.Sobig.f skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/01 Sep 2004 04:33 from Hellie, Christian:foto/fotos.zip/foto.htm Infected: Exploit.HTML.CodeBaseExec skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/01 Sep 2004 04:33 from Hellie, Christian:foto/fotos.zip/1/calc.exe Infected: Trojan.Win32.Glieder.gen skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/01 Sep 2004 04:33 from Hellie, Christian:foto/fotos.zip Infected: Trojan.Win32.Glieder.gen skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/31 Aug 2004 21:34 from Hellie, Christian:foto/fotos.zip.ZIP/fotos.zip/foto/foto.html Infected: Exploit.HTML.CodeBaseExec skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/31 Aug 2004 21:34 from Hellie, Christian:foto/fotos.zip.ZIP/fotos.zip/foto/foto/foto1.exe Infected: Trojan.Win32.Glieder.gen skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/31 Aug 2004 21:34 from Hellie, Christian:foto/fotos.zip.ZIP/fotos.zip Infected: Trojan.Win32.Glieder.gen skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/31 Aug 2004 21:34 from Hellie, Christian:foto/fotos.zip.ZIP Infected: Trojan.Win32.Glieder.gen skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/15 Aug 2004 15:51 from US Bank:Important Banking Mail [Sun, 15 A.rtf Infected: Trojan-Spy.HTML.Usbankfraud.p skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/10 Aug 2004 14:56 from Mail Delivery System:Mail delivery failed.eml/[From rick.murray@fhwa.dot.gov][Date Tue, 10 Aug 2004 10:54:12 -0700]/UNNAMED/message.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/10 Aug 2004 14:56 from Mail Delivery System:Mail delivery failed.eml/[From rick.murray@fhwa.dot.gov][Date Tue, 10 Aug 2004 10:54:12 -0700]/UNNAMED/message.zip Infected: Email-Worm.Win32.NetSky.q skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/10 Aug 2004 14:56 from Mail Delivery System:Mail delivery failed.eml/[From rick.murray@fhwa.dot.gov][Date Tue, 10 Aug 2004 10:54:12 -0700]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped

E:\Backedup from D\Outlook\Rick.pst/Rick's Work Archive/Cabinet/Virus? - Fraud?/10 Aug 2004 14:56 from Mail Delivery System:Mail delivery failed.eml Infected: Email-Worm.Win32.NetSky.q skipped

E:\Backedup from D\Outlook\Rick.pst MailMSMaill: infected - 56, suspicious - 14 skipped

E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.


**************************************
Here is my Deckard's System Scanner Report:
**************************************

Deckard's System Scanner v20071014.68
Run by Rick on 2008-05-30 07:26:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; unknown error code 0x00000003


-- Last 4 Restore Point(s) --
4: 2008-05-30 11:26:11 UTC - RP346 - Deckard's System Scanner Restore Point
3: 2008-05-30 06:45:28 UTC - RP345 - System Checkpoint
2: 2008-05-29 06:10:03 UTC - RP344 - System Checkpoint
1: 2008-05-28 02:47:21 UTC - RP343 - Spyware Doctor: Cleaning Threats


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Rick.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:27:17 AM, on 5/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\US DOT VPN Client\VPN Client\cvpnd.exe
C:\WINDOWS\system32\lxcjcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\winself.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\vbpdtvdp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
C:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\Rick\Application Data\Microsoft\dtsc\12180.exe
C:\PROGRA~1\MICROS~1\rapimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Documents and Settings\Rick\Desktop\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Rick.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/runonce2.aspx
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\vbpdtvdp.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - C:\DOCUME~1\Rick\LOCALS~1\Temp\~DP5A.dll (file missing)
O2 - BHO: (no name) - {63209ABE-F56F-438C-9437-B7289206BA98} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {6F76BF10-0DC8-42DB-A9B9-028E6C5DC0EB} - (no file)
O2 - BHO: (no name) - {73154230-EE51-449C-96A7-3909543B0EB9} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {9BBDD717-24CD-49F6-9DBD-9EDDA039FA9C} - (no file)
O2 - BHO: (no name) - {A48CF07A-8192-4198-B7F9-52A246079A10} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: gooochi browser optimizer - {f53bbfd9-305e-3783-f624-aa4aa77a2b1d} - C:\WINDOWS\system32\{e261e1b0-0ed0-6952-3418-5a59d698bdbb}.dll
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcjmon.exe] "C:\Program Files\Lexmark 8300 Series\lxcjmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 8300 Series\ezprint.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [BM03fa57c9] Rundll32.exe "C:\WINDOWS\system32\igqchrpj.dll",s
O4 - HKLM\..\Run: [{aacbee65-09fd-e158-65c0-cb8d16f38b34}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{e261e1b0-0ed0-6952-3418-5a59d698bdbb}.dll" DllStart
O4 - HKLM\..\RunServices: [WinxDiagUpdate] WinxDiagUpdate
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\Rick\Application Data\Microsoft\dtsc\12180.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jpwnw64k.exe
O4 - Startup: SpyHunter.lnk = C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1191455931261
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1191455917642
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://sra.dot.gov/dana-cached/setup/JuniperSetupSP1.cab
O20 - Winlogon Notify: hgggheb - hgggheb.dll (file missing)
O20 - Winlogon Notify: xxyAtsQk - xxyAtsQk.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: US DOT VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\US DOT VPN Client\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcj_device - - C:\WINDOWS\system32\lxcjcoms.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 12782 bytes

-- File Associations -----------------------------------------------------------

.ini - inifile - shell\open\command - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1
.txt - txtfile - shell\open\command - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 timounter (Acronis True Image Backup Archive Explorer) - c:\windows\system32\drivers\timntr.sys <Not Verified; Acronis; Acronis True Image>
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 usbintell - c:\windows\system32\drivers\usbintell.sys
R2 tifsfilter (Acronis True Image FS Filter) - c:\windows\system32\drivers\tifsfilt.sys <Not Verified; Acronis; Acronis True Image>
R3 dvd43llh - c:\windows\system32\drivers\dvd43llh.sys <Not Verified; RIF; DVD For Free>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 GMSIPCI - e:\install\gmsipci.sys (file missing)
S3 MSICPL - e:\install4\msicpl.sys (file missing)
S3 NTACCESS - e:\ntaccess.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 MsSecurity1.209.4 (MsSecurity Updated) - c:\windows\winself.exe service

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Scheduled Tasks -------------------------------------------------------------

2008-05-26 17:18:12 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-30 and 2008-05-30 -----------------------------

2008-05-28 23:03:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-28 23:03:25 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-28 23:03:25 0 d-------- C:\WINDOWS\LastGood
2008-05-28 21:22:50 0 d-------- C:\Program Files\Trend Micro
2008-05-27 22:48:25 32000 --a------ C:\WINDOWS\window.exe
2008-05-27 22:48:25 16384 --a------ C:\WINDOWS\svchost32.exe
2008-05-27 22:48:25 11008 --a------ C:\WINDOWS\rundll16.exe
2008-05-27 22:48:25 30208 --a------ C:\WINDOWS\quicken.exe
2008-05-27 22:48:24 28672 --a------ C:\WINDOWS\notepad32.exe
2008-05-27 22:48:24 22016 --a------ C:\WINDOWS\msupdate.exe
2008-05-27 22:48:24 11776 --a------ C:\WINDOWS\mssys.exe
2008-05-27 22:48:24 25344 --a------ C:\WINDOWS\msconfd.dll
2008-05-27 22:48:24 22528 --a------ C:\WINDOWS\internet.exe
2008-05-27 22:48:24 10752 --a------ C:\WINDOWS\iexplorer.exe
2008-05-27 22:48:24 18688 --a------ C:\WINDOWS\iedll.exe
2008-05-27 22:48:23 10240 --a------ C:\WINDOWS\editpad.exe
2008-05-27 18:03:58 0 d-------- C:\Program Files\Spyware Doctor
2008-05-27 18:03:58 0 d-------- C:\Documents and Settings\Rick\Application Data\PC Tools
2008-05-27 17:14:53 2560 --a------ C:\WINDOWS\system32\stxkrviu.exe
2008-05-27 17:09:57 126976 --a------ C:\WINDOWS\system32\igqchrpj.dll
2008-05-27 09:40:48 370176 --a------ C:\WINDOWS\system32\{e261e1b0-0ed0-6952-3418-5a59d698bdbb}.dll
2008-05-27 07:07:00 298311 --a------ C:\WINDOWS\system32\gside.exe
2008-05-27 01:15:04 14848 --a------ C:\WINDOWS\y.exe
2008-05-27 01:15:04 21760 --a------ C:\WINDOWS\xplugin.dll
2008-05-27 01:15:04 29440 --a------ C:\WINDOWS\x.exe
2008-05-27 01:15:04 20480 --a------ C:\WINDOWS\winmgnt.exe
2008-05-27 01:15:03 25088 --a------ C:\WINDOWS\winajbm.dll
2008-05-27 01:15:03 24832 --a------ C:\WINDOWS\win64.exe
2008-05-27 01:15:03 17664 --a------ C:\WINDOWS\win32e.exe
2008-05-27 01:15:03 16128 --a------ C:\WINDOWS\waol.exe
2008-05-27 01:15:03 26112 --a------ C:\WINDOWS\users32.exe
2008-05-27 01:15:03 25600 --a------ C:\WINDOWS\time.exe
2008-05-27 01:15:02 30464 --a------ C:\WINDOWS\systemcritical.exe
2008-05-27 01:15:02 15104 --a------ C:\WINDOWS\systeem.exe
2008-05-27 01:15:02 17152 --a------ C:\WINDOWS\svcinit.exe
2008-05-27 01:15:02 28672 --a------ C:\WINDOWS\sistem.exe
2008-05-27 01:15:01 11008 --a------ C:\WINDOWS\searchword.dll
2008-05-27 01:15:01 15360 --a------ C:\WINDOWS\qttasks.exe
2008-05-27 01:15:01 13568 --a------ C:\WINDOWS\olehelp.exe
2008-05-27 01:15:01 13824 --a------ C:\WINDOWS\mtwirl32.dll
2008-05-27 01:15:01 32256 --a------ C:\WINDOWS\mswsc20.dll
2008-05-27 01:15:00 10240 --a------ C:\WINDOWS\mswsc10.dll
2008-05-27 01:15:00 27392 --a------ C:\WINDOWS\msspi.dll
2008-05-27 01:15:00 10496 --a------ C:\WINDOWS\loader.exe
2008-05-27 01:14:59 24320 --a------ C:\WINDOWS\inetinf.exe
2008-05-27 01:14:59 26880 --a------ C:\WINDOWS\helpcvs.exe
2008-05-27 01:14:58 29696 --a------ C:\WINDOWS\gfmnaaa.dll
2008-05-27 01:14:58 18688 --a------ C:\WINDOWS\funny.exe
2008-05-27 01:14:58 19712 --a------ C:\WINDOWS\funniest.exe
2008-05-27 01:14:58 8704 --a------ C:\WINDOWS\explorer32.exe
2008-05-27 01:14:58 12800 --a------ C:\WINDOWS\explore.exe
2008-05-27 01:14:58 9984 --a------ C:\WINDOWS\dnsrelay.dll
2008-05-27 01:14:57 17408 --a------ C:\WINDOWS\directx32.exe
2008-05-27 01:14:57 13312 --a------ C:\WINDOWS\ctrlpan.dll
2008-05-27 01:14:57 20992 --a------ C:\WINDOWS\ctfmon32.exe
2008-05-27 01:14:57 22016 --a------ C:\WINDOWS\cpan.dll
2008-05-27 01:14:57 14848 --a------ C:\WINDOWS\clrssn.exe
2008-05-27 01:14:57 11520 --a------ C:\WINDOWS\avpcc.dll
2008-05-27 01:14:57 21248 --a------ C:\WINDOWS\accesss.exe
2008-05-27 01:00:46 859 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-05-27 01:00:38 200768 --a------ C:\WINDOWS\system32\scntqkdm.exe
2008-05-27 01:00:37 401972 --a------ C:\WINDOWS\system32\g28.exe
2008-05-27 01:00:30 86144 --a------ C:\WINDOWS\system32\drivers\usbintell.sys
2008-05-27 01:00:28 0 d-------- C:\WINDOWS\system32\rev3
2008-05-27 01:00:28 0 d-------- C:\WINDOWS\system32\acom1
2008-05-27 01:00:28 0 d-------- C:\WINDOWS\system32\1026c
2008-05-27 01:00:24 0 d-------- C:\WINDOWS\system32\vntiho06
2008-05-27 01:00:03 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-05-27 01:00:02 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-05-27 00:59:52 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-05-27 00:59:50 4 --a------ C:\WINDOWS\system32\hljwugsf.bin
2008-05-27 00:59:46 87513 --a------ C:\WINDOWS\system32\vbpdtvdp.exe <Not Verified; Microsoft; XML Media>
2008-05-27 00:59:46 87513 --a------ C:\WINDOWS\lfn.exe <Not Verified; Microsoft; XML Media>
2008-05-27 00:59:40 25857 --a------ C:\WINDOWS\winself.exe
2008-05-26 13:06:08 0 d-------- C:\!KillBox
2008-05-26 11:31:54 2560 --a------ C:\WINDOWS\system32\aytqctjl.exe
2008-05-25 05:59:51 2560 --a------ C:\WINDOWS\system32\rktbegkq.exe
2008-05-25 01:01:28 0 d-------- C:\Program Files\DiskTrix
2008-05-25 00:46:25 0 d-------- C:\Documents and Settings\Rick\Application Data\AudioMoves
2008-05-25 00:46:15 0 d-------- C:\Program Files\AudioMoves
2008-05-24 12:13:29 0 dr-h----- C:\Documents and Settings\Rick\Recent
2008-05-24 06:00:54 2560 --a------ C:\WINDOWS\system32\miusxjvn.exe
2008-05-23 05:57:57 2560 --a------ C:\WINDOWS\system32\bitvlavo.exe
2008-05-22 15:28:11 1502941 ---hs---- C:\WINDOWS\system32\viamvknk.ini2
2008-05-22 15:28:11 1364701 ---hs---- C:\WINDOWS\system32\llblyyyf.ini2
2008-05-22 06:00:13 2560 --a------ C:\WINDOWS\system32\wenqaeal.exe
2008-05-21 04:10:12 2560 --a------ C:\WINDOWS\system32\fejnykei.exe
2008-05-21 03:11:36 0 d-------- C:\Program Files\Panda Security
2008-05-20 23:23:26 4400 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-20 14:46:12 1489450 ---hs---- C:\WINDOWS\system32\ogvhtcuy.ini2
2008-05-20 02:39:23 2560 --a------ C:\WINDOWS\system32\iwnjomun.exe
2008-05-19 02:36:52 2048 --a------ C:\WINDOWS\system32\uvaoswbt.exe
2008-05-19 02:33:50 829227 --ahs---- C:\WINDOWS\system32\KUCeLUvw.ini2
2008-05-19 00:01:06 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-18 12:51:44 0 d-------- C:\Program Files\ViceVersa FREE
2008-05-17 20:16:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Seagate
2008-05-17 20:10:36 0 d-------- C:\Program Files\Seagate
2008-05-17 20:10:36 0 d-------- C:\Program Files\Common Files\Seagate
2008-05-17 20:08:14 392320 --a------ C:\WINDOWS\system32\drivers\timntr.sys <Not Verified; Acronis; Acronis True Image>
2008-05-17 20:08:14 32768 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys <Not Verified; Acronis; Acronis True Image>
2008-05-16 19:02:54 0 d-------- C:\Program Files\Disney
2008-05-16 17:13:59 0 d-------- C:\Documents and Settings\Megs\Application Data\Thunderbird
2008-05-05 10:42:23 0 d-------- C:\WINDOWS\ASTULogTemp


-- Find3M Report ---------------------------------------------------------------

2008-05-29 22:32:28 0 d-------- C:\Documents and Settings\Rick\Application Data\uTorrent
2008-05-29 14:40:22 0 d-------- C:\Program Files\Lx_cats
2008-05-26 18:10:53 0 d-------- C:\Program Files\Setup Files
2008-05-26 13:23:59 0 d-------- C:\Documents and Settings\Rick\Application Data\Apple Computer
2008-05-25 23:06:24 0 d-------- C:\Documents and Settings\Rick\Application Data\U3
2008-05-25 01:01:37 0 d-------- C:\Program Files\Common Files
2008-05-24 19:53:29 7184 --a------ C:\WINDOWS\system32\NEWSOFT
2008-05-23 19:57:42 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-18 13:18:37 0 d-------- C:\Program Files\uTorrent
2008-05-16 17:14:10 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-05-08 09:53:24 0 d-------- C:\Documents and Settings\Rick\Application Data\LimeWire
2008-05-03 20:33:55 2528 --a------ C:\Documents and Settings\Rick\Application Data\$_hpcst$.hpc
2008-05-03 20:28:47 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-05-01 18:25:09 0 d-------- C:\Documents and Settings\Rick\Application Data\Juniper Networks
2008-05-01 16:05:11 0 d-------- C:\Program Files\Safari
2008-05-01 16:04:24 0 d-------- C:\Program Files\Apple Software Update
2008-04-24 12:49:52 64872 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-04-22 00:32:33 11 --ah----- C:\Documents and Settings\Rick\Application Data\iPodAccess_Time
2008-04-16 00:58:39 0 d-------- C:\Documents and Settings\Rick\Application Data\NewSoft
2008-04-06 01:38:31 0 d-------- C:\Program Files\iTunes
2008-04-06 01:38:24 0 d-------- C:\Program Files\iPod
2008-04-06 01:37:42 0 d-------- C:\Program Files\QuickTime
2008-04-04 22:20:11 0 d-------- C:\Program Files\Quicken
2008-04-04 22:03:11 0 d-------- C:\Documents and Settings\Rick\Application Data\Intuit
2008-04-04 22:00:43 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-04 22:00:43 0 d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-04-04 21:59:39 0 d-------- C:\Program Files\TurboTax
2008-04-04 20:54:54 0 d-------- C:\Program Files\RAR Password Cracker
2008-04-01 21:06:03 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-03-08 20:35:10 34 --a------ C:\Documents and Settings\Rick\Application Data\pcouffin.log
2008-03-08 20:34:41 47360 --a------ C:\Documents and Settings\Rick\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-03-08 20:34:41 1144 --a------ C:\Documents and Settings\Rick\Application Data\pcouffin.inf
2008-03-08 20:34:41 7887 --a------ C:\Documents and Settings\Rick\Application Data\pcouffin.cat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{598F4775-6FB6-477B-9842-E0426824E077}]
C:\DOCUME~1\Rick\LOCALS~1\Temp\~DP5A.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63209ABE-F56F-438C-9437-B7289206BA98}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F76BF10-0DC8-42DB-A9B9-028E6C5DC0EB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73154230-EE51-449C-96A7-3909543B0EB9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9BBDD717-24CD-49F6-9DBD-9EDDA039FA9C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A48CF07A-8192-4198-B7F9-52A246079A10}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f53bbfd9-305e-3783-f624-aa4aa77a2b1d}]
05/27/2008 09:40 AM 370176 --a------ C:\WINDOWS\system32\{e261e1b0-0ed0-6952-3418-5a59d698bdbb}.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 05:25 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/29/2007 01:43 AM]
"nwiz"="nwiz.exe" [06/29/2007 01:43 AM C:\WINDOWS\system32\nwiz.exe]
"WinSys2"="C:\WINDOWS\system32\winsys2.exe" [04/29/2006 12:36 PM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [03/23/2005 07:26 PM]
"RTHDCPL"="RTHDCPL.EXE" [09/27/2007 03:20 PM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 07:43 PM C:\WINDOWS\Alcmtr.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [06/29/2007 01:43 AM]
"LXCJCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll" [11/21/2006 01:27 PM]
"lxcjmon.exe"="C:\Program Files\Lexmark 8300 Series\lxcjmon.exe" [01/30/2007 10:32 AM]
"EzPrint"="C:\Program Files\Lexmark 8300 Series\ezprint.exe" [01/30/2007 10:35 AM]
"WrtMon.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe" [09/20/2006 09:35 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [03/01/2008 04:49 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [04/19/2007 09:29 PM]
"DiscWizardMonitor.exe"="C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" [04/19/2007 09:24 PM]
"AcronisTimounterMonitor"="C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe" [04/19/2007 09:38 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [02/01/2008 12:55 PM]
"BM03fa57c9"="C:\WINDOWS\system32\igqchrpj.dll" [05/27/2008 05:09 PM]
"{aacbee65-09fd-e158-65c0-cb8d16f38b34}"="C:\WINDOWS\system32\{e261e1b0-0ed0-6952-3418-5a59d698bdbb}.dll" [05/27/2008 09:40 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [10/13/2004 12:24 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [06/27/2007 07:03 PM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 01:39 PM]
"Microsoft Windows Installer"="C:\Documents and Settings\Rick\Application Data\Microsoft\dtsc\12180.exe" [05/27/2008 01:00 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"WinxDiagUpdate"=WinxDiagUpdate

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\vbpdtvdp.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgggheb]
hgggheb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyAtsQk]
xxyAtsQk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\wvULeCUK

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rick^Start Menu^Programs^Startup^SUPER © Uninstall.lnk]
path=C:\Documents and Settings\Rick\Start Menu\Programs\Startup\SUPER © Uninstall.lnk
backup=C:\WINDOWS\pss\SUPER © Uninstall.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rick^Start Menu^Programs^Startup^SUPER ©.lnk]
path=C:\Documents and Settings\Rick\Start Menu\Programs\Startup\SUPER ©.lnk
backup=C:\WINDOWS\pss\SUPER ©.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
"C:\Program Files\uTorrent\uTorrent.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86f8ef12-8037-11dc-87a1-00045a4bae08}]
AutoRun\command- JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9dfe3631-192d-11dc-b400-806d6172696f}]
AutoRun\command- M:\setup.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8000 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-30 07:28:30 ------------


**************************************
And here is my Deckard's System Extra Scanner Report:
**************************************

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
CPU 1: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
CPU 2: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
CPU 3: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of Memory in Use: 37%
Physical Memory (total/avail): 2047.21 MiB / 1282.42 MiB
Pagefile Memory (total/avail): 4591.14 MiB / 1709.3 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.16 MiB

A: is Removable (FAT)
C: is Fixed (NTFS) - 372.61 GiB total, 328.57 GiB free.
D: is Fixed (NTFS) - 152.66 GiB total, 113.92 GiB free.
E: is Fixed (NTFS) - 931.51 GiB total, 682.54 GiB free.
G: is Removable (No Media)
M: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6Y160P0 - 152.66 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 152.66 GiB - D:

\\.\PHYSICALDRIVE2 - ST31000340AS - 931.51 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 931.51 GiB - E:

\\.\PHYSICALDRIVE1 - WDC WD4000YS-01MPB1 - 372.61 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 372.61 GiB - C:

\\.\PHYSICALDRIVE4 - Lexmark USB Mass Storage USB Device



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"W:\\uTorrents\\uTorrent Progs\\Utorrent 1.6.(474) + Optimal Settings + Sp2 Patch By Odiliada\\Utorrent 1.6.474.exe"="W:\\uTorrents\\uTorrent Progs\\Utorrent 1.6.(474) + Optimal Settings + Sp2 Patch By Odiliada\\Utorrent 1.6.474.exe:*:Enabled:µTorrent"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\PPMate\\ppmate.exe"="C:\\Program Files\\PPMate\\ppmate.exe:*:Enabled:PPMate"
"C:\\Program Files\\PPMate\\ppamnet.exe"="C:\\Program Files\\PPMate\\ppamnet.exe:*:Enabled:PPMate"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\WINDOWS\\system32\\lxcjcoms.exe"="C:\\WINDOWS\\system32\\lxcjcoms.exe:*:Enabled:8300 Series Server"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxcjpswx.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxcjpswx.exe:*:Enabled:8300 Series Printer Status"
"C:\\Documents and Settings\\Rick\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"="C:\\Documents and Settings\\Rick\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe:*:Enabled:Juniper Terminal Services Client"
"C:\\Program Files\\MSI\\i-Speeder\\i-Speeder.exe"="C:\\Program Files\\MSI\\i-Speeder\\i-Speeder.exe:*:Enabled:i-Speeder"
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\TurboTax\\Premier 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Premier 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Premier 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Premier 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Rick\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=RICK-ZIE9U0JM0C
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Rick
LOGONSERVER=\\RICK-ZIE9U0JM0C
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Ahead\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Rick\LOCALS~1\Temp
TMP=C:\DOCUME~1\Rick\LOCALS~1\Temp
USERDOMAIN=RICK-ZIE9U0JM0C
USERNAME=Rick
USERPROFILE=C:\Documents and Settings\Rick
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Rick (admin)
Annette
Mike
Megs
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
1Click DVD Copy Pro 3.1.3.6 --> "C:\Program Files\LG Software Innovations\1Click DVD Copy Pro\unins000.exe"
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Ad-aware 6 Professional --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AnswerWorks 4.0 Runtime - English --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AnswerWorks 5.0 English Runtime --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\setup.exe" -l0x9 -uninst -removeonly
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Art Explosion Greeting Card Factory --> MsiExec.exe /X{E5A82541-A9CE-11D4-95E3-00C04F103AA7}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Data Lifeguard Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}\Setup.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DriverGuide Toolkit --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71AA4525-52F2-4841-93B6-8DF58C0CC0DA}\setup.exe"
DVD-CLONER V5.20 Build 968 --> "C:\Program Files\Dvd-cloner\unins000.exe"
DVD-to-AVI 3.00 Build 806 --> "C:\Program Files\DVD-to-AVI\unins000.exe"
DVD-to-MPEG 3.00 Build 806 --> "C:\Program Files\DVD-to-MPEG\unins000.exe"
DVD-to-SVCD 3.00 Build 805 --> "C:\Program Files\DVD-to-SVCD\unins000.exe"
DVD43 v4.2.0 --> "C:\Program Files\dvd43\unins000.exe"
EasyRecovery Professional --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{268723B7-A994-4286-9F85-B974D5CAFC7B} /l1033
Excel Utilities 1.5 --> C:\PROGRA~1\AppsPro\EXCELU~1\UNWISE.EXE C:\PROGRA~1\AppsPro\EXCELU~1\INSTALL.LOG
Excel VBA Code Cleaner 4.4 --> C:\PROGRA~1\AppsPro\CODECL~1\UNWISE.EXE C:\PROGRA~1\AppsPro\CODECL~1\INSTALL.LOG
Excel VBA Code Documentor 4.0 --> C:\PROGRA~1\AppsPro\CODEDO~1\UNWISE.EXE C:\PROGRA~1\AppsPro\CODEDO~1\INSTALL.LOG
Fleximage Converter 1.20 Build 808 --> "C:\Program Files\Fleximage Converter\unins000.exe"
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 3.9.1108 --> "C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter\unins000.exe"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
i-Speeder --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\i-Speeder\Uninst.isu"
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Juniper Networks Cache Cleaner 5.5.0 --> "C:\Documents and Settings\Rick\Application Data\Juniper Networks\Cache Cleaner 5.5.0\uninstall.exe"
Juniper Networks Host Checker --> "C:\Documents and Settings\Rick\Application Data\Juniper Networks\Host Checker\uninstall.exe"
Juniper Terminal Services Client --> "C:\Documents and Settings\Rick\Application Data\Juniper Networks\Juniper Terminal Services Client\uninstall.exe"
jv16 PowerTools 2008 --> "C:\Program Files\jv16 PowerTools 2008\unins000.exe"
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Lexmark 8300 Series --> C:\Program Files\Lexmark 8300 Series\Install\x86\Uninst.exe
LimeWire PRO 4.12.11 --> "C:\Program Files\LimeWire\uninstall.exe"
Magic ISO Maker v5.4 (build 0239) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MemOptimizer 3 --> C:\Program Files\Pointstone\MemOptimizer 3\Uninstall.exe
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Outlook 2003 Calendar Views Add-in --> MsiExec.exe /I{8DB2C22D-A23A-4C0E-9A56-7D10440B9B40}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Sounds --> MsiExec.exe /I{10CE1EA2-12E9-11D3-825E-00C04F6843FE}
Microsoft Outlook Personal Folders Backup --> MsiExec.exe /X{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}
Microsoft Plus! Digital Media Edition --> MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
Microsoft Plus! for Windows XP --> MsiExec.exe /I{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.14) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MP3-Check (v1.0.32.0) --> "C:\Program Files\AudioMoves\unins000.exe"
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MusicBrainz Picard 0.7.2 --> C:\Program Files\MusicBrainz Picard\uninst.exe
Nero 7 Ultra Edition --> MsiExec.exe /X{847CAE64-4CD2-4B2D-AF00-978FF5431033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
PowerQuest PartitionMagic 8.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
PPMate Network TV 2.3.1.071 --> C:\Program Files\PPMate\uninst.exe
Presto! Forms 3.50.02 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B79920F8-AB6E-45B2-B257-900BBA969FF7}\setup.exe" -l0x9 -anything
Presto! PageManager 7.12.10 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72CD4C5F-AB0B-4814-8780-9A4F26A2086B}\setup.exe" -l0x9 -anything
Print to Fax --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BF2B19D-9C79-492A-8969-F059F06A627F}\setup.exe" -l0x9 ControlPanel
PrintIt --> "C:\Program Files\PrintIt\uninstall.exe"
Quicken 2008 --> MsiExec.exe /X{3B0F52AC-EF5C-4831-B221-06C782E41280}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Safari --> MsiExec.exe /I{40589552-3892-409E-B92C-9F5032A4B2F0}
Seagate DiscWizard --> MsiExec.exe /X{81A60A13-224D-4637-8203-3EAC03B121A4}
SopCast 2.0.4 --> C:\Program Files\SopCast\uninst.exe
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
TBS WMP Plug-in --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{DB5F474C-B584-417F-810B-DEBBC1893C2A}
TurboTax Deluxe Deduction Maximizer 2006 --> C:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
TurboTax ItsDeductible 2006 --> MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
TurboTax Premier 2007 --> C:\Program Files\TurboTax\Premier 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Premier 2007\Uninstall.log" -NoGui
UltimateDefrag V1 FREE Public Domain Version --> C:\Program Files\DiskTrix\UltimateDefrag\Uninstall.EXE /u:"UltimateDefrag V1 FREE Public Domain Version"
UpdateStar --> MsiExec.exe /X{40C30F59-7A5E-420C-857F-97DF43C7749A}
US DOT VPN Client --> MsiExec.exe /X{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}
ViceVersa FREE 1.0.3 --> "C:\Program Files\ViceVersa FREE\unins000.exe"
WexTech AnswerWorks --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->
XY Chart Labeler 6.22 --> C:\PROGRA~1\AppsPro\CHARTL~1\UNWISE.EXE C:\PROGRA~1\AppsPro\CHARTL~1\INSTALL.LOG
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type673 / Error
Event Submitted/Written: 05/30/2008 07:13:16 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16640, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type672 / Error
Event Submitted/Written: 05/30/2008 07:13:15 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16640, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type667 / Error
Event Submitted/Written: 05/29/2008 00:52:34 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application lxcjmon.exe, version 3.98.0.0, faulting module msvcrt.dll, version 7.0.2600.2180, fault address 0x00032a16.
Processing media-specific event for [lxcjmon.exe!ws!]

Event Record #/Type664 / Error
Event Submitted/Written: 05/29/2008 03:17:24 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application NMIndexingService.exe, version 2.0.16.0, faulting module NMIndexingService.exe, version 2.0.16.0, fault address 0x000094d9.
Processing media-specific event for [NMIndexingService.exe!ws!]

Event Record #/Type653 / Error
Event Submitted/Written: 05/27/2008 05:10:05 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application spyhunter3.exe, version 1.0.13.0, faulting module registryguard.dll, version 1.0.25.0, fault address 0x0005593c.
Processing media-specific event for [spyhunter3.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type29918 / Error
Event Submitted/Written: 05/30/2008 07:22:36 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The NMIndexingService service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type29917 / Warning
Event Submitted/Written: 05/30/2008 02:26:19 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type29916 / Warning
Event Submitted/Written: 05/29/2008 08:07:48 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type29909 / Warning
Event Submitted/Written: 05/29/2008 11:03:58 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type29903 / Warning
Event Submitted/Written: 05/29/2008 03:46:49 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-05-30 07:28:30 ------------

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:24 PM

Posted 30 May 2008 - 10:55 PM

Hello rick301,

Welcome to Bleeping Computer :thumbsup:

I need for you to disable Spyware Doctor, as it will interfere with the changes we need to make during the fix. You can re enable it once your system is clean.

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:24 PM

Posted 15 June 2008 - 02:55 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users