Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

email zombie?


  • Please log in to reply
17 replies to this topic

#1 Bill Krimm

Bill Krimm

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 18 May 2009 - 07:12 PM

One of the computers on my network (it's running win XP pro SP3) suddenly starts sending emails (ads for Viagra discounts, etc.) I only know this because Symantec Antivirus pops up notes that it is scanning e-mail and some are rejected as spam by our ISP. They all appear to be ads.

I have run MalWareBytes several times including a complete scan in safe mode. Symantec doesn't find anything and MWB came up clean the last time but the behavior continues.

I have a Hijack This file. Unfortunately I am having trouble making sure the antivirus programs are up to date since shortly after I go online the mail starts spewing out and Symantec fills the screen with popups and I have to unplug the ethernet cable.

I would appreciate suggestions/something to look for.

Thanks,

Bill

BC AdBot (Login to Remove)

 


#2 xblindx

xblindx

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 PM

Posted 18 May 2009 - 07:59 PM

Hi, and welcome to the forums! :thumbsup:

Please download ATF Cleaner by Atribune & save it to your desktop. alternate download link DO NOT use yet.
Please download and install SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)
  • Under the "Configuration and Preferences", click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.


#3 Bill Krimm

Bill Krimm
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 19 May 2009 - 05:14 PM

xblindx

Thanks. This is the third time I have tried to reply so either I am missing something or the interface is unintuitive. I keep looking for a send button but everything I try seems to lose my response.

Anyway I rescanned with MBAM before getting your instructions. Found many items of malware. Ran your instructions. The first log file is attached. Verified current file in Superantispyware and ran again with nothing found.

Problem is still there unfortuately.

Bill Krimm




SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/19/2009 at 10:56 AM

Application Version : 4.26.1002

Core Rules Database Version : 3895
Trace Rules Database Version: 1843

Scan type : Complete Scan
Total Scan Time : 01:29:09

Memory items scanned : 233
Memory threats detected : 0
Registry items scanned : 6224
Registry threats detected : 0
File items scanned : 45191
File threats detected : 13

Adware.Tracking Cookie
.2o7.net [ C:\Documents and Settings\mpurdy\Application Data\Mozilla\Profiles\default\e6cet784.slt\cookies.txt ]
.2o7.net [ C:\Documents and Settings\mpurdy\Application Data\Mozilla\Profiles\default\e6cet784.slt\cookies.txt ]
.atwola.com [ C:\Documents and Settings\mpurdy\Application Data\Mozilla\Profiles\default\e6cet784.slt\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\mpurdy\Application Data\Mozilla\Profiles\default\e6cet784.slt\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\mpurdy\Application Data\Mozilla\Profiles\default\e6cet784.slt\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\mpurdy\Application Data\Mozilla\Profiles\default\e6cet784.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\mpurdy\Application Data\Mozilla\Profiles\default\e6cet784.slt\cookies.txt ]
.specificpop.com [ C:\Documents and Settings\mpurdy\Application Data\Mozilla\Profiles\default\e6cet784.slt\cookies.txt ]
.trafficmp.com [ C:\Documents and Settings\mpurdy\Application Data\Mozilla\Profiles\default\e6cet784.slt\cookies.txt ]
.z1.adserver.com [ C:\Documents and Settings\mpurdy\Application Data\Mozilla\Profiles\default\e6cet784.slt\cookies.txt ]
.z1.adserver.com [ C:\Documents and Settings\mpurdy\Application Data\Mozilla\Profiles\default\e6cet784.slt\cookies.txt ]
ads.specificpop.com [ C:\Documents and Settings\mpurdy\Application Data\Mozilla\Profiles\default\e6cet784.slt\cookies.txt ]
ads.specificpop.com [ C:\Documents and Settings\mpurdy\Application Data\Mozilla\Profiles\default\e6cet784.slt\cookies.txt ]

#4 xblindx

xblindx

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 PM

Posted 19 May 2009 - 05:34 PM

Could you please post the original log file from your first runs with Malwarebytes? And to post a reply to this topic, use the Add Reply button located at the bottom of the page.

#5 tntpub

tntpub

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 19 May 2009 - 11:27 PM

I am having the same problem. i tried malware and when i reboot i get the same problem. I've tried the above steps xblindx has suggested ut i still get the symantec pop ups. Also see the below screen print of errors I get on startup. I've also attached the log from super antispyware below.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/20/2009 at 03:21 AM

Application Version : 4.26.1002

Core Rules Database Version : 3902
Trace Rules Database Version: 1848

Scan type : Complete Scan
Total Scan Time : 02:32:33

Memory items scanned : 214
Memory threats detected : 0
Registry items scanned : 7872
Registry threats detected : 583
File items scanned : 76648
File threats detected : 32

Adware.MyWebSearch
HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\Programmable
C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
HKLM\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE.VIR

Trojan.FavoriteMan Variant
HKU\S-1-5-21-2610632211-1466441598-1509012739-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{139D88E5-C372-469D-B4C5-1FE00852AB9B}

Adware.Ezula
HKCR\CLSID\{C03351A4-6755-11D4-8A73-0050DA2EE1BE}
HKCR\CLSID\{C03351A4-6755-11D4-8A73-0050DA2EE1BE}#AppID
HKCR\CLSID\{C03351A4-6755-11D4-8A73-0050DA2EE1BE}\LocalServer32
HKCR\CLSID\{C03351A4-6755-11D4-8A73-0050DA2EE1BE}\ProgID
HKCR\CLSID\{C03351A4-6755-11D4-8A73-0050DA2EE1BE}\Programmable
HKCR\CLSID\{C03351A4-6755-11D4-8A73-0050DA2EE1BE}\TypeLib
HKCR\CLSID\{C03351A4-6755-11D4-8A73-0050DA2EE1BE}\VersionIndependentProgID

Adware.HotBar/SpamBlockerUtility (Low Risk)
C:\Program Files\SpamBlockerUtility_Icons\Registryrepair.ico
C:\Program Files\SpamBlockerUtility_Icons\Software_Online_8.ico
C:\Program Files\SpamBlockerUtility_Icons

Adware.HotBar/ShopperReports (Low Risk)
C:\Documents and Settings\Lamont\Application Data\ShopperReports\cs\db\Aliases.dbs
C:\Documents and Settings\Lamont\Application Data\ShopperReports\cs\db\Sites.dbs
C:\Documents and Settings\Lamont\Application Data\ShopperReports\cs\db
C:\Documents and Settings\Lamont\Application Data\ShopperReports\cs\persist.dbs
C:\Documents and Settings\Lamont\Application Data\ShopperReports\cs
C:\Documents and Settings\Lamont\Application Data\ShopperReports\shprrprt.log
C:\Documents and Settings\Lamont\Application Data\ShopperReports
C:\Program Files\ShopperReports\Bin\1.1.0.0
C:\Program Files\ShopperReports\Bin
C:\Program Files\ShopperReports

Trojan.Unknown Origin
HKLM\Software\AGProtect
HKLM\Software\AGProtect#Cfg
C:\VFMF.EXE

Adware.Cydoor
HKLM\Software\Cydoor
HKLM\Software\Cydoor#AdwrCnt

Adware.GAIN/Gator
HKLM\Software\Gator.com
HKLM\Software\Gator.com\Gator
HKLM\Software\Gator.com\Gator\dyn
HKLM\Software\Gator.com\Gator\dyn#PdpFirstStart
HKLM\Software\Gator.com\Gator\dyn\Proxy
HKLM\Software\Gator.com\Gator\dyn\Proxy#UsingWininet
HKLM\Software\Gator.com\Gator\stat
HKLM\Software\Gator.com\Gator\stat#Guid

Adware.MyWebSearch/FunWebProducts
HKLM\SOFTWARE\Fun Web Products
HKLM\SOFTWARE\Fun Web Products#JpegConversionLib
HKLM\SOFTWARE\Fun Web Products#CacheDir
HKLM\SOFTWARE\Fun Web Products\MSNMessenger
HKLM\SOFTWARE\Fun Web Products\MSNMessenger#DLLFile
HKLM\SOFTWARE\Fun Web Products\MSNMessenger#DLLDir
HKLM\SOFTWARE\Fun Web Products\ScreenSaver
HKLM\SOFTWARE\Fun Web Products\ScreenSaver#ImagesDir
HKLM\SOFTWARE\Fun Web Products\Settings
HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn
HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#LastHTMLMenuURL
HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#HTMLMenuRevision
HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#ETag
HKLM\SOFTWARE\Fun Web Products\Settings\Promos
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.numActive
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.0
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqNone
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.numActive
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.0
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqUninstalled
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive2
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.1
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.2
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.3
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.4
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.5
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.6
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.7
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.8
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuPosDeleted
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#LastHTMLMenuURL
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuRevision
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#ETag
HKU\.DEFAULT\SOFTWARE\MyWebSearch
HKU\S-1-5-21-2610632211-1466441598-1509012739-1006\SOFTWARE\MyWebSearch
HKU\S-1-5-18\SOFTWARE\MyWebSearch
HKCR\FunWebProducts.DataControl.1
HKCR\FunWebProducts.DataControl.1\CLSID
HKCR\FunWebProducts.HistoryKillerScheduler
HKCR\FunWebProducts.HistoryKillerScheduler\CLSID
HKCR\FunWebProducts.HistoryKillerScheduler\CurVer
HKCR\FunWebProducts.HistoryKillerScheduler.1
HKCR\FunWebProducts.HistoryKillerScheduler.1\CLSID
HKCR\FunWebProducts.HistorySwatterControlBar
HKCR\FunWebProducts.HistorySwatterControlBar\CLSID
HKCR\FunWebProducts.HistorySwatterControlBar\CurVer
HKCR\FunWebProducts.HistorySwatterControlBar.1
HKCR\FunWebProducts.HistorySwatterControlBar.1\CLSID
HKCR\FunWebProducts.HTMLMenu
HKCR\FunWebProducts.HTMLMenu\CLSID
HKCR\FunWebProducts.HTMLMenu\CurVer
HKCR\FunWebProducts.HTMLMenu.1
HKCR\FunWebProducts.HTMLMenu.1\CLSID
HKCR\FunWebProducts.HTMLMenu.2
HKCR\FunWebProducts.HTMLMenu.2\CLSID
HKCR\FunWebProducts.IECookiesManager
HKCR\FunWebProducts.IECookiesManager\CLSID
HKCR\FunWebProducts.IECookiesManager\CurVer
HKCR\FunWebProducts.IECookiesManager.1
HKCR\FunWebProducts.IECookiesManager.1\CLSID
HKCR\FunWebProducts.KillerObjManager
HKCR\FunWebProducts.KillerObjManager\CLSID
HKCR\FunWebProducts.KillerObjManager\CurVer
HKCR\FunWebProducts.KillerObjManager.1
HKCR\FunWebProducts.KillerObjManager.1\CLSID
HKCR\FunWebProducts.PopSwatterBarButton
HKCR\FunWebProducts.PopSwatterBarButton\CLSID
HKCR\FunWebProducts.PopSwatterBarButton\CurVer
HKCR\FunWebProducts.PopSwatterBarButton.1
HKCR\FunWebProducts.PopSwatterBarButton.1\CLSID
HKCR\FunWebProducts.PopSwatterSettingsControl
HKCR\FunWebProducts.PopSwatterSettingsControl\CLSID
HKCR\FunWebProducts.PopSwatterSettingsControl\CurVer
HKCR\FunWebProducts.PopSwatterSettingsControl.1
HKCR\FunWebProducts.PopSwatterSettingsControl.1\CLSID
HKCR\MyWebSearch.ChatSessionPlugin
HKCR\MyWebSearch.ChatSessionPlugin\CLSID
HKCR\MyWebSearch.ChatSessionPlugin\CurVer
HKCR\MyWebSearch.ChatSessionPlugin.1
HKCR\MyWebSearch.ChatSessionPlugin.1\CLSID
HKCR\MyWebSearch.HTMLPanel
HKCR\MyWebSearch.HTMLPanel\CLSID
HKCR\MyWebSearch.HTMLPanel\CurVer
HKCR\MyWebSearch.HTMLPanel.1
HKCR\MyWebSearch.HTMLPanel.1\CLSID
HKCR\MyWebSearch.OutlookAddin
HKCR\MyWebSearch.OutlookAddin\CLSID
HKCR\MyWebSearch.OutlookAddin\CurVer
HKCR\MyWebSearch.OutlookAddin.1
HKCR\MyWebSearch.OutlookAddin.1\CLSID
HKCR\MyWebSearch.PseudoTransparentPlugin
HKCR\MyWebSearch.PseudoTransparentPlugin\CLSID
HKCR\MyWebSearch.PseudoTransparentPlugin\CurVer
HKCR\MyWebSearch.PseudoTransparentPlugin.1
HKCR\MyWebSearch.PseudoTransparentPlugin.1\CLSID
HKCR\MyWebSearchToolBar.SettingsPlugin
HKCR\MyWebSearchToolBar.SettingsPlugin\CLSID
HKCR\MyWebSearchToolBar.SettingsPlugin\CurVer
HKCR\MyWebSearchToolBar.SettingsPlugin.1
HKCR\MyWebSearchToolBar.SettingsPlugin.1\CLSID
HKCR\MyWebSearchToolBar.ToolbarPlugin
HKCR\MyWebSearchToolBar.ToolbarPlugin\CLSID
HKCR\MyWebSearchToolBar.ToolbarPlugin\CurVer
HKCR\MyWebSearchToolBar.ToolbarPlugin.1
HKCR\MyWebSearchToolBar.ToolbarPlugin.1\CLSID
HKCR\ScreenSaverControl.ScreenSaverInstaller
HKCR\ScreenSaverControl.ScreenSaverInstaller\CLSID
HKCR\ScreenSaverControl.ScreenSaverInstaller\CurVer
HKCR\ScreenSaverControl.ScreenSaverInstaller.1
HKCR\ScreenSaverControl.ScreenSaverInstaller.1\CLSID
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Control
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\InprocServer32
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\MiscStatus
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\MiscStatus\1
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\ProgID
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Programmable
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\TypeLib
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Version
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\VersionIndependentProgID
HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}
HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\InprocServer32
HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\InprocServer32#ThreadingModel
HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\ProgID
HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\Programmable
HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\TypeLib
HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\VersionIndependentProgID
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Implemented Categories
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\InprocServer32
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\InprocServer32#ThreadingModel
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance#CLSID
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance\InitPropertyBag
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance\InitPropertyBag#Url
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\Control
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\InprocServer32
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\InprocServer32#ThreadingModel
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\MiscStatus
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\MiscStatus\1
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\ProgID
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\Programmable
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\TypeLib
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\Version
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\VersionIndependentProgID
HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\InprocServer32
HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\InprocServer32#ThreadingModel
HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\ProgID
HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\VersionIndependentProgID
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\Control
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\InprocServer32
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\InprocServer32#ThreadingModel
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\MiscStatus
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\MiscStatus\1
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\ProgID
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\Programmable
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\TypeLib
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\Version
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\VersionIndependentProgID
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\InprocServer32
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\InprocServer32#ThreadingModel
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\ProgID
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\Programmable
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\TypeLib
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\VersionIndependentProgID
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\InprocServer32
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\InprocServer32#ThreadingModel
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\ProgID
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\Programmable
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\VersionIndependentProgID
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Control
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32#ThreadingModel
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Version
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Control
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32#ThreadingModel
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\ProgID
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Version
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\VersionIndependentProgID
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Control
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32#ThreadingModel
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Version
HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}
HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\InprocServer32
HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\InprocServer32#ThreadingModel
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\InprocServer32
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\InprocServer32#ThreadingModel
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\ProgID
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\Programmable
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\TypeLib
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\VersionIndependentProgID
HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}
HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}\InprocServer32
HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}\InprocServer32#ThreadingModel
HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\InprocServer32
HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\InprocServer32#ThreadingModel
HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\ProgID
HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\VersionIndependentProgID
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\InprocServer32
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\InprocServer32#ThreadingModel
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\MiscStatus
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\MiscStatus\1
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\ProgID
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\Programmable
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\TypeLib
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\Version
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\VersionIndependentProgID
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}\TreatAs
HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}
HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\InprocServer32
HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\InprocServer32#ThreadingModel
HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\Programmable
HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\TypeLib
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\InprocServer32
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\InprocServer32#ThreadingModel
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\ProgID
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\Programmable
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\VersionIndependentProgID
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\InprocServer32
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\InprocServer32#ThreadingModel
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\MiscStatus
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\MiscStatus\1
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\ProgID
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\Programmable
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\TypeLib
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\Version
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\VersionIndependentProgID
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\InprocServer32
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\InprocServer32#ThreadingModel
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\MiscStatus
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\MiscStatus\1
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\ProgID
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\Programmable
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\TypeLib
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\Version
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\VersionIndependentProgID
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\InprocServer32
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\InprocServer32#ThreadingModel
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\ProgID
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\Programmable
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\TypeLib
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\VersionIndependentProgID
HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}
HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\InprocServer32
HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\InprocServer32#ThreadingModel
HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\Programmable
HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\TypeLib
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\Control
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\InprocServer32
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\InprocServer32#ThreadingModel
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\MiscStatus
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\MiscStatus\1
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\ProgID
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\Programmable
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\TypeLib
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\Version
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\VersionIndependentProgID
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\0
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\0\win32
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\FLAGS
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\HELPDIR
HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}
HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0
HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\0
HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\0\win32
HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\FLAGS
HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\HELPDIR
HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}
HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0
HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\0
HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\0\win32
HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\FLAGS
HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\HELPDIR
HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}
HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0
HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\0
HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\0\win32
HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\FLAGS
HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\HELPDIR
HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0
HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\0
HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\0\win32
HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\FLAGS
HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\HELPDIR
HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0
HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\0
HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\0\win32
HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\FLAGS
HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\HELPDIR
HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}
HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0
HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\0
HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\0\win32
HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\FLAGS
HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\HELPDIR
HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}
HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0
HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\0
HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\0\win32
HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\FLAGS
HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\HELPDIR
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0\win32
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\FLAGS
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\HELPDIR
HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0
HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\0
HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\0\win32
HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\FLAGS
HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\HELPDIR
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\0
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\0\win32
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\FLAGS
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\HELPDIR
HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}
HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0
HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\0
HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\0\win32
HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\FLAGS
HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\HELPDIR
HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid
HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib
HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ProxyStubClsid
HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ProxyStubClsid32
HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib
HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib#Version
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid32
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib#Version
HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ProxyStubClsid
HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ProxyStubClsid32
HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib
HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib#Version
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid32
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib#Version
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid32
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib#Version
HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid32
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib#Version
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid32
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib#Version
HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid
HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib
HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib#Version
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib#Version
HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid
HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid32
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib#Version
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid32
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib#Version
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version
HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid32
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib#Version
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid32
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib#Version
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid32
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib#Version
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid32
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib#Version
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib#Version
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid32
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib#Version
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid32
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib#Version
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\ProxyStubClsid
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\ProxyStubClsid32
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\TypeLib
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\TypeLib#Version
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid32
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib#Version
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid32
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib#Version
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid32
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib#Version
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#UrlInfoAbout
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#MyWebSearch Plugin [ rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF ]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#My Web Search Bar [ rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S ]

Trojan.NewDotNet
C:\QOOBOX\QUARANTINE\C\WINDOWS\NDNUNINSTALL7_22.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\NDNUNINSTALL7_48.EXE.VIR

Rogue.FakeAlert/Wallpaper
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WARNING.GIF.VIR

Trojan.Downloader/ZLob
C:\WINDOWS\SYSTEM32\796525\796525.DLL

Adware.Tracking Cookie
C:\WINDOWS\system32\config\systemprofile\Cookies\system@ad.yieldmanager[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@ads.pointroll[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@advertising[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@apmebf[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@atdmt[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@doubleclick[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@edge.ru4[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@fastclick[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@mediaplex[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@msnportal.112.2o7[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@mywebsearch[2].txt


fOR SOME REASON I CANNOT POST MY SCREEN SHOTS BUT THESE ARE THE ERROR MESSAGES I KEEP RECEIVING:

1. Windows cannot find C:\DOCUME~1\Lamont\LOCALS~\Temp\SPR259B.EXE. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.

2. ERROR LOADING C:\PROGRAM~1MYWEBS~1\BAR\1BIN\M3PLUGIN.DLL THE SPECIFIED MODULE COULD NOT BE FOUND

3. ERROR LOADING C:\PROGRAM~1MYWEBS~1\BAR\1BIN\MWSBAR.DLL THE SPECIFIED MODULE COULD NOT BE FOUND

4. WORD EXPERIENCED A SERIOUS ERROR THE LAST TIME THE ADD-IN 'C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE10\STARTUP\PDFMAKER.DOT' WAS OPENED. WOULD YOU LIKE TO DISABLE THIS ADD-ON? TO REENABLE THIS ADD-ON, CLICK ABOUT MICROSOFT WORD ON THE HELP MENU, AND THEN CLICK DISABLED ITEMS.

Edited by tntpub, 20 May 2009 - 07:18 AM.


#6 xblindx

xblindx

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 PM

Posted 20 May 2009 - 02:45 PM

tntpub, START YOUR OWN TOPIC. You are hijacking this one. I am currently assisting Bill Krimm. You will be getting no assistance from me in this topic. Start your own topic and I will help you as well.

#7 Bill Krimm

Bill Krimm
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 20 May 2009 - 06:52 PM

xblindx

Thanks. Here is the Malware log. These were all removed and now scans have come up clean.

Bill Krimm

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

5/18/2009 5:12:49 PM
mbam-log-2009-05-18 (17-12-07).txt

Scan type: Quick Scan
Objects scanned: 219213
Time elapsed: 16 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 37
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRWEB32.EXE (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSTUB.EXE (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll (Security.Hijack) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Edited by Bill Krimm, 20 May 2009 - 06:58 PM.


#8 xblindx

xblindx

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 PM

Posted 20 May 2009 - 07:17 PM

Are you still having the problems?

Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on drweb-cureit.exe to start the program.
  • Cancel any prompts to download the latest CureIt version and click Start.
  • At the prompt to "Start scan now", click Ok. Allow the setup.exe/driver to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to download the Full version Free Trial, just ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
  • When complete, click Select All, then choose Cure > Move incurable.
    (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • Now put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
  • Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)


#9 Bill Krimm

Bill Krimm
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 21 May 2009 - 12:16 PM

Sorry, yes still having the same symptoms. I will follow you directions this afternoon when I get back to the computer.

#10 Bill Krimm

Bill Krimm
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 21 May 2009 - 11:14 PM

xblindx

Here it is...very interesting process. I will check to see if the problem is still there in the morning.

c0b811f6.sys;c:\windows\system32\drivers;Trojan.NtRootKit.2945;Deleted.;
05200000.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;BackDoor.IRC.Nite.18;Deleted.;
iHateSpam-V5-Outlook.exe/iHateSpam for Microsoft Outlook.msi/stream003\cmupdate.exe;C:\Documents and Settings\wkrimm\Downloads\iHateSpam-V5-Outlook.exe/iHateSpam for Microsoft Outlook.msi/stream003;Trojan.Popuper.origin;;
stream003;C:\Documents and Settings\wkrimm\Downloads;Archive contains infected objects;;
iHateSpam for Microsoft Outlook.msi;C:\Documents and Settings\wkrimm\Downloads;Archive contains infected objects;;
iHateSpam-V5-Outlook.exe;C:\Documents and Settings\wkrimm\Downloads;Archive contains infected objects;Moved.;
A0145325.sys;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1345;Trojan.NtRootKit.2945;Deleted.;
A0150132.sys;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1353;Trojan.NtRootKit.2945;Deleted.;
A0150133.exe/iHateSpam for Microsoft Outlook.msi/stream003\cmupdate.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1353\A0150133.exe/iHateSpam for Microsoft Outlook;Trojan.Popuper.origin;;
stream003;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1353;Archive contains infected objects;;
iHateSpam for Microsoft Outlook.msi;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1353;Archive contains infected objects;;
A0150133.exe;C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1353;Archive contains infected objects;Moved.;

Edited by Bill Krimm, 21 May 2009 - 11:15 PM.


#11 xblindx

xblindx

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 PM

Posted 22 May 2009 - 06:46 AM

These items are part of a very nasty rootkit.

IMPORTANT NOTE: One or more of the identified infections was related to a rootkit component. Rootkits and backdoor Trojan are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Although the rootkit was identified and removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because the rootkit has been removed the computer is now secure. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

? "When should I re-format? How should I reinstall?"
? "Help: I Got Hacked. Now What Do I Do?"
? "Where to draw the line? When to recommend a format and reinstall?"

Should you decide not to follow that advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful.

Let me know how you wish to proceed.


How is the system running now?

#12 Bill Krimm

Bill Krimm
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 22 May 2009 - 12:46 PM

xblindx,

Thanks. It looks much better. We really appreciate your help.

I have had the computer running for the past hour or so and don't have any of the Symantec email proxy popups. Given your post I am, of course, worried that even though the obvious symptoms are gone the infection is not.

I hate to wipe the computer and re-install everything so I would prefer to try some other approaches but if that seems like the only option that is what I will do.

I want to check the other computers on the network too. Which of the steps should I use on them (or is there something else to try)? FYI there is an old Netopia firewall device installed.

Bill Krimm

#13 xblindx

xblindx

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 PM

Posted 22 May 2009 - 02:44 PM

Try the steps I listed on all machines if you would like to check for infection.

Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.


#14 Bill Krimm

Bill Krimm
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 22 May 2009 - 07:52 PM

xblindx

Well that looks ugly!

BitDefender Online Scanner



Scan report generated at: Fri, May 22, 2009 - 17:27:16





Scan path: C:\;D:\;







Statistics

Time
02:07:44

Files
856543

Folders
10443

Boot Sectors
0

Archives
7050

Packed Files
127182




Results

Identified Viruses
29

Infected Files
78

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
78




Engines Info

Virus Definitions
3095350

Engine build
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Scan plugins
17

Archive plugins
45

Unpack plugins
7

E-mail plugins
6

System plugins
4




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Oldoutlook.pst=>[Subject: approved bill][From: jorge_dosa@hotmail.com]=>bill_drosales.zip=>data.rtf .scr
Infected with: Win32.Netsky.P@mm

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Oldoutlook.pst=>[Subject: approved bill][From: jorge_dosa@hotmail.com]=>bill_drosales.zip=>data.rtf .scr
Deleted

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Oldoutlook.pst=>[Subject: approved bill][From: jorge_dosa@hotmail.com]=>bill_drosales.zip
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Oldoutlook.pst
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Oldoutlook.pst=>[Subject: Re: document_all][From: mustaine969@hotmailn.com]=>document.txt
Infected with: Win32.Netsky.P@mm

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Oldoutlook.pst=>[Subject: Re: document_all][From: mustaine969@hotmailn.com]=>document.txt
Deleted

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Oldoutlook.pst
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Oldoutlook.pst=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~IS DELIVERED MAIL][From: Zurdok]=>Jol03.scr
Infected with: Win32.Bagle.BA@mm

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Oldoutlook.pst=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~IS DELIVERED MAIL][From: Zurdok]=>Jol03.scr
Deleted

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Oldoutlook.pst
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Oldoutlook.pst=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~DELIVERY BY MAIL][From: Zurdok]=>wsd01.cpl
Infected with: Win32.Bagle.AY@mm

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Oldoutlook.pst=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~DELIVERY BY MAIL][From: Zurdok]=>wsd01.cpl
Deleted

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Oldoutlook.pst
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Statement of fees 2008/09][From: Eduardo Richard]=>Fees_2008-2009.zip=>Fees_2008-2009.doc.exe
Infected with: Win32.Worm.Autorun.MK

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Statement of fees 2008/09][From: Eduardo Richard]=>Fees_2008-2009.zip=>Fees_2008-2009.doc.exe
Deleted

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Statement of fees 2008/09][From: Eduardo Richard]=>Fees_2008-2009.zip
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Your credit card account statement][From: Curt Pope]=>Statement.zip=>Statement.doc .exe
Infected with: Win32.Worm.Autorun.MF

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Your credit card account statement][From: Curt Pope]=>Statement.zip=>Statement.doc .exe
Deleted

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Your credit card account statement][From: Curt Pope]=>Statement.zip
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Your credit card account statement (Visa, MC)][From: Emmanuel Irvin]=>Statement.zip=>Statement.doc .exe
Infected with: Worm.Generic.49771

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Your credit card account statement (Visa, MC)][From: Emmanuel Irvin]=>Statement.zip=>Statement.doc .exe
Deleted

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Your credit card account statement (Visa, MC)][From: Emmanuel Irvin]=>Statement.zip
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Your credit card account statement][From: Crystal Sims]=>Statement.zip=>Statement.doc .exe
Infected with: Worm.Generic.49771

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Your credit card account statement][From: Crystal Sims]=>Statement.zip=>Statement.doc .exe
Deleted

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Your credit card account statement][From: Crystal Sims]=>Statement.zip
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Credit Card Fraud Involving][From: Leah Hatfield]=>Statement.zip=>Statement_01.doc 龘崉츟୍੿괈뿥豫⢼ソ產앐ꞯଷ舌闫唖鷍༴壍㧧ཨᅴኂᵫ눤⑫震䤐쮙㚣ᚈꝉ詜텱띋晦죛骖ἀ烯弎᰻릣鬞ꨢ䛜騍饝 㥖ᾗ賂籯헏退㇁ᬨ뻽ો⦒罻嬖땣⨗ₖ 颣덊ℌㆍ꺰包彩α墿췄鋴ⱽノ昻펦婸퉿吶௸嶄 ᯲㊍鯲Ƴ涹鹏㨍ꟙ毒핽吃왦森 鈈︰촜絳땙ጣ읍፯ꄢⴑࢼ臹೿Þ跮姑꧎븧謈붴칲ꊺﴃ菢懄ᔄ핺ኳ㐘〽婌❦㺳䍰刨蕛垎䲅㻊借隲෇ᵵ菫傋䐾揹뇄殈㚹嵘ᐿ坺鬕ఇ⮫ꩺꜙ炿陈ݛ=ꁸ䨌䑛㫛㶀㚛觑ㅿ헴䝄᷵쟊 򷝔鴟ỷ׽渑⼑⢅잊雰䥑⾡㲟Ǖ䅷愐쾖융ȅ榁꧀뼔伻똟柾飼灨Еᆵ४뷙﹬涒嶉徘甗⮗㓢ꍑ慈佷霎⹏䘜魫릂閝䎭㦭픕櫿豂쒭 陂Infected with: Trojan.Inject.RZ
Infected with: Trojan.Inject.RZ

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Credit Card Fraud Involving][From: Leah Hatfield]=>Statement.zip=>Statement_01.doc 龘崉츟୍੿괈뿥豫⢼ソ產앐ꞯଷ舌闫唖鷍༴壍㧧ཨᅴኂᵫ눤⑫震䤐쮙㚣ᚈꝉ詜텱띋晦죛骖ἀ烯弎᰻릣鬞ꨢ䛜騍饝 㥖ᾗ賂籯헏退㇁ᬨ뻽ો⦒罻嬖땣⨗ₖ 颣덊ℌㆍ꺰包彩α墿췄鋴ⱽノ昻펦婸퉿吶௸嶄 ᯲㊍鯲Ƴ涹鹏㨍ꟙ毒핽吃왦森 鈈︰촜絳땙ጣ읍፯ꄢⴑࢼ臹೿Þ跮姑꧎븧謈붴칲ꊺﴃ菢懄ᔄ핺ኳ㐘〽婌❦㺳䍰刨蕛垎䲅㻊借隲෇ᵵ菫傋䐾揹뇄殈㚹嵘ᐿ坺鬕ఇ⮫ꩺꜙ炿陈ݛ=ꁸ䨌䑛㫛㶀㚛觑ㅿ헴䝄᷵쟊 򷝔鴟ỷ׽渑⼑⢅잊雰䥑⾡㲟Ǖ䅷愐쾖융ȅ榁꧀뼔伻똟柾飼灨Еᆵ४뷙﹬涒嶉徘甗⮗㓢ꍑ慈佷霎⹏䘜魫릂涒ɾDeleted
Deleted

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Credit Card Fraud Involving][From: Leah Hatfield]=>Statement.zip
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Statement of fees 2008/09][From: Roosevelt Kendall]=>Fees_2008-2009.zip=>Fees_2008-2009.doc.exe
Infected with: Trojan.Dropper.Agent.UAY

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Statement of fees 2008/09][From: Roosevelt Kendall]=>Fees_2008-2009.zip=>Fees_2008-2009.doc.exe
Deleted

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Statement of fees 2008/09][From: Roosevelt Kendall]=>Fees_2008-2009.zip
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: drosales Report.Jan_Oct.][From: Rosario Miles]=>Statement.1_10.zip=>Statement.1_10.doc .exe
Infected with: Trojan.Downloader.JLCC

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: drosales Report.Jan_Oct.][From: Rosario Miles]=>Statement.1_10.zip=>Statement.1_10.doc .exe
Deleted

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: drosales Report.Jan_Oct.][From: Rosario Miles]=>Statement.1_10.zip
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: drosales Report.Jan_Oct.][From: Lee Nava]=>Report.1_10.zip=>Report.1_10.doc .exe
Infected with: Trojan.Dropper.Agent.UCM

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: drosales Report.Jan_Oct.][From: Lee Nava]=>Report.1_10.zip=>Report.1_10.doc .exe
Deleted

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: drosales Report.Jan_Oct.][From: Lee Nava]=>Report.1_10.zip
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Drosales Instruction on Recovery ][From: Jerrod Freeman]=>Account_instruction.zip=>Account_instruction.doc 뾫㜶箐︅콱ꓽ驳ꜿᓌ궇ﯮ몛 㖼 튽ᔱ낃玍箁ﷂ﹉ኅ蘯쿑蔗凌蒎ᨱﳿ흒蚫먳鎥묞鼪π૶궵앁籽즨ꋪ嚈읶鐐串浡אַ룪宍⺦ⷀ帮槺潧㄄䚹纬훼녜㽟꯷晽㻤ᳺ뒡乡땼遧霾ꉞ쓲쮙艍뚂紜 졭 磊䟋眥햳蒗鯍⢨坴渿⢣꩞곪쮬摍煝円軗Ꜻ필贾槑殑鴊ᩍ裏ᬚუ쳃๺樜歛鈜줖蹹熑鱭쏟᪦띂隩疸㛚宓ਖ쏫⍪煚媲캛䗔䰎엍啝揉벹僸銦操㜕厍잘냺늶걹᳻㒲ꪡ媳捫殘襜㥔嗏嬛푳竼万뜄ꦚ쎪꘎호⧅꣏ꨑ꿫쟽浪붪꽪뿚㫕◵ߪɸ脓삙쀇′ ᰅ਀劀 ׂ Ά䁾〨 ሁᒁ װၰ߈Ŋ倍 ㇟迒෈ 膣速줁⩀ධ૸ ܜپ﯊씿侎ꁈ䰍䈀 क़Ƥ_Infected with: Trojan.Agent.AKVO
Infected with: Trojan.Agent.AKVO

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Drosales Instruction on Recovery ][From: Jerrod Freeman]=>Account_instruction.zip=>Account_instruction.doc 뾫㜶箐︅콱ꓽ驳ꜿᓌ궇ﯮ몛 㖼 튽ᔱ낃玍箁ﷂ﹉ኅ蘯쿑蔗凌蒎ᨱﳿ흒蚫먳鎥묞鼪π૶궵앁籽즨ꋪ嚈읶鐐串浡אַ룪宍⺦ⷀ帮槺潧㄄䚹纬훼녜㽟꯷晽㻤ᳺ뒡乡땼遧霾ꉞ쓲쮙艍뚂紜 졭 磊䟋眥햳蒗鯍⢨坴渿⢣꩞곪쮬摍煝円軗Ꜻ필贾槑殑鴊ᩍ裏ᬚუ쳃๺樜歛鈜줖蹹熑鱭쏟᪦띂隩疸㛚宓ਖ쏫⍪煚媲캛䗔䰎엍啝揉벹僸銦操㜕厍잘냺늶걹᳻㒲ꪡ媳捫殘襜㥔嗏嬛푳竼万뜄ꦚ쎪꘎호⧅꣏ꨑ꿫쟽浪붪꽪뿚㫕◵ߪɸ脓삙쀇′ ᰅ਀劀 ׂ Ά䁾〨 ሁᒁ װၰ߈Ŋ倍 ㇟迒෈ 膣速줁⩀ධ૸ ܜپ﯊씿侎涒ɾDeleted
Deleted

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Drosales Instruction on Recovery ][From: Jerrod Freeman]=>Account_instruction.zip
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Your Statement number: 337627][From: Everett Howe]=>Details.zip=>Details.doc .exe
Infected with: Trojan.Kobcka.GO

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Your Statement number: 337627][From: Everett Howe]=>Details.zip=>Details.doc .exe
Deleted

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Your Statement number: 337627][From: Everett Howe]=>Details.zip
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Your Tracking # 01883671 (NO-REPLY)][From: Young Barrett]=>Invoice#4157.zip=>Invoice#4157.doc 㟌馔︜ꞻ况橝પ쪾揹韏 벘킷辏偓陋䜓㢓돐鰟肅㸎쓭⛼쪸납䮂ꔵ뽎淩铛浢녟铳⤆ꏺᛸ 鑼⭎呓右㦗鶨耰烺 环題嫪᱌쩭졲ﰸᐪƘ럪䴑⒧鏕끬ﶗ㵡ȰȈ伯褃㻀呰᳽ 嫘瀋뿎 ⡄퀴佈⏂᱌껟 椀쪹ꁀ漮ƣ裶츇ᨀ軡滓䷬ ჈报랼홟ᰇ⭺殮㼜熯 舅 秸⌛録娂 ໫孓஁큐吃趘ཛྷ麻妇楇쓴旳믃㢎⍹ℽ醻軡祸鰧總趃룪㏑糳䷱벰簹᦮ැ億줕 䙼㢆欌靛禸筵ﯽ铷ュꆍ⚲ﬨ펖ⲕ랒ꝳ慷껈梟ើ퍂뼎棱㾹뇶ッƧഗ ܏Ŭ爑䕀ﵞ厡骧Ş⥬亥簯녖뾿⃹供䉚笁凜帀ꐸ蓏ꕲﻲ搀⮈䩙ʪ뙧b퀂暲簍ⲑ踅汍匇뙯叛群ꛒ伤觳㇙枯⼴槚 ﯦInfected with: Win32.Worm.Agent.QAX
Infected with: Win32.Worm.Agent.QAX

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Your Tracking # 01883671 (NO-REPLY)][From: Young Barrett]=>Invoice#4157.zip=>Invoice#4157.doc 㟌馔︜ꞻ况橝પ쪾揹韏 벘킷辏偓陋䜓㢓돐鰟肅㸎쓭⛼쪸납䮂ꔵ뽎淩铛浢녟铳⤆ꏺᛸ 鑼⭎呓右㦗鶨耰烺 环題嫪᱌쩭졲ﰸᐪƘ럪䴑⒧鏕끬ﶗ㵡ȰȈ伯褃㻀呰᳽ 嫘瀋뿎 ⡄퀴佈⏂᱌껟 椀쪹ꁀ漮ƣ裶츇ᨀ軡滓䷬ ჈报랼홟ᰇ⭺殮㼜熯 舅 秸⌛録娂 ໫孓஁큐吃趘ཛྷ麻妇楇쓴旳믃㢎⍹ℽ醻軡祸鰧總趃룪㏑糳䷱벰簹᦮ැ億줕 䙼㢆欌靛禸筵ﯽ铷ュꆍ⚲ﬨ펖ⲕ랒ꝳ慷껈梟ើ퍂뼎棱㾹뇶ッƧഗ ܏Ŭ爑䕀ﵞ厡骧Ş⥬亥簯녖뾿⃹供䉚笁凜帀ꐸ蓏ꕲﻲ搀⮈䩙ʪ뙧b퀂暲簍ⲑ踅汍匇뙯叛群ꛒ涒ɾDeleted
Deleted

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Your Tracking # 01883671 (NO-REPLY)][From: Young Barrett]=>Invoice#4157.zip
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Your Statement between 1/1/08 and 10/30/08][From: Selena Yu]=>Statment_2008.zip=>Statment_2008.doc__.exe
Infected with: Win32.Worm.Agent.QAX

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Your Statement between 1/1/08 and 10/30/08][From: Selena Yu]=>Statment_2008.zip=>Statment_2008.doc__.exe
Deleted

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Your Statement between 1/1/08 and 10/30/08][From: Selena Yu]=>Statment_2008.zip
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Your Keys for Recovery][From: Dianne Mclean]=>New_Keys.zip=>New_Keys.doc .exe
Infected with: Win32.Worm.Autorun.OD

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Your Keys for Recovery][From: Dianne Mclean]=>New_Keys.zip=>New_Keys.doc .exe
Deleted

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Your Keys for Recovery][From: Dianne Mclean]=>New_Keys.zip
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: the keys of activation][From: William Bateman]=>active_keys.zip=>active_keys.doc .exe
Infected with: Win32.Worm.Autorun.OG

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: the keys of activation][From: William Bateman]=>active_keys.zip=>active_keys.doc .exe
Deleted

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: the keys of activation][From: William Bateman]=>active_keys.zip
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Recovery KEYS for your account][From: Lupe Stout]=>the_Keys.zip=>The_Keys.doc .e
Infected with: Trojan.Kobcka.GT

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Recovery KEYS for your account][From: Lupe Stout]=>the_Keys.zip=>The_Keys.doc .e .e
Deleted

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Recovery KEYS for your account][From: Lupe Stout]=>the_Keys.zip
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: The Activation Keys][From: Garland Terry]=>new_activation_keys.zip=>new_activation_keys.doc .e
Infected with: Trojan.Kobcka.GT

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: The Activation Keys][From: Garland Terry]=>new_activation_keys.zip=>new_activation_keys.doc .e .e
Deleted

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: The Activation Keys][From: Garland Terry]=>new_activation_keys.zip
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: The Activation Keys][From: Connie Read]=>new_actvation_key.zip=>new_actvation_key.doc .
Infected with: Trojan.Dropper.SQP

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: The Activation Keys][From: Connie Read]=>new_actvation_key.zip=>new_actvation_key.doc . .
Deleted

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: The Activation Keys][From: Connie Read]=>new_actvation_key.zip
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Recover your Account ][From: Mary Rock]=>Recovry_Keys.zip=>Recovry_Keys.doc .exe
Infected with: Trojan.Dropper.SQO

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Recover your Account ][From: Mary Rock]=>Recovry_Keys.zip=>Recovry_Keys.doc .exe
Deleted

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Recover your Account ][From: Mary Rock]=>Recovry_Keys.zip
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Recover your Account ][From: Courtney Stovall]=>Recovry_Keys.zip=>Recovry_Keys.doc .exe
Infected with: Trojan.Dropper.SQO

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Recover your Account ][From: Courtney Stovall]=>Recovry_Keys.zip=>Recovry_Keys.doc .exe
Deleted

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Recover your Account ][From: Courtney Stovall]=>Recovry_Keys.zip
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Tracking Number 63438501533][From: United Postal Services Karin]=>UPS_letter-677477.zip=>UPS_letter-677477.doc 默떋銑䝓옴᷸樧錄崮㔻쒔籛宀㮧᝚鍩罛脑瑮袽ꦩ쒷븪蘅絺實悙岐辥ꯛធ봹츟㓞춄縏뉴䧪ꇂᝮⴙ꛻댊擰孅퓒븡ㆦ빛焯괐쥳摩੔⢧櫛◴딕桥ၱ潶乷兜ལ卲⭢쉽瓒ꫭ瑔袄뚕㮺짵䨍⬙嫚삕炈竿䞡톓얄췞靕Ḧ슑僅౷㏧躔鱢憵凸鋡䬕 ᨫ췤鵍㫖쎞첩빐侘⽧갥ᡱ哣왛⮾榤桺昮 掭㓊ᓸᚦ뵫뷍蛵韝媳㰫泔馷鑦혡㜻㔇䞆皩娺룃툧⥸귳鴗濳ꉮ慞⑿ꯪ쵗賓ꪲढ़倱㦒ᛡ咋渣䞊簬腷嚪ꭍ榊ꑷ哚१緻㒭אָõ쒳륆뛅㥾祆ுᲑ띔꣥ᗣ揥ꗩ姥㖬瓥狀껥󧿋葩᎖鵞ផ 掔貗푖姃準펭꣖ᐙ㿥㖬쎶✘ⷎ䦝䭹ს嫇暍劫剛锿㮝垁蔗⳼瑬检걎轩㩛ꊐળໆ皢磾Infected with: Trojan.Generic.1211614
Infected with: Trojan.Generic.1211614

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Tracking Number 63438501533][From: United Postal Services Karin]=>UPS_letter-677477.zip=>UPS_letter-677477.doc 默떋銑䝓옴᷸樧錄崮㔻쒔籛宀㮧᝚鍩罛脑瑮袽ꦩ쒷븪蘅絺實悙岐辥ꯛធ봹츟㓞춄縏뉴䧪ꇂᝮⴙ꛻댊擰孅퓒븡ㆦ빛焯괐쥳摩੔⢧櫛◴딕桥ၱ潶乷兜ལ卲⭢쉽瓒ꫭ瑔袄뚕㮺짵䨍⬙嫚삕炈竿䞡톓얄췞靕Ḧ슑僅౷㏧躔鱢憵凸鋡䬕 ᨫ췤鵍㫖쎞첩빐侘⽧갥ᡱ哣왛⮾榤桺昮 掭㓊ᓸᚦ뵫뷍蛵韝媳㰫泔馷鑦혡㜻㔇䞆皩娺룃툧⥸귳鴗濳ꉮ慞⑿ꯪ쵗賓ꪲढ़倱㦒ᛡ咋渣䞊簬腷嚪ꭍ榊ꑷ哚१緻㒭אָõ쒳륆뛅㥾祆ுᲑ띔꣥ᗣ揥ꗩ姥㖬瓥狀껥󧿋葩᎖鵞ផ 掔貗푖姃準펭꣖ᐙ㿥㖬쎶✘ⷎ䦝䭹ს嫇暍劫剛锿㮝垁蔗⳼瑬检涒ɾDeleted
Deleted

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Tracking Number 63438501533][From: United Postal Services Karin]=>UPS_letter-677477.zip
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Contract direct marketing][From: UMS Ltd]=>Contract.zip=>Contract.doc .exe
Infected with: Trojan.Agent.ALKQ

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Contract direct marketing][From: UMS Ltd]=>Contract.zip=>Contract.doc .exe
Deleted

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Contract direct marketing][From: UMS Ltd]=>Contract.zip
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Rent contract][From: UMS Ltd]=>Contract.zip=>Contract.doc .exe
Infected with: Trojan.Agent.ALKQ

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Rent contract][From: UMS Ltd]=>Contract.zip=>Contract.doc .exe
Deleted

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Rent contract][From: UMS Ltd]=>Contract.zip
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Bank of America InterAct Confirmation ][From: support@alert.bankofamerica.com]=>(body)
Infected with: Trojan.Script.16442

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Bank of America InterAct Confirmation ][From: support@alert.bankofamerica.com]=>(body)
Deleted

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Outlook.pst
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Personal Folders(1).pst=>[Subject: Tracking Number 63438501533][From: United Postal Services Karin]=>UPS_letter-677477.zip=>UPS_letter-677477.doc 默떋銑䝓옴᷸樧錄崮㔻쒔籛宀㮧᝚鍩罛脑瑮袽ꦩ쒷븪蘅絺實悙岐辥ꯛធ봹츟㓞춄縏뉴䧪ꇂᝮⴙ꛻댊擰孅퓒븡ㆦ빛焯괐쥳摩੔⢧櫛◴딕桥ၱ潶乷兜ལ卲⭢쉽瓒ꫭ瑔袄뚕㮺짵䨍⬙嫚삕炈竿䞡톓얄췞靕Ḧ슑僅౷㏧躔鱢憵凸鋡䬕 ᨫ췤鵍㫖쎞첩빐侘⽧갥ᡱ哣왛⮾榤桺昮 掭㓊ᓸᚦ뵫뷍蛵韝媳㰫泔馷鑦혡㜻㔇䞆皩娺룃툧⥸귳鴗濳ꉮ慞⑿ꯪ쵗賓ꪲढ़倱㦒ᛡ咋渣䞊簬腷嚪ꭍ榊ꑷ哚१緻㒭אָõ쒳륆뛅㥾祆ுᲑ띔꣥ᗣ揥ꗩ姥㖬瓥狀껥󧿋葩᎖鵞ផ 掔貗푖姃準펭꣖ᐙ㿥㖬쎶✘ⷎ䦝䭹ს嫇暍劫剛锿㮝垁蔗⳼瑬检걎轩㩛ꊐળໆ皢磾Infected with: Trojan.Generic.1211614
Infected with: Trojan.Generic.1211614

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Personal Folders(1).pst=>[Subject: Tracking Number 63438501533][From: United Postal Services Karin]=>UPS_letter-677477.zip=>UPS_letter-677477.doc 默떋銑䝓옴᷸樧錄崮㔻쒔籛宀㮧᝚鍩罛脑瑮袽ꦩ쒷븪蘅絺實悙岐辥ꯛធ봹츟㓞춄縏뉴䧪ꇂᝮⴙ꛻댊擰孅퓒븡ㆦ빛焯괐쥳摩੔⢧櫛◴딕桥ၱ潶乷兜ལ卲⭢쉽瓒ꫭ瑔袄뚕㮺짵䨍⬙嫚삕炈竿䞡톓얄췞靕Ḧ슑僅౷㏧躔鱢憵凸鋡䬕 ᨫ췤鵍㫖쎞첩빐侘⽧갥ᡱ哣왛⮾榤桺昮 掭㓊ᓸᚦ뵫뷍蛵韝媳㰫泔馷鑦혡㜻㔇䞆皩娺룃툧⥸귳鴗濳ꉮ慞⑿ꯪ쵗賓ꪲढ़倱㦒ᛡ咋渣䞊簬腷嚪ꭍ榊ꑷ哚१緻㒭אָõ쒳륆뛅㥾祆ுᲑ띔꣥ᗣ揥ꗩ姥㖬瓥狀껥󧿋葩᎖鵞ផ 掔貗푖姃準펭꣖ᐙ㿥㖬쎶✘ⷎ䦝䭹ს嫇暍劫剛锿㮝垁蔗⳼瑬检涒ɾDeleted
Deleted

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Personal Folders(1).pst=>[Subject: Tracking Number 63438501533][From: United Postal Services Karin]=>UPS_letter-677477.zip
Updated

C:\Documents and Settings\drosales\Application Data\Microsoft\Outlook\Personal Folders(1).pst
Updated

C:\Documents and Settings\jmerrell\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: New Document][From: Alejandra Doyle]=>Legislation.zip=>Legislation-25.doc.exe
Infected with: Trojan.Kobcka.FZ

C:\Documents and Settings\jmerrell\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: New Document][From: Alejandra Doyle]=>Legislation.zip=>Legislation-25.doc.exe
Deleted

C:\Documents and Settings\jmerrell\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: New Document][From: Alejandra Doyle]=>Legislation.zip
Updated

C:\Documents and Settings\jmerrell\Application Data\Microsoft\Outlook\Outlook.pst
Updated

C:\Documents and Settings\jmerrell\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: funds wired into your account are stolen][From: Federal Deposit Insurance Corporation]=>statement.exe
Infected with: Trojan.Spy.Goldun.NDU

C:\Documents and Settings\jmerrell\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: funds wired into your account are stolen][From: Federal Deposit Insurance Corporation]=>statement.exe
Deleted

C:\Documents and Settings\jmerrell\Application Data\Microsoft\Outlook\Outlook.pst
Updated

C:\Documents and Settings\jmerrell\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Security Update for OS Microsoft Windows][From: Microsoft Software]=>KB469055.exe
Infected with: Trojan.Generic.1704915

C:\Documents and Settings\jmerrell\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Security Update for OS Microsoft Windows][From: Microsoft Software]=>KB469055.exe
Deleted

C:\Documents and Settings\jmerrell\Application Data\Microsoft\Outlook\Outlook.pst
Updated

C:\Documents and Settings\jmerrell\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: jmerrell Report Jan-Oct.][From: Randall Hoyt]=>Statement1-10.zip=>Statement1-10.doc .exe
Infected with: Win32.Worm.Agent.QAR

C:\Documents and Settings\jmerrell\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: jmerrell Report Jan-Oct.][From: Randall Hoyt]=>Statement1-10.zip=>Statement1-10.doc .exe
Deleted

C:\Documents and Settings\jmerrell\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: jmerrell Report Jan-Oct.][From: Randall Hoyt]=>Statement1-10.zip
Updated

C:\Documents and Settings\jmerrell\Application Data\Microsoft\Outlook\Outlook.pst
Updated

C:\Documents and Settings\jmerrell\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: jmerrell Report.Jan_Oct.][From: Henry Cooke]=>Statement.1_10.zip=>Statement.1_10.doc .exe
Infected with: Trojan.Downloader.JLCC

C:\Documents and Settings\jmerrell\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: jmerrell Report.Jan_Oct.][From: Henry Cooke]=>Statement.1_10.zip=>Statement.1_10.doc .exe
Deleted

C:\Documents and Settings\jmerrell\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: jmerrell Report.Jan_Oct.][From: Henry Cooke]=>Statement.1_10.zip
Updated

C:\Documents and Settings\jmerrell\Application Data\Microsoft\Outlook\Outlook.pst
Updated

C:\Documents and Settings\jmerrell\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: jmerrell Report.Jan_Oct.][From: Donnell Atkinson]=>Report.1_10.zip=>Report.1_10.doc .exe
Infected with: Trojan.Autorun.ABF

C:\Documents and Settings\jmerrell\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: jmerrell Report.Jan_Oct.][From: Donnell Atkinson]=>Report.1_10.zip=>Report.1_10.doc .exe
Deleted

C:\Documents and Settings\jmerrell\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: jmerrell Report.Jan_Oct.][From: Donnell Atkinson]=>Report.1_10.zip
Updated

C:\Documents and Settings\jmerrell\Application Data\Microsoft\Outlook\Outlook.pst
Updated

C:\Documents and Settings\rsilva\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Re: Protected Mail Request][From: trogers@nvusd.k12.ca.us]=>details.zip=>data.rtf .scr
Infected with: Win32.Netsky.P@mm

C:\Documents and Settings\rsilva\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Re: Protected Mail Request][From: trogers@nvusd.k12.ca.us]=>details.zip=>data.rtf .scr
Deleted

C:\Documents and Settings\rsilva\Application Data\Microsoft\Outlook\Outlook.pst=>[Subject: Re: Protected Mail Request][From: trogers@nvusd.k12.ca.us]=>details.zip
Updated

C:\Documents and Settings\rsilva\Application Data\Microsoft\Outlook\Outlook.pst
Updated

C:\Documents and Settings\rsilva\Outlook\Originalfix Recovered\Originalfix.pst=>[Subject: ??Re: Protected Mail Request][From: trogers@nvusd.k12.ca.us]=>details.zip=>data.rtf .scr
Infected with: Win32.Netsky.P@mm

C:\Documents and Settings\rsilva\Outlook\Originalfix Recovered\Originalfix.pst=>[Subject: ??Re: Protected Mail Request][From: trogers@nvusd.k12.ca.us]=>details.zip=>data.rtf .scr
Deleted

C:\Documents and Settings\rsilva\Outlook\Originalfix Recovered\Originalfix.pst=>[Subject: ??Re: Protected Mail Request][From: trogers@nvusd.k12.ca.us]=>details.zip
Updated

C:\Documents and Settings\rsilva\Outlook\Originalfix Recovered\Originalfix.pst
Updated

C:\Documents and Settings\rsilva\Outlook\Originalfix.pst=>[Subject: ??Re: Protected Mail Request][From: trogers@nvusd.k12.ca.us]=>details.zip=>data.rtf .scr
Infected with: Win32.Netsky.P@mm

C:\Documents and Settings\rsilva\Outlook\Originalfix.pst=>[Subject: ??Re: Protected Mail Request][From: trogers@nvusd.k12.ca.us]=>details.zip=>data.rtf .scr
Deleted

C:\Documents and Settings\rsilva\Outlook\Originalfix.pst=>[Subject: ??Re: Protected Mail Request][From: trogers@nvusd.k12.ca.us]=>details.zip
Updated

C:\Documents and Settings\rsilva\Outlook\Originalfix.pst
Updated

C:\Documents and Settings\rsilva\Outlook\Outlook.pst=>[Subject: ??Re: Protected Mail Request][From: trogers@nvusd.k12.ca.us]=>details.zip=>data.rtf .scr
Infected with: Win32.Netsky.P@mm

C:\Documents and Settings\rsilva\Outlook\Outlook.pst=>[Subject: ??Re: Protected Mail Request][From: trogers@nvusd.k12.ca.us]=>details.zip=>data.rtf .scr
Deleted

C:\Documents and Settings\rsilva\Outlook\Outlook.pst=>[Subject: ??Re: Protected Mail Request][From: trogers@nvusd.k12.ca.us]=>details.zip
Updated

C:\Documents and Settings\rsilva\Outlook\Outlook.pst
Updated

C:\Documents and Settings\rsilva\Outlook\prf137.tmp=>[Subject: ??Re: Protected Mail Request][From: trogers@nvusd.k12.ca.us]=>details.zip=>data.rtf .scr
Infected with: Win32.Netsky.P@mm

C:\Documents and Settings\rsilva\Outlook\prf137.tmp=>[Subject: ??Re: Protected Mail Request][From: trogers@nvusd.k12.ca.us]=>details.zip=>data.rtf .scr
Deleted

C:\Documents and Settings\rsilva\Outlook\prf137.tmp=>[Subject: ??Re: Protected Mail Request][From: trogers@nvusd.k12.ca.us]=>details.zip
Updated

C:\Documents and Settings\rsilva\Outlook\prf137.tmp
Updated

C:\Documents and Settings\rsilva\Outlook\prf21B.tmp=>[Subject: ??Re: Protected Mail Request][From: trogers@nvusd.k12.ca.us]=>details.zip=>data.rtf .scr
Infected with: Win32.Netsky.P@mm

C:\Documents and Settings\rsilva\Outlook\prf21B.tmp=>[Subject: ??Re: Protected Mail Request][From: trogers@nvusd.k12.ca.us]=>details.zip=>data.rtf .scr
Deleted

C:\Documents and Settings\rsilva\Outlook\prf21B.tmp=>[Subject: ??Re: Protected Mail Request][From: trogers@nvusd.k12.ca.us]=>details.zip
Updated

C:\Documents and Settings\rsilva\Outlook\prf21B.tmp
Updated

C:\Documents and Settings\rsilva\Outlook\prf22A.tmp=>[Subject: ??Re: Protected Mail Request][From: trogers@nvusd.k12.ca.us]=>details.zip=>data.rtf .scr
Infected with: Win32.Netsky.P@mm

C:\Documents and Settings\rsilva\Outlook\prf22A.tmp=>[Subject: ??Re: Protected Mail Request][From: trogers@nvusd.k12.ca.us]=>details.zip=>data.rtf .scr
Deleted

C:\Documents and Settings\rsilva\Outlook\prf22A.tmp=>[Subject: ??Re: Protected Mail Request][From: trogers@nvusd.k12.ca.us]=>details.zip
Updated

C:\Documents and Settings\rsilva\Outlook\prf22A.tmp
Updated

C:\Documents and Settings\rsilva\Outlook\prf40.tmp=>[Subject: ??Re: Protected Mail Request][From: trogers@nvusd.k12.ca.us]=>details.zip=>data.rtf .scr
Infected with: Win32.Netsky.P@mm

C:\Documents and Settings\rsilva\Outlook\prf40.tmp=>[Subject: ??Re: Protected Mail Request][From: trogers@nvusd.k12.ca.us]=>details.zip=>data.rtf .scr
Deleted

C:\Documents and Settings\rsilva\Outlook\prf40.tmp=>[Subject: ??Re: Protected Mail Request][From: trogers@nvusd.k12.ca.us]=>details.zip
Updated

C:\Documents and Settings\rsilva\Outlook\prf40.tmp
Updated

C:\Documents and Settings\rsilva\Outlook\prf4EC.tmp=>[Subject: ??Re: Protected Mail Request][From: trogers@nvusd.k12.ca.us]=>details.zip=>data.rtf .scr
Infected with: Win32.Netsky.P@mm

C:\Documents and Settings\rsilva\Outlook\prf4EC.tmp=>[Subject: ??Re: Protected Mail Request][From: trogers@nvusd.k12.ca.us]=>details.zip=>data.rtf .scr
Deleted

C:\Documents and Settings\rsilva\Outlook\prf4EC.tmp=>[Subject: ??Re: Protected Mail Request][From: trogers@nvusd.k12.ca.us]=>details.zip
Updated

C:\Documents and Settings\rsilva\Outlook\prf4EC.tmp
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: information][From: dea@sff.org]=>nomoney.zip=>nomoney.exe
Infected with: Win32.Netsky.B@mm

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: information][From: dea@sff.org]=>nomoney.zip=>nomoney.exe
Deleted

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: information][From: dea@sff.org]=>nomoney.zip
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~MAIL DELIVERY (FAILURE WKRIMM@A4BL.ORG)][From: webmeister@netdudes.com]=>message.scr
Infected with: Win32.Netsky.P@mm

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~MAIL DELIVERY (FAILURE WKRIMM@A4BL.ORG)][From: webmeister@netdudes.com]=>message.scr
Deleted

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~RE: ERROR][From: stevemunroe@newlifelodge.com]=>msg.zip=>details.txt
Infected with: Win32.Netsky.P@mm

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~RE: ERROR][From: stevemunroe@newlifelodge.com]=>msg.zip=>details.txt
Deleted

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~RE: ERROR][From: stevemunroe@newlifelodge.com]=>msg.zip
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~RE: PROTECTED MAIL DELIVERY][From: navcor64@yahoo.com]=>message.doc
Infected with: Win32.Netsky.P@mm

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~RE: PROTECTED MAIL DELIVERY][From: navcor64@yahoo.com]=>message.doc
Deleted

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~HELLO][From: cybercanvas@customized.com]=>talk.zip=>talk.exe
Infected with: Win32.Netsky.B@mm

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~HELLO][From: cybercanvas@customized.com]=>talk.zip=>talk.exe
Deleted

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~HELLO][From: cybercanvas@customized.com]=>talk.zip
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~HI][From: jbutler@qvh.stjoe.org]=>party.zip=>party.txt.pif
Infected with: Win32.Netsky.B@mm

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~HI][From: jbutler@qvh.stjoe.org]=>party.zip=>party.txt.pif
Deleted

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~HI][From: jbutler@qvh.stjoe.org]=>party.zip
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~UNKNOWN][From: bgcsh@napanet.net]=>location.zip=>location.com
Infected with: Win32.Netsky.B@mm

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~UNKNOWN][From: bgcsh@napanet.net]=>location.zip=>location.com
Deleted

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~UNKNOWN][From: bgcsh@napanet.net]=>location.zip
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~HELLO][From: duffeyrk@co.monterey.ca.us]=>swimmingpool.txt.exe
Infected with: Win32.Netsky.B@mm

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~HELLO][From: duffeyrk@co.monterey.ca.us]=>swimmingpool.txt.exe
Deleted

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~HELLO][From: ncr@napanet.net]=>mails.zip=>mails.txt.pif
Infected with: Win32.Netsky.B@mm

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~HELLO][From: ncr@napanet.net]=>mails.zip=>mails.txt.pif
Deleted

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~HELLO][From: ncr@napanet.net]=>mails.zip
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~HELLO][From: support@propertylocators.com]=>note.txt.com
Infected with: Win32.Netsky.B@mm

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~HELLO][From: support@propertylocators.com]=>note.txt.com
Deleted

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~RE: QUESTION][From: owner-samhsa-hipaa@new-bold.com]=>my_list01_samhsa-hipaa.zip=>document.txt
Infected with: Win32.Netsky.P@mm

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~RE: QUESTION][From: owner-samhsa-hipaa@new-bold.com]=>my_list01_samhsa-hipaa.zip=>document.txt
Deleted

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~RE: QUESTION][From: owner-samhsa-hipaa@new-bold.com]=>my_list01_samhsa-hipaa.zip
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~WARNING][From: traffic@wcr.pon.net]=>attachment.zip=>attachment.com
Infected with: Win32.Netsky.B@mm

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~WARNING][From: traffic@wcr.pon.net]=>attachment.zip=>attachment.com
Deleted

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~WARNING][From: traffic@wcr.pon.net]=>attachment.zip
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~UNKNOWN][From: napasnowdens@aol.com]=>swimmingpool.zip=>swimmingpool.com
Infected with: Win32.Netsky.B@mm

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~UNKNOWN][From: napasnowdens@aol.com]=>swimmingpool.zip=>swimmingpool.com
Deleted

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~UNKNOWN][From: napasnowdens@aol.com]=>swimmingpool.zip
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~WARNING][From: atartre@mainecf.org]=>message.com
Infected with: Win32.Netsky.B@mm

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~WARNING][From: atartre@mainecf.org]=>message.com
Deleted

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~READ IT IMMEDIATELY][From: tenaya@gvcm.com]=>release.rtf.pif
Infected with: Win32.Netsky.B@mm

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~READ IT IMMEDIATELY][From: tenaya@gvcm.com]=>release.rtf.pif
Deleted

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~UNKNOWN][From: kate@napachamber.com]=>document.exe
Infected with: Win32.Netsky.B@mm

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~UNKNOWN][From: kate@napachamber.com]=>document.exe
Deleted

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~READ IT IMMEDIATELY][From: nctu@sbcglobal.net]=>msg.txt.com
Infected with: Win32.Netsky.B@mm

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~READ IT IMMEDIATELY][From: nctu@sbcglobal.net]=>msg.txt.com
Deleted

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~WARNING][From: gsims@vhs.nvusd.k12.ca.us]=>friend.doc.scr
Infected with: Win32.Netsky.B@mm

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~WARNING][From: gsims@vhs.nvusd.k12.ca.us]=>friend.doc.scr
Deleted

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~HI][From: concierge@panpacific-hotel.com]=>shower.zip=>shower.exe
Infected with: Win32.Netsky.B@mm

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~HI][From: concierge@panpacific-hotel.com]=>shower.zip=>shower.exe
Deleted

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~HI][From: concierge@panpacific-hotel.com]=>shower.zip
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~UNKNOWN][From: info@cybermill.org]=>website.htm.exe
Infected with: Win32.Netsky.B@mm

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~UNKNOWN][From: info@cybermill.org]=>website.htm.exe
Deleted

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~SOMETHING FOR YOU][From: jbussard@kvyn.com]=>object.zip=>object.htm.com
Infected with: Win32.Netsky.B@mm

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~SOMETHING FOR YOU][From: jbussard@kvyn.com]=>object.zip=>object.htm.com
Deleted

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~SOMETHING FOR YOU][From: jbussard@kvyn.com]=>object.zip
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~READ IT IMMEDIATELY][From: healthservices@campus.nvc.cc.ca.us]=>attachment.exe
Infected with: Win32.Netsky.B@mm

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: EMAIL SCAN:VIRUS ALERT! IN ATTACHMENT~READ IT IMMEDIATELY][From: healthservices@campus.nvc.cc.ca.us]=>attachment.exe
Deleted

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: hi][From: news-unsubscribe@yahoogroups.com]=>jokes.scr
Infected with: Win32.Netsky.B@mm

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: hi][From: news-unsubscribe@yahoogroups.com]=>jokes.scr
Deleted

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: hi][From: wkrimm@a4bl.org]=>location.zip=>archstored:location.exe
Infected with: Win32.Netsky.B@mm

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: hi][From: wkrimm@a4bl.org]=>location.zip=>archstored:location.exe
Deleted

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: hi][From: wkrimm@a4bl.org]=>location.zip
Update failed

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: read it immediately][From: wkrimm@a4bl.org]=>message.zip=>archstored:message.txt.com
Infected with: Win32.Netsky.B@mm

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: read it immediately][From: wkrimm@a4bl.org]=>message.zip=>archstored:message.txt.com
Deleted

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: read it immediately][From: wkrimm@a4bl.org]=>message.zip
Update failed

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: good morning][From: iquit@sbcglobal.net]=>old_photos.com
Infected with: Win32.Netsky.C@mm

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: good morning][From: iquit@sbcglobal.net]=>old_photos.com
Deleted

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: trust me][From: carla.peer@comcast.net]=>creditcard_music.txt.exe
Infected with: Win32.Netsky.C@mm

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: trust me][From: carla.peer@comcast.net]=>creditcard_music.txt.exe
Deleted

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: lol][From: valerie@donorsforum.org]=>mail2.zip=>mail2.exe
Infected with: Win32.Netsky.C@mm

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: lol][From: valerie@donorsforum.org]=>mail2.zip=>mail2.exe
Deleted

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: lol][From: valerie@donorsforum.org]=>mail2.zip
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: Yep][From: rhoffman@qvh.stjoe.org]=>location.zip=>location.doc.scr
Infected with: Win32.Netsky.C@mm

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: Yep][From: rhoffman@qvh.stjoe.org]=>location.zip=>location.doc.scr
Deleted

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: Yep][From: rhoffman@qvh.stjoe.org]=>location.zip
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: read it immediately][From: lglick@clinicole.org]=>shower.zip=>shower.pif
Infected with: Win32.Netsky.B@mm

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: read it immediately][From: lglick@clinicole.org]=>shower.zip=>shower.pif
Deleted

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: read it immediately][From: lglick@clinicole.org]=>shower.zip
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: information][From: eecee904@aol.com]=>ps.zip=>ps.pif
Infected with: Win32.Netsky.B@mm

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: information][From: eecee904@aol.com]=>ps.zip=>ps.pif
Deleted

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: information][From: eecee904@aol.com]=>ps.zip
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp
Updated

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: stolen][From: featon@ncoe.k12.ca.us]=>release.txt.com
Infected with: Win32.Netsky.B@mm

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp=>[Subject: stolen][From: featon@ncoe.k12.ca.us]=>release.txt.com
Deleted

C:\Documents and Settings\wkrimm\Application Data\Microsoft\Outlook\prf13.tmp
Updated

C:\Documents and Settings\wkrimm\Desktop\VundoFix(2).exe
Infected with: Trojan.Generic.1812826

C:\Documents and Settings\wkrimm\Desktop\VundoFix(2).exe
Deleted

C:\Documents and Settings\wkrimm\My Documents\temp\Temp.pst=>[Subject: ??Re: Protected Mail Request][From: trogers@nvusd.k12.ca.us]=>details.zip=>data.rtf .scr
Infected with: Win32.Netsky.P@mm

C:\Documents and Settings\wkrimm\My Documents\temp\Temp.pst=>[Subject: ??Re: Protected Mail Request][From: trogers@nvusd.k12.ca.us]=>details.zip=>data.rtf .scr
Deleted

C:\Documents and Settings\wkrimm\My Documents\temp\Temp.pst=>[Subject: ??Re: Protected Mail Request][From: trogers@nvusd.k12.ca.us]=>details.zip
Updated

C:\Documents and Settings\wkrimm\My Documents\temp\Temp.pst
Updated

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1354\A0150211.exe
Infected with: Trojan.Generic.1812826

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1354\A0150211.exe
Deleted

#15 xblindx

xblindx

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 PM

Posted 22 May 2009 - 08:17 PM

It seems a lot of your emails were infected. Are you still having problems?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users