Hi and thanks so much Kc for your expert help! I have done as you instructed and removed the selected items through Hijackthis. then, in safe mode, i went to delete this file, "C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll" but it didn't appear to be there or anywhere on my pc, so i assume hijackthis was able to delete it.
i also ran both online virus scans. i ran pandascan first and the log is below. i then ran the trendmicro one after pandascan finished, and they did not find any infected files so i don't have a logfile for that scan. i just ran hijackthis and here is the log, with the panda scan log after:
Logfile of HijackThis v1.99.1
Scan saved at 11:58:51 PM, on 3/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\GoToMyPC\GoToMyPC\g2svc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\GoToMyPC\GoToMyPC\g2comm.exe
C:\Program Files\GoToMyPC\GoToMyPC\g2pre.exe
C:\Program Files\GoToMyPC\GoToMyPC\g2tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\aim\aim.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Intuit\QuickBooks Pro 2001\Components\QBAgent\qbdagent2002.exe
C:\Program Files\TypeItIn\TypeItIn.exe
C:\Program Files\Webshots\WebshotsTray.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\pdfrd\PDFReader.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Documents and Settings\Vin\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dellnet.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://video.msn.com/video/p.htmR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dellnet.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dellnet.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar2.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar2.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\GoToMyPC\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Launch Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = QuickBooks Pro 2001\Components\QBAgent\qbdagent2002.exe
O4 - Global Startup: TypeItIn.lnk = C:\Program Files\TypeItIn\TypeItIn.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Client to monitor &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to monitor &2 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Similar Pages - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\windows\downloaded program files\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zon...ry/msgrchkr.cabO16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall-bet...all/xscan60.cabO16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -
http://www.ipix.com/viewers/ipixx.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....467&clcid=0x409O16 - DPF: {26AFD6EF-C017-4063-B2B1-E515DE98A1B7} -
http://download.koda...2_1/install.cabO16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} -
http://download.ebay.../UK/install.cabO16 - DPF: {31932A5C-9234-4377-A920-72E7DD340DB4} (Snapfish File Upload ActiveX Control) -
http://www.snapfish....pfishUpload.cabO16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -
http://81.216.10.59/cult.cabO16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
http://tools.ebayimg...l_v1-0-3-12.cabO16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} -
http://toolbar.googl...g/GoogleNav.cabO16 - DPF: {72133CC5-DE1E-42FE-B8B0-93D2C6C3472E} (FillerX Class) -
http://www.formatta....d/pffloader.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai...all/xscan53.cabO16 - DPF: {860D5AAC-D059-4C9F-93D3-3FD6FBB6872F} (AuroraCtrl Class) -
http://icebergradio.....259/client.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zon...StatsClient.cabO16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) -
http://cs2b.instants...erxsigned41.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft.../as5/asinst.cabO16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) -
http://security.syma...n/bin/cabsa.cabO16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) -
http://download.palt...st/RegDload.CABO20 - Winlogon Notify: GoToMyPC - C:\WINDOWS\SYSTEM32\G2WinLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\GoToMyPC\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Now, here is the panda scan log file:
Incident Status Location
Spyware:Spyware/BetterInet No disinfected Windows Registry
Adware:Adware/SideStep No disinfected C:\WINDOWS\Downloaded Program Files\SbCIe???.???
Adware:Adware/Alexa-Toolbar No disinfected Windows Registry
Virus:Exploit/iFrame Disinfected Personal Folders\Inbox\Mail Delivery (failure
[email protected])\MSG_RTF.TXT
Virus:W32/Netsky.P.worm Disinfected Personal Folders\Inbox\Mail Delivery (failure
[email protected])\message.scr
Virus:Exploit/iFrame Disinfected Personal Folders\Inbox\Mail Delivery (failure
[email protected])\MSG_RTF.TXT
Virus:W32/Netsky.P.worm Disinfected Personal Folders\Inbox\Mail Delivery (failure
[email protected])\message.scr
Virus:Trj/Mitglieder.BO No disinfected Personal Folders\_old\quikpost\34544.rar[dddd.exe]
Possible Virus. No disinfected C:\Program Files\Real\RealProducer Basic 10\resources\rsup3280.dll
Virus:W32/Netsky.C.worm Disinfected Chiu_Vin\Deleted Items\stolen\creditcard_material.zip[creditcard_material.doc.exe]
Virus:W32/Lentin.R Disinfected Chiu_Vin\Deleted Items\Alert\StartUp.zip[StartUp.exe]
Virus:W32/Netsky.C.worm Disinfected Chiu_Vin\Deleted Items\it's a secret!\injection.com
Virus:W32/Lentin.R Disinfected Chiu_Vin\Deleted Items\KOF - The Game\Demo.zip[Demo.exe]
Virus:W32/Netsky.C.worm Disinfected Chiu_Vin\Deleted Items\here is my photo!\information_injection.zip[information_injection.exe]
Virus:W32/Netsky.C.worm Disinfected Chiu_Vin\Deleted Items\notice!\news.zip[news.htm.pif]
Virus:W32/Netsky.P.worm Disinfected Chiu_Vin\Deleted Items\Mail Delivery (failure
[email protected])\message.scr
Virus:W32/Netsky.C.worm Disinfected Chiu_Vin\Deleted Items\Delivery Failed\death.zip[death.htm.pif]
Virus:W32/Netsky.C.worm Disinfected Chiu_Vin\Deleted Items\help attached\warez.pif
Virus:W32/Netsky.P.worm Disinfected Chiu_Vin\Deleted Items\Undeliverable: Mail Delivery (failure
[email protected])\message.scr
Virus:W32/Netsky.C.worm Disinfected Chiu_Vin\Deleted Items\pwd?\moonlight.scr
Virus:W32/Netsky.C.worm Disinfected Chiu_Vin\Deleted Items\do not visit the pages on the list I sent!\unfolds.exe
Virus:W32/Netsky.D.worm Disinfected Chiu_Vin\Deleted Items\Re: Excel file\document_excel.pif
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\New Network Patch\update359.exe
Virus:W32/Holar.J.worm Disinfected Local Folders\Backup\_QuikPost Backup\Fw: heoff\heoff.scr
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Internet Critical Upgrade\Installation.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Newest Critical Patch\Q155945.exe
Virus:W32/Klez.I Disinfected Local Folders\Backup\_QuikPost Backup\Re:honey\End of.bat
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Last Critical Upgrade\Q236488.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\New Internet Critical Pack\Patch128.exe
Virus:W32/Holar.J.worm Disinfected Local Folders\Backup\_QuikPost Backup\gron\gron.scr
Virus:W32/Holar.J.worm Disinfected Local Folders\Backup\_QuikPost Backup\heoff\heoff.exe
Virus:W32/Holar.J.worm Disinfected Local Folders\Backup\_QuikPost Backup\Re: gron\gron.scr
Virus:W32/Holar.J.worm Disinfected Local Folders\Backup\_QuikPost Backup\nplau32\nplau32.bat
Virus:W32/Holar.J.worm Disinfected Local Folders\Backup\_QuikPost Backup\vioff\vioff.scr
Virus:W32/Holar.J.worm Disinfected Local Folders\Backup\_QuikPost Backup\Re: d9_1\d9_1.scr
Virus:W32/Klez.I Disinfected Local Folders\Backup\_QuikPost Backup\Have a humour Christmas\in GDI..pif
Virus:W32/Klez.I Disinfected Local Folders\Backup\_QuikPost Backup\Fw:so cool a flash,enjoy it\If you.pif
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\last microsoft pack\UPGRADE.exe
Virus:W32/Holar.J.worm Disinfected Local Folders\Backup\_QuikPost Backup\Re: stoff\stoff.pif
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Latest Update\upgrade126.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Latest Network Upgrade\update78.exe
Virus:W32/Holar.J.worm Disinfected Local Folders\Backup\_QuikPost Backup\Re: grdison\grdison.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Latest Network Patch\Upgrade184.exe
Virus:W32/Holar.J.worm Disinfected Local Folders\Backup\_QuikPost Backup\poon\poon.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Current Internet Security Pack\upgrade.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Newest Security Patch\install.exe
Virus:W32/Klez.I Disinfected Local Folders\Backup\_QuikPost Backup\Have a nice Allhallowmas\of your.pif
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\latest internet security update\Pack45.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Net Update\Pack75.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Newest Security Pack\Patch575.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Current Pack\Install.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\new patch\QDXQ.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Network Security Upgrade\update.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Newest Net Security Upgrade\Upgrade9722.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Latest Network Security Upgrade\installer81.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Net Security Update\upgrade.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Newest Critical Update\installer52.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Newest Upgrade\Q427554.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Newest Microsoft Update\installation631.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Last Net Critical Upgrade\Q483852.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Net Pack\installer6.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Microsoft Update\q167933.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Critical Upgrade\qne.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\New Internet Upgrade\Pack565.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Newest Network Pack\q326773.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\New Internet Security Pack\install771.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Last Security Update\Q216917.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Network Critical Patch\upgrade.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Last Network Update\Upgrade1153.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Last Internet Critical Upgrade\pack4198.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Newest Microsoft Critical Upgrade\Installation.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Qd.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Network Critical Update\Q741625.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Latest Internet Security Upgrade\installation76.exe
Virus:W32/Sobig.F.dam Disinfected Local Folders\Backup\_QuikPost Backup\Undelivered Mail Returned to Sender\document_all.pif
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Microsoft Critical Upgrade\INSTALLER83.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Current Network Critical Patch\QS.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Network Upgrade\Upgrade.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Net Security Pack\patch863.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\New Net Critical Pack\installation759.exe
Virus:W32/Sobig.F Disinfected Local Folders\Backup\_QuikPost Backup\Returned mail: see transcript for details\document_9446.pif
Virus:W32/Sobig.F.dam Disinfected Local Folders\Backup\_QuikPost Backup\Undelivered Mail Returned to Sender\wicked_scr.scr
Virus:W32/Sobig.F Disinfected Local Folders\Backup\_QuikPost Backup\Returned mail: see transcript for details\your_details.pif
Virus:W32/Sobig.F.dam Disinfected Local Folders\Backup\_QuikPost Backup\Undelivered Mail Returned to Sender\your_details.pif
Virus:W32/Sobig.F Disinfected Local Folders\Backup\_QuikPost Backup\Returned mail: User unknown\movie0045.pif
Virus:W32/Sobig.F Disinfected Local Folders\Backup\_QuikPost Backup\Your message received (Your details) [Autoresponse]\your_document.pif
Virus:W32/Sobig.F Disinfected Local Folders\Backup\_QuikPost Backup\Your message received (Re: That movie) [Autoresponse]\document_all.pif
Virus:W32/Sobig.F Disinfected Local Folders\Backup\_QuikPost Backup\Returned mail: see transcript for details\document_9446.pif
Virus:W32/Sobig.F.dam Disinfected Local Folders\Backup\_QuikPost Backup\Undelivered Mail Returned to Sender\your_details.pif
Virus:W32/Sobig.F Disinfected Local Folders\Backup\_QuikPost Backup\Returned mail: see transcript for details\your_document.pif
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Latest Internet Patch\q564473.exe
Virus:W32/Gibe.C.worm Disinfected Local Folders\Backup\_QuikPost Backup\Critical Upgrade\patch.exe
Virus:W32/Sobig.F Disinfected Local Folders\Backup\_QuikPost Backup\Returned mail: see transcript for details\movie0045.pif
Virus:W32/Sobig.F Disinfected Local Folders\Backup\_QuikPost Backup\Returned mail: see transcript for details\thank_you.pif
Virus:W32/Sobig.F.dam Disinfected Local Folders\Backup\_QuikPost Backup\Undelivered Mail Returned to Sender\your_document.pif
Virus:W32/Sobig.F Disinfected Local Folders\Backup\_QuikPost Backup\Returned mail: see transcript for details\your_details.pif
Virus:W32/Sobig.F Disinfected Local Folders\Backup\_QuikPost Backup\Returned mail: see transcript for details\thank_you.pif
Virus:W32/Sobig.F Disinfected Local Folders\Backup\_QuikPost Backup\Delivery Status Notification (Failure)\wicked_scr.scr
Virus:W32/Sobig.F Disinfected Local Folders\Backup\_QuikPost Backup\Returned mail: see transcript for details\your_details.pif
Virus:W32/Klez.I Disinfected Local Folders\Backup\_QuikPost Backup\A special new website\at .scr
Virus:W32/Klez.I Disinfected Local Folders\Backup\_QuikPost Backup\Fw:ebay,some questions\is 0016.scr
Virus:W32/Klez.I Disinfected Local Folders\Backup\_QuikPost Backup\Sos!\pass. .exe
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Backup\_QuikPost Backup\Mail Transaction Failed\text.zip[text.txt .pif]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\hi\file.zip[file.cmd]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\Hi\body.zip[body.scr]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\hi\doc.zip[doc.htm .scr]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\hello\file.zip[file.scr]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\Test\data.zip[data.pif]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\hello\document.zip[document.txt .scr]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\hello\message.zip[message.pif]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\MMS Notification - Xray\body.zip[body.doc .exe]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\MMS Notification - Xray\file.zip[file.doc .exe]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\Hello\doc.zip[doc.pif]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\Hi\text.zip[text.scr]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\hi\pafveo.zip[pafveo.scr]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\hello\body.zip[body.cmd]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\Warning: could not send message for past 4 hours\body.zip[body.bat]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\Status\pakjir.zip[pakjir.pif]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\hello\file.zip[file.pif]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\Test\body.zip[body.txt .pif]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\Mail Delivery System\text.zip[text.scr]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\Server Report\readme.zip[readme.exe]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\Mail Transaction Failed\data.zip[data.htm .pif]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\hi\body.zip[body.pif]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\document.zip[document.scr]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\hi\document.zip[document.txt .scr]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\rfcalhhgkzgv\data.zip[data.cmd]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\TZYDOZNCOBW\test.zip[test.pif]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\Hello\body.zip[body.txt .exe]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\Hi\doc.zip[doc.pif]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\hi\body.zip[body.htm .scr]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\Status\message.zip[message.pif]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\Undeliverable: Mail Delivery System\body.zip[body.htm .scr]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\ERROR\document.zip[document.cmd]
Virus:W32/Mydoom.A.worm Disinfected Local Folders\Deleted Items\hello\body.zip[body.scr]