Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Virus [resolved]

Started by pminch , Apr 01 2005 09:16 AM

This topic is locked

#1
pminch

Posted 01 April 2005 - 09:16 AM

New Member

Member
7 posts

Please help.

Our computer has been infected by a trojan virus (or several??) since Tuesday and we have tried everything and can't seem to get it fixed. We have run Housecall, Adaware SE, CW Shredder, Spybot S&D, AVG, and TDS-3 all of which have detected viruses but can't seem to get rid of the problem. We have copied our log file for HijackThis below after running the above programs. It would be greatly appreciated if some knowledgable person out there could help.

Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 10:04:30 AM, on 04/01/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\QURB\QSP-2.1.213.3\QOELOADER.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUNOTIFY.EXE
C:\PROGRAM FILES\WEB_REBATES\WEBREBATES0.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\PROGRAM FILES\COMMON FILES\INTUIT\QUICKBOOKS\QBUPDATE\QBUPDATE.EXE
C:\PROGRAM FILES\SHARP\OZ-800\SYNC.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WEB_REBATES\WEBREBATES1.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\CXTPLS\CXTPLS.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cgi.verizon.n...=5.1&bm=bz_home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\PROGRAM FILES\CXTPLS\CXTPLS.DLL
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\PROGRAM FILES\SIDEFIND\SFBHO.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\PROGRA~1\YOURSI~1\YSB.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QOELOADER] "C:\PROGRAM FILES\QURB\QSP-2.1.213.3\QOELoader.exe"
O4 - HKLM\..\Run: [BACKLOG] "C:\Program Files\Norton AntiVirus\BACKLOG.EXE" C:\Program Files\Norton AntiVirus\nav95.isu
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE /q
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [¢‰¸ï0+¿ÔÇè]mú*àaîžiC:\Program Files\ISTsvc\istsvc.exe] C:\KKYJOEL.EXE
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
O4 - HKLM\..\Run: [WebRebates0] "C:\PROGRAM FILES\WEB_REBATES\WebRebates0.exe"
O4 - HKLM\..\Run: [IST Service] \ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\QBUpdate.exe
O4 - Startup: OZ-800 Synchronization Software.lnk = C:\Program Files\SHARP\OZ-800\sync.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Dell Home - {8A5B34C0-24E9-11D4-9958-00444FC10000} - http://smbusiness.dellnet.com/ (file missing) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: BBSetup - http://bonzi.www.con...ddy/bbsetup.exe
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs2.chat.yaho...m/v/yacscom.cab
O16 - DPF: {3F555253-868E-11D3-B0E3-001083022D4E} (Install Class) - http://www.instant-d...ll/hpidmuin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {3C648A72-C49A-48EF-9F90-68EF13293F97} (Cacher Class) - http://www.midhudson...ch/XMLCache.CAB
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.co...ysb_1002245.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab

#2
pminch

Posted 02 April 2005 - 10:50 AM

New Member

Topic Starter
Member
7 posts

Further Information

Sorry, we should have mentioned that originally when we ran housecall it said we were infected with Troj_Loader.C, Troj_Loader.D, Troj_Small.SM, and Troj_ISTBAR. We have tried to remove these viruses (using housecalls instruction) but the virus is still there. Now when we run the antivirus software, no viruses are detected, but the problem still remains.

Please help, the computer display is all messed up and we can hardly read a thing, it's driving us crazy.

:tazz:

#3
Guest_thatman_*

Posted 08 April 2005 - 04:09 PM

Guest

Hi pminch and welcome to the forum

Download CWShredder (there is a link in my signature), unzip it, and save it on the Desktop. Please do not run it yet, though.

use add remove program filesunistall the following
C:\Program Files\NewDotNet\newdotnet6_38.dll
C:\PROGRAM FILES\CXTPLS\CXTPLS.DLL
C:\PROGRAM FILES\SIDEFIND\SFBHO.DLL
C:\PROGRA~1\YOURSI~1\YSB.DLL
C:\PROGRAM FILES\WEB_REBATES\WebRebates0.exe
C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL

Download CW-Shredder at the link below:
CWShredder
Run CWShredder to fix your CWS problem.

Please set your system to show {br}all files; please see here if you're unsure how to do this.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cgi.verizon.n...=5.1&bm=bz_home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\PROGRAM FILES\CXTPLS\CXTPLS.DLL
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\PROGRAM FILES\SIDEFIND\SFBHO.DLL
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\PROGRA~1\YOURSI~1\YSB.DLL
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [¢‰¸ï0+¿ÔÇè]mú*àaîžiC:\Program Files\ISTsvc\istsvc.exe] C:\KKYJOEL.EXE
O4 - HKLM\..\Run: [WebRebates0] "C:\PROGRAM FILES\WEB_REBATES\WebRebates0.exe"
O4 - HKLM\..\Run: [IST Service] \ISTsvc\istsvc.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.co...ysb_1002245.cab
Click on Fix Checked when finished and exit HijackThis.
Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:
C:\Program Files\NewDotNet<--delete this folder
C:\PROGRAM FILES\CXTPLS<--delete this folder
C:\PROGRAM FILES\SIDEFIND<--delete this folder
C:\PROGRA~1\YOURSI~1<--delete this folder
C:\KKYJOEL.EXE<--delete this file
C:\PROGRAM FILES\WEB_REBATES<--delete this folder
C:\WINDOWS\\web
Exit Explorer, and reboot as normal afterwards.

Reboot into normal mode.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp

[b]Please post the logs From Panda virus scan and HJT.log we will need them to remove previous infections that have left files on your system.

Kc :tazz:

#4
pminch

Posted 12 April 2005 - 01:41 PM

New Member

Topic Starter
Member
7 posts

I followed your procedure and have tried to run the PandaSoftware scan three times now, however the computer keeps freezing at the end of the scan. It does detect one infection which it cannot disinfect.

I also ran housecall and it told me that it detected no viruses / worms / trojans and 6 spyware programs which it deleted.

The new HijackThis log is below.

Thanks for your help.

Logfile of HijackThis v1.99.1
Scan saved at 3:30:16 PM, on 04/12/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUNOTIFY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\PROGRAM FILES\COMMON FILES\INTUIT\QUICKBOOKS\QBUPDATE\QBUPDATE.EXE
C:\PROGRAM FILES\SHARP\OZ-800\SYNC.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://business.verizon.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [BACKLOG] "C:\Program Files\Norton AntiVirus\BACKLOG.EXE" C:\Program Files\Norton AntiVirus\nav95.isu
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\QBUpdate.exe
O4 - Startup: OZ-800 Synchronization Software.lnk = C:\Program Files\SHARP\OZ-800\sync.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O9 - Extra button: Dell Home - {8A5B34C0-24E9-11D4-9958-00444FC10000} - http://smbusiness.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: BBSetup - http://bonzi.www.con...ddy/bbsetup.exe
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs2.chat.yaho...m/v/yacscom.cab
O16 - DPF: {3F555253-868E-11D3-B0E3-001083022D4E} (Install Class) - http://www.instant-d...ll/hpidmuin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {3C648A72-C49A-48EF-9F90-68EF13293F97} (Cacher Class) - http://www.midhudson...ch/XMLCache.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab

#5
Guest_thatman_*

Posted 12 April 2005 - 02:29 PM

Guest

Hi pminch

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O16 - DPF: BBSetup - http://bonzi.www.con...ddy/bbsetup.exe
O16 - DPF: {3F555253-868E-11D3-B0E3-001083022D4E} (Install Class) - http://www.instant-d...ll/hpidmuin.cab
O16 - DPF: {3C648A72-C49A-48EF-9F90-68EF13293F97} (Cacher Class) - http://www.midhudson...ch/XMLCache.CAB
Click on { red Fix Checked } when finished and exit HijackThis.

Please run the following free, online virus scans.
Pick two from the list.

On line scans:
http://security.syma...com/default.asp?
http://www.ravantivirus.com/scan/
http://www3.ca.com/virusinfo/
http://www.bitdefend...can/licence.php
http://www.commandon.../eval/index.cfm
http://www.freedom.n...viruscheck.html
http://info.ahnlab.com/english/
http://www.pcpitstop...tiVirusCntr.asp

Post any information you have from the scans.

Kc :tazz:

#6
pminch

Posted 13 April 2005 - 11:00 AM

New Member

Topic Starter
Member
7 posts

I ran the Freedom.net virus scan and nothing was detected. I then ran the Ravantivius.com scan and it has detected two viruses (see report below). I notice a lot of these files are emails - are they just simply emails that haven't been deleted off our computer? I though outlook express was giving us the problem previously so I tried to remove it using add/remove programs (maybe this didn't work).

Thanks again for your help, hopefully we've found the problem this time. Just let me know what you think I should do regarding the report files.

Thanks.

Scan started at 04/13/2005 12:05:13 PM

Scanning memory...
c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.58: ("billfeathers" [Re:])->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.58: ("billfeathers" [Re:])->(part0001:YOU_are_FAT!.MP3.scr) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.57: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.57: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:images.DOC.pif) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.55: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.55: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:info.DOC.scr) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.53: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.53: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:Humor.MP3.scr) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.40: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.40: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:ME_NUDE.MP3.scr) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.39: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.39: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:Me_nude.MP3.scr) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.38: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.38: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:YOU_are_FAT!.MP3.scr) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.37: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.37: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:news_doc.DOC.scr) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.30: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.30: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:fun.MP3.pif) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.29: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.29: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:YOU_are_FAT!.MP3.scr) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.28: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.28: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:docs.DOC.pif) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.26: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.26: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:Me_nude.MP3.scr) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.25: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.25: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:fun.MP3.pif) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.22: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.22: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:Humor.MP3.scr) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.21: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.21: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:README.MP3.scr) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.17: ("Sliabh Luachra CES" [Re: Home away from Home ])->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.17: ("Sliabh Luachra CES" [Re: Home away from Home ])->(part0001:ME_NUDE.MP3.scr) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.0: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.0: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:Me_nude.MP3.scr) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.58: ("billfeathers" [Re:])->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.58: ("billfeathers" [Re:])->(part0001:YOU_are_FAT!.MP3.scr) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.57: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.57: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:images.DOC.pif) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.55: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.55: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:info.DOC.scr) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.53: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.53: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:Humor.MP3.scr) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.40: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.40: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:ME_NUDE.MP3.scr) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.39: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.39: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:Me_nude.MP3.scr) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.38: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.38: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:YOU_are_FAT!.MP3.scr) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.37: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.37: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:news_doc.DOC.scr) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.30: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.30: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:fun.MP3.pif) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.29: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.29: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:YOU_are_FAT!.MP3.scr) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.28: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.28: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:docs.DOC.pif) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.26: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.26: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:Me_nude.MP3.scr) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.25: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.25: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:fun.MP3.pif) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.22: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.22: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:Humor.MP3.scr) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.21: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.21: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:README.MP3.scr) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.17: ("Sliabh Luachra CES" [Re: Home away from Home ])->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.17: ("Sliabh Luachra CES" [Re: Home away from Home ])->(part0001:ME_NUDE.MP3.scr) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.0: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.0: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:Me_nude.MP3.scr) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.58: ("billfeathers" [Re:])->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.58: ("billfeathers" [Re:])->(part0001:YOU_are_FAT!.MP3.scr) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.57: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.57: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:images.DOC.pif) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.55: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.55: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:info.DOC.scr) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.53: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.53: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:Humor.MP3.scr) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.40: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.40: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:ME_NUDE.MP3.scr) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.39: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.39: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:Me_nude.MP3.scr) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.38: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.38: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:YOU_are_FAT!.MP3.scr) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.37: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.37: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:news_doc.DOC.scr) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.30: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.30: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:fun.MP3.pif) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.29: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.29: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:YOU_are_FAT!.MP3.scr) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.28: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.28: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:docs.DOC.pif) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.26: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.26: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:Me_nude.MP3.scr) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.25: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.25: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:fun.MP3.pif) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.22: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.22: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:Humor.MP3.scr) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.21: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.21: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:README.MP3.scr) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.17: ("Sliabh Luachra CES" [Re: Home away from Home ])->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.17: ("Sliabh Luachra CES" [Re: Home away from Home ])->(part0001:ME_NUDE.MP3.scr) - Win32/Badtrans.B@mm -> Infected
c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.0: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.0: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:Me_nude.MP3.scr) - Win32/Badtrans.B@mm -> Infected

Scanned
============================
Objects: 57099
Directories: 3782
Archives: 1423
Size(Kb): 312884
Infected files: 102

Found
============================
Viruses found: 2
Suspicious files: 0
Disinfected files: 0
Mail files: 5982

#7
Guest_thatman_*

Posted 14 April 2005 - 01:58 AM

Guest

Hi pminch

Description: This is an exploit that allows execution of an e-mail attachment without needing the user explicit opening of that attachment. This exploit is used by internet worms like Win32/Aliz, Badtrans.B, Klez in order to execute themselves when the infected e-mail is read on destination.
http://www.ravantivi...virus.php?v=100

The description and the solutions for preventing this exploit can be found at:
http://www.microsoft...108/default.asp

search your system for the following items if found delete them.

c:\WINDOWS> Application Data > Identities > {03463660-24E9-11D4-9958-A80E4A4AF423} > Microsoft\Outlook Express > Inbox.dbx-> Message.58: ("billfeathers" [Re:])->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.58: ("billfeathers" [Re:])->(part0001:YOU_are_FAT!.MP3.scr) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.57: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.57: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:images.DOC.pif) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.55: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.55: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:info.DOC.scr) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.53: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.53: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:Humor.MP3.scr) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.40: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.40: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:ME_NUDE.MP3.scr) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.39: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.39: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:Me_nude.MP3.scr) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.38: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.38: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:YOU_are_FAT!.MP3.scr) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.37: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.37: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:news_doc.DOC.scr) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.30: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.30: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:fun.MP3.pif) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.29: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.29: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:YOU_are_FAT!.MP3.scr) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.28: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.28: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:docs.DOC.pif) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.26: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.26: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:Me_nude.MP3.scr) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.25: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.25: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:fun.MP3.pif) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.22: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.22: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:Humor.MP3.scr) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.21: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.21: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:README.MP3.scr) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.17: ("Sliabh Luachra CES" [Re: Home away from Home ])->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.17: ("Sliabh Luachra CES" [Re: Home away from Home ])->(part0001:ME_NUDE.MP3.scr) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.0: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.0: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:Me_nude.MP3.scr) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.58: ("billfeathers" [Re:])->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.58: ("billfeathers" [Re:])->(part0001:YOU_are_FAT!.MP3.scr) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.57: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.57: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:images.DOC.pif) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.55: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.55: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:info.DOC.scr) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.53: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.53: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:Humor.MP3.scr) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.40: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.40: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:ME_NUDE.MP3.scr) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.39: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.39: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:Me_nude.MP3.scr) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.38: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.38: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:YOU_are_FAT!.MP3.scr) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.37: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.37: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:news_doc.DOC.scr) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.30: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.30: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:fun.MP3.pif) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.29: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.29: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:YOU_are_FAT!.MP3.scr) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.28: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.28: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:docs.DOC.pif) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.26: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.26: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:Me_nude.MP3.scr) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.25: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.25: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:fun.MP3.pif) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.22: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.22: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:Humor.MP3.scr) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.21: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.21: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:README.MP3.scr) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.17: ("Sliabh Luachra CES" [Re: Home away from Home ])->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.17: ("Sliabh Luachra CES" [Re: Home away from Home ])->(part0001:ME_NUDE.MP3.scr) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.0: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Profiles\Office2\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.0: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:Me_nude.MP3.scr) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.58: ("billfeathers" [Re:])->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.58: ("billfeathers" [Re:])->(part0001:YOU_are_FAT!.MP3.scr) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.57: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.57: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:images.DOC.pif) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.55: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.55: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:info.DOC.scr) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.53: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.53: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:Humor.MP3.scr) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.40: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.40: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:ME_NUDE.MP3.scr) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.39: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.39: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:Me_nude.MP3.scr) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.38: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.38: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:YOU_are_FAT!.MP3.scr) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.37: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.37: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:news_doc.DOC.scr) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.30: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.30: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:fun.MP3.pif) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.29: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.29: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:YOU_are_FAT!.MP3.scr) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.28: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.28: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:docs.DOC.pif) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.26: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.26: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:Me_nude.MP3.scr) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.25: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.25: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:fun.MP3.pif) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.22: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.22: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:Humor.MP3.scr) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.21: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.21: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:README.MP3.scr) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.17: ("Sliabh Luachra CES" [Re: Home away from Home ])->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.17: ("Sliabh Luachra CES" [Re: Home away from Home ])->(part0001:ME_NUDE.MP3.scr) - Win32/Badtrans.B@mm -> Infected

c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.0: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0000:)->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected

c:\WINDOWS\Profiles\Office1\Application Data\Identities\{03463660-24E9-11D4-9958-A80E4A4AF423}\Microsoft\Outlook Express\Inbox.dbx->Message.0: (Mail Administrator [Mail System Error - Returned Mail])->(part0002:)->(part0001:Me_nude.MP3.scr) - Win32/Badtrans.B@mm -> Infected

Please run the following free, online virus scans. Pick two from the list.
On line scans:
http://security.syma...com/default.asp?
http://www.ravantivirus.com/scan/
http://www3.ca.com/virusinfo/
http://www.bitdefend...can/licence.php
http://www.commandon.../eval/index.cfm
http://www.freedom.n...viruscheck.html
http://info.ahnlab.com/english/
http://www.pcpitstop...tiVirusCntr.asp

Post any information you have from the scans. And a new HJT.log

Kc :tazz:

#8
pminch

Posted 14 April 2005 - 11:58 AM

New Member

Topic Starter
Member
7 posts

Hey Kc,

I deleted the entire outlook express folders in each of the locations as I couldn't get into the specific folders. I ran the ravantivirus.com scan and the www3.ca.com scan and found no infections. I then ran the www.bitdefender.com scan and found 218 infections ( :tazz:

WOW!!), the results of which I have posted below with the new HJT.log.

Thanks again.

C:\WINDOWS\Desktop\Geeks to Go=>wise0023=>arrow1.bmp: password protected
C:\WINDOWS\Desktop\Geeks to Go=>wise0023=>arrow2.bmp: password protected
C:\WINDOWS\Desktop\Geeks to Go=>wise0023=>bck1.bmp: password protected
C:\WINDOWS\Desktop\Geeks to Go=>wise0023=>bck2.bmp: password protected
C:\WINDOWS\Desktop\Geeks to Go=>wise0023=>bt11.bmp: password protected
C:\WINDOWS\Desktop\Geeks to Go=>wise0023=>bt12.bmp: password protected
C:\WINDOWS\Desktop\Geeks to Go=>wise0023=>bt13.bmp: password protected
C:\WINDOWS\Desktop\Geeks to Go=>wise0023=>bt21.bmp: password protected
C:\WINDOWS\Desktop\Geeks to Go=>wise0023=>bt22.bmp: password protected
C:\WINDOWS\Desktop\Geeks to Go=>wise0023=>bt23.bmp: password protected
C:\WINDOWS\Desktop\Geeks to Go=>wise0023=>bt31.bmp: password protected
C:\WINDOWS\Desktop\Geeks to Go=>wise0023=>bt32.bmp: password protected
C:\WINDOWS\Desktop\Geeks to Go=>wise0023=>bt33.bmp: password protected
C:\WINDOWS\Desktop\Geeks to Go=>wise0023=>bt41.bmp: password protected
C:\WINDOWS\Desktop\Geeks to Go=>wise0023=>bt42.bmp: password protected
C:\WINDOWS\Desktop\Geeks to Go=>wise0023=>bt43.bmp: password protected
C:\WINDOWS\Desktop\Geeks to Go=>wise0023=>bt51.bmp: password protected
C:\WINDOWS\Desktop\Geeks to Go=>wise0023=>bt52.bmp: password protected
C:\WINDOWS\Desktop\Geeks to Go=>wise0023=>bt53.bmp: password protected
C:\WINDOWS\Desktop\Geeks to Go=>wise0023=>bt61.bmp: password protected
C:\WINDOWS\Desktop\Geeks to Go=>wise0023=>bt62.bmp: password protected
C:\WINDOWS\Desktop\Geeks to Go=>wise0023=>checkbox1.bmp: password protected
C:\WINDOWS\Desktop\Geeks to Go=>wise0023=>checkbox2.bmp: password protected
C:\WINDOWS\Desktop\Geeks to Go=>wise0023=>checkbox3.bmp: password protected
C:\WINDOWS\Desktop\Geeks to Go=>wise0023=>checkbox4.bmp: password protected
C:\WINDOWS\Desktop\Geeks to Go=>wise0023=>default.skn: password protected
C:\WINDOWS\Desktop\Geeks to Go=>wise0023=>defbtn1.bmp: password protected
C:\WINDOWS\Desktop\Geeks to Go=>wise0023=>defbtn2.bmp: password protected
C:\WINDOWS\Desktop\Geeks to Go=>wise0023=>defbtn3.bmp: password protected
C:\WINDOWS\Desktop\Geeks to Go=>wise0023=>glyph1.bmp: password protected
C:\WINDOWS\Desktop\Geeks to Go=>wise0023=>glyph2.bmp: password protected
C:\WINDOWS\Desktop\Geeks to Go=>wise0023=>glyph3.bmp: password protected
C:\WINDOWS\Desktop\Geeks to Go=>wise0023=>glyph4.bmp: password protected
C:\WINDOWS\Desktop\Geeks to Go=>wise0023=>glyph5.bmp: password protected
C:\WINDOWS\Desktop\Geeks to Go=>wise0023=>glyph6.bmp: password protected
C:\WINDOWS\Desktop\Geeks to Go=>wise0023=>glyph7.bmp: password protected
C:\WINDOWS\Desktop\Geeks to Go=>wise0023=>main.bmp: password protected
C:\WINDOWS\Desktop\Geeks to Go=>wise0023=>preview.bmp: password protected
C:\WINDOWS\Desktop\Geeks to Go=>wise0023=>sprite1.bmp: password protected
C:\WINDOWS\Desktop\Geeks to Go=>wise0023=>tab1.bmp: password protected
C:\WINDOWS\Desktop\Geeks to Go=>wise0023=>tab2.bmp: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip=>RELATED.HTM: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AllInOneTelcom1.zip=>nsupdate.dll: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AllInOneTelcom1.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AllInOneTelcom.zip=>sbRecovery.reg: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AllInOneTelcom.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/Attune.dat: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/Profile.mdb: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/Packages.mdb: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/log.txt: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/Profile.ldb: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/SecMHist.dat: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/comaveo-attune.xml: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Packages/{FB8D54C0-DAA9-11d1-9261-00C026300BD5}/_default.txt: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Packages/{FB8D54C0-DAA9-11d1-9261-00C026300BD5}/_dialog.txt: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Packages/{FB8D54C0-DAA9-11d1-9261-00C026300BD5}/_msagent.txt: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Packages/{FB8D54C0-DAA9-11d1-9261-00C026300BD5}/blseye.gif: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Packages/{FB8D54C0-DAA9-11d1-9261-00C026300BD5}/Description.dat: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Packages/{FB8D54C0-DAA9-11d1-9261-00C026300BD5}/happy.gif: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Packages/{FB8D54C0-DAA9-11d1-9261-00C026300BD5}/main.htm: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Packages/{FB8D54C0-DAA9-11d1-9261-00C026300BD5}/pointer.gif: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Packages/{FB8D54C0-DAA9-11d1-9261-00C026300BD5}/smlAVEO.GIF: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Packages/{FB8D54C0-DAA9-11d1-9261-00C026300BD5}/summary.htm: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Agents/AttuneCommunicationsAgent.dll: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Agents/AttuneDiskSpaceAgent.dll: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Agents/AttuneHardwareAgent.dll: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Agents/AttuneProcessAgent.dll: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Agents/AttuneSoftwareAgent.dll: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Agents/AttuneSystemSoftwareAgent.dll: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Agents/AttuneSystemUsageAgent.dll: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Agents/SystemUsageAgent.log: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Agents/AttuneTimerAgent.dll: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Agents/AttuneWindowAgent.dll: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Agents/ATTUNESYSTEMSOFTWAREAGENT.DAT: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Agents/ATTUNEHARDWAREAGENT.DAT: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Agents/ATTUNESOFTWAREAGENT.DAT: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Actors/com/aveoattune/DIHardwareConfigurationActor.class: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Actors/com/aveoattune/DISoftwareConfigurationActor.class: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Actors/com/aveoattune/DISystemSoftwareConfigurationActor.class: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Actors/com/aveoattune/DISystemUsageActor.class: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Actors/com/aveoattune/DIInitialDataActor.class: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Actors/WindowProcessActor.dll: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comdell/comdell.xml: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comdell/Packages/{34B12500-6AF6-11d3-9C8F-0000399EF209}/Aveo_Icon.gif: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comdell/Packages/{34B12500-6AF6-11d3-9C8F-0000399EF209}/banner.gif: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comdell/Packages/{34B12500-6AF6-11d3-9C8F-0000399EF209}/DellUpdate.bat: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comdell/Packages/{34B12500-6AF6-11d3-9C8F-0000399EF209}/description.dat: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comdell/Packages/{34B12500-6AF6-11d3-9C8F-0000399EF209}/e.gif: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comdell/Packages/{34B12500-6AF6-11d3-9C8F-0000399EF209}/Go.gif: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comdell/Packages/{34B12500-6AF6-11d3-9C8F-0000399EF209}/main.htm: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comdell/Packages/{34B12500-6AF6-11d3-9C8F-0000399EF209}/opt1.htm: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comdell/Packages/{34B12500-6AF6-11d3-9C8F-0000399EF209}/opt2.htm: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comdell/Packages/{34B12500-6AF6-11d3-9C8F-0000399EF209}/opt3.htm: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comdell/Packages/{34B12500-6AF6-11d3-9C8F-0000399EF209}/opt4.htm: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comdell/Packages/{34B12500-6AF6-11d3-9C8F-0000399EF209}/QuestionMark.gif: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comdell/Packages/{34B12500-6AF6-11d3-9C8F-0000399EF209}/smlAVEO.GIF: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comdell/Packages/{34B12500-6AF6-11d3-9C8F-0000399EF209}/summary.htm: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comdell/Packages/{34B12500-6AF6-11d3-9C8F-0000399EF209}/_default.TXT: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comdell/Packages/{34B12500-6AF6-11d3-9C8F-0000399EF209}/_dialog.TXT: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comdell/Packages/{34B12500-6AF6-11d3-9C8F-0000399EF209}/_msagent.TXT: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comdell/Agents/ShellAgent.dll: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comdell/Actors/DellWelcomeActor.class: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/DiscoveryCommonStore.dat: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comattunenetwork/comattunenetwork.xml: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comattunenetwork/Packages/{0D835CF0-FF26-11D2-843D-00C026201AA3}/_default.TXT: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comattunenetwork/Packages/{0D835CF0-FF26-11D2-843D-00C026201AA3}/_dialog.TXT: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comattunenetwork/Packages/{0D835CF0-FF26-11D2-843D-00C026201AA3}/_msagent.TXT: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comattunenetwork/Packages/{0D835CF0-FF26-11D2-843D-00C026201AA3}/BLSEYE.GIF: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comattunenetwork/Packages/{0D835CF0-FF26-11D2-843D-00C026201AA3}/description.dat: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comattunenetwork/Packages/{0D835CF0-FF26-11D2-843D-00C026201AA3}/HAPPY.GIF: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comattunenetwork/Packages/{0D835CF0-FF26-11D2-843D-00C026201AA3}/main.htm: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comattunenetwork/Packages/{0D835CF0-FF26-11D2-843D-00C026201AA3}/POINTER.GIF: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comattunenetwork/Packages/{0D835CF0-FF26-11D2-843D-00C026201AA3}/smlAVEO.GIF: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comattunenetwork/Packages/{0D835CF0-FF26-11D2-843D-00C026201AA3}/summary.htm: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Setup/Uninst.isu: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Setup/_INST32I.EX_: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Setup/_ISDEL.EXE: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Setup/_sys1.cab: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Setup/_sys1.hdr: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Setup/_user1.cab: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Setup/_user1.hdr: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Setup/data1.cab: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Setup/data1.hdr: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Setup/_SETUP.DLL: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Setup/os.dat: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Setup/DATA.TAG: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Setup/SETUP.EXE: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Setup/lang.dat: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Setup/Setup.ins: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Setup/SETUP.INI: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Setup/layout.bin: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Setup/setup.lid: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Setup/ASUtil.dll: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Setup/AttuneInstall.log: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Setup/ASUninstall.exe: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Setup/OCMInstall.log: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Setup/Attune Install.log: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>bin/ADVAPI32.DLL: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>bin/MFC42.DLL: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>bin/MSVCP50.DLL: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>bin/Msvcp60.dll: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>bin/IMAGEHLP.DLL: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>bin/ActorLibrary.dll: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>bin/ActorUtils.dll: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>bin/EngC23.dll: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>bin/agentinst.exe: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>bin/AgentLibrary.dll: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>bin/Attune.exe: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>bin/AttuneClasses.jar: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>bin/AttunePreventAlert.wav: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>bin/AttuneUtils.dll: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>bin/Attune_CU.exe: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>bin/attune_di.exe: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>bin/attune_no.exe: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>bin/attune_ta.exe: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>bin/EngineShared.dll: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>bin/Disk Space Manager.exe: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>bin/EventMap.dll: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>bin/ExceptionList.dll: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>bin/Integrity.dll: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>bin/Kirby.acs: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>bin/PRProf.dll: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>bin/log.exe: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>bin/NOAgent.exe: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>bin/NOPopup.exe: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>bin/NOSysTray.exe: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>bin/ProcessUpdate.dll: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>bin/PSPackageStore.dll: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>bin/PTMBackWeb.dll: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>bin/PTMHttp.dll: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>bin/manifest.dat: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>bin/receiver.exe: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>bin/relationshiptrust.dll: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>bin/RelationshipManagement.exe: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>bin/integrity.chk: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>bin/Attune_ST.exe: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>bin/DiscoveryEngineps.dll: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/Character.bmp: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/bkgd_Other.BMP: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/btn_NavMsg_X.BMP: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/btn_NavRel_D.BMP: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/btn_NavRel_U.BMP: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/btn_NavWel_D.BMP: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/btn_NavWel_U.BMP: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/btn_PriState_U.BMP: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/Dialog_Logo.BMP: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/btn_Msg_D.bmp: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/btn_Msg_U.bmp: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/btn_RelSet_D.bmp: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/btn_RelSet_U.bmp: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/summary.htm: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/PopUpDialog.bmp: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/splash_bw.bmp: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/whatis.txt: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/About_box.BMP: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/Attune_logo_.BMP: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/Enabled.ico: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/btn_NavRel_X.BMP: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/btn_NavWel_X.BMP: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/btn_SharedState_U.BMP: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/btn_AboutPri_R.BMP: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/blank.htm: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/btn_AboutPri_D.bmp: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/btn_AboutPri_U.bmp: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/SystemTrayIcon.bmp: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/btn_print_d.bmp: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/btn_print_u.bmp: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/Disabled.ico: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/main.htm: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/prevent_logo.bmp: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/splash.bmp: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/Sys_Tray_Icon.ico: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/btn_Overview_R.BMP: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/bkgd_Welcome.BMP: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/btn_NavMsg_D.BMP: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/btn_NavMsg_U.BMP: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/btn_Overview_D.bmp: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/btn_Overview_U.bmp: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/btn_Msg_R.BMP: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Bitmap/btn_RelSet_R.BMP: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Help/Tutorial.htm: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Help/overview.exe: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Help/AttuneHelp.chm: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Help/AveoFacesBack.gif: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Help/smlAVEO.GIF: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Readme.txt: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>End User License.doc: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Attune.lnk: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Attune Help.lnk: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Received/Maintenance/attributes.dat: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Received/AttuneNetwork/Attributes.dat: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Received/Dell/Attributes.dat: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Received/Fi/Data/comdell/0009/Packages/{0E9CE9A8-A8D5-11D3-AF8B-00C04F7C61CF}/_default.txt: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Received/Fi/Data/comdell/0009/Packages/{0E9CE9A8-A8D5-11D3-AF8B-00C04F7C61CF}/summary.htm: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Received/Fi/Data/comdell/0009/Packages/{0E9CE9A8-A8D5-11D3-AF8B-00C04F7C61CF}/_dialog.txt: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Received/Fi/Data/comdell/0009/Packages/{0E9CE9A8-A8D5-11D3-AF8B-00C04F7C61CF}/description.dat: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Received/Fi/Data/comdell/0009/Packages/{0E9CE9A8-A8D5-11D3-AF8B-00C04F7C61CF}/banner.gif: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Received/Fi/Data/comdell/0009/Packages/{0E9CE9A8-A8D5-11D3-AF8B-00C04F7C61CF}/e.gif: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Received/Fi/Data/comdell/0009/Packages/{0E9CE9A8-A8D5-11D3-AF8B-00C04F7C61CF}/bluearrow.gif: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Received/Fi/Data/comdell/0009/Packages/{0E9CE9A8-A8D5-11D3-AF8B-00C04F7C61CF}/_msagent.txt: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Received/Fi/Data/comdell/0009/Packages/{0E9CE9A8-A8D5-11D3-AF8B-00C04F7C61CF}/main.htm: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Received/Fi/Data/comdell/0009/Packages/{0E9CE9A8-A8D5-11D3-AF8B-00C04F7C61CF}/GO.GIF: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Received/Fi/Data/comdell/0009/Packages/{0E9CE9A8-A8D5-11D3-AF8B-00C04F7C61CF}/peer-to-peer.htm: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Received/Fi/Data/comdell/0009/Packages/{23DDD124-703A-11D3-A0A8-00C04F8EB640}/_default.txt: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Received/Fi/Data/comdell/0009/Packages/{23DDD124-703A-11D3-A0A8-00C04F8EB640}/summary.htm: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Received/Fi/Data/comdell/0009/Packages/{23DDD124-703A-11D3-A0A8-00C04F8EB640}/_dialog.txt: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Received/Fi/Data/comdell/0009/Packages/{23DDD124-703A-11D3-A0A8-00C04F8EB640}/description.dat: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Received/Fi/Data/comdell/0009/Packages/{23DDD124-703A-11D3-A0A8-00C04F8EB640}/banner.gif: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Received/Fi/Data/comdell/0009/Packages/{23DDD124-703A-11D3-A0A8-00C04F8EB640}/e.gif: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Received/Fi/Data/comdell/0009/Packages/{23DDD124-703A-11D3-A0A8-00C04F8EB640}/bluearrow.gif: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Received/Fi/Data/comdell/0009/Packages/{23DDD124-703A-11D3-A0A8-00C04F8EB640}/_msagent.txt: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Received/Fi/Data/comdell/0009/Packages/{23DDD124-703A-11D3-A0A8-00C04F8EB640}/main.htm: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Received/Fi/Data/comdell/0009/Packages/{0E9CE9A6-A8D5-11D3-AF8B-00C04F7C61CF}/_default.txt: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Received/Fi/Data/comdell/0009/Packages/{0E9CE9A6-A8D5-11D3-AF8B-00C04F7C61CF}/summary.htm: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Received/Fi/Data/comdell/0009/Packages/{0E9CE9A6-A8D5-11D3-AF8B-00C04F7C61CF}/_dialog.txt: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Received/Fi/Data/comdell/0009/Packages/{0E9CE9A6-A8D5-11D3-AF8B-00C04F7C61CF}/description.dat: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Received/Fi/Data/comdell/0009/Packages/{0E9CE9A6-A8D5-11D3-AF8B-00C04F7C61CF}/banner.gif: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Received/Fi/Data/comdell/0009/Packages/{0E9CE9A6-A8D5-11D3-AF8B-00C04F7C61CF}/e.gif: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Received/Fi/Data/comdell/0009/Packages/{0E9CE9A6-A8D5-11D3-AF8B-00C04F7C61CF}/bluearrow.gif: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Received/Fi/Data/comdell/0009/Packages/{0E9CE9A6-A8D5-11D3-AF8B-00C04F7C61CF}/_msagent.txt: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Received/Fi/Data/comdell/0009/Packages/{0E9CE9A6-A8D5-11D3-AF8B-00C04F7C61CF}/main.htm: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Received/Fi/Data/comdell/0009/Packages/{0E9CE9A6-A8D5-11D3-AF8B-00C04F7C61CF}/GO.GIF: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Received/Fi/Data/comdell/0009/Packages/{0E9CE9A5-A8D5-11D3-AF8B-00C04F7C61CF}/_default.txt: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Received/Fi/Data/comdell/0009/Packages/{0E9CE9A5-A8D5-11D3-AF8B-00C04F7C61CF}/summary.htm: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Received/Fi/Data/comdell/0009/Packages/{0E9CE9A5-A8D5-11D3-AF8B-00C04F7C61CF}/_dialog.txt: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Received/Fi/Data/comdell/0009/Packages/{0E9CE9A5-A8D5-11D3-AF8B-00C04F7C61CF}/description.dat: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Received/Fi/Data/comdell/0009/Packages/{0E9CE9A5-A8D5-11D3-AF8B-00C04F7C61CF}/banner.gif: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Received/Fi/Data/comdell/0009/Packages/{0E9CE9A5-A8D5-11D3-AF8B-00C04F7C61CF}/e.gif: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Received/Fi/Data/comdell/0009/Packages/{0E9CE9A5-A8D5-11D3-AF8B-00C04F7C61CF}/bluearrow.gif: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Received/Fi/Data/comdell/0009/Packages/{0E9CE9A5-A8D5-11D3-AF8B-00C04F7C61CF}/_msagent.txt: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Received/Fi/Data/comdell/0009/Packages/{0E9CE9A5-A8D5-11D3-AF8B-00C04F7C61CF}/main.htm: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AllInOneTelcom2.zip=>sbRecovery.reg: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AllInOneTelcom2.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AllInOneTelcom3.zip=>sbRecovery.reg: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AllInOneTelcom3.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy.zip=>Short.acs: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune1.zip=>sbRecovery.reg: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Attune1.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy1.zip=>Finish Installing....lnk: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy1.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy2.zip=>BonziTapFilters.dll: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy2.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy3.zip=>BBuddyMini.exe: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy3.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy9.zip=>WCInst.exe: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy9.zip=>WebCompass.dll: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy9.zip=>WCRes.dll: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy9.zip=>WCLogic.dll: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy9.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy4.zip=>sbRecovery.reg: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy4.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy5.zip=>sbRecovery.reg: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy5.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy6.zip=>sbRecovery.reg: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy6.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy7.zip=>sbRecovery.reg: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy7.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy8.zip=>sbRecovery.reg: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy8.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy10.zip=>INSTALL.LOG: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy10.zip=>favicon.ico: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy10.zip=>bbsmartstubfal.exe: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy10.zip=>bbsmartsetup.exe: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy10.zip=>MSagent.exe: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy10.zip=>CTBResources.dll: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy10.zip=>CTB.exe: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy10.zip=>CTBRTE2.dll: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy10.zip=>UNWISE.EXE: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy10.zip=>BonziBDY.EXE: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy10.zip=>tv_enua.exe: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy10.zip=>SaveNowInst.exe: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy10.zip=>WCInst.exe: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy10.zip=>WCLogic.dll: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy10.zip=>WCRes.dll: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy10.zip=>WebCompass.dll: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy10.zip=>BBGoldMember.exe: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy10.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy11.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Unknown.zip=>nsupd9x.inf: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Unknown.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy12.zip=>sbRecovery.reg: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy12.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy13.zip=>sbRecovery.reg: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy13.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy14.zip=>sbRecovery.reg: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy14.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy15.zip=>sbRecovery.reg: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy15.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy16.zip=>sbRecovery.reg: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy16.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy17.zip=>sbRecovery.reg: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy17.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy18.zip=>sbRecovery.reg: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BonziBuddy18.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ClickTheButton.zip=>sbRecovery.reg: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ClickTheButton.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit.zip=>sbRecovery.reg: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Unknown1.zip=>NSupd9x.inf: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Unknown1.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WhenUSaveNow.zip=>save.db: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WhenUSaveNow.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Unknown2.zip=>sbRecovery.reg: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Unknown2.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WhenUSaveNow1.zip=>Save.exe: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WhenUSaveNow1.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WhenUSaveNow2.zip=>SaveUninst.exe: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WhenUSaveNow2.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WhenUSaveNow3.zip=>save.htm: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WhenUSaveNow3.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WhenUSaveNow5.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WhenUSaveNow4.zip=>sbRecovery.reg: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WhenUSaveNow4.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WhenUSaveNow6.zip=>sbRecovery.reg: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WhenUSaveNow6.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WhenUSaveNow7.zip=>sbRecovery.reg: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WhenUSaveNow7.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit1.zip=>sbRecovery.reg: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit1.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit2.zip=>sbRecovery.reg: password protected
C:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit2.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Profiles\Office2\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip=>RELATED.HTM: password protected
C:\WINDOWS\Profiles\Office2\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Profiles\Office2\Application Data\Spybot - Search & Destroy\Recovery\AllInOneTelcom1.zip=>nsupdate.dll: password protected
C:\WINDOWS\Profiles\Office2\Application Data\Spybot - Search & Destroy\Recovery\AllInOneTelcom1.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Profiles\Office2\Application Data\Spybot - Search & Destroy\Recovery\AllInOneTelcom.zip=>sbRecovery.reg: password protected
C:\WINDOWS\Profiles\Office2\Application Data\Spybot - Search & Destroy\Recovery\AllInOneTelcom.zip=>sbRecovery.ini: password protected
C:\WINDOWS\Profiles\Office2\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/Attune.dat: password protected
C:\WINDOWS\Profiles\Office2\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/Profile.mdb: password protected
C:\WINDOWS\Profiles\Office2\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/Packages.mdb: password protected
C:\WINDOWS\Profiles\Office2\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/log.txt: password protected
C:\WINDOWS\Profiles\Office2\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/Profile.ldb: password protected
C:\WINDOWS\Profiles\Office2\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/SecMHist.dat: password protected
C:\WINDOWS\Profiles\Office2\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/comaveo-attune.xml: password protected
C:\WINDOWS\Profiles\Office2\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Packages/{FB8D54C0-DAA9-11d1-9261-00C026300BD5}/_default.txt: password protected
C:\WINDOWS\Profiles\Office2\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Packages/{FB8D54C0-DAA9-11d1-9261-00C026300BD5}/_dialog.txt: password protected
C:\WINDOWS\Profiles\Office2\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Packages/{FB8D54C0-DAA9-11d1-9261-00C026300BD5}/_msagent.txt: password protected
C:\WINDOWS\Profiles\Office2\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Packages/{FB8D54C0-DAA9-11d1-9261-00C026300BD5}/blseye.gif: password protected
C:\WINDOWS\Profiles\Office2\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Packages/{FB8D54C0-DAA9-11d1-9261-00C026300BD5}/Description.dat: password protected
C:\WINDOWS\Profiles\Office2\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Packages/{FB8D54C0-DAA9-11d1-9261-00C026300BD5}/happy.gif: password protected
C:\WINDOWS\Profiles\Office2\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Packages/{FB8D54C0-DAA9-11d1-9261-00C026300BD5}/main.htm: password protected
C:\WINDOWS\Profiles\Office2\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Packages/{FB8D54C0-DAA9-11d1-9261-00C026300BD5}/pointer.gif: password protected
C:\WINDOWS\Profiles\Office2\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Packages/{FB8D54C0-DAA9-11d1-9261-00C026300BD5}/smlAVEO.GIF: password protected
C:\WINDOWS\Profiles\Office2\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Packages/{FB8D54C0-DAA9-11d1-9261-00C026300BD5}/summary.htm: password protected
C:\WINDOWS\Profiles\Office2\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Agents/AttuneCommunicationsAgent.dll: password protected
C:\WINDOWS\Profiles\Office2\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Agents/AttuneDiskSpaceAgent.dll: password protected
C:\WINDOWS\Profiles\Office2\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Agents/AttuneHardwareAgent.dll: password protected
C:\WINDOWS\Profiles\Office2\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Agents/AttuneProcessAgent.dll: password protected
C:\WINDOWS\Profiles\Office2\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Agents/AttuneSoftwareAgent.dll: password protected
C:\WINDOWS\Profiles\Office2\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Agents/AttuneSystemSoftwareAgent.dll: password protected
C:\WINDOWS\Profiles\Office2\Application Data\Spybot - Search & Destroy\Recovery\Attune.zip=>Data/comaveo-attune/Agents/AttuneSystemUsageA

#9
pminch

Posted 14 April 2005 - 01:29 PM

New Member

Topic Starter
Member
7 posts

Sorry, the scan results and HJT log didn't seem to post - I've attached them instead.

Thanks again.

Attached Files

ScanResults.doc 378KB 23 downloads

#10
Guest_thatman_*

Posted 15 April 2005 - 06:25 AM

Guest

Hi pminch

C:\WINDOWS\Desktop\Geeks to Go<--Delete the whole folder

Delete all the Spybot - Search & Destroy Recovery file's.

Empty the recycle bin

Reboot

Run a scan with Bitdefender. Be sure and Check Auto Clean. Make a note of anything it can't remove.

Kc :tazz:

#11
pminch

Posted 15 April 2005 - 09:45 AM

New Member

Topic Starter
Member
7 posts

Hey Kc

If think we're now virus free - per your instructions, I delete the files and ran bitdefender again - it detected nothing. However, our monitor display problem still remained.

I changed the video card on the computer this morning and everything is now as good as new.

Thanks so much for your time and effort.

All the best.

:tazz:

#12
Guest_thatman_*

Posted 15 April 2005 - 10:36 AM

Guest

Hi pminch

Congratulations! Your system is CLEAN :tazz:

Download the Microsoft Antispyware

Download the CCleaner unzip the file to install.
Open CCleaner.
Place a check by everything in the Applications tab.
Place a check by Internet Explorer, Windows explorer, and System in the Windows tab.
Run the ccleaner

Clean out all temp files in Mozilla, Internet Explorer.
Internet Explorer: Tools/ Internet Options/ General/ Temporary internet files/ Delete Files (NOTE, that this may take very long!). You can also set the memory limit to about 80 MB at the Settings.

Mozilla: Edit/ Options/ Extended/ Cache/ Clear Cache

Turn of system restore
Disabling or enabling Windows XP System Restore

Defrag your hard drive. Turn system restore back on and create a new restore point.

How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use). Click Here
QUOTE
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.

It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here http://windowsupdate.microsoft.com/ to make sure that you have the latest patches for Windows.

These next two steps are optional, but will provide the greatest protection.
1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend FireFox user posted image.
2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine .

After doing all these, your system will be thoroughly protected from future threats.