Hi Tampabelle,
I did a scan with Kapersky. Hope thats ok
Here is the new HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 15:18:59, on 17/08/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CA\eTrust\InoculateIT\realmon.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINNT\Downloaded Program Files\UWFX5LP_0001_0803NetInstaller.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.msn.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
http://PP3:8080O1 - Hosts: 255.255.255.255 ar.atwola.com atdmt.com avp.ch avp.com avp.ru awaps.net ca.com dispatch.mcafee.com download.mcafee.com download.microsoft.com downloads.microsoft.com engine.awaps.net f-secure.com ftp.f-secure.com ftp.sophos.com go.microsoft.com liveupdate.symantec.com mast.mcafee.com mcafee.com msdn.microsoft.com my-etrust.com nai.com networkassociates.com office.microsoft.com phx.corporate-ir.net secure.nai.com securityresponse.symantec.com service1.symantec.com sophos.com spd.atdmt.com support.microsoft.com symantec.com update.symantec.com updates.symantec.com us.mcafee.com vil.nai.com viruslist.ru windowsupdate.microsoft.com www.avp.ch www.avp.com www.avp.ru www.awaps.net www.ca.com www.f-secure.com www.kaspersky.ru www.mcafee.com www.my-etrust.com www.nai.com www.networkassociates.com www.sophos.com www.symantec.com www.trendmicro.com www.viruslist.com www.viruslist.ru www3.ca.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrust\InoculateIT\realmon.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKCU\..\Run: [NI.UWFX5LP_0001_0803] "C:\WINNT\Downloaded Program Files\UWFX5LP_0001_0803NetInstaller.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1122910406445O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai...all/xscan53.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft...free/asinst.cabO16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} (VacPro.internazionale_ver11) -
http://advnt01.com/d...onale_ver11.CABO16 - DPF: {E9472078-EBA7-4885-8768-80ACF6F94553} (ClientSetup.RunSetup) -
http://www.screenpag...ClientSetup.CABO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PARTYPIECES.CO.UK
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PARTYPIECES.CO.UK
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = PARTYPIECES.CO.UK
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: eTrust InoculateIT RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
O23 - Service: eTrust InoculateIT Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
O23 - Service: eTrust InoculateIT Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINNT\LogWatNT.exe
and the kapersky log:-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, August 17, 2005 15:15:57
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 17/08/2005
Kaspersky Anti-Virus database records: 135620
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
Scan Statistics:
Total number of scanned objects: 40364
Number of viruses found: 11
Number of infected objects: 113
Number of suspicious objects: 17
Duration of the scan process: 1315 sec
Infected Object Name - Virus Name
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/30 Dec 2004 16:23 from
[email protected]:Protected Mail /msg_sales.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/30 Dec 2004 16:23 from
[email protected]:Protected Mail /msg_sales.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/15 Dec 2004 10:06 from
[email protected]:R/your_product.pif Infected: Email-Worm.Win32.NetSky.d
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Dec 2004 20:26 from
[email protected]:Re: Confirmation/aol_1237.scr Infected: Email-Worm.Win32.Sober.i
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/10 Dec 2004 10:11 from
[email protected]:Re: Your /your_website.pif Infected: Email-Worm.Win32.NetSky.d
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/08 Dec 2004 09:59 from
[email protected]:R/document.pif Infected: Email-Worm.Win32.NetSky.d
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/08 Dec 2004 07:16 from
[email protected]:Re: Secure deli/message.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/08 Dec 2004 07:16 from
[email protected]:Re: Secure deli/message.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/07 Dec 2004 15:57 from
[email protected]:Mail Delivery .rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/07 Dec 2004 15:57 from
[email protected]:Mail Delivery /message.scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/06 Dec 2004 16:56 from
[email protected]:Ma/auto__mail.chauffeured-parking6419.word.bat Infected: Email-Worm.Win32.Sober.i
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/01 Dec 2004 20:51 from
[email protected]:Re: Virus Sample/datfiles_sales.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/01 Dec 2004 20:51 from
[email protected]:Re: Virus Sample/datfiles_sales.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/30 Nov 2004 21:24 from
[email protected]:sales@partyp/instruction.zip/instruction.html .com Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/30 Nov 2004 21:24 from
[email protected]:sales@partyp/instruction.zip Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/26 Nov 2004 12:49 from
[email protected]:Thank you!/details.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/26 Nov 2004 12:49 from
[email protected]:Thank you!/details.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/25 Nov 2004 19:47 from
[email protected]:Hi/Bill.zip/Bill.txt .exe Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/25 Nov 2004 19:47 from
[email protected]:Hi/Bill.zip Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/25 Nov 2004 04:28 from
[email protected]:Mail Delivery.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/25 Nov 2004 04:28 from
[email protected]:Mail Delivery/message.scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/23 Nov 2004 21:22 from
[email protected]:Mail Del.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/23 Nov 2004 21:22 from
[email protected]:Mail Del/message.scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Nov 2004 20:55 from
[email protected]:Re: Bad Request/msg_sales.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Nov 2004 20:55 from
[email protected]:Re: Bad Request/msg_sales.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/15 Nov 2004 15:49 from The Post Office:Returned mail: Data forma/document.zip/document.doc .pif Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/15 Nov 2004 15:49 from The Post Office:Returned mail: Data forma/document.zip Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 22:38 from System Administrator:Undeliverable: Mail /14 Nov 2004 22:30 from PP Sales:Mail Delivery (failure gqjzqsnjk.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 22:38 from System Administrator:Undeliverable: Mail /14 Nov 2004 22:30 from PP Sales:Mail Delivery (failure gqjzqsnjk/message.scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/15 Nov 2004 06:50 from
[email protected]:News/report01.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/15 Nov 2004 06:50 from
[email protected]:News/report01.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 22:43 from
[email protected]:Mail De.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 22:43 from
[email protected]:Mail De/message.scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 22:25 from
[email protected]:Re: Free [bleep]/www.freeporn4all.doc.pif Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 21:56 from
[email protected]:Mail Delivery (failu.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 21:56 from
[email protected]:Mail Delivery (failu/message.scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 21:46 from
[email protected]:Illegal Website/list.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 21:46 from
[email protected]:Illegal Website/list.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 21:46 from
[email protected]:Mail Delivery (f.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 21:46 from
[email protected]:Mail Delivery (f/message.scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 21:35 from Debbie Wood:Important/document.zip/document.txt .scr Infected: Email-Worm.Win32.Mabutu.a
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 21:35 from Debbie Wood:Important/document.zip Infected: Email-Worm.Win32.Mabutu.a
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 21:32 from
[email protected]:Re: file/file.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 21:32 from
[email protected]:Re: file/file.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 20:18 from
[email protected]:Mail Delivery (.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 20:18 from
[email protected]:Mail Delivery (/message.scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 20:11 from
[email protected]:here/bill.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 20:11 from
[email protected]:here/bill.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 19:48 from
[email protected]:Private document/about_you.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 19:48 from
[email protected]:Private document/about_you.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 19:45 from
[email protected]:Re: Proof of concept/part_01.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/14 Nov 2004 19:45 from
[email protected]:Re: Proof of concept/part_01.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/13 Nov 2004 09:08 from Halifax:Important bank mail from Halifax .rtf Infected: Trojan-Spy.HTML.Bankfraud.hs
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/09 Nov 2004 22:51 from
[email protected]:Mail Delivery (failure s.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/09 Nov 2004 22:51 from
[email protected]:Mail Delivery (failure s/message.scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/06 Nov 2004 09:58 from
[email protected]:message/message.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/06 Nov 2004 09:58 from
[email protected]:message/message.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/04 Nov 2004 19:44 from Mail Administrator:hi/attachment.zip/attachment.zip/attachment.html .pif Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/04 Nov 2004 19:44 from Mail Administrator:hi/attachment.zip/attachment.zip Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/04 Nov 2004 19:44 from Mail Administrator:hi/attachment.zip Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/03 Nov 2004 12:02 from
[email protected]:Mail System /instruction.com Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/02 Nov 2004 23:53 from noreply@sales:Mail Account/account.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/02 Nov 2004 23:53 from noreply@sales:Mail Account/account.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/02 Nov 2004 22:21 from
[email protected]:F.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/02 Nov 2004 22:21 from
[email protected]:F/message.pif Infected: Email-Worm.Win32.NetSky.r
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/02 Nov 2004 10:42 from Mail Delivery Subsystem:Status/Attachment.pif Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/28 Oct 2004 16:05 from
[email protected]:Do/details.exe Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/27 Oct 2004 19:39 from System Administrator:Undeliverable: Mail /27 Oct 2004 19:29 to
[email protected]:Mail Delivery (failure .rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/27 Oct 2004 19:39 from System Administrator:Undeliverable: Mail /27 Oct 2004 19:29 to
[email protected]:Mail Delivery (failure /message.scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/27 Oct 2004 21:29 from Administrator:Delivery failed/mail.zip/mail.htm .scr Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/27 Oct 2004 21:29 from Administrator:Delivery failed/mail.zip Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/27 Oct 2004 20:32 from
[email protected]:Mail Delivery (failure .rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/27 Oct 2004 20:32 from
[email protected]:Mail Delivery (failure /message.scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/27 Oct 2004 19:33 from
[email protected]:Mail Delivery System.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/27 Oct 2004 19:33 from
[email protected]:Mail Delivery System/message.pif Infected: Email-Worm.Win32.NetSky.r
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/27 Oct 2004 19:33 from
[email protected]:Delivery (sales@partyp/msg19275.pif Infected: Email-Worm.Win32.NetSky.r
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/27 Oct 2004 16:50 from System Administrator:Undeliverable: Re: O/27 Oct 2004 16:42 to
[email protected]:Re: Order/data02.scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/27 Oct 2004 08:59 from System Administrator:Undeliverable: Funny/27 Oct 2004 08:54 from PP Sales:Funny/your_text.pif Infected: Email-Worm.Win32.NetSky.ac
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/26 Oct 2004 20:24 from CFML / Greg Shepherd: [CFML] L1: v MK Don.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/24 Oct 2004 22:12 from
[email protected]:Delivery Bot (sale/message15784.pif Infected: Email-Worm.Win32.NetSky.r
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/24 Oct 2004 20:38 from
[email protected]:Mail Delivery failu/mail25980.pif Infected: Email-Worm.Win32.NetSky.r
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/21 Oct 2004 17:42 from
[email protected]:Re: thanks!/bill_sales.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/21 Oct 2004 17:42 from
[email protected]:Re: thanks!/bill_sales.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/21 Oct 2004 17:13 from
[email protected]:Mail .rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/21 Oct 2004 17:13 from
[email protected]:Mail /message.scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/21 Oct 2004 16:16 from System Administrator:Undeliverable: Funny/21 Oct 2004 16:02 to
[email protected]:Funny/your_text.pif Infected: Email-Worm.Win32.NetSky.ac
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/21 Oct 2004 16:14 from
[email protected]:Document/Bill.zip/Bill.txt .exe Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/21 Oct 2004 16:14 from
[email protected]:Document/Bill.zip Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/21 Oct 2004 16:05 from
[email protected]:Document/Details.zip/Details.txt .exe Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/21 Oct 2004 16:05 from
[email protected]:Document/Details.zip Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/21 Oct 2004 15:54 from
[email protected]:Re: Hello/summary2004.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/21 Oct 2004 15:54 from
[email protected]:Re: Hello/summary2004.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/20 Oct 2004 16:26 from
[email protected]:Important/Informations.zip/Informations.txt .exe Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/20 Oct 2004 16:26 from
[email protected]:Important/Informations.zip Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/20 Oct 2004 16:04 from
[email protected]:Do you?/d4334938_sales.scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/20 Oct 2004 13:44 from
[email protected]:Re: Delivery /message_sales.scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/20 Oct 2004 12:52 from
[email protected]:Re: Here i/document_full.pif Infected: Email-Worm.Win32.NetSky.d
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/20 Oct 2004 09:22 from
[email protected]:Hi/Important.zip/Important.txt .exe Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/20 Oct 2004 09:22 from
[email protected]:Hi/Important.zip Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Oct 2004 21:25 from
[email protected]:Re: approved/document.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Oct 2004 21:25 from
[email protected]:Re: approved/document.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Oct 2004 20:28 from
[email protected]:Re: Re: /message_details.pif Infected: Email-Worm.Win32.NetSky.d
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Oct 2004 20:03 from
[email protected]:Unknown Exception (sales.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Oct 2004 20:03 from
[email protected]:Unknown Exception (sales/message.pif Infected: Email-Worm.Win32.NetSky.r
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Oct 2004 19:28 from
[email protected]:Re: /document09.scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Oct 2004 18:50 from
[email protected]:Illegal Website/details.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Oct 2004 18:50 from
[email protected]:Illegal Website/details.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Oct 2004 18:48 from
[email protected]:Hi/Part-2.zip/Part-2.txt .exe Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Oct 2004 18:48 from
[email protected]:Hi/Part-2.zip Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Oct 2004 18:27 from
[email protected]:Hi/Bill.zip/Bill.txt .exe Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Oct 2004 18:27 from
[email protected]:Hi/Bill.zip Infected: Email-Worm.Win32.NetSky.aa
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Oct 2004 17:54 from
[email protected]:Re: Re: improved/information.zip/details.txt .pif Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Oct 2004 17:54 from
[email protected]:Re: Re: improved/information.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Oct 2004 17:26 from
[email protected]:Delivery (sal/message6671.zip Infected: Email-Worm.Win32.NetSky.r
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Oct 2004 15:59 from
[email protected]:Mail Delivery (fail.rtf Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Oct 2004 15:59 from
[email protected]:Mail Delivery (fail/message.scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Oct 2004 15:49 from
[email protected]:delivery failed/letter.zip/letter.zip/letter.txt .exe Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Oct 2004 15:49 from
[email protected]:delivery failed/letter.zip/letter.zip Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Oct 2004 15:49 from
[email protected]:delivery failed/letter.zip Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/19 Oct 2004 12:34 from
[email protected]:Re: Your document/your_document.pif Infected: Email-Worm.Win32.NetSky.d
C:\Documents and Settings\sales\Local Settings\Application Data\Microsoft\Outlook\archive.pst Infected: Email-Worm.Win32.NetSky.d
C:\WINNT\system32\drivers\etc\hosts Infected: Trojan.Win32.Qhost
F:\QADATA\RPM\BACKUP.PST/Personal Folders/Inbox/12 Mar 2004 14:56 from
[email protected]:Re: Your letter/your_letter.pif Infected: Email-Worm.Win32.NetSky.d
F:\QADATA\RPM\BACKUP.PST/Personal Folders/Inbox/01 Mar 2004 14:06 from
[email protected]:Re: Your pi/your_picture.pif Infected: Email-Worm.Win32.NetSky.d
F:\QADATA\RPM\BACKUP.PST/Personal Folders/Inbox/01 Mar 2004 13:47 from
[email protected]:Re: My detail/my_details.pif Infected: Email-Worm.Win32.NetSky.d
F:\QADATA\RPM\BACKUP.PST/Personal Folders/Inbox/01 Mar 2004 12:30 from
[email protected]:Re: Hello/your_picture.pif Infected: Email-Worm.Win32.NetSky.d
F:\QADATA\RPM\BACKUP.PST/Personal Folders/Inbox/01 Mar 2004 11:24 from
[email protected]:Re: Your tex/your_text.pif Infected: Email-Worm.Win32.NetSky.d
F:\QADATA\RPM\BACKUP.PST Infected: Email-Worm.Win32.NetSky.d
F:\QADATA\CRDATA\MESSAGE.SCR Infected: Email-Worm.Win32.NetSky.q
F:\QADATA\CRDATA\MESSAGE.PIF Infected: Email-Worm.Win32.NetSky.r
Scan process completed.