Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winhound.exe Infection


  • This topic is locked This topic is locked
15 replies to this topic

#1 anjur

anjur

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 07 December 2005 - 10:36 AM

Hello,
I recently got infected with windhound.exe
I followed steps from another post in this forum
(installed smitrem, evido and cleanit, and ran it in the safe mode).
One thing still makes me think the infection is not 100% gone
Although the 'trademark' yellow rectangle with the 'you have spyware' message is gone, the
desktop background can not be restored (i.e. if I make it a particular color - that color shows up unde icon titles, but the actual background always stays white)
Other than that there are no other malfunctions.

Another detail - while I did follow the steps , one particular step didn't work:
in normal mode ewido would start up, show for a second and disappear, so I was never
able to click on update. In safe mode it worked

Here is the current HJT state, any help is appreciated:



Logfile of HijackThis v1.99.1
Scan saved at 9:33:15 AM, on 12/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slpservice.exe
C:\WINDOWS\system32\slpmonx.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\eFax Messenger Plus 3.3\J2GDllCmd.exe
C:\Program Files\eFax Messenger Plus 3.3\J2GTray.exe
C:\WINDOWS\Seiko\slpcap.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\nj\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Home\wsbho2k0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\PROGRA~1\Zend\ZENDST~2.0BE\bin\ZENDIE~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: eFax Live Menu 3.3.lnk = C:\Program Files\eFax Messenger Plus 3.3\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 3.3.lnk = C:\Program Files\eFax Messenger Plus 3.3\J2GTray.exe
O4 - Global Startup: SmartCapture.lnk = C:\WINDOWS\Seiko\slpcap.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Program Files\Zend\ZendStudioClient-5.0.0Beta\bin\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Program Files\Zend\ZendStudioClient-5.0.0Beta\bin\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.sahiti.org/wfplayer/tdserver.cab
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c11.cab
O16 - DPF: {FDF08AD8-FF1A-11D3-AD38-00105A49098D} (MSSignData Control) - https://www.rbworld.lv/bankworld/common/App.../MSSignData.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: GoToMyPC - C:\WINDOWS\SYSTEM32\G2WinLogon.dll
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\MZC40.DLL (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SLPMONX - ProdEx Technologies - C:\WINDOWS\system32\slpservice.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 11 December 2005 - 07:25 AM

Hi anjur and Welcome to the Bleeping Computer!

I dont see much from the HijackThis log so lets look a bit deeper!


Download WinPFind:
http://www.bleepingcomputer.com/files/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient

One you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder


Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab

Make Sure "Normal Startup-load all device drivers and services" has a green tick by it

Click Apply->Close->Follow the Prompts to Restart

Restart Normal and Download and Save Blacklight to your desktop:

Double-click blbeta.exe then accept the agreement, leave [X]scan through Windows Explorer checked, click > scan then > next

You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"


Post back with a fresh HijackThis log and the results of WinPFind and Blacklight.

#3 anjur

anjur
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 11 December 2005 - 12:55 PM

Hello,
I really appreciate your help.
Below are the results (blacklight reported no hidden processes)
========================
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking %SystemDrive% folder...
PEC2 3/28/2005 3:48:58 PM 955074 C:\aamath.exe
UPX! 10/4/2005 6:04:12 AM 1276056 C:\alg32nm.exe

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 3/18/2003 9:05:48 PM 2052096 C:\WINDOWS\SYSTEM32\atl71.pdb
PEC2 8/10/2004 5:00:00 AM 41397 C:\WINDOWS\SYSTEM32\DFRG.MSC
PEC2 2/14/1997 9:24:14 PM 197171 C:\WINDOWS\SYSTEM32\Dwapilib.tlb
PEC2 3/18/2003 11:20:00 PM 10357760 C:\WINDOWS\SYSTEM32\mfc71.pdb
PEC2 3/18/2003 10:28:40 PM 8252416 C:\WINDOWS\SYSTEM32\MFC71d.pdb
PEC2 3/18/2003 11:12:12 PM 10333184 C:\WINDOWS\SYSTEM32\mfc71u.pdb
PEC2 3/18/2003 10:31:58 PM 8293376 C:\WINDOWS\SYSTEM32\mfc71ud.pdb
PECompact2 11/1/2005 11:34:18 PM 2368864 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 11/1/2005 11:34:18 PM 2368864 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/10/2004 5:00:00 AM 708096 C:\WINDOWS\SYSTEM32\NTDLL.DLL
Umonitor 8/10/2004 5:00:00 AM 657920 C:\WINDOWS\SYSTEM32\RASDLG.DLL
winsync 8/10/2004 5:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\HOSTS


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
12/11/2005 11:11:24 AM S 2048 C:\WINDOWS\BOOTSTAT.DAT
12/11/2005 5:16:08 AM H 54156 C:\WINDOWS\QTFont.qfn
12/11/2005 11:11:30 AM H 12288 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
12/11/2005 11:11:32 AM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
12/11/2005 11:11:26 AM H 16384 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
12/11/2005 11:11:48 AM H 77824 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
12/11/2005 11:11:26 AM H 1204224 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
11/9/2005 11:23:00 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
11/3/2005 10:27:24 PM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\24739a95-d6c2-4adb-97cd-185fc539ec89
11/3/2005 10:27:24 PM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred
12/11/2005 11:10:32 AM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/10/2004 5:00:00 AM 68608 C:\WINDOWS\SYSTEM32\ACCESS.CPL
Microsoft Corporation 8/10/2004 5:00:00 AM 549888 C:\WINDOWS\SYSTEM32\APPWIZ.CPL
4/20/2004 12:07:08 PM 24576 C:\WINDOWS\SYSTEM32\BACSCPL.cpl
Microsoft Corporation 8/10/2004 5:00:00 AM 110592 C:\WINDOWS\SYSTEM32\BTHPROPS.CPL
Microsoft Corporation 8/10/2004 5:00:00 AM 135168 C:\WINDOWS\SYSTEM32\DESK.CPL
Microsoft Corporation 8/10/2004 5:00:00 AM 80384 C:\WINDOWS\SYSTEM32\FIREWALL.CPL
Microsoft Corporation 8/10/2004 5:00:00 AM 155136 C:\WINDOWS\SYSTEM32\HDWWIZ.CPL
Microsoft Corporation 8/10/2004 5:00:00 AM 358400 C:\WINDOWS\SYSTEM32\INETCPL.CPL
Microsoft Corporation 8/10/2004 5:00:00 AM 129536 C:\WINDOWS\SYSTEM32\INTL.CPL
Microsoft Corporation 8/10/2004 5:00:00 AM 380416 C:\WINDOWS\SYSTEM32\IRPROPS.CPL
Microsoft Corporation 8/10/2004 5:00:00 AM 68608 C:\WINDOWS\SYSTEM32\JOY.CPL
Sun Microsystems 2/20/2003 4:42:34 PM 229487 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/10/2004 5:00:00 AM 187904 C:\WINDOWS\SYSTEM32\MAIN.CPL
Microsoft Corporation 8/10/2004 5:00:00 AM 618496 C:\WINDOWS\SYSTEM32\MMSYS.CPL
Microsoft Corporation 8/10/2004 5:00:00 AM 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL
Microsoft Corporation 8/10/2004 5:00:00 AM 25600 C:\WINDOWS\SYSTEM32\NETSETUP.CPL
Microsoft Corporation 8/10/2004 5:00:00 AM 257024 C:\WINDOWS\SYSTEM32\NUSRMGR.CPL
Microsoft Corporation 8/10/2004 5:00:00 AM 36864 C:\WINDOWS\SYSTEM32\NWC.CPL
Microsoft Corporation 8/10/2004 5:00:00 AM 32768 C:\WINDOWS\SYSTEM32\ODBCCP32.CPL
Microsoft Corporation 8/10/2004 5:00:00 AM 114688 C:\WINDOWS\SYSTEM32\POWERCFG.CPL
Microsoft Corporation 8/10/2004 5:00:00 AM 298496 C:\WINDOWS\SYSTEM32\SYSDM.CPL
Microsoft Corporation 8/10/2004 5:00:00 AM 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL
Microsoft Corporation 8/10/2004 5:00:00 AM 94208 C:\WINDOWS\SYSTEM32\TIMEDATE.CPL
Microsoft Corporation 8/10/2004 5:00:00 AM 148480 C:\WINDOWS\SYSTEM32\WSCUI.CPL
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/10/2004 5:00:00 AM 68608 C:\WINDOWS\SYSTEM32\DLLCACHE\access.cpl
Microsoft Corporation 8/10/2004 5:00:00 AM 358400 C:\WINDOWS\SYSTEM32\DLLCACHE\inetcpl.cpl
Microsoft Corporation 8/10/2004 5:00:00 AM 618496 C:\WINDOWS\SYSTEM32\DLLCACHE\mmsys.cpl
Microsoft Corporation 8/10/2004 5:00:00 AM 94208 C:\WINDOWS\SYSTEM32\DLLCACHE\timedate.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\DLLCACHE\wuaucpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
1/28/2005 7:51:50 AM 890 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
8/19/2004 4:07:20 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
2/1/2005 4:45:20 PM 1878 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax Live Menu 3.3.lnk
2/1/2005 4:45:20 PM 1694 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax Tray Menu 3.3.lnk
2/9/2005 11:36:18 AM 647 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SmartCapture.lnk
1/28/2005 8:00:44 AM 1518 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
8/19/2004 3:57:38 PM HS 62 C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
10/6/2005 6:40:10 PM 1819 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
8/19/2004 4:07:20 PM HS 84 C:\Documents and Settings\nj\Start Menu\Programs\Startup\DESKTOP.INI

Checking files in %USERPROFILE%\Application Data folder...
8/19/2004 3:57:38 PM HS 62 C:\Documents and Settings\nj\Application Data\DESKTOP.INI

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\HotShellExt
{6EC2E0E3-1116-4d47-B0C2-5BDAF4E4C308} = C:\Program Files\eFax Messenger Plus 3.3\J2GShell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WS_FTP
{797F3885-5429-11D4-8823-0050DA59922B} = C:\Program Files\Ipswitch\WS_FTP Home\wsftpsi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WS_FTP
{797F3885-5429-11D4-8823-0050DA59922B} = C:\Program Files\Ipswitch\WS_FTP Home\wsftpsi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}
DriveLetterAccess = C:\WINDOWS\system32\dla\tfswshx.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{601ED020-FB6C-11D3-87D8-0050DA59922B}
WsftpBrowserHelper Class = C:\Program Files\Ipswitch\WS_FTP Home\wsbho2k0.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar1.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
CNavExtBho Class = C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{95188727-288F-4581-A48D-EAB3BD027314} = Zend Studio : C:\PROGRA~1\Zend\ZENDST~2.0BE\bin\ZENDIE~1.DLL
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9239E4EC-C9A6-11D2-A844-00C04F68D538}
MenuText = :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\TypedURLs
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ehTray C:\WINDOWS\ehome\ehtray.exe
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
SunJavaUpdateSched C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
IAAnotif C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
CTSysVol C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
CTDVDDET "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
CTHelper CTHELPER.EXE
UpdReg C:\WINDOWS\UpdReg.EXE
DVDLauncher "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
UpdateManager "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
dla C:\WINDOWS\system32\dla\tfswctrl.exe
MMTray C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
mmtask C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
GoToMyPC C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
ScreenPrint32 C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
MediaGateway C:\Program Files\MediaGateway\MediaGateway.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
Mozilla Quick Launch "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoCDBurning 0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
DisableTaskMgr 0


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
NoChangingWallPaper 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
NoActiveDesktop 0
NoSaveSettings 0
ClassicShell 0
NoThemesTab 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableTaskMgr 0
NoDispAppearancePage 0
NoColorChoice 0
NoSizeChoice 0
NoDispBackgroundPage 0
NoDispScrSavPage 0
NoDispCPL 0
NoVisualStyleChoice 0
NoDispSettingsPage 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToMyPC
= G2WinLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunOnce
= C:\WINDOWS\system32\MZC40.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 12/11/2005 11:18:10 AM


============================

Blacklight

12/11/05 11:45:07 [Info]: BlackLight Engine 1.0.29 initialized
12/11/05 11:45:07 [Info]: OS: 5.1 build 2600 (Service Pack 2)
12/11/05 11:45:08 [Note]: 7019 4
12/11/05 11:45:08 [Note]: 7005 0
12/11/05 11:45:52 [Note]: 7006 0
12/11/05 11:45:52 [Note]: 7011 1376
12/11/05 11:45:52 [Note]: FSRAW library version 1.7.1013
12/11/05 11:47:00 [Note]: 7007 0


=================================
Hijack

Logfile of HijackThis v1.99.1
Scan saved at 11:48:27 AM, on 12/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\eFax Messenger Plus 3.3\J2GDllCmd.exe
C:\Program Files\eFax Messenger Plus 3.3\J2GTray.exe
C:\WINDOWS\Seiko\slpcap.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slpservice.exe
C:\WINDOWS\system32\slpmonx.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\nj\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Home\wsbho2k0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\PROGRA~1\Zend\ZENDST~2.0BE\bin\ZENDIE~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: eFax Live Menu 3.3.lnk = C:\Program Files\eFax Messenger Plus 3.3\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 3.3.lnk = C:\Program Files\eFax Messenger Plus 3.3\J2GTray.exe
O4 - Global Startup: SmartCapture.lnk = C:\WINDOWS\Seiko\slpcap.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Program Files\Zend\ZendStudioClient-5.0.0Beta\bin\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Program Files\Zend\ZendStudioClient-5.0.0Beta\bin\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.sahiti.org/wfplayer/tdserver.cab
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c11.cab
O16 - DPF: {FDF08AD8-FF1A-11D3-AD38-00105A49098D} (MSSignData Control) - https://www.rbworld.lv/bankworld/common/App.../MSSignData.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: GoToMyPC - C:\WINDOWS\SYSTEM32\G2WinLogon.dll
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\MZC40.DLL (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SLPMONX - ProdEx Technologies - C:\WINDOWS\system32\slpservice.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 11 December 2005 - 01:17 PM

Go to Add\Remove Programs and Remove "MediaGateway"

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

Now,Locate and Delete this folder

C:\Program Files\MediaGateway

Open HijackThis and put a check by these but DO NOT hit the Fix Checked button yet

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)

O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe

O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no file)

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.sahiti.org/wfplayer/tdserver.cab

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c11.cab

O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\MZC40.DLL (file missing)

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button


Restart Normal and Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post along with a fresh HijackThis log.


#5 anjur

anjur
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 12 December 2005 - 12:59 AM

Here are kaspersky and new hijack reports
Thanks!
=================
KASPERSKY ON-LINE SCANNER REPORT
Sunday, December 11, 2005 23:26:29
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 11/12/2005
Kaspersky Anti-Virus database records: 164508
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 181439
Number of viruses found: 20
Number of infected objects: 751
Number of suspicious objects: 100
Duration of the scan process: 25548 sec

Infected Object Name - Virus Name
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\!!spring 05.sbd\zadmin/[From Mail Administrator <postmaster@accd.edu>][Date Sun, 9 Jan 2005 14:50:12 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Mon, 10 Jan 2005 14:18:43 -0600]/UNNAMED/[From Steve Hicks <shicks@accd.edu>][Date Thu, 03 Feb 2005 10:12:22 -0600]/text/[From "Robert L. Garza" <robogarz@accd.edu>][Date Wed, 9 Feb 2005 10:33:46 -0600]/ ... /kozd.doc .scr Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\!!spring 05.sbd\zadmin/[From Mail Administrator <postmaster@accd.edu>][Date Sun, 9 Jan 2005 14:50:12 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Mon, 10 Jan 2005 14:18:43 -0600]/UNNAMED/[From Steve Hicks <shicks@accd.edu>][Date Thu, 03 Feb 2005 10:12:22 -0600]/text/[From "Robert L. Garza" <robogarz@accd.edu>][Date Wed, 9 Feb 2005 10:33:46 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Thu, 10 Feb 20 ... /[From srodriguez1@mail.accd.edu][Date Mon, 21 Mar 2005 11:54:29 ... /kozd.zip Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\!!spring 05.sbd\zadmin/[From Mail Administrator <postmaster@accd.edu>][Date Sun, 9 Jan 2005 14:50:12 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Mon, 10 Jan 2005 14:18:43 -0600]/UNNAMED/[From Steve Hicks <shicks@accd.edu>][Date Thu, 03 Feb 2005 10:12:22 -0600]/text/[From "Robert L. Garza" <robogarz@accd.edu>][Date Wed, 9 Feb 2005 10:33:46 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Thu, 10 Feb 20 ... /[From srodriguez1@mail.accd.edu][Date Mon, 21 Mar 2005 11:54:29 -0600]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\!!spring 05.sbd\zadmin/[From Mail Administrator <postmaster@accd.edu>][Date Sun, 9 Jan 2005 14:50:12 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Mon, 10 Jan 2005 14:18:43 -0600]/UNNAMED/[From Steve Hicks <shicks@accd.edu>][Date Thu, 03 Feb 2005 10:12:22 -0600]/text/[From "Robert L. Garza" <robogarz@accd.edu>][Date Wed, 9 Feb 2005 10:33:46 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Thu, 10 Feb 20 ... /[From Steve Hicks <shicks@accd.edu>][Date Wed, 23 Feb 2005 10:30:27 -0600]/text Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\!!spring 05.sbd\zadmin/[From Mail Administrator <postmaster@accd.edu>][Date Sun, 9 Jan 2005 14:50:12 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Mon, 10 Jan 2005 14:18:43 -0600]/UNNAMED/[From Steve Hicks <shicks@accd.edu>][Date Thu, 03 Feb 2005 10:12:22 -0600]/text/[From "Robert L. Garza" <robogarz@accd.edu>][Date Wed, 9 Feb 2005 10:33:46 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Thu, 10 Feb 2005 10:24:37 -0600]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\!!spring 05.sbd\zadmin/[From Mail Administrator <postmaster@accd.edu>][Date Sun, 9 Jan 2005 14:50:12 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Mon, 10 Jan 2005 14:18:43 -0600]/UNNAMED/[From Steve Hicks <shicks@accd.edu>][Date Thu, 03 Feb 2005 10:12:22 -0600]/text/[From "Robert L. Garza" <robogarz@accd.edu>][Date Wed, 9 Feb 2005 10:33:46 -0600]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\!!spring 05.sbd\zadmin/[From Mail Administrator <postmaster@accd.edu>][Date Sun, 9 Jan 2005 14:50:12 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Mon, 10 Jan 2005 14:18:43 -0600]/UNNAMED/[From Steve Hicks <shicks@accd.edu>][Date Thu, 03 Feb 2005 10:12:22 -0600]/text Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\!!spring 05.sbd\zadmin/[From Mail Administrator <postmaster@accd.edu>][Date Sun, 9 Jan 2005 14:50:12 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Mon, 10 Jan 2005 14:18:43 -0600]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\!!spring 05.sbd\zadmin/[From Mail Administrator <postmaster@accd.edu>][Date Sun, 9 Jan 2005 14:50:12 -0600]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\!!spring 05.sbd\zadmin Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/anyuser@tvguide[1].pif Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <jhind@geocities.com>][Date Sat, 27 Apr 2002 11:43:56 -0500]/UNNAMED/qc.scr Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <jhind@geocitie ... /[From rbdrudge <rbdrudge@refdesk.com>][Date Sat, 27 Apr 2002 14:52:03 -0500]/install.exe Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <j ... /[From postmaster <postmaster@accd.edu>][Date Sun, 28 Apr 2002 11:52:18 -0500]/anyuser@www.iwin[2].pif Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <j ... /[From " ... /[From "Brian ... /[From "as" <as@aol.com>][Date Sun, 28 Apr 2002 16:26:23 -050 ... /html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <j ... /[From " ... /[From "Brian ... /[From "as" <as@aol.com>][Date Sun, 28 Apr 2002 1 ... /26-segway[1].bat Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <j .. ... /[From "MARIA ESTER PE ... /[From Pmtre <Pmtre@aol.com>][Date Mon, 29 Apr 2002 08:01:11 -0500]/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <j .. . ... /[From Pmtre <Pmtre@aol.com>][Date Mon, 29 Apr 2002 08:01:11 -0500]/seacret@ngads.smartage[1].pif Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <j .. ... /[Fr ... /[From MAILsweeper <MAILsweeper@course.com>][Date Mon, 29 Apr 2002 08:32:54 ... /rock.exe Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <j ... /[From ... /[From ubertrick <ubertrick@mail.com>][Date Mon, 29 Apr 2002 14:57:17 -050 ... /html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <j ... /[From ... /[From ubertrick <ubertrick@mail.com>][Date Mon ... /anyuser@www.adviceforpcs[2].bat Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <j ... /[From ... /[From ubertrick <ubertrick@mail.com>][Date Mon, 29 Apr 2002 14:57:17 -0500]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <j ... /[From Isabel Rizo <IRIZO@ACCDVM.ACCD.EDU>][Date Mon, 29 Apr 2002 09:20:30 -0500]/text Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <j .. ... /[Fr ... /[From MAILsweeper <MAILsweeper@course.com>][Date Mon, 29 Apr 2002 08:32:54 -0500]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <j .. ... /[From "MARIA ESTER PEREZ" <mperez@mail.accd.edu>][Date Mon, 29 Apr 2002 07:38:18 -0500 (CDT)]/text Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <j ... /[From " ... ... /[From neven jurkovic <njurkovi@accd.edu>][Date Sun, 28 Apr 2002 17:47:24 -0500]/text Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <j ... /[From " ... /[From "Brian ... /[From "as" <as@aol.com>][Date Sun, 28 Apr 2002 16:26:23 -0500]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <j ... /[From " ... /[From "Brian Jones" <bjones3@satx.rr.com>][Date Sun, 28 Apr 2002 15:56:02 -0500]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <j ... /[From "jesse reyes" <jesse_reyes_itsw2337@hotmail.com>][Date Sun, 28 Apr 2002 17:13:59 +0000]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <jhi ... /[From Educators and Schola ... /[From Gavncrys@aol.com][Date Sun, 28 Apr 2002 02:15:57 EDT]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <jhi ... /[From Educators and Scholars <sounny@ses-online.org>][Date Sun, 28 Apr 2002 11:17:02 -0500]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <jhind@geocities.co ... /[From neven jurkovic <njurkovi@accd.edu>][Date Sat, 27 Apr 2002 16:05:01 -0500]/text Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <jhind@geocities.co ... /[From neven jurkovic <njurkovi@accd.edu>][Date Sat, 27 Apr 2002 13:00:59 -0500]/text Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <jhind@geocities.com>][Date Sat, 27 Apr 2002 11:43:56 -0500]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From rbdrudge <rbdrudge@refdesk.com>][Date Mon, 29 Apr 2002 19:28:28 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From rbdrudge <rbdrudge@refdesk.com>][Date Mon, 29 Apr 2002 19:28:28 -0500]/UNNAMED/seacret@webshots[2].bat Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From rbdrudge <rbdrudge@refdesk.com>][Date Mon, 29 Apr 2002 19:28:28 -0500]/UNNAMED/[From shicks <shicks@accd.edu>][Date Mon, 29 Apr 2002 21:18:16 -0400]/UNNAMED/[From "Dr. D. F. Conley" <DCONLEY@ACCD.EDU>][Date Mon, 29 Apr 2002 20:51:53 -0500]/UNNAMED/[From John Dunn <jdunn@accd.edu>][Date Mon, 29 Apr 2002 20:58:16 -0500]/text/[From "Juan Lozano" <juanlozano_cosc1300@hotmail.com>][Date Tue, 30 Apr 2002 16:19:36 -0500]/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From rbdrudge <rbdrudge@refdesk.com>][Date Mon, 29 Apr 2002 19:28:28 -0500]/UNNAMED/[From shicks <shicks@accd.edu>][Date Mon, 29 Apr 2002 21:18:16 -0400]/UNNAMED/[From "Dr. D. F. Conley" <DCONLEY@ACCD.EDU>][Date Mon, 29 Apr 2002 20:51:53 -0500]/UNNAMED/[From John Dunn <jdunn@accd.edu>][Date Mon, 29 Apr 2002 20:58:16 -0500]/text/[From "Juan Lozano" <juanlozano_cosc1300@hotmail.com>][Date Tue, 30 Apr 2002 16:19:36 -0500]/anyuser@www.adviceforpcs[2].bat Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From rbdrudge <rbdrudge@refdesk.com>][Date Mon, 29 Apr 2002 19:28:28 -0500]/UNNAMED/[From shicks <shicks@accd.edu>][Date Mon, 29 Apr 2002 21:18:16 -0400]/UNNAMED/[From "Dr. D. F. Conley" <DCONLEY@ACCD.EDU>][Date Mon, 29 Apr 2002 20:51:53 -0500]/UNNAMED/[From John Dunn <jdunn@accd.edu>][Date Mon, 29 Apr 2002 20:58:16 -0500]/text Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From rbdrudge <rbdrudge@refdesk.com>][Date Mon, 29 Apr 2002 19:28:28 -0500]/UNNAMED/[From shicks <shicks@accd.edu>][Date Mon, 29 Apr 2002 21:18:16 -0400]/UNNAMED/[From "Dr. D. F. Conley" <DCONLEY@ACCD.EDU>][Date Mon, 29 Apr 2002 20:51:53 -0500]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From rbdrudge <rbdrudge@refdesk.com>][Date Mon, 29 Apr 2002 19:28:28 -0500]/UNNAMED/[From shicks <shicks@accd.edu>][Date Mon, 29 Apr 2002 21:18:16 -0400]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From rbdrudge <rbdrudge@refdesk.com>][Date Mon, 29 Apr 2002 19:28:28 -0500]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From rhaddix <rhaddix@satx.rr.com>][Date Tue, 30 Apr 2002 18:25:02 -0500]/UNNAMED/label.scr Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From rhaddix <rhaddix@satx.rr.com>][Date Tue, 30 Apr 2002 18:25:02 -0500]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Dr. D. F. Conley" <DCONLEY@ACCD.EDU>][Date Fri, 3 May 2002 19:11:05 -0500]/UNNAMED/[From "NolenTreadwell" <NolenTreadwell@email.msn.com>][Date Sat, 4 May 2002 00:02:11 -0500]/UNNAMED/[From "Jamie Lizalde" <jamie_lizalde_cosc1300@hotmail.com>][Date Sat, 04 May 2002 12:45:48 -0500]/UNNAMED/[From "Jamie Lizalde" <jamie_lizalde_cosc1300@hotmail.com>][Date Sat, 04 May 2002 13:45:47 -0500]/UNNAMED/[From perflunk <perflunk@aol.com>][Date Sun, 5 May 2002 13:26:53 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Dr. D. F. Conley" <DCONLEY@ACCD.EDU>][Date Fri, 3 May 2002 19:11:05 -0500]/UNNAMED/[From "NolenTreadwell" <NolenTreadwell@email.msn.com>][Date Sat, 4 May 2002 00:02:11 -0500]/UNNAMED/[From "Jamie Lizalde" <jamie_lizalde_cosc1300@hotmail.com>][Date Sat, 04 May 2002 12:45:48 -0500]/UNNAMED/[From "Jamie Lizalde" <jamie_lizalde_cosc1300@hotmail.com>][Date Sat, 04 May 2002 13:45:47 -0500]/UNNAMED/[From perflunk <perflunk@aol.com>][Date Sun, 5 May 2002 13:26:53 -0400]/UNNAMED/hspace.bat Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Dr. D. F. Conley" <DCONLEY@ACCD.EDU>][Date Fri, 3 May 2002 19:11:05 -0500]/UNNAMED/[From "NolenTreadwell" <NolenTreadwell@email.msn.com>][Date Sat, 4 May 2002 00:02:11 -0500]/UNNAMED/[From "Jamie Lizalde" <jamie_lizalde_cosc1300@hotmail.com>][Date Sat, 04 May 2002 12:45:48 -0500]/UNNAMED/[From "Jamie Lizalde" <jamie_lizalde_cosc1300@hotmail.com>][Date Sat, 04 May 2002 13:45:47 -0500]/UNNAMED/[From perflunk <perflunk@aol.com>][Date Sun, 5 May 2002 13:26:53 -0400]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Dr. D. F. Conley" <DCONLEY@ACCD.EDU>][Date Fri, 3 May 2002 19:11:05 -0500]/UNNAMED/[From "NolenTreadwell" <NolenTreadwell@email.msn.com>][Date Sat, 4 May 2002 00:02:11 -0500]/UNNAMED/[From "Jamie Lizalde" <jamie_lizalde_cosc1300@hotmail.com>][Date Sat, 04 May 2002 12:45:48 -0500]/UNNAMED/[From "Jamie Lizalde" <jamie_lizalde_cosc1300@hotmail.com>][Date Sat, 04 May 2002 13:45:47 -0500]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Dr. D. F. Conley" <DCONLEY@ACCD.EDU>][Date Fri, 3 May 2002 19:11:05 -0500]/UNNAMED/[From "NolenTreadwell" <NolenTreadwell@email.msn.com>][Date Sat, 4 May 2002 00:02:11 -0500]/UNNAMED/[From "Jamie Lizalde" <jamie_lizalde_cosc1300@hotmail.com>][Date Sat, 04 May 2002 12:45:48 -0500]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Dr. D. F. Conley" <DCONLEY@ACCD.EDU>][Date Fri, 3 May 2002 19:11:05 -0500]/UNNAMED/[From "NolenTreadwell" <NolenTreadwell@email.msn.com>][Date Sat, 4 May 2002 00:02:11 -0500]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Dr. D. F. Conley" <DCONLEY@ACCD.EDU>][Date Fri, 3 May 2002 19:11:05 -0500]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From ROLLERDERBYMOUSE@aol.com][Date Wed, 8 May 2002 19:44:33 EDT]/UNNAMED/[From "padusa" <padusa@cox.net>][Date Thu, 09 May 2002 02:44:06 "GMT"]/kms.exe Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From ROLLERDERBYMOUSE@aol.com][Date Wed, 8 May 2002 19:44:33 EDT]/UNNAMED/[From "padusa" <padusa@cox.net>][Date Thu, 09 May 2002 02:44:06 "GMT"]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From ROLLERDERBYMOUSE@aol.com][Date Wed, 8 May 2002 19:44:33 EDT]/UNNAMED/[From "padusa" <padusa@cox.net>][Date Thu, 09 May 2002 02:44:06 "GMT"]/UNNAMED/demo.bat Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From ROLLERDERBYMOUSE@aol.com][Date Wed, 8 May 2002 19:44:33 EDT]/UNNAMED/[From "padusa" <padusa@cox.net>][Date Thu, 09 May 2002 02:44:06 "GMT"]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From ROLLERDERBYMOUSE@aol.com][Date Wed, 8 May 2002 19:44:33 EDT]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Erlinda Ybarra" <erlinda_ybarra_itsw2337@hotmail.com>][Date Sat, 11 May 2002 14:19:22 -0500]/text/[From Erlinda Ybarra <EYBARRA@ACCDvm.accd.EDU>][Date Sat, 11 May 2002 14:39:35 -0500]/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Erlinda Ybarra" <erlinda_ybarra_itsw2337@hotmail.com>][Date Sat, 11 May 2002 14:19:22 -0500]/text/[From Erlinda Ybarra <EYBARRA@ACCDvm.accd.EDU>][Date Sat, 11 May 2002 14:39:35 -0500]/isbninquiry[8].bat Infected: Email-Worm.Win32.Klez.e
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Erlinda Ybarra" <erlinda_ybarra_itsw2337@hotmail.com>][Date Sat, 11 May 2002 14:19:22 -0500]/text/[From "javatimedb" <javatimedb@yahoo.com>][Date Sat, 11 May 2002 14:39:35 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Erlinda Ybarra" <erlinda_ybarra_itsw2337@hotmail.com>][Date Sat, 11 May 2002 14:19:22 -0500]/text/[From "javatimedb" <javatimedb@yahoo.com>][Date Sat, 11 May 2002 14:39:35 -0500]/UNNAMED/hwywl.pif Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Erlinda Ybarra" <erlinda_ybarra_itsw2337@hotmail.com>][Date Sat, 11 May 2002 14:19:22 -0500]/text/[From "javatimedb" <javatimedb@yahoo.com>][Date Sat, 11 May 2002 14:39:35 -0500]/UNNAMED/[From "KJones" <KJones@hsag.com>]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Erlinda Ybarra" <erlinda_ybarra_itsw2337@hotmail.com>][Date Sat, 11 May 2002 14:19:22 -0500]/text/[From "javatimedb" <javatimedb@yahoo.com>][Date Sat, 11 May 2002 14:39:35 -0500]/UNNAMED/[From "KJones" <KJones@hsag.com>]/UNNAMED/xi.scr Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Erlinda Ybarra" <erlinda_ybarra_itsw2337@hotmail.com>][Date Sat, 11 May 2002 14:19:22 -0500]/text/[From "javatimedb" <javatimedb@yahoo.com>][Date Sat, 11 May 2002 14:39:35 -0500]/UNNAMED/[From "KJones" <KJones@hsag.com>]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Erlinda Ybarra" <erlinda_ybarra_itsw2337@hotmail.com>][Date Sat, 11 May 2002 14:19:22 -0500]/text/[From "javatimedb" <javatimedb@yahoo.com>][Date Sat, 11 May 2002 14:39:35 -0500]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Erlinda Ybarra" <erlinda_ybarra_itsw2337@hotmail.com>][Date Sat, 11 May 2002 14:19:22 -0500]/text Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From CSTupper@aol.com][Date Thu, 30 May 2002 15:27:37 -0400]/text/[From "alvizogarza" <alvizogarza@aol.com>][Date Fri, 31 May 2002 11:27:48 -0500]/play.exe Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From CSTupper@aol.com][Date Thu, 30 May 2002 15:27:37 -0400]/text Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Dr. D. F. Conley" <DCONLEY@ACCD.EDU>][Date Mon, 3 Jun 2002 19:36:42 -0500]/UNNAMED/[From caspe36 <caspe36@yahoo.com>][Date Tue, 04 Jun 2002 04:38:01 +0400]/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Dr. D. F. Conley" <DCONLEY@ACCD.EDU>][Date Mon, 3 Jun 2002 19:36:42 -0500]/UNNAMED/[From caspe36 <caspe36@yahoo.com>][Date Tue, 04 Jun 2002 04:38:01 +0400]/jeuz.bat Infected: Email-Worm.Win32.Klez.e
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Dr. D. F. Conley" <DCONLEY@ACCD.EDU>][Date Mon, 3 Jun 2002 19:36:42 -0500]/UNNAMED/[From "JEFFREY R. RODRIGUEZ" <jrodriguez7@MAIL.ACCD.EDU>][Date Tue, 4 Jun 2002 11:00:29 -0500]/text/[From mhopper <mhopper@accd.edu>][Date Tue, 4 Jun 2002 12:07:14 -0400]/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Dr. D. F. Conley" <DCONLEY@ACCD.EDU>][Date Mon, 3 Jun 2002 19:36:42 -0500]/UNNAMED/[From "JEFFREY R. RODRIGUEZ" <jrodriguez7@MAIL.ACCD.EDU>][Date Tue, 4 Jun 2002 11:00:29 -0500]/text/[From mhopper <mhopper@accd.edu>][Date Tue, 4 Jun 2002 12:07:14 -0400]/align.exe Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Dr. D. F. Conley" <DCONLEY@ACCD.EDU>][Date Mon, 3 Jun 2002 19:36:42 -0500]/UNNAMED/[From "JEFFREY R. RODRIGUEZ" <jrodriguez7@MAIL.ACCD.EDU>][Date Tue, 4 Jun 2002 11:00:29 -0500]/text Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Dr. D. F. Conley" <DCONLEY@ACCD.EDU>][Date Mon, 3 Jun 2002 19:36:42 -0500]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Womack <dw@triad2010.net>][Date Tue, 04 Jun 2002 17:04:40 -0500]/text/[From from 8bit to quoted-printable by fmaile1.real-net.net id AAA09659][Date Wed, 5 Jun 2002 00:18:52 -0700]/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Womack <dw@triad2010.net>][Date Tue, 04 Jun 2002 17:04:40 -0500]/text/[From from 8bit to quoted-printable by fmaile1.real-net.net id AAA09659][Date Wed, 5 Jun 2002 00:18:52 -0700]/janina.exe Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Womack <dw@triad2010.net>][Date Tue, 04 Jun 2002 17:04:40 -0500]/text Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "IASTED - Upcoming Conferences" <Info@IASTED.com>][Date Thu, 6 Jun 2002 16:24:13 -0600]/text/[From jriley <jriley@accd.edu>][Date Fri, 7 Jun 2002 13:02:34 -0400]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "IASTED - Upcoming Conferences" <Info@IASTED.com>][Date Thu, 6 Jun 2002 16:24:13 -0600]/text Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "oms" <oms0818@ev1.net>][Date Thu, 6 Jun 2002 18:49:47 -0500]/UNNAMED/[From "nduenas" <nduenas@lancercorp.com>]/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "oms" <oms0818@ev1.net>][Date Thu, 6 Jun 2002 18:49:47 -0500]/UNNAMED/[From "nduenas" <nduenas@lancercorp.com>]/xlp.bat Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "oms" <oms0818@ev1.net>][Date Thu, 6 Jun 2002 18:49:47 -0500]/UNNAMED/[From JCLAKLEY <JCLAKLEY@accd.edu>][Date Mon, 10 Jun 2002 12:59:24 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "oms" <oms0818@ev1.net>][Date Thu, 6 Jun 2002 18:49:47 -0500]/UNNAMED/[From JCLAKLEY <JCLAKLEY@accd.edu>][Date Mon, 10 Jun 2002 12:59:24 -0400]/UNNAMED/index1_3[1].exe Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "oms" <oms0818@ev1.net>][Date Thu, 6 Jun 2002 18:49:47 -0500]/UNNAMED/[From JCLAKLEY <JCLAKLEY@accd.edu>][Date Mon, 10 Jun 2002 12:59:24 -0400]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "oms" <oms0818@ev1.net>][Date Thu, 6 Jun 2002 18:49:47 -0500]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Sophie Caldera <SCALDERA@ACCDVM.ACCD.EDU>][Date Tue, 11 Jun 2002 08:30:37 -0500]/text/[From Ginger Carnes <GCARNES@ACCDVM.ACCD.EDU>][Date Tue, 11 Jun 2002 09:32:18 -0500]/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Sophie Caldera <SCALDERA@ACCDVM.ACCD.EDU>][Date Tue, 11 Jun 2002 08:30:37 -0500]/text/[From Ginger Carnes <GCARNES@ACCDVM.ACCD.EDU>][Date Tue, 11 Jun 2002 09:32:18 -0500]/type.bat Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Sophie Caldera <SCALDERA@ACCDVM.ACCD.EDU>][Date Tue, 11 Jun 2002 08:30:37 -0500]/text Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 12 Jun 2002 09:15:11 -0500]/text/[From Louis Dufault-Navarro <LDUFAULT@ACCDVM.ACCD.EDU>][Date Wed, 12 Jun 2002 10:10:01 -0500]/border.scr Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 12 Jun 2002 09:15:11 -0500]/text/[From JIMAPRIL <JIMAPRIL@PRODIGY.NET>][Date Wed, 12 Jun 2002 17:11:47 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 12 Jun 2002 09:15:11 -0500]/text/[From JIMAPRIL <JIMAPRIL@PRODIGY.NET>][Date Wed, 12 Jun 2002 17:11:47 -0400]/UNNAMED/. Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 12 Jun 2002 09:15:11 -0500]/text/[From JIMAPRIL <JIMAPRIL@PRODIGY.NET>][Date Wed, 12 Jun 2002 17:11:47 -0400]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 12 Jun 2002 09:15:11 -0500]/text Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Sherry Pederson <sherrypederson@yahoo.com>][Date Thu, 13 Jun 2002 05:57:00 -0700 (PDT)]/text/[From Susan Hammond <SHAMMOND@ACCDVM.ACCD.EDU>][Date Thu, 13 Jun 2002 13:19:36 -0500]/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Sherry Pederson <sherrypederson@yahoo.com>][Date Thu, 13 Jun 2002 05:57:00 -0700 (PDT)]/text/[From Susan Hammond <SHAMMOND@ACCDVM.ACCD.EDU>][Date Thu, 13 Jun 2002 13:19:36 -0500]/basket.bat Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Sherry Pederson <sherrypederson@yahoo.com>][Date Thu, 13 Jun 2002 05:57:00 -0700 (PDT)]/text Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 19 Jun 2002 09:29:27 -0500]/text/[From AGAILLARD <AGAILLARD@SAFETY-KLEEN.COM>][Date Wed, 19 Jun 2002 12:42:26 -0400]/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 19 Jun 2002 09:29:27 -0500]/text/[From AGAILLARD <AGAILLARD@SAFETY-KLEEN.COM>][Date Wed, 19 Jun 2002 12:42:26 -0400]/end Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 19 Jun 2002 09:29:27 -0500]/text/[From "trone33b" <trone33b@yahoo.com>][Date Wed, 19 Jun 2002 12:42:26 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 19 Jun 2002 09:29:27 -0500]/text/[From "trone33b" <trone33b@yahoo.com>][Date Wed, 19 Jun 2002 12:42:26 -0400]/UNNAMED/wiz.pif Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 19 Jun 2002 09:29:27 -0500]/text/[From "trone33b" <trone33b@yahoo.com>][Date Wed, 19 Jun 2002 12:42:26 -0400]/UNNAMED/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 19 Jun 2002 16:28:10 -0500]/text/[From "mseifert" <mseifert@accd.edu>]/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 19 Jun 2002 09:29:27 -0500]/text/[From "trone33b" <trone33b@yahoo.com>][Date Wed, 19 Jun 2002 12:42:26 -0400]/UNNAMED/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 19 Jun 2002 16:28:10 -0500]/text/[From "mseifert" <mseifert@accd.edu>]/props.pif Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 19 Jun 2002 09:29:27 -0500]/text/[From "trone33b" <trone33b@yahoo.com>][Date Wed, 19 Jun 2002 12:42:26 -0400]/UNNAMED/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 19 Jun 2002 16:28:10 -0500]/text Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 19 Jun 2002 09:29:27 -0500]/text/[From "trone33b" <trone33b@yahoo.com>][Date Wed, 19 Jun 2002 12:42:26 -0400]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 19 Jun 2002 09:29:27 -0500]/text Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From sntrent <sntrent@bellsouth.net>][Date Thu, 20 Jun 2002 05:46:31 +0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From sntrent <sntrent@bellsouth.net>][Date Thu, 20 Jun 2002 05:46:31 +0400]/UNNAMED/basket[1].exe Infected: Email-Worm.Win32.Klez.e
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From sntrent <sntrent@bellsouth.net>][Date Thu, 20 Jun 2002 05:46:31 +0400]/UNNAMED Infected: Email-Worm.Win32.Klez.e
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From DUCKY95730 <DUCKY95730@AOL.COM>][Date Thu, 20 Jun 2002 13:13:20 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From DUCKY95730 <DUCKY95730@AOL.COM>][Date Thu, 20 Jun 2002 13:13:20 -0400]/UNNAMED/daily.webshots[1].pif Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From DUCKY95730 <DUCKY95730@AOL.COM>][Date Thu, 20 Jun 2002 13:13:20 -0400]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Luis Mercado <LMERCADO@ACCDVM.ACCD.EDU>][Date Fri, 21 Jun 2002 10:34:30 -0500]/text/[From LLINDA <LLINDA@accd.edu>][Date Fri, 21 Jun 2002 11:59:44 -0400]/true.exe Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Luis Mercado <LMERCADO@ACCDVM.ACCD.EDU>][Date Fri, 21 Jun 2002 10:34:30 -0500]/text/[From Bobbyteach@aol.com][Date Sat, 22 Jun 2002 15:14:20 EDT]/UNNAMED/[From "gallsop" <gallsop@cox.net>]/setup.exe Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Luis Mercado <LMERCADO@ACCDVM.ACCD.EDU>][Date Fri, 21 Jun 2002 10:34:30 -0500]/text/[From Bobbyteach@aol.com][Date Sat, 22 Jun 2002 15:14:20 EDT]/UNNAMED/[From "tokayjones" <tokayjones@hotmail.com>]/UNNAMED/install.exe Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Luis Mercado <LMERCADO@ACCDVM.ACCD.EDU>][Date Fri, 21 Jun 2002 10:34:30 -0500]/text/[From Bobbyteach@aol.com][Date Sat, 22 Jun 2002 15:14:20 EDT]/UNNAMED/[From "tokayjones" <tokayjones@hotmail.com>]/UNNAMED/[From "Cynthia D. Villafranco" <CVILLAFR@ACCDVM.ACCD.EDU>][Date Summer II Class Dates]/text/[From comments <comments@cimedia.com>][Date Mon, 24 Jun 2002 16:18:25 -0400 (EDT)]/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Luis Mercado <LMERCADO@ACCDVM.ACCD.EDU>][Date Fri, 21 Jun 2002 10:34:30 -0500]/text/[From Bobbyteach@aol.com][Date Sat, 22 Jun 2002 15:14:20 EDT]/UNNAMED/[From "tokayjones" <tokayjones@hotmail.com>]/UNNAMED/[From "Cynthia D. Villafranco" <CVILLAFR@ACCDVM.ACCD.EDU>][Date Summer II Class Dates]/text/[From comments <comments@cimedia.com>][Date Mon, 24 Jun 2002 16:18:25 -0400 (EDT)]/color.scr Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Luis Mercado <LMERCADO@ACCDVM.ACCD.EDU>][Date Fri, 21 Jun 2002 10:34:30 -0500]/text/[From Bobbyteach@aol.com][Date Sat, 22 Jun 2002 15:14:20 EDT]/UNNAMED/[From "tokayjones" <tokayjones@hotmail.com>]/UNNAMED/[From "Cynthia D. Villafranco" <CVILLAFR@ACCDVM.ACCD.EDU>][Date Summer II Class Dates]/text Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Luis Mercado <LMERCADO@ACCDVM.ACCD.EDU>][Date Fri, 21 Jun 2002 10:34:30 -0500]/text/[From Bobbyteach@aol.com][Date Sat, 22 Jun 2002 15:14:20 EDT]/UNNAMED/[From "tokayjones" <tokayjones@hotmail.com>]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Luis Mercado <LMERCADO@ACCDVM.ACCD.EDU>][Date Fri, 21 Jun 2002 10:34:30 -0500]/text/[From Bobbyteach@aol.com][Date Sat, 22 Jun 2002 15:14:20 EDT]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Luis Mercado <LMERCADO@ACCDVM.ACCD.EDU>][Date Fri, 21 Jun 2002 10:34:30 -0500]/text Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Gloria Gonzales <glorgonz@accdvm.accd.edu>][Date Tue, 25 Jun 2002 10:27:13 -0500]/text/[From Brad Chandler <BCHANDLE@ACCDVM.ACCD.EDU>][Date Tue, 25 Jun 2002 14:01:55 -0500]/basket[1].scr Infected: Email-Worm.Win32.Klez.e
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Gloria Gonzales <glorgonz@accdvm.accd.edu>][Date Tue, 25 Jun 2002 10:27:13 -0500]/text Infected: Email-Worm.Win32.Klez.e
C:\Documents and Settings&

#6 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 12 December 2005 - 07:28 PM

What Mail Client are you using?

What ever it is,we got to get it cleaned out and emptied.

The Kaspersky log got cut off,so I didnt see everything it IDed.

Let me know what Mail Client you use and try to repost the Kaspersky log if possible.

#7 anjur

anjur
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 12 December 2005 - 07:40 PM

I am using netscape mail
Here is part 1 ,...
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, December 11, 2005 23:26:29
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 11/12/2005
Kaspersky Anti-Virus database records: 164508
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 181439
Number of viruses found: 20
Number of infected objects: 751
Number of suspicious objects: 100
Duration of the scan process: 25548 sec

Infected Object Name - Virus Name
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\!!spring 05.sbd\zadmin/[From Mail Administrator <postmaster@accd.edu>][Date Sun, 9 Jan 2005 14:50:12 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Mon, 10 Jan 2005 14:18:43 -0600]/UNNAMED/[From Steve Hicks <shicks@accd.edu>][Date Thu, 03 Feb 2005 10:12:22 -0600]/text/[From "Robert L. Garza" <robogarz@accd.edu>][Date Wed, 9 Feb 2005 10:33:46 -0600]/ ... /kozd.doc .scr Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\!!spring 05.sbd\zadmin/[From Mail Administrator <postmaster@accd.edu>][Date Sun, 9 Jan 2005 14:50:12 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Mon, 10 Jan 2005 14:18:43 -0600]/UNNAMED/[From Steve Hicks <shicks@accd.edu>][Date Thu, 03 Feb 2005 10:12:22 -0600]/text/[From "Robert L. Garza" <robogarz@accd.edu>][Date Wed, 9 Feb 2005 10:33:46 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Thu, 10 Feb 20 ... /[From srodriguez1@mail.accd.edu][Date Mon, 21 Mar 2005 11:54:29 ... /kozd.zip Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\!!spring 05.sbd\zadmin/[From Mail Administrator <postmaster@accd.edu>][Date Sun, 9 Jan 2005 14:50:12 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Mon, 10 Jan 2005 14:18:43 -0600]/UNNAMED/[From Steve Hicks <shicks@accd.edu>][Date Thu, 03 Feb 2005 10:12:22 -0600]/text/[From "Robert L. Garza" <robogarz@accd.edu>][Date Wed, 9 Feb 2005 10:33:46 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Thu, 10 Feb 20 ... /[From srodriguez1@mail.accd.edu][Date Mon, 21 Mar 2005 11:54:29 -0600]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\!!spring 05.sbd\zadmin/[From Mail Administrator <postmaster@accd.edu>][Date Sun, 9 Jan 2005 14:50:12 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Mon, 10 Jan 2005 14:18:43 -0600]/UNNAMED/[From Steve Hicks <shicks@accd.edu>][Date Thu, 03 Feb 2005 10:12:22 -0600]/text/[From "Robert L. Garza" <robogarz@accd.edu>][Date Wed, 9 Feb 2005 10:33:46 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Thu, 10 Feb 20 ... /[From Steve Hicks <shicks@accd.edu>][Date Wed, 23 Feb 2005 10:30:27 -0600]/text Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\!!spring 05.sbd\zadmin/[From Mail Administrator <postmaster@accd.edu>][Date Sun, 9 Jan 2005 14:50:12 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Mon, 10 Jan 2005 14:18:43 -0600]/UNNAMED/[From Steve Hicks <shicks@accd.edu>][Date Thu, 03 Feb 2005 10:12:22 -0600]/text/[From "Robert L. Garza" <robogarz@accd.edu>][Date Wed, 9 Feb 2005 10:33:46 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Thu, 10 Feb 2005 10:24:37 -0600]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\!!spring 05.sbd\zadmin/[From Mail Administrator <postmaster@accd.edu>][Date Sun, 9 Jan 2005 14:50:12 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Mon, 10 Jan 2005 14:18:43 -0600]/UNNAMED/[From Steve Hicks <shicks@accd.edu>][Date Thu, 03 Feb 2005 10:12:22 -0600]/text/[From "Robert L. Garza" <robogarz@accd.edu>][Date Wed, 9 Feb 2005 10:33:46 -0600]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\!!spring 05.sbd\zadmin/[From Mail Administrator <postmaster@accd.edu>][Date Sun, 9 Jan 2005 14:50:12 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Mon, 10 Jan 2005 14:18:43 -0600]/UNNAMED/[From Steve Hicks <shicks@accd.edu>][Date Thu, 03 Feb 2005 10:12:22 -0600]/text Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\!!spring 05.sbd\zadmin/[From Mail Administrator <postmaster@accd.edu>][Date Sun, 9 Jan 2005 14:50:12 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Mon, 10 Jan 2005 14:18:43 -0600]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\!!spring 05.sbd\zadmin/[From Mail Administrator <postmaster@accd.edu>][Date Sun, 9 Jan 2005 14:50:12 -0600]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\!!spring 05.sbd\zadmin Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/anyuser@tvguide[1].pif Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <jhind@geocities.com>][Date Sat, 27 Apr 2002 11:43:56 -0500]/UNNAMED/qc.scr Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <jhind@geocitie ... /[From rbdrudge <rbdrudge@refdesk.com>][Date Sat, 27 Apr 2002 14:52:03 -0500]/install.exe Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <j ... /[From postmaster <postmaster@accd.edu>][Date Sun, 28 Apr 2002 11:52:18 -0500]/anyuser@www.iwin[2].pif Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <j ... /[From " ... /[From "Brian ... /[From "as" <as@aol.com>][Date Sun, 28 Apr 2002 16:26:23 -050 ... /html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <j ... /[From " ... /[From "Brian ... /[From "as" <as@aol.com>][Date Sun, 28 Apr 2002 1 ... /26-segway[1].bat Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <j .. ... /[From "MARIA ESTER PE ... /[From Pmtre <Pmtre@aol.com>][Date Mon, 29 Apr 2002 08:01:11 -0500]/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <j .. . ... /[From Pmtre <Pmtre@aol.com>][Date Mon, 29 Apr 2002 08:01:11 -0500]/seacret@ngads.smartage[1].pif Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <j .. ... /[Fr ... /[From MAILsweeper <MAILsweeper@course.com>][Date Mon, 29 Apr 2002 08:32:54 ... /rock.exe Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <j ... /[From ... /[From ubertrick <ubertrick@mail.com>][Date Mon, 29 Apr 2002 14:57:17 -050 ... /html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <j ... /[From ... /[From ubertrick <ubertrick@mail.com>][Date Mon ... /anyuser@www.adviceforpcs[2].bat Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <j ... /[From ... /[From ubertrick <ubertrick@mail.com>][Date Mon, 29 Apr 2002 14:57:17 -0500]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <j ... /[From Isabel Rizo <IRIZO@ACCDVM.ACCD.EDU>][Date Mon, 29 Apr 2002 09:20:30 -0500]/text Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <j .. ... /[Fr ... /[From MAILsweeper <MAILsweeper@course.com>][Date Mon, 29 Apr 2002 08:32:54 -0500]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <j .. ... /[From "MARIA ESTER PEREZ" <mperez@mail.accd.edu>][Date Mon, 29 Apr 2002 07:38:18 -0500 (CDT)]/text Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <j ... /[From " ... ... /[From neven jurkovic <njurkovi@accd.edu>][Date Sun, 28 Apr 2002 17:47:24 -0500]/text Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <j ... /[From " ... /[From "Brian ... /[From "as" <as@aol.com>][Date Sun, 28 Apr 2002 16:26:23 -0500]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <j ... /[From " ... /[From "Brian Jones" <bjones3@satx.rr.com>][Date Sun, 28 Apr 2002 15:56:02 -0500]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <j ... /[From "jesse reyes" <jesse_reyes_itsw2337@hotmail.com>][Date Sun, 28 Apr 2002 17:13:59 +0000]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <jhi ... /[From Educators and Schola ... /[From Gavncrys@aol.com][Date Sun, 28 Apr 2002 02:15:57 EDT]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <jhi ... /[From Educators and Scholars <sounny@ses-online.org>][Date Sun, 28 Apr 2002 11:17:02 -0500]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <jhind@geocities.co ... /[From neven jurkovic <njurkovi@accd.edu>][Date Sat, 27 Apr 2002 16:05:01 -0500]/text Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <jhind@geocities.co ... /[From neven jurkovic <njurkovi@accd.edu>][Date Sat, 27 Apr 2002 13:00:59 -0500]/text Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED/[From jhind <jhind@geocities.com>][Date Sat, 27 Apr 2002 11:43:56 -0500]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED/[From "Jonathan Lozano" <jlozano@universe.uiwtx.edu>][Date Sat, 27 Apr 2002 09:05:46 -0500]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED/[From inet <inet@microsoft.com>][Date Sat, 27 Apr 2002 07:10:20 -0500]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED/[From Paul Renobato <xxsirpaul_2000@yahoo.com>][Date Fri, 26 Apr 2002 21:51:08 -0700 (PDT)]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Robin Mays <robingmays@yahoo.com>][Date Fri, 26 Apr 2002 19:42:23 -0700 (PDT)]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From rbdrudge <rbdrudge@refdesk.com>][Date Mon, 29 Apr 2002 19:28:28 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From rbdrudge <rbdrudge@refdesk.com>][Date Mon, 29 Apr 2002 19:28:28 -0500]/UNNAMED/seacret@webshots[2].bat Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From rbdrudge <rbdrudge@refdesk.com>][Date Mon, 29 Apr 2002 19:28:28 -0500]/UNNAMED/[From shicks <shicks@accd.edu>][Date Mon, 29 Apr 2002 21:18:16 -0400]/UNNAMED/[From "Dr. D. F. Conley" <DCONLEY@ACCD.EDU>][Date Mon, 29 Apr 2002 20:51:53 -0500]/UNNAMED/[From John Dunn <jdunn@accd.edu>][Date Mon, 29 Apr 2002 20:58:16 -0500]/text/[From "Juan Lozano" <juanlozano_cosc1300@hotmail.com>][Date Tue, 30 Apr 2002 16:19:36 -0500]/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From rbdrudge <rbdrudge@refdesk.com>][Date Mon, 29 Apr 2002 19:28:28 -0500]/UNNAMED/[From shicks <shicks@accd.edu>][Date Mon, 29 Apr 2002 21:18:16 -0400]/UNNAMED/[From "Dr. D. F. Conley" <DCONLEY@ACCD.EDU>][Date Mon, 29 Apr 2002 20:51:53 -0500]/UNNAMED/[From John Dunn <jdunn@accd.edu>][Date Mon, 29 Apr 2002 20:58:16 -0500]/text/[From "Juan Lozano" <juanlozano_cosc1300@hotmail.com>][Date Tue, 30 Apr 2002 16:19:36 -0500]/anyuser@www.adviceforpcs[2].bat Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From rbdrudge <rbdrudge@refdesk.com>][Date Mon, 29 Apr 2002 19:28:28 -0500]/UNNAMED/[From shicks <shicks@accd.edu>][Date Mon, 29 Apr 2002 21:18:16 -0400]/UNNAMED/[From "Dr. D. F. Conley" <DCONLEY@ACCD.EDU>][Date Mon, 29 Apr 2002 20:51:53 -0500]/UNNAMED/[From John Dunn <jdunn@accd.edu>][Date Mon, 29 Apr 2002 20:58:16 -0500]/text Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From rbdrudge <rbdrudge@refdesk.com>][Date Mon, 29 Apr 2002 19:28:28 -0500]/UNNAMED/[From shicks <shicks@accd.edu>][Date Mon, 29 Apr 2002 21:18:16 -0400]/UNNAMED/[From "Dr. D. F. Conley" <DCONLEY@ACCD.EDU>][Date Mon, 29 Apr 2002 20:51:53 -0500]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From rbdrudge <rbdrudge@refdesk.com>][Date Mon, 29 Apr 2002 19:28:28 -0500]/UNNAMED/[From shicks <shicks@accd.edu>][Date Mon, 29 Apr 2002 21:18:16 -0400]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From rbdrudge <rbdrudge@refdesk.com>][Date Mon, 29 Apr 2002 19:28:28 -0500]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From rhaddix <rhaddix@satx.rr.com>][Date Tue, 30 Apr 2002 18:25:02 -0500]/UNNAMED/label.scr Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From rhaddix <rhaddix@satx.rr.com>][Date Tue, 30 Apr 2002 18:25:02 -0500]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Dr. D. F. Conley" <DCONLEY@ACCD.EDU>][Date Fri, 3 May 2002 19:11:05 -0500]/UNNAMED/[From "NolenTreadwell" <NolenTreadwell@email.msn.com>][Date Sat, 4 May 2002 00:02:11 -0500]/UNNAMED/[From "Jamie Lizalde" <jamie_lizalde_cosc1300@hotmail.com>][Date Sat, 04 May 2002 12:45:48 -0500]/UNNAMED/[From "Jamie Lizalde" <jamie_lizalde_cosc1300@hotmail.com>][Date Sat, 04 May 2002 13:45:47 -0500]/UNNAMED/[From perflunk <perflunk@aol.com>][Date Sun, 5 May 2002 13:26:53 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Dr. D. F. Conley" <DCONLEY@ACCD.EDU>][Date Fri, 3 May 2002 19:11:05 -0500]/UNNAMED/[From "NolenTreadwell" <NolenTreadwell@email.msn.com>][Date Sat, 4 May 2002 00:02:11 -0500]/UNNAMED/[From "Jamie Lizalde" <jamie_lizalde_cosc1300@hotmail.com>][Date Sat, 04 May 2002 12:45:48 -0500]/UNNAMED/[From "Jamie Lizalde" <jamie_lizalde_cosc1300@hotmail.com>][Date Sat, 04 May 2002 13:45:47 -0500]/UNNAMED/[From perflunk <perflunk@aol.com>][Date Sun, 5 May 2002 13:26:53 -0400]/UNNAMED/hspace.bat Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Dr. D. F. Conley" <DCONLEY@ACCD.EDU>][Date Fri, 3 May 2002 19:11:05 -0500]/UNNAMED/[From "NolenTreadwell" <NolenTreadwell@email.msn.com>][Date Sat, 4 May 2002 00:02:11 -0500]/UNNAMED/[From "Jamie Lizalde" <jamie_lizalde_cosc1300@hotmail.com>][Date Sat, 04 May 2002 12:45:48 -0500]/UNNAMED/[From "Jamie Lizalde" <jamie_lizalde_cosc1300@hotmail.com>][Date Sat, 04 May 2002 13:45:47 -0500]/UNNAMED/[From perflunk <perflunk@aol.com>][Date Sun, 5 May 2002 13:26:53 -0400]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Dr. D. F. Conley" <DCONLEY@ACCD.EDU>][Date Fri, 3 May 2002 19:11:05 -0500]/UNNAMED/[From "NolenTreadwell" <NolenTreadwell@email.msn.com>][Date Sat, 4 May 2002 00:02:11 -0500]/UNNAMED/[From "Jamie Lizalde" <jamie_lizalde_cosc1300@hotmail.com>][Date Sat, 04 May 2002 12:45:48 -0500]/UNNAMED/[From "Jamie Lizalde" <jamie_lizalde_cosc1300@hotmail.com>][Date Sat, 04 May 2002 13:45:47 -0500]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Dr. D. F. Conley" <DCONLEY@ACCD.EDU>][Date Fri, 3 May 2002 19:11:05 -0500]/UNNAMED/[From "NolenTreadwell" <NolenTreadwell@email.msn.com>][Date Sat, 4 May 2002 00:02:11 -0500]/UNNAMED/[From "Jamie Lizalde" <jamie_lizalde_cosc1300@hotmail.com>][Date Sat, 04 May 2002 12:45:48 -0500]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Dr. D. F. Conley" <DCONLEY@ACCD.EDU>][Date Fri, 3 May 2002 19:11:05 -0500]/UNNAMED/[From "NolenTreadwell" <NolenTreadwell@email.msn.com>][Date Sat, 4 May 2002 00:02:11 -0500]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Dr. D. F. Conley" <DCONLEY@ACCD.EDU>][Date Fri, 3 May 2002 19:11:05 -0500]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From ROLLERDERBYMOUSE@aol.com][Date Wed, 8 May 2002 19:44:33 EDT]/UNNAMED/[From "padusa" <padusa@cox.net>][Date Thu, 09 May 2002 02:44:06 "GMT"]/kms.exe Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From ROLLERDERBYMOUSE@aol.com][Date Wed, 8 May 2002 19:44:33 EDT]/UNNAMED/[From "padusa" <padusa@cox.net>][Date Thu, 09 May 2002 02:44:06 "GMT"]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From ROLLERDERBYMOUSE@aol.com][Date Wed, 8 May 2002 19:44:33 EDT]/UNNAMED/[From "padusa" <padusa@cox.net>][Date Thu, 09 May 2002 02:44:06 "GMT"]/UNNAMED/demo.bat Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From ROLLERDERBYMOUSE@aol.com][Date Wed, 8 May 2002 19:44:33 EDT]/UNNAMED/[From "padusa" <padusa@cox.net>][Date Thu, 09 May 2002 02:44:06 "GMT"]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From ROLLERDERBYMOUSE@aol.com][Date Wed, 8 May 2002 19:44:33 EDT]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Erlinda Ybarra" <erlinda_ybarra_itsw2337@hotmail.com>][Date Sat, 11 May 2002 14:19:22 -0500]/text/[From Erlinda Ybarra <EYBARRA@ACCDvm.accd.EDU>][Date Sat, 11 May 2002 14:39:35 -0500]/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Erlinda Ybarra" <erlinda_ybarra_itsw2337@hotmail.com>][Date Sat, 11 May 2002 14:19:22 -0500]/text/[From Erlinda Ybarra <EYBARRA@ACCDvm.accd.EDU>][Date Sat, 11 May 2002 14:39:35 -0500]/isbninquiry[8].bat Infected: Email-Worm.Win32.Klez.e
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Erlinda Ybarra" <erlinda_ybarra_itsw2337@hotmail.com>][Date Sat, 11 May 2002 14:19:22 -0500]/text/[From "javatimedb" <javatimedb@yahoo.com>][Date Sat, 11 May 2002 14:39:35 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Erlinda Ybarra" <erlinda_ybarra_itsw2337@hotmail.com>][Date Sat, 11 May 2002 14:19:22 -0500]/text/[From "javatimedb" <javatimedb@yahoo.com>][Date Sat, 11 May 2002 14:39:35 -0500]/UNNAMED/hwywl.pif Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Erlinda Ybarra" <erlinda_ybarra_itsw2337@hotmail.com>][Date Sat, 11 May 2002 14:19:22 -0500]/text/[From "javatimedb" <javatimedb@yahoo.com>][Date Sat, 11 May 2002 14:39:35 -0500]/UNNAMED/[From "KJones" <KJones@hsag.com>]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Erlinda Ybarra" <erlinda_ybarra_itsw2337@hotmail.com>][Date Sat, 11 May 2002 14:19:22 -0500]/text/[From "javatimedb" <javatimedb@yahoo.com>][Date Sat, 11 May 2002 14:39:35 -0500]/UNNAMED/[From "KJones" <KJones@hsag.com>]/UNNAMED/xi.scr Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Erlinda Ybarra" <erlinda_ybarra_itsw2337@hotmail.com>][Date Sat, 11 May 2002 14:19:22 -0500]/text/[From "javatimedb" <javatimedb@yahoo.com>][Date Sat, 11 May 2002 14:39:35 -0500]/UNNAMED/[From "KJones" <KJones@hsag.com>]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Erlinda Ybarra" <erlinda_ybarra_itsw2337@hotmail.com>][Date Sat, 11 May 2002 14:19:22 -0500]/text/[From "javatimedb" <javatimedb@yahoo.com>][Date Sat, 11 May 2002 14:39:35 -0500]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Erlinda Ybarra" <erlinda_ybarra_itsw2337@hotmail.com>][Date Sat, 11 May 2002 14:19:22 -0500]/text Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From CSTupper@aol.com][Date Thu, 30 May 2002 15:27:37 -0400]/text/[From "alvizogarza" <alvizogarza@aol.com>][Date Fri, 31 May 2002 11:27:48 -0500]/play.exe Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From CSTupper@aol.com][Date Thu, 30 May 2002 15:27:37 -0400]/text Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Dr. D. F. Conley" <DCONLEY@ACCD.EDU>][Date Mon, 3 Jun 2002 19:36:42 -0500]/UNNAMED/[From caspe36 <caspe36@yahoo.com>][Date Tue, 04 Jun 2002 04:38:01 +0400]/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Dr. D. F. Conley" <DCONLEY@ACCD.EDU>][Date Mon, 3 Jun 2002 19:36:42 -0500]/UNNAMED/[From caspe36 <caspe36@yahoo.com>][Date Tue, 04 Jun 2002 04:38:01 +0400]/jeuz.bat Infected: Email-Worm.Win32.Klez.e
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Dr. D. F. Conley" <DCONLEY@ACCD.EDU>][Date Mon, 3 Jun 2002 19:36:42 -0500]/UNNAMED/[From "JEFFREY R. RODRIGUEZ" <jrodriguez7@MAIL.ACCD.EDU>][Date Tue, 4 Jun 2002 11:00:29 -0500]/text/[From mhopper <mhopper@accd.edu>][Date Tue, 4 Jun 2002 12:07:14 -0400]/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Dr. D. F. Conley" <DCONLEY@ACCD.EDU>][Date Mon, 3 Jun 2002 19:36:42 -0500]/UNNAMED/[From "JEFFREY R. RODRIGUEZ" <jrodriguez7@MAIL.ACCD.EDU>][Date Tue, 4 Jun 2002 11:00:29 -0500]/text/[From mhopper <mhopper@accd.edu>][Date Tue, 4 Jun 2002 12:07:14 -0400]/align.exe Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Dr. D. F. Conley" <DCONLEY@ACCD.EDU>][Date Mon, 3 Jun 2002 19:36:42 -0500]/UNNAMED/[From "JEFFREY R. RODRIGUEZ" <jrodriguez7@MAIL.ACCD.EDU>][Date Tue, 4 Jun 2002 11:00:29 -0500]/text Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "Dr. D. F. Conley" <DCONLEY@ACCD.EDU>][Date Mon, 3 Jun 2002 19:36:42 -0500]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Womack <dw@triad2010.net>][Date Tue, 04 Jun 2002 17:04:40 -0500]/text/[From from 8bit to quoted-printable by fmaile1.real-net.net id AAA09659][Date Wed, 5 Jun 2002 00:18:52 -0700]/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Womack <dw@triad2010.net>][Date Tue, 04 Jun 2002 17:04:40 -0500]/text/[From from 8bit to quoted-printable by fmaile1.real-net.net id AAA09659][Date Wed, 5 Jun 2002 00:18:52 -0700]/janina.exe Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Womack <dw@triad2010.net>][Date Tue, 04 Jun 2002 17:04:40 -0500]/text Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "IASTED - Upcoming Conferences" <Info@IASTED.com>][Date Thu, 6 Jun 2002 16:24:13 -0600]/text/[From jriley <jriley@accd.edu>][Date Fri, 7 Jun 2002 13:02:34 -0400]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "IASTED - Upcoming Conferences" <Info@IASTED.com>][Date Thu, 6 Jun 2002 16:24:13 -0600]/text Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "oms" <oms0818@ev1.net>][Date Thu, 6 Jun 2002 18:49:47 -0500]/UNNAMED/[From "nduenas" <nduenas@lancercorp.com>]/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "oms" <oms0818@ev1.net>][Date Thu, 6 Jun 2002 18:49:47 -0500]/UNNAMED/[From "nduenas" <nduenas@lancercorp.com>]/xlp.bat Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "oms" <oms0818@ev1.net>][Date Thu, 6 Jun 2002 18:49:47 -0500]/UNNAMED/[From JCLAKLEY <JCLAKLEY@accd.edu>][Date Mon, 10 Jun 2002 12:59:24 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "oms" <oms0818@ev1.net>][Date Thu, 6 Jun 2002 18:49:47 -0500]/UNNAMED/[From JCLAKLEY <JCLAKLEY@accd.edu>][Date Mon, 10 Jun 2002 12:59:24 -0400]/UNNAMED/index1_3[1].exe Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "oms" <oms0818@ev1.net>][Date Thu, 6 Jun 2002 18:49:47 -0500]/UNNAMED/[From JCLAKLEY <JCLAKLEY@accd.edu>][Date Mon, 10 Jun 2002 12:59:24 -0400]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From "oms" <oms0818@ev1.net>][Date Thu, 6 Jun 2002 18:49:47 -0500]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Sophie Caldera <SCALDERA@ACCDVM.ACCD.EDU>][Date Tue, 11 Jun 2002 08:30:37 -0500]/text/[From Ginger Carnes <GCARNES@ACCDVM.ACCD.EDU>][Date Tue, 11 Jun 2002 09:32:18 -0500]/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Sophie Caldera <SCALDERA@ACCDVM.ACCD.EDU>][Date Tue, 11 Jun 2002 08:30:37 -0500]/text/[From Ginger Carnes <GCARNES@ACCDVM.ACCD.EDU>][Date Tue, 11 Jun 2002 09:32:18 -0500]/type.bat Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Sophie Caldera <SCALDERA@ACCDVM.ACCD.EDU>][Date Tue, 11 Jun 2002 08:30:37 -0500]/text Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 12 Jun 2002 09:15:11 -0500]/text/[From Louis Dufault-Navarro <LDUFAULT@ACCDVM.ACCD.EDU>][Date Wed, 12 Jun 2002 10:10:01 -0500]/border.scr Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 12 Jun 2002 09:15:11 -0500]/text/[From JIMAPRIL <JIMAPRIL@PRODIGY.NET>][Date Wed, 12 Jun 2002 17:11:47 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 12 Jun 2002 09:15:11 -0500]/text/[From JIMAPRIL <JIMAPRIL@PRODIGY.NET>][Date Wed, 12 Jun 2002 17:11:47 -0400]/UNNAMED/. Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 12 Jun 2002 09:15:11 -0500]/text/[From JIMAPRIL <JIMAPRIL@PRODIGY.NET>][Date Wed, 12 Jun 2002 17:11:47 -0400]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 12 Jun 2002 09:15:11 -0500]/text Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Sherry Pederson <sherrypederson@yahoo.com>][Date Thu, 13 Jun 2002 05:57:00 -0700 (PDT)]/text/[From Susan Hammond <SHAMMOND@ACCDVM.ACCD.EDU>][Date Thu, 13 Jun 2002 13:19:36 -0500]/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Sherry Pederson <sherrypederson@yahoo.com>][Date Thu, 13 Jun 2002 05:57:00 -0700 (PDT)]/text/[From Susan Hammond <SHAMMOND@ACCDVM.ACCD.EDU>][Date Thu, 13 Jun 2002 13:19:36 -0500]/basket.bat Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Sherry Pederson <sherrypederson@yahoo.com>][Date Thu, 13 Jun 2002 05:57:00 -0700 (PDT)]/text Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 19 Jun 2002 09:29:27 -0500]/text/[From AGAILLARD <AGAILLARD@SAFETY-KLEEN.COM>][Date Wed, 19 Jun 2002 12:42:26 -0400]/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 19 Jun 2002 09:29:27 -0500]/text/[From AGAILLARD <AGAILLARD@SAFETY-KLEEN.COM>][Date Wed, 19 Jun 2002 12:42:26 -0400]/end Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 19 Jun 2002 09:29:27 -0500]/text/[From "trone33b" <trone33b@yahoo.com>][Date Wed, 19 Jun 2002 12:42:26 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 19 Jun 2002 09:29:27 -0500]/text/[From "trone33b" <trone33b@yahoo.com>][Date Wed, 19 Jun 2002 12:42:26 -0400]/UNNAMED/wiz.pif Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 19 Jun 2002 09:29:27 -0500]/text/[From "trone33b" <trone33b@yahoo.com>][Date Wed, 19 Jun 2002 12:42:26 -0400]/UNNAMED/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 19 Jun 2002 16:28:10 -0500]/text/[From "mseifert" <mseifert@accd.edu>]/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 19 Jun 2002 09:29:27 -0500]/text/[From "trone33b" <trone33b@yahoo.com>][Date Wed, 19 Jun 2002 12:42:26 -0400]/UNNAMED/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 19 Jun 2002 16:28:10 -0500]/text/[From "mseifert" <mseifert@accd.edu>]/props.pif Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 19 Jun 2002 09:29:27 -0500]/text/[From "trone33b" <trone33b@yahoo.com>][Date Wed, 19 Jun 2002 12:42:26 -0400]/UNNAMED/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 19 Jun 2002 16:28:10 -0500]/text Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 19 Jun 2002 09:29:27 -0500]/text/[From "trone33b" <trone33b@yahoo.com>][Date Wed, 19 Jun 2002 12:42:26 -0400]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 19 Jun 2002 09:29:27 -0500]/text Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From sntrent <sntrent@bellsouth.net>][Date Thu, 20 Jun 2002 05:46:31 +0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From sntrent <sntrent@bellsouth.net>][Date Thu, 20 Jun 2002 05:46:31 +0400]/UNNAMED/basket[1].exe Infected: Email-Worm.Win32.Klez.e
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From sntrent <sntrent@bellsouth.net>][Date Thu, 20 Jun 2002 05:46:31 +0400]/UNNAMED Infected: Email-Worm.Win32.Klez.e
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From DUCKY95730 <DUCKY95730@AOL.COM>][Date Thu, 20 Jun 2002 13:13:20 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From DUCKY95730 <DUCKY95730@AOL.COM>][Date Thu, 20 Jun 2002 13:13:20 -0400]/UNNAMED/daily.webshots[1].pif Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From DUCKY95730 <DUCKY95730@AOL.COM>][Date Thu, 20 Jun 2002 13:13:20 -0400]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Luis Mercado <LMERCADO@ACCDVM.ACCD.EDU>][Date Fri, 21 Jun 2002 10:34:30 -0500]/text/[From LLINDA <LLINDA@accd.edu>][Date Fri, 21 Jun 2002 11:59:44 -0400]/true.exe Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Luis Mercado <LMERCADO@ACCDVM.ACCD.EDU>][Date Fri, 21 Jun 2002 10:34:30 -0500]/text/[From Bobbyteach@aol.com][Date Sat, 22 Jun 2002 15:14:20 EDT]/UNNAMED/[From "gallsop" <gallsop@cox.net>]/setup.exe Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Luis Mercado <LMERCADO@ACCDVM.ACCD.EDU>][Date Fri, 21 Jun 2002 10:34:30 -0500]/text/[From Bobbyteach@aol.com][Date Sat, 22 Jun 2002 15:14:20 EDT]/UNNAMED/[From "tokayjones" <tokayjones@hotmail.com>]/UNNAMED/install.exe Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Luis Mercado <LMERCADO@ACCDVM.ACCD.EDU>][Date Fri, 21 Jun 2002 10:34:30 -0500]/text/[From Bobbyteach@aol.com][Date Sat, 22 Jun 2002 15:14:20 EDT]/UNNAMED/[From "tokayjones" <tokayjones@hotmail.com>]/UNNAMED/[From "Cynthia D. Villafranco" <CVILLAFR@ACCDVM.ACCD.EDU>][Date Summer II Class Dates]/text/[From comments <comments@cimedia.com>][Date Mon, 24 Jun 2002 16:18:25 -0400 (EDT)]/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Luis Mercado <LMERCADO@ACCDVM.ACCD.EDU>][Date Fri, 21 Jun 2002 10:34:30 -0500]/text/[From Bobbyteach@aol.com][Date Sat, 22 Jun 2002 15:14:20 EDT]/UNNAMED/[From "tokayjones" <tokayjones@hotmail.com>]/UNNAMED/[From "Cynthia D. Villafranco" <CVILLAFR@ACCDVM.ACCD.EDU>][Date Summer II Class Dates]/text/[From comments <comments@cimedia.com>][Date Mon, 24 Jun 2002 16:18:25 -0400 (EDT)]/color.scr Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Luis Mercado <LMERCADO@ACCDVM.ACCD.EDU>][Date Fri, 21 Jun 2002 10:34:30 -0500]/text/[From Bobbyteach@aol.com][Date Sat, 22 Jun 2002 15:14:20 EDT]/UNNAMED/[From "tokayjones" <tokayjones@hotmail.com>]/UNNAMED/[From "Cynthia D. Villafranco" <CVILLAFR@ACCDVM.ACCD.EDU>][Date Summer II Class Dates]/text Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Luis Mercado <LMERCADO@ACCDVM.ACCD.EDU>][Date Fri, 21 Jun 2002 10:34:30 -0500]/text/[From Bobbyteach@aol.com][Date Sat, 22 Jun 2002 15:14:20 EDT]/UNNAMED/[From "tokayjones" <tokayjones@hotmail.com>]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Luis Mercado <LMERCADO@ACCDVM.ACCD.EDU>][Date Fri, 21 Jun 2002 10:34:30 -0500]/text/[From Bobbyteach@aol.com][Date Sat, 22 Jun 2002 15:14:20 EDT]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Luis Mercado <LMERCADO@ACCDVM.ACCD.EDU>][Date Fri, 21 Jun 2002 10:34:30 -0500]/text Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Gloria Gonzales <glorgonz@accdvm.accd.edu>][Date Tue, 25 Jun 2002 10:27:13 -0500]/text/[From Brad Chandler <BCHANDLE@ACCDVM.ACCD.EDU>][Date Tue, 25 Jun 2002 14:01:55 -0500]/basket[1].scr Infected: Email-Worm.Win32.Klez.e
C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Gloria Gonzales <glorgonz@accdvm.accd.edu>][Date Tue, 25 Jun 2002 10:27:13 -0500]/text Infected: Email-

#8 anjur

anjur
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 12 December 2005 - 07:42 PM

Part III

C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 19 Jun 2002 09:29:27 -0500]/text/[From AGAILLARD <AGAILLARD@SAFETY-KLEEN.COM>][Date Wed, 19 Jun 2002 12:42:26 -0400]/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 19 Jun 2002 09:29:27 -0500]/text/[From AGAILLARD <AGAILLARD@SAFETY-KLEEN.COM>][Date Wed, 19 Jun 2002 12:42:26 -0400]/end Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 19 Jun 2002 09:29:27 -0500]/text/[From "trone33b" <trone33b@yahoo.com>][Date Wed, 19 Jun 2002 12:42:26 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 19 Jun 2002 09:29:27 -0500]/text/[From "trone33b" <trone33b@yahoo.com>][Date Wed, 19 Jun 2002 12:42:26 -0400]/UNNAMED/wiz.pif Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 19 Jun 2002 09:29:27 -0500]/text/[From "trone33b" <trone33b@yahoo.com>][Date Wed, 19 Jun 2002 12:42:26 -0400]/UNNAMED/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 19 Jun 2002 16:28:10 -0500]/text/[From "mseifert" <mseifert@accd.edu>]/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 19 Jun 2002 09:29:27 -0500]/text/[From "trone33b" <trone33b@yahoo.com>][Date Wed, 19 Jun 2002 12:42:26 -0400]/UNNAMED/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 19 Jun 2002 16:28:10 -0500]/text/[From "mseifert" <mseifert@accd.edu>]/props.pif Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 19 Jun 2002 09:29:27 -0500]/text/[From "trone33b" <trone33b@yahoo.com>][Date Wed, 19 Jun 2002 12:42:26 -0400]/UNNAMED/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 19 Jun 2002 16:28:10 -0500]/text Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 19 Jun 2002 09:29:27 -0500]/text/[From "trone33b" <trone33b@yahoo.com>][Date Wed, 19 Jun 2002 12:42:26 -0400]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From David Torres <DATORRES@ACCDVM.ACCD.EDU>][Date Wed, 19 Jun 2002 09:29:27 -0500]/text Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From sntrent <sntrent@bellsouth.net>][Date Thu, 20 Jun 2002 05:46:31 +0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From sntrent <sntrent@bellsouth.net>][Date Thu, 20 Jun 2002 05:46:31 +0400]/UNNAMED/basket[1].exe Infected: Email-Worm.Win32.Klez.e
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From sntrent <sntrent@bellsouth.net>][Date Thu, 20 Jun 2002 05:46:31 +0400]/UNNAMED Infected: Email-Worm.Win32.Klez.e
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From DUCKY95730 <DUCKY95730@AOL.COM>][Date Thu, 20 Jun 2002 13:13:20 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From DUCKY95730 <DUCKY95730@AOL.COM>][Date Thu, 20 Jun 2002 13:13:20 -0400]/UNNAMED/daily.webshots[1].pif Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From DUCKY95730 <DUCKY95730@AOL.COM>][Date Thu, 20 Jun 2002 13:13:20 -0400]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Luis Mercado <LMERCADO@ACCDVM.ACCD.EDU>][Date Fri, 21 Jun 2002 10:34:30 -0500]/text/[From LLINDA <LLINDA@accd.edu>][Date Fri, 21 Jun 2002 11:59:44 -0400]/true.exe Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Luis Mercado <LMERCADO@ACCDVM.ACCD.EDU>][Date Fri, 21 Jun 2002 10:34:30 -0500]/text/[From Bobbyteach@aol.com][Date Sat, 22 Jun 2002 15:14:20 EDT]/UNNAMED/[From "gallsop" <gallsop@cox.net>]/setup.exe Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Luis Mercado <LMERCADO@ACCDVM.ACCD.EDU>][Date Fri, 21 Jun 2002 10:34:30 -0500]/text/[From Bobbyteach@aol.com][Date Sat, 22 Jun 2002 15:14:20 EDT]/UNNAMED/[From "tokayjones" <tokayjones@hotmail.com>]/UNNAMED/install.exe Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Luis Mercado <LMERCADO@ACCDVM.ACCD.EDU>][Date Fri, 21 Jun 2002 10:34:30 -0500]/text/[From Bobbyteach@aol.com][Date Sat, 22 Jun 2002 15:14:20 EDT]/UNNAMED/[From "tokayjones" <tokayjones@hotmail.com>]/UNNAMED/[From "Cynthia D. Villafranco" <CVILLAFR@ACCDVM.ACCD.EDU>][Date Summer II Class Dates]/text/[From comments <comments@cimedia.com>][Date Mon, 24 Jun 2002 16:18:25 -0400 (EDT)]/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Luis Mercado <LMERCADO@ACCDVM.ACCD.EDU>][Date Fri, 21 Jun 2002 10:34:30 -0500]/text/[From Bobbyteach@aol.com][Date Sat, 22 Jun 2002 15:14:20 EDT]/UNNAMED/[From "tokayjones" <tokayjones@hotmail.com>]/UNNAMED/[From "Cynthia D. Villafranco" <CVILLAFR@ACCDVM.ACCD.EDU>][Date Summer II Class Dates]/text/[From comments <comments@cimedia.com>][Date Mon, 24 Jun 2002 16:18:25 -0400 (EDT)]/color.scr Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Luis Mercado <LMERCADO@ACCDVM.ACCD.EDU>][Date Fri, 21 Jun 2002 10:34:30 -0500]/text/[From Bobbyteach@aol.com][Date Sat, 22 Jun 2002 15:14:20 EDT]/UNNAMED/[From "tokayjones" <tokayjones@hotmail.com>]/UNNAMED/[From "Cynthia D. Villafranco" <CVILLAFR@ACCDVM.ACCD.EDU>][Date Summer II Class Dates]/text Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Luis Mercado <LMERCADO@ACCDVM.ACCD.EDU>][Date Fri, 21 Jun 2002 10:34:30 -0500]/text/[From Bobbyteach@aol.com][Date Sat, 22 Jun 2002 15:14:20 EDT]/UNNAMED/[From "tokayjones" <tokayjones@hotmail.com>]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Luis Mercado <LMERCADO@ACCDVM.ACCD.EDU>][Date Fri, 21 Jun 2002 10:34:30 -0500]/text/[From Bobbyteach@aol.com][Date Sat, 22 Jun 2002 15:14:20 EDT]/UNNAMED Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Luis Mercado <LMERCADO@ACCDVM.ACCD.EDU>][Date Fri, 21 Jun 2002 10:34:30 -0500]/text Infected: Email-Worm.Win32.Klez.h
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Gloria Gonzales <glorgonz@accdvm.accd.edu>][Date Tue, 25 Jun 2002 10:27:13 -0500]/text/[From Brad Chandler <BCHANDLE@ACCDVM.ACCD.EDU>][Date Tue, 25 Jun 2002 14:01:55 -0500]/basket[1].scr Infected: Email-Worm.Win32.Klez.e
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox/[From Gloria Gonzales <glorgonz@accdvm.accd.edu>][Date Tue, 25 Jun 2002 10:27:13 -0500]/text Infected: Email-Worm.Win32.Klez.e
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\Inbox Infected: Email-Worm.Win32.Klez.e
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\previous semesters.sbd\accd-cancun/[From Roland Dubay <RDUBAY@ACCDVM.ACCD.EDU>][Date Mon, 9 Aug 2004 07:42:40 -0500]/www.accd.edu.pacall.session-00002747.com Infected: Email-Worm.Win32.NetSky.z
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\previous semesters.sbd\accd-cancun/[From nj <softmath@texas.net>][Date Mon, 09 Aug 2004 09:51:26 -0500]/Doll.cpl Infected: Email-Worm.Win32.Bagle.ai
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\previous semesters.sbd\accd-cancun/[From "Marsha Alvarado" <marsha_alvarado_cosc1300@hotmail.com>][Date Sat, 07 Aug 2004 07:55:08 -0500]/UNNAMED/[From "Marsha Alvarado" <marsha_alvarado_cosc1300@hotmail.com>][Date Sat, 07 Aug 2004 07:53:06 -0500]/UNNAMED/[From "Marsha Alvarado" <marsha_alvarado_cosc1300@hotmail.com>][Date Sat, 07 Aug 2004 07:30:55 -0500]/UNNAMED/[From "j2" <message@inbound.j2.com>][Dat ... /[From Ginger Hall Carnes <GCARNES@ACCDVM.ACCD.EDU>][Date Mon, 9 Aug 2004 17:22:58 -05 ... /price.html Infected: Exploit.HTML.CodeBaseExec
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\previous semesters.sbd\accd-cancun/[From "Marsha Alvarado" <marsha_alvarado_cosc1300@hotmail.com>][Date Sat, 07 Aug 2004 07:55:08 -0500]/UNNAMED/[From "Marsha Alvarado" <marsha_alvarado_cosc1300@hotmail.com>][Date Sat, 07 Aug 2004 07:53:06 -0500]/UNNAMED/[From "Marsha Alvarado" <marsha_alvarado_cosc1300@hotmail.com>][Date Sat, 07 Aug 2004 07:30:55 -0500]/UNNAMED/[From "j2" <message@inbound.j2.com>][Dat ... /[From Ginger Hall Carnes <GCARNES@ACCDVM.ACCD.EDU>][Date Mon, 9 Aug 2004 17:22:5 ... /price/price.exe Infected: Email-Worm.Win32.Bagle.al
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\previous semesters.sbd\accd-cancun/[From "Marsha Alvarado" <marsha_alvarado_cosc1300@hotmail.com>][Date Sat, 07 Aug 2004 07:55:08 -0500]/UNNAMED/[From "Marsha Alvarado" <marsha_alvarado_cosc1300@hotmail.com>][Date Sat, 07 Aug 2004 07:53:06 -0500]/UNNAMED/[From "Marsha Alvarado" <marsha_alvarado_cosc1300@hotmail.com>][Date Sat, 07 Aug 2004 07:30:55 -0500]/UNNAMED/[From "j2" <message@inbound.j2.com>][Dat ... /[From Ginger Hall Carnes <GCARNES@ACCDVM.ACCD.EDU>][Date Mon, 9 Aug 2004 17:22:58 -0500]/price_08.zip Infected: Email-Worm.Win32.Bagle.al
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\previous semesters.sbd\accd-cancun/[From "Marsha Alvarado" <marsha_alvarado_cosc1300@hotmail.com>][Date Sat, 07 Aug 2004 07:55:08 -0500]/UNNAMED/[From "Marsha Alvarado" <marsha_alvarado_cosc1300@hotmail.com>][Date Sat, 07 Aug 2004 07:53:06 -0500]/UNNAMED/[From "Marsha Alvarado" <marsha_alvarado_cosc1300@hotmail.com>][Date Sat, 07 Aug 2004 07:30:55 -0500]/UNNAMED/[From "j2" <message@inbound.j2.com>][Dat ... /[From Elizabeth Eguia-Garcia <EEGARCIA@ACCDVM.ACCD.EDU>][Date Mon, 9 Aug 2004 10:25:40 -0500]/UNNAMED Infected: Email-Worm.Win32.Bagle.al
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\previous semesters.sbd\accd-cancun/[From "Marsha Alvarado" <marsha_alvarado_cosc1300@hotmail.com>][Date Sat, 07 Aug 2004 07:55:08 -0500]/UNNAMED/[From "Marsha Alvarado" <marsha_alvarado_cosc1300@hotmail.com>][Date Sat, 07 Aug 2004 07:53:06 -0500]/UNNAMED/[From "Marsha Alvarado" <marsha_alvarado_cosc1300@hotmail.com>][Date Sat, 07 Aug 2004 07:30:55 -0500]/UNNAMED/[From "j2" <message@inbound.j2.com>][Date Sat, 07 Aug 2004 00:54:28 +0000]/UNNAMED Infected: Email-Worm.Win32.Bagle.al
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\previous semesters.sbd\accd-cancun/[From "Marsha Alvarado" <marsha_alvarado_cosc1300@hotmail.com>][Date Sat, 07 Aug 2004 07:55:08 -0500]/UNNAMED/[From "Marsha Alvarado" <marsha_alvarado_cosc1300@hotmail.com>][Date Sat, 07 Aug 2004 07:53:06 -0500]/UNNAMED/[From "Marsha Alvarado" <marsha_alvarado_cosc1300@hotmail.com>][Date Sat, 07 Aug 2004 07:30:55 -0500]/UNNAMED Infected: Email-Worm.Win32.Bagle.al
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\previous semesters.sbd\accd-cancun/[From "Marsha Alvarado" <marsha_alvarado_cosc1300@hotmail.com>][Date Sat, 07 Aug 2004 07:55:08 -0500]/UNNAMED/[From "Marsha Alvarado" <marsha_alvarado_cosc1300@hotmail.com>][Date Sat, 07 Aug 2004 07:53:06 -0500]/UNNAMED Infected: Email-Worm.Win32.Bagle.al
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\previous semesters.sbd\accd-cancun/[From "Marsha Alvarado" <marsha_alvarado_cosc1300@hotmail.com>][Date Sat, 07 Aug 2004 07:55:08 -0500]/UNNAMED Infected: Email-Worm.Win32.Bagle.al
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1-before-sum5.edu\previous semesters.sbd\accd-cancun Infected: Email-Worm.Win32.Bagle.al
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\!spring 05.sbd\zadmin/[From Mail Administrator <postmaster@accd.edu>][Date Sun, 9 Jan 2005 14:50:12 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Mon, 10 Jan 2005 14:18:43 -0600]/UNNAMED/[From Steve Hicks <shicks@accd.edu>][Date Thu, 03 Feb 2005 10:12:22 -0600]/text/[From "Robert L. Garza" <robogarz@accd.edu>][Date Wed, 9 Feb 2005 10:33:46 -0600]/ ... /kozd.doc .scr Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\!spring 05.sbd\zadmin/[From Mail Administrator <postmaster@accd.edu>][Date Sun, 9 Jan 2005 14:50:12 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Mon, 10 Jan 2005 14:18:43 -0600]/UNNAMED/[From Steve Hicks <shicks@accd.edu>][Date Thu, 03 Feb 2005 10:12:22 -0600]/text/[From "Robert L. Garza" <robogarz@accd.edu>][Date Wed, 9 Feb 2005 10:33:46 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Thu, 10 Feb 20 ... /[From srodriguez1@mail.accd.edu][Date Mon, 21 Mar 2005 11:54:29 ... /kozd.zip Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\!spring 05.sbd\zadmin/[From Mail Administrator <postmaster@accd.edu>][Date Sun, 9 Jan 2005 14:50:12 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Mon, 10 Jan 2005 14:18:43 -0600]/UNNAMED/[From Steve Hicks <shicks@accd.edu>][Date Thu, 03 Feb 2005 10:12:22 -0600]/text/[From "Robert L. Garza" <robogarz@accd.edu>][Date Wed, 9 Feb 2005 10:33:46 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Thu, 10 Feb 20 ... /[From srodriguez1@mail.accd.edu][Date Mon, 21 Mar 2005 11:54:29 -0600]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\!spring 05.sbd\zadmin/[From Mail Administrator <postmaster@accd.edu>][Date Sun, 9 Jan 2005 14:50:12 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Mon, 10 Jan 2005 14:18:43 -0600]/UNNAMED/[From Steve Hicks <shicks@accd.edu>][Date Thu, 03 Feb 2005 10:12:22 -0600]/text/[From "Robert L. Garza" <robogarz@accd.edu>][Date Wed, 9 Feb 2005 10:33:46 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Thu, 10 Feb 20 ... /[From Steve Hicks <shicks@accd.edu>][Date Wed, 23 Feb 2005 10:30:27 -0600]/text Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\!spring 05.sbd\zadmin/[From Mail Administrator <postmaster@accd.edu>][Date Sun, 9 Jan 2005 14:50:12 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Mon, 10 Jan 2005 14:18:43 -0600]/UNNAMED/[From Steve Hicks <shicks@accd.edu>][Date Thu, 03 Feb 2005 10:12:22 -0600]/text/[From "Robert L. Garza" <robogarz@accd.edu>][Date Wed, 9 Feb 2005 10:33:46 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Thu, 10 Feb 2005 10:24:37 -0600]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\!spring 05.sbd\zadmin/[From Mail Administrator <postmaster@accd.edu>][Date Sun, 9 Jan 2005 14:50:12 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Mon, 10 Jan 2005 14:18:43 -0600]/UNNAMED/[From Steve Hicks <shicks@accd.edu>][Date Thu, 03 Feb 2005 10:12:22 -0600]/text/[From "Robert L. Garza" <robogarz@accd.edu>][Date Wed, 9 Feb 2005 10:33:46 -0600]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\!spring 05.sbd\zadmin/[From Mail Administrator <postmaster@accd.edu>][Date Sun, 9 Jan 2005 14:50:12 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Mon, 10 Jan 2005 14:18:43 -0600]/UNNAMED/[From Steve Hicks <shicks@accd.edu>][Date Thu, 03 Feb 2005 10:12:22 -0600]/text Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\!spring 05.sbd\zadmin/[From Mail Administrator <postmaster@accd.edu>][Date Sun, 9 Jan 2005 14:50:12 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Mon, 10 Jan 2005 14:18:43 -0600]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\!spring 05.sbd\zadmin/[From Mail Administrator <postmaster@accd.edu>][Date Sun, 9 Jan 2005 14:50:12 -0600]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\!spring 05.sbd\zadmin Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\previous semesters.sbd\!!spring 05.sbd\zadmin/[From Mail Administrator <postmaster@accd.edu>][Date Sun, 9 Jan 2005 14:50:12 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Mon, 10 Jan 2005 14:18:43 -0600]/UNNAMED/[From Steve Hicks <shicks@accd.edu>][Date Thu, 03 Feb 2005 10:12:22 -0600]/text/[From "Robert L. Garza" <robogarz@accd.edu>][Date Wed, 9 Feb 2005 10:33:46 -0600]/ ... /kozd.doc .scr Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\previous semesters.sbd\!!spring 05.sbd\zadmin/[From Mail Administrator <postmaster@accd.edu>][Date Sun, 9 Jan 2005 14:50:12 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Mon, 10 Jan 2005 14:18:43 -0600]/UNNAMED/[From Steve Hicks <shicks@accd.edu>][Date Thu, 03 Feb 2005 10:12:22 -0600]/text/[From "Robert L. Garza" <robogarz@accd.edu>][Date Wed, 9 Feb 2005 10:33:46 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Thu, 10 Feb 20 ... /[From srodriguez1@mail.accd.edu][Date Mon, 21 Mar 2005 11:54:29 ... /kozd.zip Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\previous semesters.sbd\!!spring 05.sbd\zadmin/[From Mail Administrator <postmaster@accd.edu>][Date Sun, 9 Jan 2005 14:50:12 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Mon, 10 Jan 2005 14:18:43 -0600]/UNNAMED/[From Steve Hicks <shicks@accd.edu>][Date Thu, 03 Feb 2005 10:12:22 -0600]/text/[From "Robert L. Garza" <robogarz@accd.edu>][Date Wed, 9 Feb 2005 10:33:46 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Thu, 10 Feb 20 ... /[From srodriguez1@mail.accd.edu][Date Mon, 21 Mar 2005 11:54:29 -0600]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\previous semesters.sbd\!!spring 05.sbd\zadmin/[From Mail Administrator <postmaster@accd.edu>][Date Sun, 9 Jan 2005 14:50:12 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Mon, 10 Jan 2005 14:18:43 -0600]/UNNAMED/[From Steve Hicks <shicks@accd.edu>][Date Thu, 03 Feb 2005 10:12:22 -0600]/text/[From "Robert L. Garza" <robogarz@accd.edu>][Date Wed, 9 Feb 2005 10:33:46 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Thu, 10 Feb 20 ... /[From Steve Hicks <shicks@accd.edu>][Date Wed, 23 Feb 2005 10:30:27 -0600]/text Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\previous semesters.sbd\!!spring 05.sbd\zadmin/[From Mail Administrator <postmaster@accd.edu>][Date Sun, 9 Jan 2005 14:50:12 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Mon, 10 Jan 2005 14:18:43 -0600]/UNNAMED/[From Steve Hicks <shicks@accd.edu>][Date Thu, 03 Feb 2005 10:12:22 -0600]/text/[From "Robert L. Garza" <robogarz@accd.edu>][Date Wed, 9 Feb 2005 10:33:46 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Thu, 10 Feb 2005 10:24:37 -0600]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\previous semesters.sbd\!!spring 05.sbd\zadmin/[From Mail Administrator <postmaster@accd.edu>][Date Sun, 9 Jan 2005 14:50:12 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Mon, 10 Jan 2005 14:18:43 -0600]/UNNAMED/[From Steve Hicks <shicks@accd.edu>][Date Thu, 03 Feb 2005 10:12:22 -0600]/text/[From "Robert L. Garza" <robogarz@accd.edu>][Date Wed, 9 Feb 2005 10:33:46 -0600]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\previous semesters.sbd\!!spring 05.sbd\zadmin/[From Mail Administrator <postmaster@accd.edu>][Date Sun, 9 Jan 2005 14:50:12 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Mon, 10 Jan 2005 14:18:43 -0600]/UNNAMED/[From Steve Hicks <shicks@accd.edu>][Date Thu, 03 Feb 2005 10:12:22 -0600]/text Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\previous semesters.sbd\!!spring 05.sbd\zadmin/[From Mail Administrator <postmaster@accd.edu>][Date Sun, 9 Jan 2005 14:50:12 -0600]/UNNAMED/[From "Jennifer Leal" <jleal@accd.edu>][Date Mon, 10 Jan 2005 14:18:43 -0600]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\previous semesters.sbd\!!spring 05.sbd\zadmin/[From Mail Administrator <postmaster@accd.edu>][Date Sun, 9 Jan 2005 14:50:12 -0600]/UNNAMED Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\previous semesters.sbd\!!spring 05.sbd\zadmin Infected: Email-Worm.Win32.Mydoom.m
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\previous semesters.sbd\accd-cancun/[From Roland Dubay <RDUBAY@ACCDVM.ACCD.EDU>][Date Mon, 9 Aug 2004 07:42:40 -0500]/www.accd.edu.pacall.session-00002747.com Infected: Email-Worm.Win32.NetSky.z
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\previous semesters.sbd\accd-cancun/[From nj <softmath@texas.net>][Date Mon, 09 Aug 2004 09:51:26 -0500]/Doll.cpl Infected: Email-Worm.Win32.Bagle.ai
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\previous semesters.sbd\accd-cancun/[From "Marsha Alvarado" <marsha_alvarado_cosc1300@hotmail.com>][Date Sat, 07 Aug 2004 07:55:08 -0500]/UNNAMED/[From "Marsha Alvarado" <marsha_alvarado_cosc1300@hotmail.com>][Date Sat, 07 Aug 2004 07:53:06 -0500]/UNNAMED/[From "Marsha Alvarado" <marsha_alvarado_cosc1300@hotmail.com>][Date Sat, 07 Aug 2004 07:30:55 -0500]/UNNAMED/[From "j2" <message@inbound.j2.com>][Dat ... /[From Ginger Hall Carnes <GCARNES@ACCDVM.ACCD.EDU>][Date Mon, 9 Aug 2004 17:22:58 -05 ... /price.html Infected: Exploit.HTML.CodeBaseExec
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\previous semesters.sbd\accd-cancun/[From "Marsha Alvarado" <marsha_alvarado_cosc1300@hotmail.com>][Date Sat, 07 Aug 2004 07:55:08 -0500]/UNNAMED/[From "Marsha Alvarado" <marsha_alvarado_cosc1300@hotmail.com>][Date Sat, 07 Aug 2004 07:53:06 -0500]/UNNAMED/[From "Marsha Alvarado" <marsha_alvarado_cosc1300@hotmail.com>][Date Sat, 07 Aug 2004 07:30:55 -0500]/UNNAMED/[From "j2" <message@inbound.j2.com>][Dat ... /[From Ginger Hall Carnes <GCARNES@ACCDVM.ACCD.EDU>][Date Mon, 9 Aug 2004 17:22:5 ... /price/price.exe Infected: Email-Worm.Win32.Bagle.al
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\previous semesters.sbd\accd-cancun/[From "Marsha Alvarado" <marsha_alvarado_cosc1300@hotmail.com>][Date Sat, 07 Aug 2004 07:55:08 -0500]/UNNAMED/[From "Marsha Alvarado" <marsha_alvarado_cosc1300@hotmail.com>][Date Sat, 07 Aug 2004 07:53:06 -0500]/UNNAMED/[From "Marsha Alvarado" <marsha_alvarado_cosc1300@hotmail.com>][Date Sat, 07 Aug 2004 07:30:55 -0500]/UNNAMED/[From "j2" <message@inbound.j2.com>][Dat ... /[From Ginger Hall Carnes <GCARNES@ACCDVM.ACCD.EDU>][Date Mon, 9 Aug 2004 17:22:58 -0500]/price_08.zip Infected: Email-Worm.Win32.Bagle.al
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\previous semesters.sbd\accd-cancun/[From "Marsha Alvarado" <marsha_alvarado_cosc1300@hotmail.com>][Date Sat, 07 Aug 2004 07:55:08 -0500]/UNNAMED/[From "Marsha Alvarado" <marsha_alvarado_cosc1300@hotmail.com>][Date Sat, 07 Aug 2004 07:53:06 -0500]/UNNAMED/[From "Marsha Alvarado" <marsha_alvarado_cosc1300@hotmail.com>][Date Sat, 07 Aug 2004 07:30:55 -0500]/UNNAMED/[From "j2" <message@inbound.j2.com>][Dat ... /[From Elizabeth Eguia-Garcia <EEGARCIA@ACCDVM.ACCD.EDU>][Date Mon, 9 Aug 2004 10:25:40 -0500]/UNNAMED Infected: Email-Worm.Win32.Bagle.al
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\previous semesters.sbd\accd-cancun/[From "Marsha Alvarado" <marsha_alvarado_cosc1300@hotmail.com>][Date Sat, 07 Aug 2004 07:55:08 -0500]/UNNAMED/[From "Marsha Alvarado" <marsha_alvarado_cosc1300@hotmail.com>][Date Sat, 07 Aug 2004 07:53:06 -0500]/UNNAMED/[From "Marsha Alvarado" <marsha_alvarado_cosc1300@hotmail.com>][Date Sat, 07 Aug 2004 07:30:55 -0500]/UNNAMED/[From "j2" <message@inbound.j2.com>][Date Sat, 07 Aug 2004 00:54:28 +0000]/UNNAMED Infected: Email-Worm.Win32.Bagle.al
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\previous semesters.sbd\accd-cancun/[From "Marsha Alvarado" <marsha_alvarado_cosc1300@hotmail.com>][Date Sat, 07 Aug 2004 07:55:08 -0500]/UNNAMED/[From "Marsha Alvarado" <marsha_alvarado_cosc1300@hotmail.com>][Date Sat, 07 Aug 2004 07:53:06 -0500]/UNNAMED/[From "Marsha Alvarado" <marsha_alvarado_cosc1300@hotmail.com>][Date Sat, 07 Aug 2004 07:30:55 -0500]/UNNAMED Infected: Email-Worm.Win32.Bagle.al
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\previous semesters.sbd\accd-cancun/[From "Marsha Alvarado" <marsha_alvarado_cosc1300@hotmail.com>][Date Sat, 07 Aug 2004 07:55:08 -0500]/UNNAMED/[From "Marsha Alvarado" <marsha_alvarado_cosc1300@hotmail.com>][Date Sat, 07 Aug 2004 07:53:06 -0500]/UNNAMED Infected: Email-Worm.Win32.Bagle.al
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\previous semesters.sbd\accd-cancun/[From "Marsha Alvarado" <marsha_alvarado_cosc1300@hotmail.com>][Date Sat, 07 Aug 2004 07:55:08 -0500]/UNNAMED Infected: Email-Worm.Win32.Bagle.al
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\previous semesters.sbd\accd-cancun Infected: Email-Worm.Win32.Bagle.al
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\Trash/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 15:17:03 -0800]/UNNAMED/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 16:06:48 -0800]/UNNAMED/[From Google Alerts <googlealerts-noreply@google.com>][Date Sat, 29 Jan 2005 18:01:57 -0800 (PST)]/UNNAMED/[From "Microsoft" <confirm@profile.microsoft.akadns.net>][Date Sun, 30 Jan 2005 08:22:43 -0800] ... /[From Google ... /[From audra.bielinis@ccaiconsulting.com][Date Wed, 8 Jun 2005 11:41:13 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.j
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\Trash/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 15:17:03 -0800]/UNNAMED/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 16:06:48 -0800]/UNNAMED/[From Google Alerts <googlealerts-noreply@google.com>][Date Sat, 29 Jan 2005 18:01:57 -0800 (PST)]/UNNAMED/[From "Microsoft" <confirm@profile.microsoft.akadns.net>][Date Sun, 30 Jan 2005 08:22:43 -0800] ... /[From Google Alerts <googlealerts-noreply@google.com>][Date Mon, 06 Jun 2005 22:32:23 -0700 (PDT)]/html Infected: Email-Worm.Win32.NetSky.j
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\Trash/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 15:17:03 -0800]/UNNAMED/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 16:06:48 -0800]/UNNAMED/[From Google Alerts <googlealerts-noreply@google.com>][Date Sat, 29 Jan 2005 18:01:57 -0800 (PST)]/UNNAMED/[From "Microsoft" <confirm@profile.microsoft.akadns.net>][Date Sun, 30 Jan 2005 08:22:43 -0800] ... /[From ... /[From "K7.net - ... /[From ksidesgo@accd.edu][Date Wed, 8 Jun 2005 11:18:33 - ... /UNNAMED Infected: Email-Worm.Win32.NetSky.j
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\Trash/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 15:17:03 -0800]/UNNAMED/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 16:06:48 -0800]/UNNAMED/[From Google Alerts <googlealerts-noreply@google.com>][Date Sat, 29 Jan 2005 18:01:57 -0800 (PST)]/UNNAMED/[From "Microsoft" <confirm@profile.microsoft.akadns.net>][Date Sun, 30 Jan 2005 08:22:43 -0800] ... /[From ... /[From "K7.net - ... /[From ksidesgo@accd.edu][Date Wed, 8 Jun 2005 11:18:33 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.j
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\Trash/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 15:17:03 -0800]/UNNAMED/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 16:06:48 -0800]/UNNAMED/[From Google Alerts <googlealerts-noreply@google.com>][Date Sat, 29 Jan 2005 18:01:57 -0800 (PST)]/UNNAMED/[From "Microsoft" <confirm@profile.microsoft.akadns.net>][Date Sun, 30 Jan 2005 08:22:43 -0800] ... /[From ... /[From "K7.net - (978-729-5515)" <k7@k7.net>][Date Wed, 08 Jun 2005 14:27:12 -0700]/UNNAMED Infected: Email-Worm.Win32.NetSky.j
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\Trash/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 15:17:03 -0800]/UNNAMED/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 16:06:48 -0800]/UNNAMED/[From Google Alerts <googlealerts-noreply@google.com>][Date Sat, 29 Jan 2005 18:01:57 -0800 (PST)]/UNNAMED/[From "Microsoft" <confirm@profile.microsoft.akadns.net>][Date Sun, 30 Jan 2005 08:22:43 -0800] ... /[From ... /[From "K7.net - (859-792-4756)" <k7@k7.net>][Date Tue, 07 Jun 2005 10:15:35 -070 ... /text Infected: Email-Worm.Win32.NetSky.j
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\Trash/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 15:17:03 -0800]/UNNAMED/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 16:06:48 -0800]/UNNAMED/[From Google Alerts <googlealerts-noreply@google.com>][Date Sat, 29 Jan 2005 18:01:57 -0800 (PST)]/UNNAMED/[From "Microsoft" <confirm@profile.microsoft.akadns.net>][Date Sun, 30 Jan 2005 08:22:43 -0800] ... /[From ... /[From "K7.net - (859-792-4756)" <k7@k7.net>][Date Tue, 07 Jun 2005 10:15:35 -0700]/UNNAMED Infected: Email-Worm.Win32.NetSky.j
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\Trash/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 15:17:03 -0800]/UNNAMED/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 16:06:48 -0800]/UNNAMED/[From Google Alerts <googlealerts-noreply@google.com>][Date Sat, 29 Jan 2005 18:01:57 -0800 (PST)]/UNNAMED/[From "Microsoft" <confirm@profile.microsoft.akadns.net>][Date Sun, 30 Jan 2005 08:22:43 -0800] ... /[From ... /[From "K7.net - (254-616-6790)" <k7@k7.net>][Date Wed, 08 Jun 2005 15:18:50 -070 ... /text Infected: Email-Worm.Win32.NetSky.j
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\Trash/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 15:17:03 -0800]/UNNAMED/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 16:06:48 -0800]/UNNAMED/[From Google Alerts <googlealerts-noreply@google.com>][Date Sat, 29 Jan 2005 18:01:57 -0800 (PST)]/UNNAMED/[From "Microsoft" <confirm@profile.microsoft.akadns.net>][Date Sun, 30 Jan 2005 08:22:43 -0800] ... /[From ... /[From "K7.net - (254-616-6790)" <k7@k7.net>][Date Wed, 08 Jun 2005 15:18:50 -0700]/UNNAMED Infected: Email-Worm.Win32.NetSky.j
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\Trash/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 15:17:03 -0800]/UNNAMED/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 16:06:48 -0800]/UNNAMED/[From Google Alerts <googlealerts-noreply@google.com>][Date Sat, 29 Jan 2005 18:01:57 -0800 (PST)]/UNNAMED/[From "Microsoft" <confirm@profile.microsoft.akadns.net>][Date Sun, 30 Jan 2005 08:22:43 -0800] ... /[From Ginger Hall Carnes <GCARNES@ACCD.EDU>][Date Mon, 31 Jan 2005 16:59:20 -0600]/text Infected: Email-Worm.Win32.NetSky.j
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\Trash/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 15:17:03 -0800]/UNNAMED/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 16:06:48 -0800]/UNNAMED/[From Google Alerts <googlealerts-noreply@google.com>][Date Sat, 29 Jan 2005 18:01:57 -0800 (PST)]/UNNAMED/[From "Microsoft" <confirm@profile.microsoft.akadns.net>][Date Sun, 30 Jan 2005 08:22:43 -0800]/html/[From ... /[From "k7.net - (828-267-7220)" <k7@k7.net>][Date Mon, 31 Jan 2005 15:42:11 -0800]/UNNAMED Infected: Email-Worm.Win32.NetSky.j
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\Trash/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 15:17:03 -0800]/UNNAMED/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 16:06:48 -0800]/UNNAMED/[From Google Alerts <googlealerts-noreply@google.com>][Date Sat, 29 Jan 2005 18:01:57 -0800 (PST)]/UNNAMED/[From "Microsoft" <confirm@profile.microsoft.akadns.net>][Date Sun, 30 Jan 2005 08:22:43 -0800]/html/[From ... /[F ... /[From "j2" <message@inbound.j2.com>][Date Mon, 31 Jan 2005 17:44:00 +0000]/UNNAMED Infected: Email-Worm.Win32.NetSky.j
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\Trash/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 15:17:03 -0800]/UNNAMED/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 16:06:48 -0800]/UNNAMED/[From Google Alerts <googlealerts-noreply@google.com>][Date Sat, 29 Jan 2005 18:01:57 -0800 (PST)]/UNNAMED/[From "Microsoft" <confirm@profile.microsoft.akadns.net>][Date Sun, 30 Jan 2005 08:22:43 -0800]/html/[From ... /[From "k7.net - (212-215-2459)" <k7@k7.net>][Date Mon, 31 Jan 2005 10:37:49 -0800]/UNNAMED Infected: Email-Worm.Win32.NetSky.j
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\Trash/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 15:17:03 -0800]/UNNAMED/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 16:06:48 -0800]/UNNAMED/[From Google Alerts <googlealerts-noreply@google.com>][Date Sat, 29 Jan 2005 18:01:57 -0800 (PST)]/UNNAMED/[From "Microsoft" <confirm@profile.microsoft.akadns.net>][Date Sun, 30 Jan 2005 08:22:43 -0800]/html/[From ... /[From "k7.net - (254-826-0285)" <k7@k7.net>][Date Mon, 31 Jan 2005 11:07:26 -0800]/UNNAMED Infected: Email-Worm.Win32.NetSky.j
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\Trash/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 15:17:03 -0800]/UNNAMED/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 16:06:48 -0800]/UNNAMED/[From Google Alerts <googlealerts-noreply@google.com>][Date Sat, 29 Jan 2005 18:01:57 -0800 (PST)]/UNNAMED/[From "Microsoft" <confirm@profile.microsoft.akadns.net>][Date Sun, 30 Jan 2005 08:22:43 -0800]/html/[From ... /[From TechNews <technews@HQ.ACM.ORG>][Date Mon, 31 Jan 2005 12:25:13 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.j
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\Trash/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 15:17:03 -0800]/UNNAMED/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 16:06:48 -0800]/UNNAMED/[From Google Alerts <googlealerts-noreply@google.com>][Date Sat, 29 Jan 2005 18:01:57 -0800 (PST)]/UNNAMED/[From "Microsoft" <confirm@profile.microsoft.akadns.net>][Date Sun, 30 Jan 2005 08:22:43 -0800]/html/[From ... /[From "JOHN B. DUNN" <jdunn@mail.accd.edu>][Date Mon, 31 Jan 2005 10:07:10 -0600 (CST)]/text Infected: Email-Worm.Win32.NetSky.j
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\Trash/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 15:17:03 -0800]/UNNAMED/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 16:06:48 -0800]/UNNAMED/[From Google Alerts <googlealerts-noreply@google.com>][Date Sat, 29 Jan 2005 18:01:57 -0800 (PST)]/UNNAMED/[From "Microsoft" <confirm@profile.microsoft.akadns.net>][Date Sun, 30 Jan 2005 08:22:43 -0800]/html/[From w ... /[From "k7.net - (703-846-5260)" <k7@k7.net>][Date Mon, 31 Jan 2005 07:15:17 -0800]/UNNAMED Infected: Email-Worm.Win32.NetSky.j
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\Trash/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 15:17:03 -0800]/UNNAMED/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 16:06:48 -0800]/UNNAMED/[From Google Alerts <googlealerts-noreply@google.com>][Date Sat, 29 Jan 2005 18:01:57 -0800 (PST)]/UNNAMED/[From "Microsoft" <confirm@profile.microsoft.akadns.net>][Date Sun, 30 Jan 2005 08:22:43 -0800]/html/[From web651b5@softmath.com (Cron Daemon)][Date 30 Jan 2005 18:30:01 -0000]/html Infected: Email-Worm.Win32.NetSky.j
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\Trash/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 15:17:03 -0800]/UNNAMED/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 16:06:48 -0800]/UNNAMED/[From Google Alerts <googlealerts-noreply@google.com>][Date Sat, 29 Jan 2005 18:01:57 -0800 (PST)]/UNNAMED/[From "Microsoft" <confirm@profile.microsoft.akadns.net>][Date Sun, 30 Jan 2005 08:22:43 -0800]/html Infected: Email-Worm.Win32.NetSky.j
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\Trash/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 15:17:03 -0800]/UNNAMED/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 16:06:48 -0800]/UNNAMED/[From Google Alerts <googlealerts-noreply@google.com>][Date Sat, 29 Jan 2005 18:01:57 -0800 (PST)]/UNNAMED Infected: Email-Worm.Win32.NetSky.j
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\Trash/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 15:17:03 -0800]/UNNAMED/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 16:06:48 -0800]/UNNAMED Infected: Email-Worm.Win32.NetSky.j
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\Trash/[From "k7.net - (515-270-6871)" <k7@k7.net>][Date Sat, 29 Jan 2005 15:17:03 -0800]/UNNAMED Infected: Email-Worm.Win32.NetSky.j
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\accdvm.accd-1.edu\Trash Infected: Email-Worm.Win32.NetSky.j
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\pop-server.satx.rr-2-before-sum5.com\Inbox/[From twinn456@alltel.net][Date Sun, 30 Jan 2005 06:20:02 -0800]/UNNAMED/[From danielsalvato@sbcglobal.net][Date Sun, 30 Jan 2005 09:48:01 -0800]/UNNAMED/[From mybugaboo2000@yahoo.com][Date Wed, 02 Feb 2005 06:54:48 -0800]/UNNAMED/[From veronica.hooten@us.army.mil][Date Sun, 06 Feb 2005 11:12:55 -0800]/UNNAMED/[From Trendreverse@aol.com][Date Mon, 07 Feb 2005 23:49:16 -0500 (EST)] ... /[From SmithBarney <cust_service.ref.num4540@smithbarney.com>][Date Thu, 24 Feb 2005 08:53:43 +0500]/html Infected: Trojan-Spy.HTML.Smitfraud.c
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\pop-server.satx.rr-2-before-sum5.com\Inbox/[From twinn456@alltel.net][Date Sun, 30 Jan 2005 06:20:02 -0800]/UNNAMED/[From danielsalvato@sbcglobal.net][Date Sun, 30 Jan 2005 09:48:01 -0800]/UNNAMED/[From mybugaboo2000@yahoo.com][Date Wed, 02 Feb 2005 06:54:48 -0800]/UNNAMED/[From veronica.hooten@us.army.mil][Date Sun, 06 Feb 2005 11:12:55 -0800]/UNNAMED/[From Trendreverse@aol.com][Date Mon, 07 Feb 2005 23:49:16 -0500 (EST)]/UNNAMED/[From service@payp ... /[Fr ... /[From service@paypal.com][Date Tue, 22 Feb 2005 15:38:43 -0800]/text Infected: Trojan-Spy.HTML.Smitfraud.c
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\pop-server.satx.rr-2-before-sum5.com\Inbox/[From twinn456@alltel.net][Date Sun, 30 Jan 2005 06:20:02 -0800]/UNNAMED/[From danielsalvato@sbcglobal.net][Date Sun, 30 Jan 2005 09:48:01 -0800]/UNNAMED/[From mybugaboo2000@yahoo.com][Date Wed, 02 Feb 2005 06:54:48 -0800]/UNNAMED/[From veronica.hooten@us.army.mil][Date Sun, 06 Feb 2005 11:12:55 -0800]/UNNAMED/[From Trendreverse@aol.com][Date Mon, 07 Feb 2005 23:49:16 -0500 (EST)]/UNNAMED/[From service@payp ... /[From donate@sadlonelygeek.com][Date Thu, 10 Feb 2005 10:26:11 -0800]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\pop-server.satx.rr-2-before-sum5.com\Inbox/[From twinn456@alltel.net][Date Sun, 30 Jan 2005 06:20:02 -0800]/UNNAMED/[From danielsalvato@sbcglobal.net][Date Sun, 30 Jan 2005 09:48:01 -0800]/UNNAMED/[From mybugaboo2000@yahoo.com][Date Wed, 02 Feb 2005 06:54:48 -0800]/UNNAMED/[From veronica.hooten@us.army.mil][Date Sun, 06 Feb 2005 11:12:55 -0800]/UNNAMED/[From Trendreverse@aol.com][Date Mon, 07 Feb 2005 23:49:16 -0500 (EST)]/UNNAMED/[From service@paypal.com][Date Wed, 09 Feb 2005 02:42:42 -0800]/text Infected: Trojan-Spy.HTML.Smitfraud.c
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\pop-server.satx.rr-2-before-sum5.com\Inbox/[From twinn456@alltel.net][Date Sun, 30 Jan 2005 06:20:02 -0800]/UNNAMED/[From danielsalvato@sbcglobal.net][Date Sun, 30 Jan 2005 09:48:01 -0800]/UNNAMED/[From mybugaboo2000@yahoo.com][Date Wed, 02 Feb 2005 06:54:48 -0800]/UNNAMED/[From veronica.hooten@us.army.mil][Date Sun, 06 Feb 2005 11:12:55 -0800]/UNNAMED/[From Trendreverse@aol.com][Date Mon, 07 Feb 2005 23:49:16 -0500 (EST)]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\pop-server.satx.rr-2-before-sum5.com\Inbox/[From twinn456@alltel.net][Date Sun, 30 Jan 2005 06:20:02 -0800]/UNNAMED/[From danielsalvato@sbcglobal.net][Date Sun, 30 Jan 2005 09:48:01 -0800]/UNNAMED/[From mybugaboo2000@yahoo.com][Date Wed, 02 Feb 2005 06:54:48 -0800]/UNNAMED/[From veronica.hooten@us.army.mil][Date Sun, 06 Feb 2005 11:12:55 -0800]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\pop-server.satx.rr-2-before-sum5.com\Inbox/[From twinn456@alltel.net][Date Sun, 30 Jan 2005 06:20:02 -0800]/UNNAMED/[From danielsalvato@sbcglobal.net][Date Sun, 30 Jan 2005 09:48:01 -0800]/UNNAMED/[From mybugaboo2000@yahoo.com][Date Wed, 02 Feb 2005 06:54:48 -0800]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\pop-server.satx.rr-2-before-sum5.com\Inbox/[From twinn456@alltel.net][Date Sun, 30 Jan 2005 06:20:02 -0800]/UNNAMED/[From danielsalvato@sbcglobal.net][Date Sun, 30 Jan 2005 09:48:01 -0800]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\pop-server.satx.rr-2-before-sum5.com\Inbox/[From twinn456@alltel.net][Date Sun, 30 Jan 2005 06:20:02 -0800]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\pop-server.satx.rr-2-before-sum5.com\Inbox Infected: Trojan-Spy.HTML.Smitfraud.c
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\pop-server.satx.rr-2-before-sum5.com\Trash/[From fanesia7@bellsouth.net][Date Sun, 30 Jan 2005 10:44:55 -0500]/text/[From service@paypal.com][Date Sun, 30 Jan 2005 13:27:05 -0800]/text/[From kareyfay62@yahoo.com][Date Wed, 02 Feb 2005 07:30:10 -0800]/text/[From RICHARD GILLESPIE <richardgill@worldnet.net>][Date Sun, 06 Feb 2005 21:49:42 -0500]/UNNAMED/[From service@paypal.com][Date Tue, 08 Feb 2005 10:22:42 -0800]/text/[Fr ... /[From SmithBarney <cust_service.ref.num4540@smithbarney.com>][Date Thu, 24 Feb 2005 08:53:43 +0500]/html Infected: Trojan-Spy.HTML.Smitfraud.c
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\pop-server.satx.rr-2-before-sum5.com\Trash/[From fanesia7@bellsouth.net][Date Sun, 30 Jan 2005 10:44:55 -0500]/text/[From service@paypal.com][Date Sun, 30 Jan 2005 13:27:05 -0800]/text/[From kareyfay62@yahoo.com][Date Wed, 02 Feb 2005 07:30:10 -0800]/text/[From RICHARD GILLESPIE <richardgill@worldnet.net>][Date Sun, 06 Feb 2005 21:49:42 -0500]/UNNAMED/[From service@paypal.com][Date Tue, 08 Feb 2005 10:22:42 -0800]/text/[From service@paypal.com][Date Wed, 09 ... /[From service@paypal.com][Date Mon, 21 Feb 2005 08:31:51 -0800]/text Infected: Trojan-Spy.HTML.Smitfraud.c
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\pop-server.satx.rr-2-before-sum5.com\Trash/[From fanesia7@bellsouth.net][Date Sun, 30 Jan 2005 10:44:55 -0500]/text/[From service@paypal.com][Date Sun, 30 Jan 2005 13:27:05 -0800]/text/[From kareyfay62@yahoo.com][Date Wed, 02 Feb 2005 07:30:10 -0800]/text/[From RICHARD GILLESPIE <richardgill@worldnet.net>][Date Sun, 06 Feb 2005 21:49:42 -0500]/UNNAMED/[From service@paypal.com][Date Tue, 08 Feb 2005 10:22:42 -0800]/text/[From service@paypal.com][Date Wed, 09 Feb 2005 02:42:42 -0800]/text Infected: Trojan-Spy.HTML.Smitfraud.c
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\pop-server.satx.rr-2-before-sum5.com\Trash/[From fanesia7@bellsouth.net][Date Sun, 30 Jan 2005 10:44:55 -0500]/text/[From service@paypal.com][Date Sun, 30 Jan 2005 13:27:05 -0800]/text/[From kareyfay62@yahoo.com][Date Wed, 02 Feb 2005 07:30:10 -0800]/text/[From RICHARD GILLESPIE <richardgill@worldnet.net>][Date Sun, 06 Feb 2005 21:49:42 -0500]/UNNAMED/[From service@paypal.com][Date Tue, 08 Feb 2005 10:22:42 -0800]/text Infected: Trojan-Spy.HTML.Smitfraud.c
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\pop-server.satx.rr-2-before-sum5.com\Trash/[From fanesia7@bellsouth.net][Date Sun, 30 Jan 2005 10:44:55 -0500]/text/[From service@paypal.com][Date Sun, 30 Jan 2005 13:27:05 -0800]/text/[From kareyfay62@yahoo.com][Date Wed, 02 Feb 2005 07:30:10 -0800]/text/[From RICHARD GILLESPIE <richardgill@worldnet.net>][Date Sun, 06 Feb 2005 21:49:42 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\pop-server.satx.rr-2-before-sum5.com\Trash/[From fanesia7@bellsouth.net][Date Sun, 30 Jan 2005 10:44:55 -0500]/text/[From service@paypal.com][Date Sun, 30 Jan 2005 13:27:05 -0800]/text/[From kareyfay62@yahoo.com][Date Wed, 02 Feb 2005 07:30:10 -0800]/text Infected: Trojan-Spy.HTML.Smitfraud.c
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\pop-server.satx.rr-2-before-sum5.com\Trash/[From fanesia7@bellsouth.net][Date Sun, 30 Jan 2005 10:44:55 -0500]/text/[From service@paypal.com][Date Sun, 30 Jan 2005 13:27:05 -0800]/text Infected: Trojan-Spy.HTML.Smitfraud.c
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\pop-server.satx.rr-2-before-sum5.com\Trash/[From fanesia7@bellsouth.net][Date Sun, 30 Jan 2005 10:44:55 -0500]/text Infected: Trojan-Spy.HTML.Smitfraud.c
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\pop-server.satx.rr-2-before-sum5.com\Trash Infected: Trojan-Spy.HTML.Smitfraud.c
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\spamarrest-1-before-sum5.com\Inbox/[From from quoted-printable to 8bit by mail2.aus1.texas.net id i3OErrs24674][Date Sat, 24 Apr 2004 07:53:51 -0700 (PDT)]/text/[From 0.3 NO_REAL_NAME From: does not include a real name][Date 1 Sep 2004 02:15:22 -0000]/UNNAMED/details.txt .pif Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\spamarrest-1-before-sum5.com\Inbox/[From from quoted-printable to 8bit by mail2.aus1.texas.net id i3OErrs24674][Date Sat, 24 Apr 2004 07:53:51 -0700 (PDT)]/text/[From 0.3 NO_REAL_NAME From: does not include a real name][Date 1 Sep 2004 02:15:22 -0000]/UNNAMED Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\spamarrest-1-before-sum5.com\Inbox/[From from quoted-printable to 8bit by mail2.aus1.texas.net id i3OErrs24674][Date Sat, 24 Apr 2004 07:53:51 -0700 (PDT)]/text/[From "Patty Liscomb" <Bugaboo31811@comcast.net>][Date Tue, 30 Nov 2004 08:14:42 -0700]/UNNAMED/[From "Elaine Libla" <elaine@semo.net>][Date Tue, 30 Nov 2004 09:51:02 -0600]/UNNAMED/[From service@2checkout.com][Date 30 Nov 2004 22:17:32 -0000]/html/[From service@paypal.com][Date Wed, 1 Dec 2004 13:43:36 +0000]/UNNAMED Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail\spamarrest-1-before-sum5.com\Inbox/[From from quoted-printable to 8bit by mail2.aus1.texas.net id i3OErrs24674][Date Sat, 24 Apr 2004 07:53:51 -0700 (PDT)]/text/[From "Patty Liscomb" <Bugaboo31811@comcast.net>][Date Tue, 30 Nov 2004 08:14:42 -0700]/UNNAMED/[From "Elaine Libla" <elaine@semo.net>][Date Tue, 30 Nov 2004 09:51:02 -0600]/UNNAMED/[From service@2checkout.com][Date 30 Nov 2004 22:17:32 -0000]/html Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\nj\Desktop\mail back\

#9 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 12 December 2005 - 07:53 PM

Wow,what a list.

Im not familiar with Netscape,can you look through there and see if there is a way to delete all these old infected emails?

The log still got cut off.

Is there anything past the emails thats showing a present infection?

#10 anjur

anjur
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 12 December 2005 - 08:16 PM

Hello.
I posted the entire report here:
www.seo99.com/kasp.txt

Judging by dates - all those happened on my old PC where I didn't have any virus protection.
(I just transfered all mail folders to the new PC)
It will still be good to get rid of all that, but it doesn't seem to have much to do with the current problem.

In netscape mail for each directory, I can sort by date and then delete before a certain date.
It is doable but it will take a long time (there are lots of directories).
Would kaspersky anti virus software be able to clean it up for me?

Thanks

#11 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 13 December 2005 - 06:48 PM

Only you can sort the list and delete the infected emails.

You got 4 basic locations

C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\Mail

C:\Documents and Settings\nj\Application Data\Mozilla-9-15\Profiles\default\i223xwgo.slt\Mail

C:\Documents and Settings\nj\Desktop\mail back\Mozilla\Profiles\default\i223xwgo.slt\Mail

C:\Documents and Settings\nj\Desktop\not used icons\Mail



Im assuming that GotomyPC is software your aware of and possibly use?


Now,these 2 you can delete

C:\Documents and Settings\nj\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-352f55f0-2623bbe5.class

C:\Documents and Settings\nj\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-40baf3a5-5bca467a.class


Lets get the mailbox sorted and those 2 other files and go from there.

#12 anjur

anjur
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 15 December 2005 - 09:22 PM

Whoa!!
I have done it! Below is the latest kaspersky and HJT
Couple of comments:
Before removing all infected emails I went back to control panel | customize desktop | web page and noticed
that the original "warning" was still there. I deleted it and after that I could control the background as usual.
I was sure I deleted it before (when you first suggested it), but there is a slight possiblilty that I didn't.

In the meanwhile I run another online virus checker (trendmicro - this was related to another (connectivity) problem I had - a different story...) and it reported finding MediaGatewayX.dll in Program Files folder. However I could not locate it there

The PC is running much faster in general now. I also have had an intermitent internet connection loss (about every two hours) as well as very slow internet connection (although the speed test was OK) - and this hasn't
been an issue for the whole day today - I am keeping my fingers crossed.

Finally, I would obviously want to prevent anything like this from happening again. I have Norton antivirus software, and I don'' mind purchasing some other software that will keep me safe (I like Kaspersky since it
found so much junk). I would really like to know your recommendation for the whole 'suite'

Anyway, thank you very much for your help!!

===================
KASPERSKY ON-LINE SCANNER REPORT
Thursday, December 15, 2005 20:03:19
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 15/12/2005
Kaspersky Anti-Virus database records: 165442
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 175790
Number of viruses found: 3
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 11084 sec

Infected Object Name - Virus Name
C:\Program Files\Citrix\GoToMyPC\gotomon.dll Infected: not-a-virus:RemoteAdmin.Win32.GotomyPC.a
C:\Program Files\Norton AntiVirus\Quarantine\0B062BB7.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\Program Files\Norton AntiVirus\Quarantine\62AD23B8.dll Infected: Virus.Win32.Nsag.b
C:\WINDOWS\SYSTEM32\gotomon.dll Infected: not-a-virus:RemoteAdmin.Win32.GotomyPC.a

Scan process completed.

I deleted the two quarantined files

HJT
Logfile of HijackThis v1.99.1
Scan saved at 8:21:20 PM, on 12/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\WINDOWS\system32\slpservice.exe
C:\WINDOWS\system32\slpmonx.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\eFax Messenger Plus 3.3\J2GDllCmd.exe
C:\Program Files\eFax Messenger Plus 3.3\J2GTray.exe
C:\WINDOWS\Seiko\slpcap.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\WISPTIS.EXE
C:\PROGRA~1\Netscape\Netscape\Netscp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\nj\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\nj\Application Data\Mozilla\Profiles\default\i223xwgo.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Home\wsbho2k0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\PROGRA~1\Zend\ZENDST~2.0BE\bin\ZENDIE~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: eFax Live Menu 3.3.lnk = C:\Program Files\eFax Messenger Plus 3.3\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 3.3.lnk = C:\Program Files\eFax Messenger Plus 3.3\J2GTray.exe
O4 - Global Startup: SmartCapture.lnk = C:\WINDOWS\Seiko\slpcap.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Program Files\Zend\ZendStudioClient-5.0.0Beta\bin\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Program Files\Zend\ZendStudioClient-5.0.0Beta\bin\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
O16 - DPF: {FDF08AD8-FF1A-11D3-AD38-00105A49098D} (MSSignData Control) - https://www.rbworld.lv/bankworld/common/App.../MSSignData.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: GoToMyPC - C:\WINDOWS\SYSTEM32\G2WinLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SLPMONX - ProdEx Technologies - C:\WINDOWS\system32\slpservice.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#13 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 16 December 2005 - 05:37 AM

Allright,excellent job! :thumbsup:

MediaGatewayX.dll is most like in the Downloaded Program Files folder.

Can you get the specific path to the file?

C:\Downloaded Program Files\MediaGatewayX.dll<- Does that look right?


Please Install these 2 to add to the Security of the PC!

SpywareBlaster:
http://www.javacoolsoftware.com/spywareblaster.html
Update Immediatly!

WinHelp2002 Hosts File
http://www.mvps.org/winhelp2002/hosts2.htm

Disable System Restore
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

Go ahead and Reconfigure Msconfig the way you like the PC to Startup!

Go ahead and remove any of the tools downloaded that are of no use anymore!

We can talk more protection in the next post after we get this file sorted out.

#14 anjur

anjur
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 18 December 2005 - 09:53 AM

Hello,
I installed the software you recommended, disabled system restore and looked
further for the Media....dll file. It wasn't in downloads or program files folder
(that is where original report located it).
I ran trendmicro checker again, and this time it couldn't find the file - so it is possible
that it deleted it the first time it ran across it - and I missed it (it was late in the night..))

Once again, thank you very much for so thoroughly cleaning up my computer.
If you have any further suggestion on protection, please let me know
(Right now I am running Norton Antivirus)

#15 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 18 December 2005 - 12:02 PM

Excellent Work!

Go ahead and Renable System Restore and restart the PC,this will clear out all old nasty restore points and create a nice new fresh clean one for you to fall back on should you ever need it.


Read through those 3 little black links in my signature to get some extra ideas about how to avoid this in the future.


Make sure you keep your Windows Operating System up to date by visiting Windows Updates regularly to download and install any critical updates and service packs.


If you ever need us again,you know how to find us! :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users