Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ie Browser Redirects


  • This topic is locked This topic is locked
16 replies to this topic

#1 othoson

othoson

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Richardson, TX
  • Local time:09:57 PM

Posted 29 March 2006 - 12:20 AM

Logfile of HijackThis v1.99.1
Scan saved at 10:34:59 PM, on 3/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\Program Files\ViRobotXP\vrmonsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\ViRobotXP\vrmonnt.exe
C:\Program Files\ViRobotXP\Vrres.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\SpyZooka\spyzooka.exe
C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Documents and Settings\Michael\My Documents\My Downloads\Malicious\Windows-KB890830-V1.14.exe
h:\b630d8efa1df7e9bb3569282f36116\mrtstub.exe
C:\WINDOWS\system32\MRT.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Documents and Settings\Michael\My Documents\My Downloads\HiJackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.myway.com/mysearch/?ptnrS=BW
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by PerryWeb Services
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {1C99B9AA-77AB-7039-FC58-7E75949C6BB3} - dialer423.dll (file missing)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\default\c4n2yfhk.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\default\c4n2yfhk.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ServiceConfig] "C:\Program Files\Comcast\MigCfg\Programs\IspMig.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [progmen] PasswdMon.exe
O4 - HKLM\..\Run: [syspanel] EXE32EXE.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Vrmon] C:\Program Files\ViRobotXP\vrmonnt.exe Main
O4 - HKLM\..\Run: [VrSchedule] C:\Program Files\ViRobotXP\Vrres.exe
O4 - HKLM\..\Run: [dmurb.exe] C:\WINDOWS\system32\dmurb.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [prcmon] ssweeper.exe
O4 - HKCU\..\Run: [Serviceprocess] lpt.exe
O4 - HKCU\..\Run: [Kargo] driver64.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SpyZooka] C:\Program Files\SpyZooka\SpyZookaLdr.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\System32\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'farlsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ptssvc - Unknown owner - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\ViRobotXP\vrmonsvc.exe

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:57 AM

Posted 01 April 2006 - 04:05 PM

Hi there and welcome to Bleeping Computer ! :thumbsup:

As you may have noticed already, the forums are very busy at the moment and i have noticed your log has gone unanswered so far!

We look at the oldest logs first, and we were wondering that if you still need help, please start by posting a new HijackThis log in this topic and i will then be able to take a look!

Thanks very much :flowers:

David

#3 othoson

othoson
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Richardson, TX
  • Local time:09:57 PM

Posted 01 April 2006 - 06:13 PM

Yes, I am still having problems.

Logfile of HijackThis v1.99.1
Scan saved at 5:12:19 PM, on 4/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\Program Files\ViRobotXP\vrmonsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\ViRobotXP\vrmonnt.exe
C:\Program Files\ViRobotXP\Vrres.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\SpyZooka\spyzooka.exe
C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Documents and Settings\Michael\My Documents\My Downloads\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by PerryWeb Services
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\default\c4n2yfhk.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\default\c4n2yfhk.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ServiceConfig] "C:\Program Files\Comcast\MigCfg\Programs\IspMig.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [progmen] PasswdMon.exe
O4 - HKLM\..\Run: [syspanel] EXE32EXE.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Vrmon] C:\Program Files\ViRobotXP\vrmonnt.exe Main
O4 - HKLM\..\Run: [VrSchedule] C:\Program Files\ViRobotXP\Vrres.exe
O4 - HKLM\..\Run: [dmurb.exe] C:\WINDOWS\system32\dmurb.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [prcmon] ssweeper.exe
O4 - HKCU\..\Run: [Serviceprocess] lpt.exe
O4 - HKCU\..\Run: [Kargo] driver64.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SpyZooka] C:\Program Files\SpyZooka\SpyZookaLdr.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\System32\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'farlsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ptssvc - Unknown owner - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\ViRobotXP\vrmonsvc.exe

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:57 AM

Posted 02 April 2006 - 03:10 AM

Hello othoson,

I see mainly a Wareout infection here. It is a good idea to print off these instructions - they will be needed later when internet access is not available. You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
It is important that you complete the following instructions in the correct order, and also that you don't miss anything out.
However before we continue we must disable the monitoring by Microsoft Anti-Spyware or it can interfere with registry changes that HijackThis makes.
1. Right-click on the Microsoft Anti-Spyware icon in the system tray [It's the one with the red and yellow bulls-eye.].
2. Click on "Security Agents Status".
3. Click on "Disable real-time protection".

* Next right-click on the Microsoft Anti-Spyware icon in the system tray again to open Microsoft Anti-Spyware.

1. Click on the Options menu and choose Settings.
2. In the left pane column click on "Real Time Protection".
3. Under Startup Options, uncheck "Enable (MSAS) Security Agents on startup (recommended)"
4. Under Real-time spyware threat protection, uncheck and "Enable real-time spyware threat protection" (recommended).
5. Click the Save button and close Microsoft AntiSpyware.

* Also, you have SpywareGuard installed. While this is a great program, we need to temporarily disable (not uninstall) the program because it might stop our fix. Posted Image

How to disable SpywareGuard:
  • Open Spywareguard
  • Click on Options
  • Uncheck all three boxes
  • Click on Save Settings
  • Click on Menu
  • Click on File
  • Exit.
Don't forget to re-start SpywareGuard when your machine is clean by re-checking every
thing you unchecked above.


* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

O4 - HKLM\..\Run: [progmen] PasswdMon.exe
O4 - HKLM\..\Run: [syspanel] EXE32EXE.exe
O4 - HKLM\..\Run: [dmurb.exe] C:\WINDOWS\system32\dmurb.exe
O4 - HKCU\..\Run: [prcmon] ssweeper.exe
O4 - HKCU\..\Run: [Serviceprocess] lpt.exe
O4 - HKCU\..\Run: [Kargo] driver64.exe


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log.

David

#5 othoson

othoson
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Richardson, TX
  • Local time:09:57 PM

Posted 02 April 2006 - 11:05 AM

Fixwareout ver 1.003
Last edited march/15/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\32refaselif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\brumd
...

Microsoft ® Windows Script Host Version 5.6
Random Runs removed from HKLM
"dmurb.exe"=-
...

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

Search by size and names...
C:\WINDOWS\SYSTEM32\DMURB.EXE

Misc files

Checking for older varients covered by the Rem3 tool

Logfile of HijackThis v1.99.1
Scan saved at 11:03:22 AM, on 4/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\Program Files\ViRobotXP\vrmonsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ViRobotXP\vrmonnt.exe
C:\Program Files\ViRobotXP\Vrres.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\Michael\My Documents\My Downloads\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by PerryWeb Services
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\default\c4n2yfhk.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\default\c4n2yfhk.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ServiceConfig] "C:\Program Files\Comcast\MigCfg\Programs\IspMig.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Vrmon] C:\Program Files\ViRobotXP\vrmonnt.exe Main
O4 - HKLM\..\Run: [VrSchedule] C:\Program Files\ViRobotXP\Vrres.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SpyZooka] C:\Program Files\SpyZooka\SpyZookaLdr.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\System32\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'farlsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ptssvc - Unknown owner - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\ViRobotXP\vrmonsvc.exe

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:57 AM

Posted 02 April 2006 - 01:30 PM

Hello again othoson

* Using Windows Explorer, locate the following files/folders, and delete them if still present:

C:\WINDOWS\SYSTEM32\DMURB.EXE

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with a new Hijackthis log.
Also please let me know how the computer is running.
David

#7 othoson

othoson
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Richardson, TX
  • Local time:09:57 PM

Posted 02 April 2006 - 08:47 PM

It appears that the hijack problem has gone away, but here are the results of the ActiveScan and the latest Hijack log report:


Incident Status Location

Potentially unwanted tool:application/altnet Not disinfected HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TOPSEARCH.TSLINK
Potentially unwanted tool:application/myway Not disinfected HKEY_CURRENT_USER\SOFTWARE\NETSCAPE\NETSCAPE NAVIGATOR\AUTOMATION SHUTDOWN\MYWAYTOOLBAR.NETSCAPESHUTDOWN.1
Adware:adware/looksmart Not disinfected Windows Registry
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Michael\Cookies\michael@ad.yieldmanager[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Michael\Cookies\michael@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Michael\Cookies\michael@azjmp[2].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Michael\Cookies\michael@c.enhance[1].txt
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Michael\Cookies\michael@c.goclick[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Michael\Cookies\michael@cgi-bin[4].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Michael\Cookies\michael@clickbank[1].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Michael\Cookies\michael@cs.sexcounter[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Michael\Cookies\michael@server.iad.liveperson[1].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Michael\Cookies\michael@stat.onestat[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Michael\Cookies\michael@statcounter[1].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Michael\Cookies\michael@tucows[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\Copy of michaeldperryOld\365xikcv.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\Copy of michaeldperryOld\365xikcv.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\Copy of michaeldperryOld\365xikcv.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\Copy of michaeldperryOld\365xikcv.slt\cookies.txt[.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\Copy of michaeldperryOld\365xikcv.slt\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\Copy of michaeldperryOld\365xikcv.slt\cookies.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\Copy of michaeldperryOld\365xikcv.slt\cookies.txt[.servedby.advertising.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\Copy of michaeldperryOld\365xikcv.slt\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\Copy of michaeldperryOld\365xikcv.slt\cookies.txt[.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\Copy of michaeldperryOld\365xikcv.slt\cookies.txt[.ehg.hitbox.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\Copy of michaeldperryOld\365xikcv.slt\cookies.txt[data.coremetrics.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\Copy of michaeldperryOld\365xikcv.slt\cookies.txt[.bravenet.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\Copy of michaeldperryOld\365xikcv.slt\cookies.txt[.atdmt.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\Copy of michaeldperryOld\365xikcv.slt\cookies.txt[.bfast.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\Copy of michaeldperryOld\365xikcv.slt\cookies.txt[.fastclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\Copy of michaeldperryOld\365xikcv.slt\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\Copy of michaeldperryOld\365xikcv.slt\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\Copy of michaeldperryOld\365xikcv.slt\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\Copy of michaeldperryOld\365xikcv.slt\cookies.txt[.zedo.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\Copy of michaeldperryOld\365xikcv.slt\cookies.txt[.hg1.hitbox.com/]
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\Copy of michaeldperryOld\365xikcv.slt\cookies.txt[.ct.360i.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\Copy of michaeldperryOld\365xikcv.slt\cookies.txt[.casalemedia.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\Copy of michaeldperryOld\365xikcv.slt\cookies.txt[.gostats.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\r9t88n2r.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\r9t88n2r.slt\cookies.txt[.zedo.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\r9t88n2r.slt\cookies.txt[server.iad.liveperson.net/hc/59207812]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\r9t88n2r.slt\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\r9t88n2r.slt\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\r9t88n2r.slt\cookies.txt[.belnk.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperryOld\365xikcv.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperryOld\365xikcv.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperryOld\365xikcv.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperryOld\365xikcv.slt\cookies.txt[.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperryOld\365xikcv.slt\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperryOld\365xikcv.slt\cookies.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperryOld\365xikcv.slt\cookies.txt[.servedby.advertising.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperryOld\365xikcv.slt\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperryOld\365xikcv.slt\cookies.txt[.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperryOld\365xikcv.slt\cookies.txt[.ehg.hitbox.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperryOld\365xikcv.slt\cookies.txt[data.coremetrics.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperryOld\365xikcv.slt\cookies.txt[.bravenet.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperryOld\365xikcv.slt\cookies.txt[.atdmt.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperryOld\365xikcv.slt\cookies.txt[.bfast.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperryOld\365xikcv.slt\cookies.txt[.fastclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperryOld\365xikcv.slt\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperryOld\365xikcv.slt\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperryOld\365xikcv.slt\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperryOld\365xikcv.slt\cookies.txt[.zedo.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperryOld\365xikcv.slt\cookies.txt[.hg1.hitbox.com/]
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperryOld\365xikcv.slt\cookies.txt[.ct.360i.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperryOld\365xikcv.slt\cookies.txt[.casalemedia.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperryOld\365xikcv.slt\cookies.txt[.gostats.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaelperryOld\dqqptnlh.slt\cookies.txt[.doubleclick.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaelperryOld\dqqptnlh.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\Copy of michaeldperryOld\365xikcv.slt\cookies.txt[]
Virus:Exploit/URLSpoof Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\Copy of michaeldperryOld\365xikcv.slt\Mail\Local Folders\Sent[~0000375.~]
Virus:Exploit/URLSpoof Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\Copy of michaeldperryOld\365xikcv.slt\Mail\Local Folders\Sent[~0000377.~]
Virus:Exploit/URLSpoof Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\Copy of michaeldperryOld\365xikcv.slt\Mail\Local Folders\Sent[~0000379.~]
Virus:Exploit/iFrame Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\Copy of michaeldperryOld\365xikcv.slt\Mail\pop.sbcglobal.net\Filed.sbd\Archive.sbd\Smart Travel[~0000188.~]
Virus:W32/Klez.I Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\Copy of michaeldperryOld\365xikcv.slt\Mail\pop.sbcglobal.net\Filed.sbd\Archive.sbd\Smart Travel[rock.pif]
Virus:JS/Illwill.A Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\Copy of michaeldperryOld\365xikcv.slt\Mail\pop.sbcglobal.net\Filed.sbd\CCC[price.html]
Virus:W32/Bagle.AM.worm Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\Copy of michaeldperryOld\365xikcv.slt\Mail\pop.sbcglobal.net\Filed.sbd\CCC[price.exe]
Adware:Adware/MediaTickets Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\Copy of michaeldperryOld\365xikcv.slt\Mail\pop.sbcglobal.net\Filed.sbd\CCC[~0002392.~]
Virus:Trj/Zerolin.C Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\Copy of michaeldperryOld\365xikcv.slt\Mail\pop.sbcglobal.net\Filed.sbd\CCC[~0005062.~]
Virus:W32/Klez.I Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\Copy of michaeldperryOld\365xikcv.slt\Mail\pop.sbcglobal.net\Filed.sbd\ISP[install.exe]
Virus:Exploit/iFrame Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\Copy of michaeldperryOld\365xikcv.slt\Mail\pop.sbcglobal.net\Filed.sbd\ISP.sbd\HostOnce[~0000155.~]
Virus:Trj/Zerolin.C Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\Copy of michaeldperryOld\365xikcv.slt\Mail\pop.sbcglobal.net\Filed.sbd\JunkCheck[~0000539.~]
Virus:Trj/Zerolin.C Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\Copy of michaeldperryOld\365xikcv.slt\Mail\pop.sbcglobal.net\Filed.sbd\JunkCheck[~0000578.~]
Virus:Trj/Zerolin.C Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\Copy of michaeldperryOld\365xikcv.slt\Mail\pop.sbcglobal.net\Inbox[~0001580.~]
Virus:Exploit/URLSpoof Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\Copy of michaeldperryOld\365xikcv.slt\Mail\pop.sbcglobal.net\Inbox[~0002108.~]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\r9t88n2r.slt\cookies.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\r9t88n2r.slt\cookies.txt[59207812]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\r9t88n2r.slt\cookies.txt[]
Virus:Exploit/URLSpoof Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\r9t88n2r.slt\Mail\Local Folders\Sent[~0000375.~]
Virus:Exploit/URLSpoof Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\r9t88n2r.slt\Mail\Local Folders\Sent[~0000377.~]
Virus:Exploit/URLSpoof Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\r9t88n2r.slt\Mail\Local Folders\Sent[~0000379.~]
Virus:Exploit/iFrame Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\r9t88n2r.slt\Mail\pop.sbcglobal.net\Filed.sbd\ISP.sbd\HostOnce[~0000155.~]
Virus:Exploit/URLSpoof Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry01\Mail\Local Folders\Sent[~0000375.~]
Virus:Exploit/URLSpoof Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry01\Mail\Local Folders\Sent[~0000377.~]
Virus:Exploit/URLSpoof Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry01\Mail\Local Folders\Sent[~0000379.~]
Virus:Exploit/iFrame Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry01\Mail\pop.sbcglobal.net\Filed.sbd\ISP.sbd\HostOnce[~0000155.~]
Virus:Trj/Zerolin.C Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry01\Mail\pop.sbcglobal.net\Inbox[~0001580.~]
Virus:Exploit/URLSpoof Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry01\Mail\pop.sbcglobal.net\Inbox[~0002108.~]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperryOld\365xikcv.slt\cookies.txt[]
Virus:Exploit/URLSpoof Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperryOld\365xikcv.slt\Mail\Local Folders\Sent[~0000375.~]
Virus:Exploit/URLSpoof Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperryOld\365xikcv.slt\Mail\Local Folders\Sent[~0000377.~]
Virus:Exploit/URLSpoof Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperryOld\365xikcv.slt\Mail\Local Folders\Sent[~0000379.~]
Virus:Exploit/iFrame Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperryOld\365xikcv.slt\Mail\pop.sbcglobal.net\Filed.sbd\Archive.sbd\Smart Travel[~0000188.~]
Virus:W32/Klez.I Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperryOld\365xikcv.slt\Mail\pop.sbcglobal.net\Filed.sbd\Archive.sbd\Smart Travel[rock.pif]
Virus:JS/Illwill.A Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperryOld\365xikcv.slt\Mail\pop.sbcglobal.net\Filed.sbd\CCC[price.html]
Virus:W32/Bagle.AM.worm Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperryOld\365xikcv.slt\Mail\pop.sbcglobal.net\Filed.sbd\CCC[price.exe]
Adware:Adware/MediaTickets Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperryOld\365xikcv.slt\Mail\pop.sbcglobal.net\Filed.sbd\CCC[~0002392.~]
Virus:Trj/Zerolin.C Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperryOld\365xikcv.slt\Mail\pop.sbcglobal.net\Filed.sbd\CCC[~0005062.~]
Virus:W32/Klez.I Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperryOld\365xikcv.slt\Mail\pop.sbcglobal.net\Filed.sbd\ISP[install.exe]
Virus:Exploit/iFrame Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperryOld\365xikcv.slt\Mail\pop.sbcglobal.net\Filed.sbd\ISP.sbd\HostOnce[~0000155.~]
Virus:Trj/Zerolin.C Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperryOld\365xikcv.slt\Mail\pop.sbcglobal.net\Filed.sbd\JunkCheck[~0000539.~]
Virus:Trj/Zerolin.C Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperryOld\365xikcv.slt\Mail\pop.sbcglobal.net\Filed.sbd\JunkCheck[~0000578.~]
Virus:Trj/Zerolin.C Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperryOld\365xikcv.slt\Mail\pop.sbcglobal.net\Inbox[~0001580.~]
Virus:Exploit/URLSpoof Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperryOld\365xikcv.slt\Mail\pop.sbcglobal.net\Inbox[~0002108.~]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaelperryOld\dqqptnlh.slt\cookies.txt[]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Michael\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-5db4521e-4ead4187.zip[Dummy.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Michael\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-debb6b6-612e8e55.zip[GetAccess.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Michael\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-debb6b6-612e8e55.zip[Installer.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Michael\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-debb6b6-612e8e55.zip[NewSecurityClassLoader.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Michael\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-debb6b6-612e8e55.zip[NewURLClassLoader.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Michael\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv290.jar-375be528-135fea3f.zip[Dummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Michael\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv290.jar-375be528-135fea3f.zip[Matrix.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Michael\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv560.jar-55e11003-629c6009.zip[Matrix.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Michael\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv560.jar-55e11003-629c6009.zip[Counter.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Michael\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv560.jar-55e11003-629c6009.zip[Dummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Michael\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv560.jar-55e11003-629c6009.zip[Parser.class]
Virus:Exploit/URLSpoof Not disinfected C:\Documents and Settings\Michael\Application Data\Thunderbird\Profiles\jutvhmpq.default\Mail\Local Folders\Sent[~0000375.~]
Virus:Exploit/URLSpoof Not disinfected C:\Documents and Settings\Michael\Application Data\Thunderbird\Profiles\jutvhmpq.default\Mail\Local Folders\Sent[~0000377.~]
Virus:Exploit/URLSpoof Not disinfected C:\Documents and Settings\Michael\Application Data\Thunderbird\Profiles\jutvhmpq.default\Mail\Local Folders\Sent[~0000379.~]
Virus:Exploit/iFrame Not disinfected C:\Documents and Settings\Michael\Application Data\Thunderbird\Profiles\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\ISP.sbd\HostOnce[~0000155.~]
Virus:Trj/Zerolin.C Not disinfected C:\Documents and Settings\Michael\Application Data\Thunderbird\Profiles\jutvhmpq.default\Mail\pop.sbcglobal.net\Inbox[~0001580.~]
Virus:Exploit/URLSpoof Not disinfected C:\Documents and Settings\Michael\Application Data\Thunderbird\Profiles\jutvhmpq.default\Mail\pop.sbcglobal.net\Inbox[~0002108.~]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Michael\Cookies\michael@ad.yieldmanager[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Michael\Cookies\michael@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Michael\Cookies\michael@azjmp[2].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Michael\Cookies\michael@c.enhance[1].txt
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Michael\Cookies\michael@c.goclick[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Michael\Cookies\michael@cgi-bin[4].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Michael\Cookies\michael@clickbank[1].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Michael\Cookies\michael@cs.sexcounter[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Michael\Cookies\michael@server.iad.liveperson[1].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Michael\Cookies\michael@stat.onestat[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Michael\Cookies\michael@statcounter[1].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Michael\Cookies\michael@tucows[2].txt
Potentially unwanted tool:Application/Altnet Not disinfected C:\Program Files\Kazaa\TopSearch.dll
Potentially unwanted tool:Application/Need2Find Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\FA7F7FF6-7555-467F-B021-D096AB\6C652E8F-9ED7-43B9-BDD4-AA6E7F
Virus:Exploit/URLSpoof Not disinfected C:\Program Files\Netscape\Users\michaeldperry\Mail\Local Folders\Sent[~0000375.~]
Virus:Exploit/URLSpoof Not disinfected C:\Program Files\Netscape\Users\michaeldperry\Mail\Local Folders\Sent[~0000377.~]
Virus:Exploit/URLSpoof Not disinfected C:\Program Files\Netscape\Users\michaeldperry\Mail\Local Folders\Sent[~0000379.~]
Virus:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\michaeldperry\Mail\pop.sbcglobal.net\Filed.sbd\ISP.sbd\HostOnce[~0000155.~]
Virus:Trj/Zerolin.C Not disinfected C:\Program Files\Netscape\Users\michaeldperry\Mail\pop.sbcglobal.net\Inbox[~0001580.~]
Virus:Exploit/URLSpoof Not disinfected C:\Program Files\Netscape\Users\michaeldperry\Mail\pop.sbcglobal.net\Inbox[~0002108.~]
Virus:Exploit/HHelp Not disinfected C:\Program Files\Norton Internet SecurityOLD\Norton AntiVirus\Quarantine\1130019D.html
Virus:Exploit/ByteVerify Not disinfected C:\Program Files\Norton Internet SecurityOLD\Norton AntiVirus\Quarantine\172D7A8C.zip[Bubble.class]
Virus:Exploit/ByteVerify Not disinfected C:\Program Files\Norton Internet SecurityOLD\Norton AntiVirus\Quarantine\172D7A8C.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Not disinfected C:\Program Files\Norton Internet SecurityOLD\Norton AntiVirus\Quarantine\172D7A8C.zip[Dummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Program Files\Norton Internet SecurityOLD\Norton AntiVirus\Quarantine\172D7A8C.zip[Beyond.class]
Virus:Exploit/Mhtredir.gen Not disinfected C:\Program Files\Norton Internet SecurityOLD\Norton AntiVirus\Quarantine\17312489.html

#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:57 AM

Posted 03 April 2006 - 02:57 AM

Hello othoson

I think the Hijackthis log got cut off the end. Can you post it again please.

David

#9 othoson

othoson
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Richardson, TX
  • Local time:09:57 PM

Posted 03 April 2006 - 08:20 AM

Logfile of HijackThis v1.99.1
Scan saved at 8:19:17 AM, on 4/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\Program Files\ViRobotXP\vrmonsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ViRobotXP\vrmonnt.exe
C:\Program Files\ViRobotXP\Vrres.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Documents and Settings\Michael\My Documents\My Downloads\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by PerryWeb Services
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\default\c4n2yfhk.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\default\c4n2yfhk.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ServiceConfig] "C:\Program Files\Comcast\MigCfg\Programs\IspMig.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Vrmon] C:\Program Files\ViRobotXP\vrmonnt.exe Main
O4 - HKLM\..\Run: [VrSchedule] C:\Program Files\ViRobotXP\Vrres.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SpyZooka] C:\Program Files\SpyZooka\SpyZookaLdr.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\System32\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'farlsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ptssvc - Unknown owner - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\ViRobotXP\vrmonsvc.exe

#10 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:57 AM

Posted 03 April 2006 - 10:33 AM

Hello othoson

The Panda log threw up a number of items that need our attention. I see that you are most likely using Mozilla as your main browser. You have a number of infected emails in your Profiles and Mail section. You also have a number of spyware cookies in IE, so so let's kill them also.

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.]

Now, please go to your Mozilla email folders and delete all those you do not recognise, preferably all emails apart from ones you want to keep. In addition you have a number of infected Mozilla profiles that need deleting. Please navigate to this folder:

C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles
This user, michaeldperryOld appears to be the main cause. My main recommendation would be to completely delete this profile folder and create a new one, but that's up to you.

Then please download the attached fix.reg file and save it to your desktop. It should look like this: Posted Image

Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

The Hijackthis log is now looking clean!
Reboot after doing all that and post back with a new Hijackthis log and Panda log.

David

#11 othoson

othoson
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Richardson, TX
  • Local time:09:57 PM

Posted 03 April 2006 - 04:07 PM

I don't use Mozilla anymore. I use IE for browsing and Netscape for e-mail. Here are my HijackThis and Panda logs:

Logfile of HijackThis v1.99.1
Scan saved at 4:03:31 PM, on 4/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\Program Files\ViRobotXP\vrmonsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\ViRobotXP\vrmonnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ViRobotXP\Vrres.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\SpyZooka\spyzooka.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Michael\My Documents\My Downloads\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by PerryWeb Services
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\default\c4n2yfhk.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\default\c4n2yfhk.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ServiceConfig] "C:\Program Files\Comcast\MigCfg\Programs\IspMig.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Vrmon] C:\Program Files\ViRobotXP\vrmonnt.exe Main
O4 - HKLM\..\Run: [VrSchedule] C:\Program Files\ViRobotXP\Vrres.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SpyZooka] C:\Program Files\SpyZooka\SpyZookaLdr.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\System32\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'farlsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ptssvc - Unknown owner - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\ViRobotXP\vrmonsvc.exe



Incident Status Location

Potentially unwanted tool:application/altnet Not disinfected HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TOPSEARCH.TSLINK
Potentially unwanted tool:application/myway Not disinfected HKEY_CURRENT_USER\SOFTWARE\NETSCAPE\NETSCAPE NAVIGATOR\AUTOMATION SHUTDOWN\MYWAYTOOLBAR.NETSCAPESHUTDOWN.1
Adware:adware/looksmart Not disinfected Windows Registry
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\r9t88n2r.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\r9t88n2r.slt\cookies.txt[.zedo.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\r9t88n2r.slt\cookies.txt[server.iad.liveperson.net/hc/59207812]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\r9t88n2r.slt\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\r9t88n2r.slt\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\r9t88n2r.slt\cookies.txt[.belnk.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\r9t88n2r.slt\cookies.txt[]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\r9t88n2r.slt\cookies.txt[59207812]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\r9t88n2r.slt\cookies.txt[]
Virus:Exploit/URLSpoof Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\r9t88n2r.slt\Mail\Local Folders\Sent[~0000375.~]
Virus:Exploit/URLSpoof Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\r9t88n2r.slt\Mail\Local Folders\Sent[~0000377.~]
Virus:Exploit/URLSpoof Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\r9t88n2r.slt\Mail\Local Folders\Sent[~0000379.~]
Virus:Exploit/iFrame Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry\r9t88n2r.slt\Mail\pop.sbcglobal.net\Filed.sbd\ISP.sbd\HostOnce[~0000155.~]
Virus:Exploit/URLSpoof Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry01\Mail\Local Folders\Sent[~0000375.~]
Virus:Exploit/URLSpoof Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry01\Mail\Local Folders\Sent[~0000377.~]
Virus:Exploit/URLSpoof Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry01\Mail\Local Folders\Sent[~0000379.~]
Virus:Exploit/iFrame Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry01\Mail\pop.sbcglobal.net\Filed.sbd\ISP.sbd\HostOnce[~0000155.~]
Virus:Trj/Zerolin.C Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry01\Mail\pop.sbcglobal.net\Inbox[~0001580.~]
Virus:Exploit/URLSpoof Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Profiles\michaeldperry01\Mail\pop.sbcglobal.net\Inbox[~0002108.~]
Virus:Exploit/URLSpoof Not disinfected C:\Documents and Settings\Michael\Application Data\Thunderbird\Profiles\jutvhmpq.default\Mail\Local Folders\Sent[~0000375.~]
Virus:Exploit/URLSpoof Not disinfected C:\Documents and Settings\Michael\Application Data\Thunderbird\Profiles\jutvhmpq.default\Mail\Local Folders\Sent[~0000377.~]
Virus:Exploit/URLSpoof Not disinfected C:\Documents and Settings\Michael\Application Data\Thunderbird\Profiles\jutvhmpq.default\Mail\Local Folders\Sent[~0000379.~]
Virus:Exploit/iFrame Not disinfected C:\Documents and Settings\Michael\Application Data\Thunderbird\Profiles\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\ISP.sbd\HostOnce[~0000155.~]
Virus:Trj/Zerolin.C Not disinfected C:\Documents and Settings\Michael\Application Data\Thunderbird\Profiles\jutvhmpq.default\Mail\pop.sbcglobal.net\Inbox[~0001580.~]
Virus:Exploit/URLSpoof Not disinfected C:\Documents and Settings\Michael\Application Data\Thunderbird\Profiles\jutvhmpq.default\Mail\pop.sbcglobal.net\Inbox[~0002108.~]
Potentially unwanted tool:Application/Altnet Not disinfected C:\Program Files\Kazaa\TopSearch.dll
Potentially unwanted tool:Application/Need2Find Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\FA7F7FF6-7555-467F-B021-D096AB\6C652E8F-9ED7-43B9-BDD4-AA6E7F
Virus:Exploit/URLSpoof Not disinfected C:\Program Files\Netscape\Users\michaeldperry\Mail\Local Folders\Sent[~0000375.~]
Virus:Exploit/URLSpoof Not disinfected C:\Program Files\Netscape\Users\michaeldperry\Mail\Local Folders\Sent[~0000377.~]
Virus:Exploit/URLSpoof Not disinfected C:\Program Files\Netscape\Users\michaeldperry\Mail\Local Folders\Sent[~0000379.~]
Virus:Exploit/iFrame Not disinfected C:\Program Files\Netscape\Users\michaeldperry\Mail\pop.sbcglobal.net\Filed.sbd\ISP.sbd\HostOnce[~0000155.~]
Virus:Trj/Zerolin.C Not disinfected C:\Program Files\Netscape\Users\michaeldperry\Mail\pop.sbcglobal.net\Inbox[~0001580.~]
Virus:Exploit/URLSpoof Not disinfected C:\Program Files\Netscape\Users\michaeldperry\Mail\pop.sbcglobal.net\Inbox[~0002108.~]
Virus:Exploit/HHelp Not disinfected C:\Program Files\Norton Internet SecurityOLD\Norton AntiVirus\Quarantine\1130019D.html
Virus:Exploit/ByteVerify Not disinfected C:\Program Files\Norton Internet SecurityOLD\Norton AntiVirus\Quarantine\172D7A8C.zip[Bubble.class]
Virus:Exploit/ByteVerify Not disinfected C:\Program Files\Norton Internet SecurityOLD\Norton AntiVirus\Quarantine\172D7A8C.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Not disinfected C:\Program Files\Norton Internet SecurityOLD\Norton AntiVirus\Quarantine\172D7A8C.zip[Dummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Program Files\Norton Internet SecurityOLD\Norton AntiVirus\Quarantine\172D7A8C.zip[Beyond.class]
Virus:Exploit/Mhtredir.gen Not disinfected C:\Program Files\Norton Internet SecurityOLD\Norton AntiVirus\Quarantine\17312489.html
Virus:Exploit/Mhtredir.gen Not disinfected C:\Program Files\Norton Internet SecurityOLD\Norton AntiVirus\Quarantine\17E17FC7.html
Virus:W32/Netsky.P.worm Not disinfected C:\Program Files\Norton Internet SecurityOLD\Norton AntiVirus\Quarantine\2046551F[data.rtf .scr]
Virus:W32/Netsky.P.worm Not disinfected C:\Program Files\Norton Internet SecurityOLD\Norton AntiVirus\Quarantine\33C04851[data.rtf .scr]
Virus:W32/Netsky.P.worm Not disinfected C:\Program Files\Norton Internet SecurityOLD\Norton AntiVirus\Quarantine\351B1F6B[data.rtf .scr]
Virus:Exploit/ByteVerify Not disinfected C:\Program Files\Norton Internet SecurityOLD\Norton AntiVirus\Quarantine\4B6F154C
Virus:W32/Netsky.P.worm Not disinfected C:\Program Files\Norton Internet SecurityOLD\Norton AntiVirus\Quarantine\526F7D64[details.txt .pif]
Virus:W32/Netsky.P.worm Not disinfected C:\Program Files\Norton Internet SecurityOLD\Norton AntiVirus\Quarantine\578B7451[data.rtf .scr]
Virus:W32/Netsky.P.worm Not disinfected C:\Program Files\Norton Internet SecurityOLD\Norton AntiVirus\Quarantine\653F2F8C[data.rtf .scr]
Virus:W32/Netsky.P.worm Not disinfected C:\Program Files\Norton Internet SecurityOLD\Norton AntiVirus\Quarantine\6B9F6801[data.rtf .scr]
Virus:W32/Netsky.P.worm Not disinfected C:\Program Files\Norton Internet SecurityOLD\Norton AntiVirus\Quarantine\6C32495F[data.rtf .scr]
Virus:Exploit/URLSpoof Not disinfected F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\Local Folders\Sent[~0000375.~]
Virus:Exploit/URLSpoof Not disinfected F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\Local Folders\Sent[~0000377.~]
Virus:Exploit/URLSpoof Not disinfected F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\Local Folders\Sent[~0000379.~]
Virus:Exploit/iFrame Not disinfected F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\Archive.sbd\Smart Travel[~0000188.~]
Virus:W32/Klez.I Not disinfected F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\Archive.sbd\Smart Travel[rock.pif]
Virus:JS/Illwill.A Not disinfected F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC[price.html]
Virus:W32/Bagle.AM.worm Not disinfected F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC[price.exe]
Adware:Adware/MediaTickets Not disinfected F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC[~0002392.~]
Virus:Trj/Zerolin.C Not disinfected F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC[~0005062.~]
Virus:W32/Klez.I Not disinfected F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\ISP[install.exe]
Virus:Exploit/iFrame Not disinfected F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\ISP.sbd\HostOnce[~0000155.~]
Virus:Trj/Zerolin.C Not disinfected F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\JunkCheck[~0000539.~]
Virus:Trj/Zerolin.C Not disinfected F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\JunkCheck[~0000578.~]
Virus:Trj/Zerolin.C Not disinfected F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Inbox[~0001580.~]
Virus:Exploit/URLSpoof Not disinfected F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Inbox[~0002108.~]
Virus:Exploit/URLSpoof Not disinfected F:\My Stuff\SystemStuff\eMailOld\jutvhmpq20050710.default\Mail\Local Folders\Sent[~0000375.~]
Virus:Exploit/URLSpoof Not disinfected F:\My Stuff\SystemStuff\eMailOld\jutvhmpq20050710.default\Mail\Local Folders\Sent[~0000377.~]
Virus:Exploit/URLSpoof Not disinfected F:\My Stuff\SystemStuff\eMailOld\jutvhmpq20050710.default\Mail\Local Folders\Sent[~0000379.~]
Virus:Exploit/iFrame Not disinfected F:\My Stuff\SystemStuff\eMailOld\jutvhmpq20050710.default\Mail\pop.sbcglobal.net\Filed.sbd\Archive.sbd\Smart Travel[~0000188.~]
Virus:W32/Klez.I Not disinfected F:\My Stuff\SystemStuff\eMailOld\jutvhmpq20050710.default\Mail\pop.sbcglobal.net\Filed.sbd\Archive.sbd\Smart Travel[rock.pif]
Virus:JS/Illwill.A Not disinfected F:\My Stuff\SystemStuff\eMailOld\jutvhmpq20050710.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC[price.html]
Virus:W32/Bagle.AM.worm Not disinfected F:\My Stuff\SystemStuff\eMailOld\jutvhmpq20050710.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC[price.exe]
Adware:Adware/MediaTickets Not disinfected F:\My Stuff\SystemStuff\eMailOld\jutvhmpq20050710.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC[~0002392.~]
Virus:Trj/Zerolin.C Not disinfected F:\My Stuff\SystemStuff\eMailOld\jutvhmpq20050710.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC[~0005062.~]
Virus:W32/Klez.I Not disinfected F:\My Stuff\SystemStuff\eMailOld\jutvhmpq20050710.default\Mail\pop.sbcglobal.net\Filed.sbd\ISP[install.exe]
Virus:Exploit/iFrame Not disinfected F:\My Stuff\SystemStuff\eMailOld\jutvhmpq20050710.default\Mail\pop.sbcglobal.net\Filed.sbd\ISP.sbd\HostOnce[~0000155.~]
Virus:Trj/Zerolin.C Not disinfected F:\My Stuff\SystemStuff\eMailOld\jutvhmpq20050710.default\Mail\pop.sbcglobal.net\Filed.sbd\JunkCheck[~0000539.~]
Virus:Trj/Zerolin.C Not disinfected F:\My Stuff\SystemStuff\eMailOld\jutvhmpq20050710.default\Mail\pop.sbcglobal.net\Filed.sbd\JunkCheck[~0000578.~]
Virus:Trj/Zerolin.C Not disinfected F:\My Stuff\SystemStuff\eMailOld\jutvhmpq20050710.default\Mail\pop.sbcglobal.net\Inbox[~0001580.~]
Virus:Exploit/URLSpoof Not disinfected F:\My Stuff\SystemStuff\eMailOld\jutvhmpq20050710.default\Mail\pop.sbcglobal.net\Inbox[~0002108.~]
Virus:Exploit/URLSpoof Not disinfected F:\My Stuff\SystemStuff\eMailOld\jutvhmpq20050811.default\Mail\Local Folders\Sent[~0000375.~]
Virus:Exploit/URLSpoof Not disinfected F:\My Stuff\SystemStuff\eMailOld\jutvhmpq20050811.default\Mail\Local Folders\Sent[~0000377.~]
Virus:Exploit/URLSpoof Not disinfected F:\My Stuff\SystemStuff\eMailOld\jutvhmpq20050811.default\Mail\Local Folders\Sent[~0000379.~]
Virus:Exploit/iFrame Not disinfected F:\My Stuff\SystemStuff\eMailOld\jutvhmpq20050811.default\Mail\pop.sbcglobal.net\Filed.sbd\Archive.sbd\Smart Travel[~0000188.~]
Virus:W32/Klez.I Not disinfected F:\My Stuff\SystemStuff\eMailOld\jutvhmpq20050811.default\Mail\pop.sbcglobal.net\Filed.sbd\Archive.sbd\Smart Travel[rock.pif]
Virus:JS/Illwill.A Not disinfected F:\My Stuff\SystemStuff\eMailOld\jutvhmpq20050811.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC[price.html]
Virus:W32/Bagle.AM.worm Not disinfected F:\My Stuff\SystemStuff\eMailOld\jutvhmpq20050811.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC[price.exe]
Adware:Adware/MediaTickets Not disinfected F:\My Stuff\SystemStuff\eMailOld\jutvhmpq20050811.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC[~0002392.~]
Virus:Trj/Zerolin.C Not disinfected F:\My Stuff\SystemStuff\eMailOld\jutvhmpq20050811.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC[~0005062.~]
Virus:W32/Klez.I Not disinfected F:\My Stuff\SystemStuff\eMailOld\jutvhmpq20050811.default\Mail\pop.sbcglobal.net\Filed.sbd\ISP[install.exe]
Virus:Exploit/iFrame Not disinfected F:\My Stuff\SystemStuff\eMailOld\jutvhmpq20050811.default\Mail\pop.sbcglobal.net\Filed.sbd\ISP.sbd\HostOnce[~0000155.~]
Virus:Trj/Zerolin.C Not disinfected F:\My Stuff\SystemStuff\eMailOld\jutvhmpq20050811.default\Mail\pop.sbcglobal.net\Filed.sbd\JunkCheck[~0000539.~]
Virus:Trj/Zerolin.C Not disinfected F:\My Stuff\SystemStuff\eMailOld\jutvhmpq20050811.default\Mail\pop.sbcglobal.net\Filed.sbd\JunkCheck[~0000578.~]
Virus:Trj/Zerolin.C Not disinfected F:\My Stuff\SystemStuff\eMailOld\jutvhmpq20050811.default\Mail\pop.sbcglobal.net\Inbox[~0001580.~]
Virus:Exploit/URLSpoof Not disinfected F:\My Stuff\SystemStuff\eMailOld\jutvhmpq20050811.default\Mail\pop.sbcglobal.net\Inbox[~0002108.~]
Virus:Exploit/URLSpoof Not disinfected F:\My Stuff\SystemStuff\eMailOld\jutvhmpq20050812.default\Mail\Local Folders\Sent[~0000375.~]
Virus:Exploit/URLSpoof Not disinfected F:\My Stuff\SystemStuff\eMailOld\jutvhmpq20050812.default\Mail\Local Folders\Sent[~0000377.~]
Virus:Exploit/URLSpoof Not disinfected F:\My Stuff\SystemStuff\eMailOld\jutvhmpq20050812.default\Mail\Local Folders\Sent[~0000379.~]
Virus:Exploit/iFrame Not disinfected F:\My Stuff\SystemStuff\eMailOld\jutvhmpq20050812.default\Mail\pop.sbcglobal.net\Filed.sbd\ISP.sbd\HostOnce[~0000155.~]
Virus:Trj/Zerolin.C Not disinfected F:\My Stuff\SystemStuff\eMailOld\jutvhmpq20050812.default\Mail\pop.sbcglobal.net\Inbox[~0001580.~]
Virus:Exploit/URLSpoof Not disinfected F:\My Stuff\SystemStuff\eMailOld\jutvhmpq20050812.default\Mail\pop.sbcglobal.net\Inbox[~0002108.~]
Virus:Exploit/iFrame Not disinfected F:\My Stuff\SystemStuff\eMailOld\michaeldperryOld\Mail\Filed.sbd\Archive.sbd\Smart Travel[~0000188.~]
Virus:W32/Klez.I Not disinfected F:\My Stuff\SystemStuff\eMailOld\michaeldperryOld\Mail\Filed.sbd\Archive.sbd\Smart Travel[rock.pif]
Virus:W32/Klez.I Not disinfected F:\My Stuff\SystemStuff\eMailOld\michaeldperryOld\Mail\Filed.sbd\ISP[install.exe]
Virus:Exploit/iFrame Not disinfected F:\My Stuff\SystemStuff\eMailOld\michaeldperryOld\Mail\Filed.sbd\ISP.sbd\HostOnce[~0000155.~]
Virus:Exploit/iFrame Not disinfected F:\My Stuff\SystemStuff\Netscape07272004\Mail\Filed.sbd\Archive.sbd\Smart Travel[~0000188.~]
Virus:W32/Klez.I Not disinfected F:\My Stuff\SystemStuff\Netscape07272004\Mail\Filed.sbd\Archive.sbd\Smart Travel[rock.pif]
Virus:W32/Klez.I Not disinfected F:\My Stuff\SystemStuff\Netscape07272004\Mail\Filed.sbd\ISP[install.exe]
Virus:Exploit/iFrame Not disinfected F:\My Stuff\SystemStuff\Netscape07272004\Mail\Filed.sbd\ISP.sbd\HostOnce[~0000155.~]
Virus:Exploit/iFrame Not disinfected F:\My Stuff\SystemStuff\Netscape07272004\NetscapeOld\Users\michaeldperry\Mail\Filed.sbd\Archive.sbd\Smart Travel[~0000188.~]
Virus:W32/Klez.I Not disinfected F:\My Stuff\SystemStuff\Netscape07272004\NetscapeOld\Users\michaeldperry\Mail\Filed.sbd\Archive.sbd\Smart Travel[rock.pif]
Virus:W32/Klez.I Not disinfected F:\My Stuff\SystemStuff\Netscape07272004\NetscapeOld\Users\michaeldperry\Mail\Filed.sbd\ISP[install.exe]
Virus:Exploit/iFrame Not disinfected F:\My Stuff\SystemStuff\Netscape07272004\NetscapeOld\Users\michaeldperry\Mail\Filed.sbd\ISP.sbd\HostOnce[~0000155.~]
Potentially unwanted tool:Application/HideWindow.A Not disinfected H:\MyDownloads\Mom\SP1RcvryFix.exe[FondleWindow.exe]
Adware:Adware/DSSAgent Not disinfected H:\MyDownloads\PhotoShop\Setup\DSS\DSSAGENT.EXE

#12 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:57 AM

Posted 03 April 2006 - 05:02 PM

Hi othoson!

Well you have so many infected viruses in your Mozilla folders that I recommend that you uninstall Mozilla entirely as you don't use it anymore. That way you will remove all the Mozilla folders which contain the bad files.

Please download Ewido anti-malware ; it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido by double-clicking on the icon on your desktop.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

You still have lots of infected files, and it is near impossible for me to give you exact instructions how to remove them. Please navigate to the following folders and delete everything inside that you don't want, for example old emails. If there is nothing inside you want you can delete the entire folder. However I am not in a position to make you do that, as I don't know what's inside:

F:\My Stuff\SystemStuff\eMailOld
F:\My Stuff\SystemStuff\Netscape07272004

Next please empty your Norton quarantine folder by opening Norton and clicking on the "quarantine" button. You may need to search how to remove the files.

Next please delete the following file:
H:\MyDownloads\PhotoShop\Setup\DSS\DSSAGENT.EXE

Reboot into SAFE MODE
By pressing the F8 key right when Windows starts, usually right after you hear your computer
beep when you reboot it (some versions of windows will display 'Starting Windows' with a grey progress bar)
you will be brought to a menu where you can choose to boot into safe mode.

* Open Ewido anti-malware
Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan it will prompt you to clean files, click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop
Close Ewido

Please reboot back to normal mode and post the ewido log and a new HJT log.
David

#13 othoson

othoson
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Richardson, TX
  • Local time:09:57 PM

Posted 04 April 2006 - 12:36 AM

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 12:25:24 AM, 4/4/2006
+ Report-Checksum: CC7B4A5D

+ Scan result:

HKLM\SOFTWARE\Altnet -> Adware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Altnet\TopSearch -> Adware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\TopSearch.TSLink -> Adware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CLSID -> Adware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CurVer -> Adware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\TopSearch.TSLink.1 -> Adware.Altnet : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
C:\Documents and Settings\Michael\Cookies\michael@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Program Files\Kazaa\TopSearch.dll -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\system32\scenicnc.exe/1 -> Adware.180Solutions : Error during cleaning
H:\Recycled\Dh13.EXE -> Adware.Background : Cleaned with backup
:mozilla.58:H:\Archive\NetscapeMail20060403\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.59:H:\Archive\NetscapeMail20060403\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.60:H:\Archive\NetscapeMail20060403\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.61:H:\Archive\NetscapeMail20060403\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.62:H:\Archive\NetscapeMail20060403\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.81:H:\Archive\NetscapeMail20060403\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.82:H:\Archive\NetscapeMail20060403\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.83:H:\Archive\NetscapeMail20060403\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.101:H:\Archive\NetscapeMail20060403\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.105:H:\Archive\NetscapeMail20060403\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.106:H:\Archive\NetscapeMail20060403\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.107:H:\Archive\NetscapeMail20060403\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.108:H:\Archive\NetscapeMail20060403\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.109:H:\Archive\NetscapeMail20060403\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.110:H:\Archive\NetscapeMail20060403\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.146:H:\Archive\NetscapeMail20060403\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.147:H:\Archive\NetscapeMail20060403\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.148:H:\Archive\NetscapeMail20060403\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.149:H:\Archive\NetscapeMail20060403\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.150:H:\Archive\NetscapeMail20060403\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.151:H:\Archive\NetscapeMail20060403\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.152:H:\Archive\NetscapeMail20060403\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.153:H:\Archive\NetscapeMail20060403\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.200:H:\Archive\NetscapeMail20060403\michaeldperry\go0r6ese.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 12:34:12 AM, on 4/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\Program Files\ViRobotXP\vrmonsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\ViRobotXP\vrmonnt.exe
C:\Program Files\ViRobotXP\Vrres.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\SpyZooka\spyzooka.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\Michael\My Documents\My Downloads\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by PerryWeb Services
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ServiceConfig] "C:\Program Files\Comcast\MigCfg\Programs\IspMig.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Vrmon] C:\Program Files\ViRobotXP\vrmonnt.exe Main
O4 - HKLM\..\Run: [VrSchedule] C:\Program Files\ViRobotXP\Vrres.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SpyZooka] C:\Program Files\SpyZooka\SpyZookaLdr.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\System32\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'farlsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ptssvc - Unknown owner - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\ViRobotXP\vrmonsvc.exe

#14 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:57 AM

Posted 04 April 2006 - 03:06 AM

Well Done!

Please search and delete this folder if it is present:

C:\Program Files\Kazaa

Then, Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
David

#15 othoson

othoson
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Richardson, TX
  • Local time:09:57 PM

Posted 04 April 2006 - 04:56 PM

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, April 04, 2006 16:52:38
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 4/04/2006
Kaspersky Anti-Virus database records: 186216
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 245828
Number of viruses found: 25
Number of infected objects: 288
Number of suspicious objects: 25
Duration of the scan process: 15935 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\Mail\pop.sbcglobal.net\Filed.sbd\eBay/[From "eBay Member: tremolo71" <member@ebay.com>][Date Sun, 8 May 2005 21:08:47 -0700]/text Infected: Trojan-Spy.HTML.Bayfraud.ib
C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\Mail\pop.sbcglobal.net\Filed.sbd\eBay/[From "eBay Member: western-swingger1970" <member@ebay.com>][Date Fri, 13 May 2005 15:31:10 -0700]/text Infected: Trojan-Spy.HTML.Bayfraud.ib
C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\Mail\pop.sbcglobal.net\Filed.sbd\eBay Infected: Trojan-Spy.HTML.Bayfraud.ib
C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\Mail\pop.sbcglobal.net\Filed.sbd\eBay.sbd\Won/[From "eBay Member: othoson" <member@ebay.com>][Date Tue, 7 Jun 2005 20:07:31 -0700]/text Infected: Trojan-Spy.HTML.Bayfraud.ib
C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\Mail\pop.sbcglobal.net\Filed.sbd\eBay.sbd\Won Infected: Trojan-Spy.HTML.Bayfraud.ib
C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\Mail\pop.sbcglobal.net\Filed.sbd\Fraud/[From eBay <support_ref_1@ebay.com>][Date Sun, 04 Sep 2005 03:45:12 -0300]/html Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\Mail\pop.sbcglobal.net\Filed.sbd\Fraud/[From eBay Customer Support <spoof@ebay.com>][Date Sun, 04 Sep 2005 00:09:09 -0700]/text/[From eBay Inc <custservice_id_4037@ebay.com>][Date Fri, 09 Sep 2005 08:13:47 +0400]/UNNAMED/html Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\Mail\pop.sbcglobal.net\Filed.sbd\Fraud/[From eBay Customer Support <spoof@ebay.com>][Date Sun, 04 Sep 2005 00:09:09 -0700]/text/[From eBay Inc <custservice_id_4037@ebay.com>][Date Fri, 09 Sep 2005 08:13:47 +0400]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\Mail\pop.sbcglobal.net\Filed.sbd\Fraud/[From eBay Customer Support <spoof@ebay.com>][Date Sun, 04 Sep 2005 00:09:09 -0700]/text/[From eBay <custservice_ref_50@ebay.com>][Date Sat, 10 Sep 2005 01:36:23 -0600]/UNNAMED/html Infected: Trojan-Spy.HTML.Bayfraud.hl
C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\Mail\pop.sbcglobal.net\Filed.sbd\Fraud/[From eBay Customer Support <spoof@ebay.com>][Date Sun, 04 Sep 2005 00:09:09 -0700]/text/[From eBay <custservice_ref_50@ebay.com>][Date Sat, 10 Sep 2005 01:36:23 -0600]/UNNAMED/[From eBay Inc <custservice_375@ebay.com>][Date Wed, 14 Sep 2005 14:46:53 +0500]/UNNAMED/html Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\Mail\pop.sbcglobal.net\Filed.sbd\Fraud/[From eBay Customer Support <spoof@ebay.com>][Date Sun, 04 Sep 2005 00:09:09 -0700]/text/[From eBay <custservice_ref_50@ebay.com>][Date Sat, 10 Sep 2005 01:36:23 -0600]/UNNAMED/[From eBay Inc <custservice_375@ebay.com>][Date Wed, 14 Sep 2005 14:46:53 +0500]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\Mail\pop.sbcglobal.net\Filed.sbd\Fraud/[From eBay Customer Support <spoof@ebay.com>][Date Sun, 04 Sep 2005 00:09:09 -0700]/text/[From eBay <custservice_ref_50@ebay.com>][Date Sat, 10 Sep 2005 01:36:23 -0600]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\Mail\pop.sbcglobal.net\Filed.sbd\Fraud/[From eBay Customer Support <spoof@ebay.com>][Date Sun, 04 Sep 2005 00:09:09 -0700]/text/[From eBay <support_ref_676172@ebay.com>][Date Sun, 09 Feb 2003 20:15:46 -0600]/UNNAMED/html Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\Mail\pop.sbcglobal.net\Filed.sbd\Fraud/[From eBay Customer Support <spoof@ebay.com>][Date Sun, 04 Sep 2005 00:09:09 -0700]/text/[From eBay <support_ref_676172@ebay.com>][Date Sun, 09 Feb 2003 20:15:46 -0600]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\Mail\pop.sbcglobal.net\Filed.sbd\Fraud/[From eBay Customer Support <spoof@ebay.com>][Date Sun, 04 Sep 2005 00:09:09 -0700]/text/[From eBay <custservice_ref_3868@ebay.com>][Date Fri, 07 Oct 2005 23:28:09 -0600]/UNNAMED/html Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\Mail\pop.sbcglobal.net\Filed.sbd\Fraud/[From eBay Customer Support <spoof@ebay.com>][Date Sun, 04 Sep 2005 00:09:09 -0700]/text/[From eBay <custservice_ref_3868@ebay.com>][Date Fri, 07 Oct 2005 23:28:09 -0600]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\Mail\pop.sbcglobal.net\Filed.sbd\Fraud/[From eBay Customer Support <spoof@ebay.com>][Date Sun, 04 Sep 2005 00:09:09 -0700]/text/[From eBay Inc <support_num_42@ebay.com>][Date Sat, 22 Oct 2005 14:07:36 +0100]/UNNAMED/html Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\Mail\pop.sbcglobal.net\Filed.sbd\Fraud/[From eBay Customer Support <spoof@ebay.com>][Date Sun, 04 Sep 2005 00:09:09 -0700]/text/[From eBay Inc <support_num_42@ebay.com>][Date Sat, 22 Oct 2005 14:07:36 +0100]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\Mail\pop.sbcglobal.net\Filed.sbd\Fraud/[From eBay Customer Support <spoof@ebay.com>][Date Sun, 04 Sep 2005 00:09:09 -0700]/text/[From "PayPal Security Service" <service@paypal.com>][Date Sun, 10 Jul 2005 12:23:04 +0300]/html Infected: Trojan-Spy.HTML.Paylap.ez
C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\Mail\pop.sbcglobal.net\Filed.sbd\Fraud/[From eBay Customer Support <spoof@ebay.com>][Date Sun, 04 Sep 2005 00:09:09 -0700]/text/[From "eBay Member" <member@eBay.com>][Date Sat, 10 Dec 2005 18:26:36 -0600]/html Infected: Trojan-Spy.HTML.Bayfraud.jd
C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\Mail\pop.sbcglobal.net\Filed.sbd\Fraud/[From eBay Customer Support <spoof@ebay.com>][Date Sun, 04 Sep 2005 00:09:09 -0700]/text/[From "eBay Member" <member@eBay.com>][Date Sun, 11 Dec 2005 06:24:16 +0600]/html Infected: Trojan-Spy.HTML.Bayfraud.jd
C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\Mail\pop.sbcglobal.net\Filed.sbd\Fraud/[From eBay Customer Support <spoof@ebay.com>][Date Sun, 04 Sep 2005 00:09:09 -0700]/text/[From "PayPal Center" <update@paypal.com>][Date Tue, 17 Jan 2006 13:25:01 +0300]/UNNAMED/html Infected: Trojan-Spy.HTML.Paylap.ez
C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\Mail\pop.sbcglobal.net\Filed.sbd\Fraud/[From eBay Customer Support <spoof@ebay.com>][Date Sun, 04 Sep 2005 00:09:09 -0700]/text/[From "PayPal Center" <update@paypal.com>][Date Tue, 17 Jan 2006 13:25:01 +0300]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ez
C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\Mail\pop.sbcglobal.net\Filed.sbd\Fraud/[From eBay Customer Support <spoof@ebay.com>][Date Sun, 04 Sep 2005 00:09:09 -0700]/text/[From "PayPal Security Service" <service@paypal.com>][Date Fri, 27 Jan 2006 14:57:58 +0400]/UNNAMED/html Infected: Trojan-Spy.HTML.Paylap.ez
C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\Mail\pop.sbcglobal.net\Filed.sbd\Fraud/[From eBay Customer Support <spoof@ebay.com>][Date Sun, 04 Sep 2005 00:09:09 -0700]/text/[From "PayPal Security Service" <service@paypal.com>][Date Fri, 27 Jan 2006 14:57:58 +0400]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ez
C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\Mail\pop.sbcglobal.net\Filed.sbd\Fraud/[From eBay Customer Support <spoof@ebay.com>][Date Sun, 04 Sep 2005 00:09:09 -0700]/text/[From "PayPal Security Service" <service@paypal.com>][Date Sun, 29 Jan 2006 04:28:24 -0200]/html Infected: Trojan-Spy.HTML.Paylap.ez
C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\Mail\pop.sbcglobal.net\Filed.sbd\Fraud/[From eBay Customer Support <spoof@ebay.com>][Date Sun, 04 Sep 2005 00:09:09 -0700]/text Infected: Trojan-Spy.HTML.Paylap.ez
C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\Mail\pop.sbcglobal.net\Filed.sbd\Fraud Infected: Trojan-Spy.HTML.Paylap.ez
C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\Mail\pop.sbcglobal.net\Filed.sbd\ISP.sbd\HostOnce/[From "HostOnce.com Domains" <domains@hostonce.com>][Date Tue, 17 Sep 2002 13:48:41 -0400]/text/[From "HostOnce.com" <nick@hostonce.com>][Date Tue, 1 Oct 2002 16:32:18 +0100]/UNNAMED/[From <postmaster@iridium.carolina.net>][Date Fri, 13 Dec 2002 17:31:38 -0500]/UNNAMED/[From webmaster <webmaster@webehaven.com>][Date Fri, 13 Dec 2002 18:04:57 -0500 (EST)]/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\Mail\pop.sbcglobal.net\Filed.sbd\ISP.sbd\HostOnce/[From "HostOnce.com Domains" <domains@hostonce.com>][Date Tue, 17 Sep 2002 13:48:41 -0400]/text/[From "HostOnce.com" <nick@hostonce.com>][Date Tue, 1 Oct 2002 16:32:18 +0100]/UNNAMED/[From <postmaster@iridium.carolina.net>][Date Fri, 13 Dec 2002 17:31:38 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\Mail\pop.sbcglobal.net\Filed.sbd\ISP.sbd\HostOnce/[From "HostOnce.com Domains" <domains@hostonce.com>][Date Tue, 17 Sep 2002 13:48:41 -0400]/text/[From "HostOnce.com" <nick@hostonce.com>][Date Tue, 1 Oct 2002 16:32:18 +0100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\Mail\pop.sbcglobal.net\Filed.sbd\ISP.sbd\HostOnce/[From "HostOnce.com Domains" <domains@hostonce.com>][Date Tue, 17 Sep 2002 13:48:41 -0400]/text Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Michael\Application Data\Netscape\Profiles\michaeldperry\go0r6ese.slt\Mail\pop.sbcglobal.net\Filed.sbd\ISP.sbd\HostOnce Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Michael\Application Data\Thunderbird\Profiles\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\eBay/[From "eBay Member: tremolo71" <member@ebay.com>][Date Sun, 8 May 2005 21:08:47 -0700]/text Infected: Trojan-Spy.HTML.Bayfraud.ib
C:\Documents and Settings\Michael\Application Data\Thunderbird\Profiles\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\eBay/[From "eBay Member: western-swingger1970" <member@ebay.com>][Date Fri, 13 May 2005 15:31:10 -0700]/text Infected: Trojan-Spy.HTML.Bayfraud.ib
C:\Documents and Settings\Michael\Application Data\Thunderbird\Profiles\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\eBay Infected: Trojan-Spy.HTML.Bayfraud.ib
C:\Documents and Settings\Michael\Application Data\Thunderbird\Profiles\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\eBay.sbd\Won/[From "eBay Member: othoson" <member@ebay.com>][Date Tue, 7 Jun 2005 20:07:31 -0700]/text Infected: Trojan-Spy.HTML.Bayfraud.ib
C:\Documents and Settings\Michael\Application Data\Thunderbird\Profiles\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\eBay.sbd\Won Infected: Trojan-Spy.HTML.Bayfraud.ib
C:\Documents and Settings\Michael\Application Data\Thunderbird\Profiles\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\ISP.sbd\HostOnce/[From "HostOnce.com Domains" <domains@hostonce.com>][Date Tue, 17 Sep 2002 13:48:41 -0400]/text/[From "HostOnce.com" <nick@hostonce.com>][Date Tue, 1 Oct 2002 16:32:18 +0100]/UNNAMED/[From <postmaster@iridium.carolina.net>][Date Fri, 13 Dec 2002 17:31:38 -0500]/UNNAMED/[From webmaster <webmaster@webehaven.com>][Date Fri, 13 Dec 2002 18:04:57 -0500 (EST)]/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Michael\Application Data\Thunderbird\Profiles\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\ISP.sbd\HostOnce/[From "HostOnce.com Domains" <domains@hostonce.com>][Date Tue, 17 Sep 2002 13:48:41 -0400]/text/[From "HostOnce.com" <nick@hostonce.com>][Date Tue, 1 Oct 2002 16:32:18 +0100]/UNNAMED/[From <postmaster@iridium.carolina.net>][Date Fri, 13 Dec 2002 17:31:38 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Michael\Application Data\Thunderbird\Profiles\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\ISP.sbd\HostOnce/[From "HostOnce.com Domains" <domains@hostonce.com>][Date Tue, 17 Sep 2002 13:48:41 -0400]/text/[From "HostOnce.com" <nick@hostonce.com>][Date Tue, 1 Oct 2002 16:32:18 +0100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Michael\Application Data\Thunderbird\Profiles\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\ISP.sbd\HostOnce/[From "HostOnce.com Domains" <domains@hostonce.com>][Date Tue, 17 Sep 2002 13:48:41 -0400]/text Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Michael\Application Data\Thunderbird\Profiles\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\ISP.sbd\HostOnce Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Michael\My Documents\My Downloads\Malicious\XoftSpy421_163.exe/data0013 Infected: not-a-virus:RiskTool.Win32.PsKill.n
C:\Documents and Settings\Michael\My Documents\My Downloads\Malicious\XoftSpy421_163.exe Infected: not-a-virus:RiskTool.Win32.PsKill.n
C:\Program Files\Microsoft AntiSpyware\Quarantine\FA7F7FF6-7555-467F-B021-D096AB\6C652E8F-9ED7-43B9-BDD4-AA6E7F Infected: not-a-virus:AdWare.Win32.MySearch.e
C:\Program Files\Netscape\Users\michaeldperry\Mail\pop.sbcglobal.net\Filed.sbd\eBay/[From "eBay Member: tremolo71" <member@ebay.com>][Date Sun, 8 May 2005 21:08:47 -0700]/text Infected: Trojan-Spy.HTML.Bayfraud.ib
C:\Program Files\Netscape\Users\michaeldperry\Mail\pop.sbcglobal.net\Filed.sbd\eBay/[From "eBay Member: western-swingger1970" <member@ebay.com>][Date Fri, 13 May 2005 15:31:10 -0700]/text Infected: Trojan-Spy.HTML.Bayfraud.ib
C:\Program Files\Netscape\Users\michaeldperry\Mail\pop.sbcglobal.net\Filed.sbd\eBay Infected: Trojan-Spy.HTML.Bayfraud.ib
C:\Program Files\Netscape\Users\michaeldperry\Mail\pop.sbcglobal.net\Filed.sbd\eBay.sbd\Won/[From "eBay Member: othoson" <member@ebay.com>][Date Tue, 7 Jun 2005 20:07:31 -0700]/text Infected: Trojan-Spy.HTML.Bayfraud.ib
C:\Program Files\Netscape\Users\michaeldperry\Mail\pop.sbcglobal.net\Filed.sbd\eBay.sbd\Won Infected: Trojan-Spy.HTML.Bayfraud.ib
C:\Program Files\Netscape\Users\michaeldperry\Mail\pop.sbcglobal.net\Filed.sbd\ISP.sbd\HostOnce/[From "HostOnce.com Domains" <domains@hostonce.com>][Date Tue, 17 Sep 2002 13:48:41 -0400]/text/[From "HostOnce.com" <nick@hostonce.com>][Date Tue, 1 Oct 2002 16:32:18 +0100]/UNNAMED/[From <postmaster@iridium.carolina.net>][Date Fri, 13 Dec 2002 17:31:38 -0500]/UNNAMED/[From webmaster <webmaster@webehaven.com>][Date Fri, 13 Dec 2002 18:04:57 -0500 (EST)]/html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Program Files\Netscape\Users\michaeldperry\Mail\pop.sbcglobal.net\Filed.sbd\ISP.sbd\HostOnce/[From "HostOnce.com Domains" <domains@hostonce.com>][Date Tue, 17 Sep 2002 13:48:41 -0400]/text/[From "HostOnce.com" <nick@hostonce.com>][Date Tue, 1 Oct 2002 16:32:18 +0100]/UNNAMED/[From <postmaster@iridium.carolina.net>][Date Fri, 13 Dec 2002 17:31:38 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Program Files\Netscape\Users\michaeldperry\Mail\pop.sbcglobal.net\Filed.sbd\ISP.sbd\HostOnce/[From "HostOnce.com Domains" <domains@hostonce.com>][Date Tue, 17 Sep 2002 13:48:41 -0400]/text/[From "HostOnce.com" <nick@hostonce.com>][Date Tue, 1 Oct 2002 16:32:18 +0100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Program Files\Netscape\Users\michaeldperry\Mail\pop.sbcglobal.net\Filed.sbd\ISP.sbd\HostOnce/[From "HostOnce.com Domains" <domains@hostonce.com>][Date Tue, 17 Sep 2002 13:48:41 -0400]/text Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Program Files\Netscape\Users\michaeldperry\Mail\pop.sbcglobal.net\Filed.sbd\ISP.sbd\HostOnce Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Program Files\XoftSpy\uninstall.exe/data0003 Infected: not-a-virus:RiskTool.Win32.PsKill.n
C:\Program Files\XoftSpy\uninstall.exe Infected: not-a-virus:RiskTool.Win32.PsKill.n
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1123\A0192129.dll Infected: not-a-virus:AdWare.Win32.Altnet.c
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1123\snapshot\MFEX-10.DAT Infected: not-a-virus:AdWare.Win32.Altnet.a
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1123\snapshot\MFEX-12.DAT Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1123\snapshot\MFEX-7.DAT Infected: not-a-virus:AdWare.Win32.Altnet.j
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1124\A0192188.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1124\A0192229.exe Infected: not-a-virus:AdWare.Win32.Altnet.p
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1124\A0192256.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1124\snapshot\MFEX-10.DAT Infected: not-a-virus:AdWare.Win32.Altnet.a
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1124\snapshot\MFEX-12.DAT Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1124\snapshot\MFEX-7.DAT Infected: not-a-virus:AdWare.Win32.Altnet.j
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1127\A0193255.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1131\A0193477.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1132\A0193487.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1132\A0193490.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1132\A0193491.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.o
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1132\A0193496.DLL Infected: not-a-virus:AdWare.Win32.MySearch.e
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1132\A0193501.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1132\A0193536.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1132\A0194536.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1136\A0195536.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1136\A0195581.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1138\A0195654.dll Infected: not-a-virus:AdWare.Win32.MySearch.e
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1138\A0195660.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1168\A0199747.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1174\A0200191.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1180\A0200798.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1186\A0201374.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1187\A0201521.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1188\A0201591.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1188\A0201655.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1191\A0202537.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1197\A0204803.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1207\A0207414.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1210\A0208097.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1214\A0208288.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1215\A0208371.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1225\A0209942.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1234\A0210506.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1237\A0210673.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1237\A0210715.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1243\A0211148.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1243\A0211149.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{5D7B93E2-36E4-4FEA-8921-F62464C39414}\RP1245\A0212683.dll Infected: not-a-virus:AdWare.Win32.Altnet.d
C:\WINDOWS\system32\scenicnc.exe/setup.zip/1 Infected: not-a-virus:AdWare.Win32.180Solutions
C:\WINDOWS\system32\scenicnc.exe/setup.zip Infected: not-a-virus:AdWare.Win32.180Solutions
C:\WINDOWS\system32\scenicnc.exe Infected: not-a-virus:AdWare.Win32.180Solutions
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Viola Wheeler" <manlhmrypekcel@worldmailer.com>][Date Thu, 05 Aug 2004 10:08:22 +0600]/html Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From Russell Rocha <LRQKKAGFCBUCKM@znbarw1.com>][Date Thu, 5 Aug 2004 07:02:36 -0400]/html Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Francis Saenz" <fsaenz_jw@whitecase.com>][Date Thu, 05 Aug 2004 10:35:07 +0000]/text/[From "Ashlee Ashley" <zirugftvielgf@emailpinoy.com>][Date Fri, 06 Aug 2004 16:08:51 +0300]/html Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Francis Saenz" <fsaenz_jw@whitecase.com>][Date Thu, 05 Aug 2004 10:35:07 +0000]/text Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From " Mcconnell" <WTTJVLDYPN@yahoo.com>][Date Sun, 08 Aug 2004 00:21:01 +0300]/UNNAMED/[From "Phyllis Goode" <ymebefijeg@lightside.net>][Date Sun, 08 Aug 2004 03:50:17 +0600]/html Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From " Mcconnell" <WTTJVLDYPN@yahoo.com>][Date Sun, 08 Aug 2004 00:21:01 +0300]/UNNAMED/[From "Ernest Corley" <%FROM_USER@eazier.com>][Date Sun, 08 Aug 2004 01:22:02 +0200]/html Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From " Mcconnell" <WTTJVLDYPN@yahoo.com>][Date Sun, 08 Aug 2004 00:21:01 +0300]/UNNAMED Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Home Loan Center" <wggsqual@1netdrive.com>][Date Mon, 09 Aug 2004 03:26:13 -0100]/text/[From Julio Corbin <qwzxxdednteep@jpopmail.com>][Date Mon, 09 Aug 2004 16:26:41 -0200]/html Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Home Loan Center" <wggsqual@1netdrive.com>][Date Mon, 09 Aug 2004 03:26:13 -0100]/text/[From "Kalbritton" <kalbritton@americanlegacy.org>][Date Mon, 09 Aug 2004 15:41:02 -0500]/08_price.zip/price.html Infected: Exploit.HTML.CodeBaseExec
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Home Loan Center" <wggsqual@1netdrive.com>][Date Mon, 09 Aug 2004 03:26:13 -0100]/text/[From "Kalbritton" <kalbritton@americanlegacy.org>][Date Mon, 09 Aug 2004 15:41:02 -0500]/08_price.zip/price/price.exe Infected: Email-Worm.Win32.Bagle.al
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Home Loan Center" <wggsqual@1netdrive.com>][Date Mon, 09 Aug 2004 03:26:13 -0100]/text/[From "Kalbritton" <kalbritton@americanlegacy.org>][Date Mon, 09 Aug 2004 15:41:02 -0500]/08_price.zip Infected: Email-Worm.Win32.Bagle.al
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Home Loan Center" <wggsqual@1netdrive.com>][Date Mon, 09 Aug 2004 03:26:13 -0100]/text Infected: Email-Worm.Win32.Bagle.al
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Doctor Roland" <vujwhtv@mailpride.com>][Date Tue, 10 Aug 2004 14:49:47 -0600]/UNNAMED/[From "Robyn Mooney" <r_mooneymg@initial.com>][Date Wed, 11 Aug 2004 15:01:09 +0000]/text/[From "Beth Cochran" <pijkbshcgefji@esinet.net>][Date Wed, 11 Aug 2004 12:51:55 -0400]/html Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Doctor Roland" <vujwhtv@mailpride.com>][Date Tue, 10 Aug 2004 14:49:47 -0600]/UNNAMED/[From "Robyn Mooney" <r_mooneymg@initial.com>][Date Wed, 11 Aug 2004 15:01:09 +0000]/text Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Doctor Roland" <vujwhtv@mailpride.com>][Date Tue, 10 Aug 2004 14:49:47 -0600]/UNNAMED Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Hester Clayton" <cgfefyibaqy@ls1929.com>][Date Fri, 13 Aug 2004 19:26:59 +0300]/UNNAMED/[From "Mel " <hindkleybv@saintmail.net>][Date Fri, 13 Aug 2004 10:06:03 -0700]/html/[From "dimercer" <dimercer@conwaycorp.net>][Date Fri, 13 Aug 2004 23:02:59 -0500]/UNNAMED/[From "Eliseo Shannon" <zwyooovhswq@norikomail.com>][Date Sat, 14 Aug 2004 01:25:30 -0400]/html Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Hester Clayton" <cgfefyibaqy@ls1929.com>][Date Fri, 13 Aug 2004 19:26:59 +0300]/UNNAMED/[From "Mel " <hindkleybv@saintmail.net>][Date Fri, 13 Aug 2004 10:06:03 -0700]/html/[From "dimercer" <dimercer@conwaycorp.net>][Date Fri, 13 Aug 2004 23:02:59 -0500]/UNNAMED Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Hester Clayton" <cgfefyibaqy@ls1929.com>][Date Fri, 13 Aug 2004 19:26:59 +0300]/UNNAMED/[From "Mel " <hindkleybv@saintmail.net>][Date Fri, 13 Aug 2004 10:06:03 -0700]/html Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Hester Clayton" <cgfefyibaqy@ls1929.com>][Date Fri, 13 Aug 2004 19:26:59 +0300]/UNNAMED Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Holloway Robin" <xrdatfp@marchmail.com>][Date Tue, 17 Aug 2004 07:41:00 -0100]/UNNAMED/[From Nora Schmitt <qbsjtwtotucqgw@laposte.net>][Date Tue, 17 Aug 2004 06:50:01 -0600 (CST)]/html Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Holloway Robin" <xrdatfp@marchmail.com>][Date Tue, 17 Aug 2004 07:41:00 -0100]/UNNAMED Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Stacey Hartman" <wgbteidquysvpp@pearland.com>][Date Tue, 17 Aug 2004 19:08:09 +0300]/UNNAMED/[From Shelley Bruner <puwlheaodq@ameritech.net>][Date Tue, 17 Aug 2004 22:14:47 -0300 EST]/UNNAMED/[From "Geneva Butler" <fxiineqcytlhgw@ski.com.au>][Date Wed, 18 Aug 2004 05:58:38 +0500]/UNNAMED/[From "Susan Gillis" <suabajxlnasg@madaboutfootball.co.uk>][Date Wed, 18 Aug 2004 13:57:00 +0500]/html Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Stacey Hartman" <wgbteidquysvpp@pearland.com>][Date Tue, 17 Aug 2004 19:08:09 +0300]/UNNAMED/[From Shelley Bruner <puwlheaodq@ameritech.net>][Date Tue, 17 Aug 2004 22:14:47 -0300 EST]/UNNAMED/[From "Geneva Butler" <fxiineqcytlhgw@ski.com.au>][Date Wed, 18 Aug 2004 05:58:38 +0500]/UNNAMED Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Stacey Hartman" <wgbteidquysvpp@pearland.com>][Date Tue, 17 Aug 2004 19:08:09 +0300]/UNNAMED/[From Shelley Bruner <puwlheaodq@ameritech.net>][Date Tue, 17 Aug 2004 22:14:47 -0300 EST]/UNNAMED Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Stacey Hartman" <wgbteidquysvpp@pearland.com>][Date Tue, 17 Aug 2004 19:08:09 +0300]/UNNAMED Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From CNDD<CNDD52662252@swepta.com>][Date Sun, 15 Aug 2004 11:10:55 -0700]/UNNAMED/[From Natalie.Cooper][Date Thu, 19 Aug 2004 11:27:35 -0400]/html Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From CNDD<CNDD52662252@swepta.com>][Date Sun, 15 Aug 2004 11:10:55 -0700]/UNNAMED/[From Cole Newell <xvpqrqgb@windrivers.net>][Date Thu, 19 Aug 2004 23:23:29 -0100 (CST)]/html Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From CNDD<CNDD52662252@swepta.com>][Date Sun, 15 Aug 2004 11:10:55 -0700]/UNNAMED/[From Alicia Vazquez <avazquez0331@yahoo.com>][Date Thu, 19 Aug 2004 19:29:25 -0700 (PDT)]/UNNAMED/[From "Shauna Shultz" <%FROM_USER@altavista.com>][Date Fri, 20 Aug 2004 08:48:01 +0500]/UNNAMED/html Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From CNDD<CNDD52662252@swepta.com>][Date Sun, 15 Aug 2004 11:10:55 -0700]/UNNAMED/[From Alicia Vazquez <avazquez0331@yahoo.com>][Date Thu, 19 Aug 2004 19:29:25 -0700 (PDT)]/UNNAMED/[From "Shauna Shultz" <%FROM_USER@altavista.com>][Date Fri, 20 Aug 2004 08:48:01 +0500]/UNNAMED Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From CNDD<CNDD52662252@swepta.com>][Date Sun, 15 Aug 2004 11:10:55 -0700]/UNNAMED/[From Alicia Vazquez <avazquez0331@yahoo.com>][Date Thu, 19 Aug 2004 19:29:25 -0700 (PDT)]/UNNAMED Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From CNDD<CNDD52662252@swepta.com>][Date Sun, 15 Aug 2004 11:10:55 -0700]/UNNAMED Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From Delia Ochoa <fspeucqi@emailpinoy.com>][Date Fri, 20 Aug 2004 03:58:26 -0100 (CST)]/UNNAMED/[From "Rico Nadeau" <ovqlsuyezj@5star-shareware.com>][Date Fri, 20 Aug 2004 14:06:31 +0500]/UNNAMED/[From "Cortes Winston" <RFAQMSDNMHNSS@mail2world.com>][Date Fri, 20 Aug 2004 07:14:29 -0700]/UNNAMED/[From Winifred Bonds <rqhfvwd@forfamily.net>][Date Fri, 20 Aug 2004 09:13:35 -0600 EST]/UNNAMED/[From Fran.Raines][Date Fri, 20 Aug 2004 10:55:02 -0400]/html Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From Delia Ochoa <fspeucqi@emailpinoy.com>][Date Fri, 20 Aug 2004 03:58:26 -0100 (CST)]/UNNAMED/[From "Rico Nadeau" <ovqlsuyezj@5star-shareware.com>][Date Fri, 20 Aug 2004 14:06:31 +0500]/UNNAMED/[From "Cortes Winston" <RFAQMSDNMHNSS@mail2world.com>][Date Fri, 20 Aug 2004 07:14:29 -0700]/UNNAMED/[From Winifred Bonds <rqhfvwd@forfamily.net>][Date Fri, 20 Aug 2004 09:13:35 -0600 EST]/UNNAMED/[From Anton Flowers <vcmbrjrqi@thedoghouse.com>][Date Fri, 20 Aug 2004 20:40:29 +0500 (CST)]/html Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From Delia Ochoa <fspeucqi@emailpinoy.com>][Date Fri, 20 Aug 2004 03:58:26 -0100 (CST)]/UNNAMED/[From "Rico Nadeau" <ovqlsuyezj@5star-shareware.com>][Date Fri, 20 Aug 2004 14:06:31 +0500]/UNNAMED/[From "Cortes Winston" <RFAQMSDNMHNSS@mail2world.com>][Date Fri, 20 Aug 2004 07:14:29 -0700]/UNNAMED/[From Winifred Bonds <rqhfvwd@forfamily.net>][Date Fri, 20 Aug 2004 09:13:35 -0600 EST]/UNNAMED Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From Delia Ochoa <fspeucqi@emailpinoy.com>][Date Fri, 20 Aug 2004 03:58:26 -0100 (CST)]/UNNAMED/[From "Rico Nadeau" <ovqlsuyezj@5star-shareware.com>][Date Fri, 20 Aug 2004 14:06:31 +0500]/UNNAMED/[From "Cortes Winston" <RFAQMSDNMHNSS@mail2world.com>][Date Fri, 20 Aug 2004 07:14:29 -0700]/UNNAMED Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From Delia Ochoa <fspeucqi@emailpinoy.com>][Date Fri, 20 Aug 2004 03:58:26 -0100 (CST)]/UNNAMED/[From "Rico Nadeau" <ovqlsuyezj@5star-shareware.com>][Date Fri, 20 Aug 2004 14:06:31 +0500]/UNNAMED Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From Delia Ochoa <fspeucqi@emailpinoy.com>][Date Fri, 20 Aug 2004 03:58:26 -0100 (CST)]/UNNAMED Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Lowell Myers" <mwqwwnwjvazjq@juno.com>][Date Sat, 21 Aug 2004 15:35:11 +0600]/UNNAMED/[From "Jolene Parsons" <jolene.parsonsdm@tcc.on.ca>][Date Sat, 21 Aug 2004 08:31:18 +0200]/html/[From "Lindsey Mcfarland" <xrxjihrty@another.com>][Date Mon, 11 Aug 2003 00:03:26 +0500]/html Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Lowell Myers" <mwqwwnwjvazjq@juno.com>][Date Sat, 21 Aug 2004 15:35:11 +0600]/UNNAMED/[From "Jolene Parsons" <jolene.parsonsdm@tcc.on.ca>][Date Sat, 21 Aug 2004 08:31:18 +0200]/html Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Lowell Myers" <mwqwwnwjvazjq@juno.com>][Date Sat, 21 Aug 2004 15:35:11 +0600]/UNNAMED Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From Brent Wiseman <miles@mdalaw.com>][Date Sun, 22 Aug 2004 06:06:19 -0600]/UNNAMED/[From "Burl Noel" <jrgcoqiflyf@2cowherd.net>][Date Sun, 22 Aug 2004 09:35:13 -0300]/html Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From Brent Wiseman <miles@mdalaw.com>][Date Sun, 22 Aug 2004 06:06:19 -0600]/UNNAMED Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From Salvatore Alvarez <nyhpmmz@tekmailer.com>][Date Tue, 24 Aug 2004 16:12:41 -0400 EST]/UNNAMED/[From "Minnie Yates" <Fontenotddr@callsign.net>][Date Wed, 25 Aug 2004 06:11:59 +0300]/html Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From Salvatore Alvarez <nyhpmmz@tekmailer.com>][Date Tue, 24 Aug 2004 16:12:41 -0400 EST]/UNNAMED/[From "Donovan Costello" <jxdplgjksttbuz@decajon.com>][Date Wed, 25 Aug 2004 08:25:07 +0200]/html Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From Salvatore Alvarez <nyhpmmz@tekmailer.com>][Date Tue, 24 Aug 2004 16:12:41 -0400 EST]/UNNAMED/[From George King <hilary@seznam.cz>][Date Wed, 25 Aug 2004 08:19:29 +0000]/UNNAMED/[From "Kitty Acosta" <bciczvurdmphcp@calwest.net>][Date Wed, 25 Aug 2004 07:25:21 -0100]/html Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From Salvatore Alvarez <nyhpmmz@tekmailer.com>][Date Tue, 24 Aug 2004 16:12:41 -0400 EST]/UNNAMED/[From George King <hilary@seznam.cz>][Date Wed, 25 Aug 2004 08:19:29 +0000]/UNNAMED/[From "Citibank Support" <Citibank.message@emailmessage.citibank.com>][Date Wed, 25 Aug 2004 18:38:05 +0600]/html Infected: Trojan-Spy.HTML.Citifraud.p
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From Salvatore Alvarez <nyhpmmz@tekmailer.com>][Date Tue, 24 Aug 2004 16:12:41 -0400 EST]/UNNAMED/[From George King <hilary@seznam.cz>][Date Wed, 25 Aug 2004 08:19:29 +0000]/UNNAMED/[From Anita Burrell <nefdowxmplcpnb@space.com>][Date Wed, 25 Aug 2004 08:35:06 -0500 (CST)]/html Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From Salvatore Alvarez <nyhpmmz@tekmailer.com>][Date Tue, 24 Aug 2004 16:12:41 -0400 EST]/UNNAMED/[From George King <hilary@seznam.cz>][Date Wed, 25 Aug 2004 08:19:29 +0000]/UNNAMED/[From "Jessica Kidd" <dixrtwiy@korea.com>][Date Wed, 25 Aug 2004 10:39:23 -0300]/html Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From Salvatore Alvarez <nyhpmmz@tekmailer.com>][Date Tue, 24 Aug 2004 16:12:41 -0400 EST]/UNNAMED/[From George King <hilary@seznam.cz>][Date Wed, 25 Aug 2004 08:19:29 +0000]/UNNAMED/[From Dixie Fink <Dentonlqt@surflondon.co.uk>][Date Wed, 25 Aug 2004 14:41:01 -0200 (PDT)]/html Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From Salvatore Alvarez <nyhpmmz@tekmailer.com>][Date Tue, 24 Aug 2004 16:12:41 -0400 EST]/UNNAMED/[From George King <hilary@seznam.cz>][Date Wed, 25 Aug 2004 08:19:29 +0000]/UNNAMED Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From Salvatore Alvarez <nyhpmmz@tekmailer.com>][Date Tue, 24 Aug 2004 16:12:41 -0400 EST]/UNNAMED/[From Troy Clemons <Hamptonqoi@computermail.net>][Date Fri, 15 Aug 2003 14:07:38 +0200]/UNNAMED/html Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From Salvatore Alvarez <nyhpmmz@tekmailer.com>][Date Tue, 24 Aug 2004 16:12:41 -0400 EST]/UNNAMED/[From Troy Clemons <Hamptonqoi@computermail.net>][Date Fri, 15 Aug 2003 14:07:38 +0200]/UNNAMED Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From Salvatore Alvarez <nyhpmmz@tekmailer.com>][Date Tue, 24 Aug 2004 16:12:41 -0400 EST]/UNNAMED/[From Lucille Huynh <xwwsdxqe@cyberinbox.com>][Date Fri, 15 Aug 2003 05:23:44 -0500 EST]/UNNAMED/html Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From Salvatore Alvarez <nyhpmmz@tekmailer.com>][Date Tue, 24 Aug 2004 16:12:41 -0400 EST]/UNNAMED/[From Lucille Huynh <xwwsdxqe@cyberinbox.com>][Date Fri, 15 Aug 2003 05:23:44 -0500 EST]/UNNAMED/[From "Wilbert Espositol" <Mayqqm@madmail.com>][Date Thu, 26 Aug 2004 11:37:50 +0400]/html Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From Salvatore Alvarez <nyhpmmz@tekmailer.com>][Date Tue, 24 Aug 2004 16:12:41 -0400 EST]/UNNAMED/[From Lucille Huynh <xwwsdxqe@cyberinbox.com>][Date Fri, 15 Aug 2003 05:23:44 -0500 EST]/UNNAMED/[From "Beulah" <ovxuykmxhxfv@post.sk>][Date Thu, 26 Aug 2004 07:07:08 -0500]/html Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From Salvatore Alvarez <nyhpmmz@tekmailer.com>][Date Tue, 24 Aug 2004 16:12:41 -0400 EST]/UNNAMED/[From Lucille Huynh <xwwsdxqe@cyberinbox.com>][Date Fri, 15 Aug 2003 05:23:44 -0500 EST]/UNNAMED Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From Salvatore Alvarez <nyhpmmz@tekmailer.com>][Date Tue, 24 Aug 2004 16:12:41 -0400 EST]/UNNAMED Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Lorna Locke" <civtdse@axtel.net>][Date Thu, 26 Aug 2004 22:17:58 +0100]/UNNAMED/[From "Lynda Hobbs" <siovvx@yahoo.com>][Date Thu, 26 Aug 2004 19:39:52 -0800]/UNNAMED/[From "Roseann Stewart" <mcyqlpdcbd@swbell.net>][Date Fri, 27 Aug 2004 05:55:30 +0100]/UNNAMED/[From "Dion G. Sanford" <d.g.sanfordjc@aol.com>][Date Fri, 27 Aug 2004 04:20:45 +0000]/html Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Lorna Locke" <civtdse@axtel.net>][Date Thu, 26 Aug 2004 22:17:58 +0100]/UNNAMED/[From "Lynda Hobbs" <siovvx@yahoo.com>][Date Thu, 26 Aug 2004 19:39:52 -0800]/UNNAMED/[From "Roseann Stewart" <mcyqlpdcbd@swbell.net>][Date Fri, 27 Aug 2004 05:55:30 +0100]/UNNAMED Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Lorna Locke" <civtdse@axtel.net>][Date Thu, 26 Aug 2004 22:17:58 +0100]/UNNAMED/[From "Lynda Hobbs" <siovvx@yahoo.com>][Date Thu, 26 Aug 2004 19:39:52 -0800]/UNNAMED Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Lorna Locke" <civtdse@axtel.net>][Date Thu, 26 Aug 2004 22:17:58 +0100]/UNNAMED/[From "false Faulk" <Cherryfear734184@rogers.com>][Date Sat, 28 Aug 2004 10:41:45 -0300]/UNNAMED/[From "Chasity Eldridge" <%FROM_USER@garbagemail.com>][Date Sat, 28 Aug 2004 22:54:46 +0200]/html Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Lorna Locke" <civtdse@axtel.net>][Date Thu, 26 Aug 2004 22:17:58 +0100]/UNNAMED/[From "false Faulk" <Cherryfear734184@rogers.com>][Date Sat, 28 Aug 2004 10:41:45 -0300]/UNNAMED/[From WM_PQ_UGs@youpy.ch][Date Sun, 29 Aug 2004 04:33:46 +0500]/html Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Lorna Locke" <civtdse@axtel.net>][Date Thu, 26 Aug 2004 22:17:58 +0100]/UNNAMED/[From "false Faulk" <Cherryfear734184@rogers.com>][Date Sat, 28 Aug 2004 10:41:45 -0300]/UNNAMED/[From "Denise Trujillo" <pmkubjez@yahoo.com>][Date Sun, 29 Aug 2004 04:20:23 +0100]/UNNAMED/[From "Julius Yang" <umkqjshp@deephousemusic.com>][Date Sun, 29 Aug 2004 01:46:02 -0100]/html Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Lorna Locke" <civtdse@axtel.net>][Date Thu, 26 Aug 2004 22:17:58 +0100]/UNNAMED/[From "false Faulk" <Cherryfear734184@rogers.com>][Date Sat, 28 Aug 2004 10:41:45 -0300]/UNNAMED/[From "Denise Trujillo" <pmkubjez@yahoo.com>][Date Sun, 29 Aug 2004 04:20:23 +0100]/UNNAMED/[From Mail Delivery Subsystem <MAILER-DAEMON@pimout2-ext.prodigy.net>][Date Sun, 29 Aug 2004 01:59:08 -0400]/UNNAMED/[From "To ... /[From "Ali Clifford" <%FROM_USER@send.ru>][Date Sun, 29 Aug 2004 10:15:27 +0200]/html Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Lorna Locke" <civtdse@axtel.net>][Date Thu, 26 Aug 2004 22:17:58 +0100]/UNNAMED/[From "false Faulk" <Cherryfear734184@rogers.com>][Date Sat, 28 Aug 2004 10:41:45 -0300]/UNNAMED/[From "Denise Trujillo" <pmkubjez@yahoo.com>][Date Sun, 29 Aug 2004 04:20:23 +0100]/UNNAMED/[From Mail Delivery Subsystem <MAILER-DAEMON@pimout2-ext.prodigy.net>][Date Sun, 29 Aug 2004 01:59:08 -0400]/UNNAMED/[From "Tommie Nelson" <%FROM_USER@france.com>][Date Sun, 29 Aug 2004 01:39:00 -0700]/UNNAMED Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Lorna Locke" <civtdse@axtel.net>][Date Thu, 26 Aug 2004 22:17:58 +0100]/UNNAMED/[From "false Faulk" <Cherryfear734184@rogers.com>][Date Sat, 28 Aug 2004 10:41:45 -0300]/UNNAMED/[From "Denise Trujillo" <pmkubjez@yahoo.com>][Date Sun, 29 Aug 2004 04:20:23 +0100]/UNNAMED/[From Mail Delivery Subsystem <MAILER-DAEMON@pimout2-ext.prodigy.net>][Date Sun, 29 Aug 2004 01:59:08 -0400]/UNNAMED Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Lorna Locke" <civtdse@axtel.net>][Date Thu, 26 Aug 2004 22:17:58 +0100]/UNNAMED/[From "false Faulk" <Cherryfear734184@rogers.com>][Date Sat, 28 Aug 2004 10:41:45 -0300]/UNNAMED/[From "Denise Trujillo" <pmkubjez@yahoo.com>][Date Sun, 29 Aug 2004 04:20:23 +0100]/UNNAMED Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Lorna Locke" <civtdse@axtel.net>][Date Thu, 26 Aug 2004 22:17:58 +0100]/UNNAMED/[From "false Faulk" <Cherryfear734184@rogers.com>][Date Sat, 28 Aug 2004 10:41:45 -0300]/UNNAMED Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Lorna Locke" <civtdse@axtel.net>][Date Thu, 26 Aug 2004 22:17:58 +0100]/UNNAMED/[From "Antoine Gaines" <sales@perrywebservices.com>][Date Mon, 30 Aug 2004 07:43:31 -0200]/UNNAMED/[From "Catalina Hoffman" <Abrahamuso@hctc.com>][Date Sun, 29 Aug 2004 21:04:31 -0500]/html Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Lorna Locke" <civtdse@axtel.net>][Date Thu, 26 Aug 2004 22:17:58 +0100]/UNNAMED/[From "Antoine Gaines" <sales@perrywebservices.com>][Date Mon, 30 Aug 2004 07:43:31 -0200]/UNNAMED Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Lorna Locke" <civtdse@axtel.net>][Date Thu, 26 Aug 2004 22:17:58 +0100]/UNNAMED/[From "Local affair" <PUUREKVRHLPS@mailpanda.com>][Date Tue, 31 Aug 2004 02:13:26 -0700]/UNNAMED/[From "Career Resource Center"<CareerResourceCenter@firstnationmail.com>][Date Mon,30 Aug 2004 05:25:36 -0600]/UNNAMED/[From Kendall Willis <Yatespzb@chinaarmy.net>][Date Thu, 21 Aug 2003 13:12:53 +0100 (CST)]/html Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Lorna Locke" <civtdse@axtel.net>][Date Thu, 26 Aug 2004 22:17:58 +0100]/UNNAMED/[From "Local affair" <PUUREKVRHLPS@mailpanda.com>][Date Tue, 31 Aug 2004 02:13:26 -0700]/UNNAMED/[From "Career Resource Center"<CareerResourceCenter@firstnationmail.com>][Date Mon,30 Aug 2004 05:25:36 -0600]/UNNAMED/[From "Eloy Cano" <eloycano_rm@hotmail.com>][Date Wed, 01 Sep 2004 03:01:03 +0000]/html Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Lorna Locke" <civtdse@axtel.net>][Date Thu, 26 Aug 2004 22:17:58 +0100]/UNNAMED/[From "Local affair" <PUUREKVRHLPS@mailpanda.com>][Date Tue, 31 Aug 2004 02:13:26 -0700]/UNNAMED/[From "Career Resource Center"<CareerResourceCenter@firstnationmail.com>][Date Mon,30 Aug 2004 05:25:36 -0600]/UNNAMED/[From "Ollie Roth" <Ruizkcm@emurl.com>][Date Tue, 31 Aug 2004 21:59:37 -0700]/html Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Lorna Locke" <civtdse@axtel.net>][Date Thu, 26 Aug 2004 22:17:58 +0100]/UNNAMED/[From "Local affair" <PUUREKVRHLPS@mailpanda.com>][Date Tue, 31 Aug 2004 02:13:26 -0700]/UNNAMED/[From "Career Resource Center"<CareerResourceCenter@firstnationmail.com>][Date Mon,30 Aug 2004 05:25:36 -0600]/UNNAMED Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Lorna Locke" <civtdse@axtel.net>][Date Thu, 26 Aug 2004 22:17:58 +0100]/UNNAMED/[From "Local affair" <PUUREKVRHLPS@mailpanda.com>][Date Tue, 31 Aug 2004 02:13:26 -0700]/UNNAMED Infected: Trojan-Dropper.VBS.Zerolin
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Lorna Locke" <civtdse@axtel.net>][Date Thu, 26 Aug 2004 22:17:58 +0100]/UNNAMED/[From "Mayra Keith" <xbimxiheoifdfd@alwaysbeconnected.com>][Date Thu, 02 Sep 2004 02:15:55 +0200]/UNNAMED/[From "Citibank Support" <Citibank.message@emailmessage.citibank.com>][Date Wed, 25 Aug 2004 18:38:05 +0600]/UNNAMED/html Infected: Trojan-Spy.HTML.Citifraud.p
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Lorna Locke" <civtdse@axtel.net>][Date Thu, 26 Aug 2004 22:17:58 +0100]/UNNAMED/[From "Mayra Keith" <xbimxiheoifdfd@alwaysbeconnected.com>][Date Thu, 02 Sep 2004 02:15:55 +0200]/UNNAMED/[From "Citibank Support" <Citibank.message@emailmessage.citibank.com>][Date Wed, 25 Aug 2004 18:38:05 +0600]/UNNAMED Infected: Trojan-Spy.HTML.Citifraud.p
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Lorna Locke" <civtdse@axtel.net>][Date Thu, 26 Aug 2004 22:17:58 +0100]/UNNAMED/[From "Mayra Keith" <xbimxiheoifdfd@alwaysbeconnected.com>][Date Thu, 02 Sep 2004 02:15:55 +0200]/UNNAMED Infected: Trojan-Spy.HTML.Citifraud.p
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Lorna Locke" <civtdse@axtel.net>][Date Thu, 26 Aug 2004 22:17:58 +0100]/UNNAMED/[From "juror Catherine" <specklePolly238305@juno.com>][Date Sat, 04 Sep 2004 05:01:29 +0200]/UNNAMED/[From "Madeline Akers" <%FROM_USER@1033edge.com>][Date Sat, 04 Sep 2004 06:25:44 +0300]/UNNAMED/html Infected: Trojan-Downloader.JS.gen
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Lorna Locke" <civtdse@axtel.net>][Date Thu, 26 Aug 2004 22:17:58 +0100]/UNNAMED/[From "juror Catherine" <specklePolly238305@juno.com>][Date Sat, 04 Sep 2004 05:01:29 +0200]/UNNAMED/[From "Madeline Akers" <%FROM_USER@1033edge.com>][Date Sat, 04 Sep 2004 06:25:44 +0300]/UNNAMED Infected: Trojan-Downloader.JS.gen
F:\BackupJumpDrive20050721\Thunderbird20050714\jutvhmpq.default\Mail\pop.sbcglobal.net\Filed.sbd\CCC/[From "Lorna Locke" <civtdse@axtel.net>][Date Thu, 26 Aug 2004 22:17:58 +0100]/UNNAMED/[From "juror Catherine" <specklePolly238305@juno




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users