Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need help removing virus/malware on my computer.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Need help removing virus/malware on my computer.

Unread postby josec » September 5th, 2007, 10:25 pm

I have a virus/malware on my computer. I remove it but it comes back. I was not able to run the suggested tools because my computer would lock-up and I would have to restart my computer. Any help will be appreciated.
Here is the Hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:08:05 PM, on 9/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\CDProxyServ.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Updater.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
C:\Program Files\QuickTime\qttask.exe
E:\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\TrojanHunter 4.7\THGuard.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\CreataCard\Plus\FMRemind.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Handspring\AlarmApp.exe
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Program Files\TrueSwitchComcast\TrueWizard.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\JOSE\Application Data\Mozilla\Profiles\default\gt4uvsk2.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\JOSE\Application Data\Mozilla\Profiles\default\gt4uvsk2.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {3459b64a-b0ad-471f-9cfa-8005069e45dc} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [InetCntrl] C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [osCheck] "E:\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Startup: Alarm Manager.LNK = C:\Program Files\Handspring\AlarmApp.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueSwitchComcast\TrueWizard.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk = C:\Program Files\CreataCard\Plus\FMRemind.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId= ... lcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - E:\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\NetMeeting\proly.html
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/Jose/LOCALS~1/Temp/msoclip1/01/clip_image002.jpg

--
End of file - 12615 bytes
josec
Regular Member
 
Posts: 17
Joined: September 5th, 2007, 4:03 pm
Advertisement
Register to Remove

Unread postby Simon V. » September 8th, 2007, 1:38 pm

    Hello, and welcome to the forum.

    My name is Simon V., and I'll be glad to help you with your computer problems.

    HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happens.
    I am currently looking over your log. As I am a trainee, everything that I post to you must be checked by an Admin or Moderator. Thus, there may be a tiny bit of a delay between posts, but it shouldn't be too long. I will post back shortly with a potential fix.

    Please be patient and I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium

Unread postby Simon V. » September 8th, 2007, 3:58 pm

    Hi :)

    Go to Start > Control Panel > Display Properties > Desktop > Customize Desktop... > Web Tab
    Uncheck and delete everything you find in there (except for My current home page).

    Run a .bat File

  • Please copy and paste the text in the code box into Notepad.

    Code: Select all
    sc stop sys$aries
    sc delete $sys$aries

  • Go to File > Save As:. Save the file as "Fix.bat" (Including the quotes)
  • Double-click on Fix.bat to run the file.
  • Reboot your computer.

    Show Hidden Files and Folders
  • Be sure that you are set to see hidden files and folders:
    • Close all programs so that you are at your desktop.
    • Double-click on the My Computer icon.
    • Select the Tools menu and click Folder Options.
    • After the new window appears select the View tab.
    • Put a checkmark in the checkbox labelled Display the contents of system folders.
    • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
    • Remove the checkmark from the checkbox labelled Hide file extensions for known file types.
    • Remove the checkmark from the checkbox labelled Hide protected operating system files.
    • Press the Apply button and then the OK button and shutdown My Computer.
    Delete Files and Folders
  • Navigate to the following files/folders using Windows Explorer and delete them when found:

    C:\Windows\system32\$sys$filesystem\aries.sys <-- File

    Fix Entries with HijackThis
  • Open HijackThis, perform a scan and put a check next to the following items (if present):

    O2 - BHO: (no name) - {3459b64a-b0ad-471f-9cfa-8005069e45dc} - (no file)
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)


    Optional:

    O4 - Startup: PowerReg Scheduler.exe

    This is a registration reminder that is used by several companies. It is also believed to report back to the installing company some information about your computer. I recommend that you also check it.

    Close all programs except HijackThis and click on Fix checked.

    Run Kaspersky Online Scan
  • Please do an online scan with Kaspersky WebScanner

    Click on Kaspersky Online Scanner

    You will be promted to install an ActiveX component from Kaspersky, click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make sure that the following are selected:
      • Scan using the following Anti-Virus database:
        Extended (if available otherwise Standard)
      • Scan Options:
        Scan Archives Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
        Select My Computer
    • The program will start and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Now click on the Save as Text button:
    • Save the file to your desktop.
    Report Back
  • Please post the report from the Kaspersky Online Scan, along with a new HijackThis log in your next reply.
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium

Unread postby josec » September 10th, 2007, 1:13 am

Thanks for your help.

I was unable to run Kaspersky Online Scanner without my computer locking-up....I had to reboot my computer - twice.

Here is the HijackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:34 PM, on 9/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\CDProxyServ.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Password Manager\AcctMgr.exe
C:\Updater.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\QuickTime\qttask.exe
E:\iTunes\iTunesHelper.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\TrojanHunter 4.7\THGuard.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\CreataCard\Plus\FMRemind.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Handspring\AlarmApp.exe
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Program Files\TrueSwitchComcast\TrueWizard.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\JOSE\Application Data\Mozilla\Profiles\default\gt4uvsk2.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\JOSE\Application Data\Mozilla\Profiles\default\gt4uvsk2.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [InetCntrl] C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [osCheck] "E:\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Startup: Alarm Manager.LNK = C:\Program Files\Handspring\AlarmApp.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueSwitchComcast\TrueWizard.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk = C:\Program Files\CreataCard\Plus\FMRemind.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId= ... lcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - E:\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12526 bytes
josec
Regular Member
 
Posts: 17
Joined: September 5th, 2007, 4:03 pm

Unread postby josec » September 10th, 2007, 3:37 am

I hope this helps. I was able to run Trojan Hunter which found some trojans on my computer. This is what it found:

Trojans found and removed with Trojan Hunter

Removed registry key HKEY_CLASSES_ROOT\interface\{d3c63786-0568-477d-b39d-f04cddc3c574}\ProxyStubClsid
Removed registry key HKEY_CLASSES_ROOT\interface\{d3c63786-0568-477d-b39d-f04cddc3c574}\ProxyStubClsid32
Removed registry key HKEY_CLASSES_ROOT\interface\{d3c63786-0568-477d-b39d-f04cddc3c574}\TypeLib
Removed registry key HKEY_CLASSES_ROOT\interface\{d3c63786-0568-477d-b39d-f04cddc3c574}

Removed registry key HKEY_CLASSES_ROOT\typelib\{98cdb417-4f5c-4d8c-93dc-df5ab156e997}\1.0\0\win32
Removed registry key HKEY_CLASSES_ROOT\typelib\{98cdb417-4f5c-4d8c-93dc-df5ab156e997}\1.0\0
Removed registry key HKEY_CLASSES_ROOT\typelib\{98cdb417-4f5c-4d8c-93dc-df5ab156e997}\1.0\FLAGS
Removed registry key HKEY_CLASSES_ROOT\typelib\{98cdb417-4f5c-4d8c-93dc-df5ab156e997}\1.0\HELPDIR
Removed registry key HKEY_CLASSES_ROOT\typelib\{98cdb417-4f5c-4d8c-93dc-df5ab156e997}\1.0
Removed registry key HKEY_CLASSES_ROOT\typelib\{98cdb417-4f5c-4d8c-93dc-df5ab156e997}

Quarantined file C:\Program Files\Teaching Textbooks\Math 7\uninst.exe

Quarantined file C:\Save\Taxes\TurboTax 2003\32bit\er.dll

Quarantined file C:\Save\Taxes\TurboTax 2003\32bit\tltran.dll

Quarantined file C:\WINDOWS\tk58.exe

Quarantined file E:\Moms Old C-drive\Save\Taxes\TurboTax 2003\32bit\er.dll

Quarantined file E:\Moms Old C-drive\Save\Taxes\TurboTax 2003\32bit\tltran.dll
Trojan cleaning finished.

I ran TrojanHunter again and the following trojans where found but were not removed because the computer lock-up while scanning.

Found trojan file: C:\System Volume Information\_restore {B37680B2-BA0A-4E5D-BF30-83E44C588624}RP7\A0004406.exe (trojanDropper.PreInstall.100)
Found trojan file: C:\System Volume Information\_restore {B37680B2-BA0A-4E5D-BF30-83E44C588624}RP7\A0004407.dll {Exploit.ms06-001.100)
Found trojan file: C:\System Volume Information\_restore {B37680B2-BA0A-4E5D-BF30-83E44C588624}RP7\A0004408.dll (Exploit.ms06-001.100)
Found trojan file: C:\System Volume Information\_restore {B37680B2-BA0A-4E5D-BF30-83E44C588624}RP7\A0004409.exe (Adware.ZQuest.101)

Computer locked-up while scanning this file:

C:\windows\$hf_mig$|KB896424\Update\Spcustom.dll

Rebooted computer............
josec
Regular Member
 
Posts: 17
Joined: September 5th, 2007, 4:03 pm

Unread postby Simon V. » September 10th, 2007, 2:09 pm

    Hi :)

    Show Hidden Files and Folders

  • Be sure that you are set to see hidden files and folders:
    • Close all programs so that you are at your desktop.
    • Double-click on the My Computer icon.
    • Select the Tools menu and click Folder Options.
    • After the new window appears select the View tab.
    • Put a checkmark in the checkbox labelled Display the contents of system folders.
    • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
    • Remove the checkmark from the checkbox labelled Hide file extensions for known file types.
    • Remove the checkmark from the checkbox labelled Hide protected operating system files.
    • Press the Apply button and then the OK button and shutdown My Computer.
  • Please check if you can see this folder, using Windows Explorer: C:\WINDOWS\system32\$sys$filesystem\. Please post back to me whether or not you can see that folder.
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium

Unread postby josec » September 10th, 2007, 8:26 pm

Yes, I can see C:\WINDOWS\System32\$sys$filesystem\ on my computer.
josec
Regular Member
 
Posts: 17
Joined: September 5th, 2007, 4:03 pm

Unread postby Simon V. » September 11th, 2007, 11:24 am

    Hi :)

    Fix Entries with HijackThis

  • Open HijackThis, perform a scan and put a check next to the following items (if present):

    O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
    O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe


    Close all programs except HijackThis and click on Fix checked.

    Run a .bat File
  • Please copy and paste the text in the code box into Notepad.

    Code: Select all
    sc stop $sys$DRMServer
    sc config $sys$DRMServer start=disabled
    sc stop CD_Proxy
    sc config CD_Proxy start=disabled

  • Go to File > Save As:. Save the file as "Fix.bat" (Including the quotes)
  • Double-click on Fix.bat to run the file.
  • Restart your computer.
  • Important: As we are working with your CD drive drivers, please check if your CD drive still works. Do not use any music CDs to test the drive. The infection you have is delivered by a Sony Music CD. Some links: General Info, List of CDs that Install the Infection, and How to Tell. You should not insert any music CDs until your computer is clean.

    If the CD drive doesn’t work, post back to me. If it does, follow the instructions below.

    Delete Files and Folders
  • Navigate to the following files/folders using Windows Explorer and delete them when found:

    C:\WINDOWS\system32\$sys$filesystem\
    C:\WINDOWS\CDProxyServ.exe
  • Restart your computer.
  • Please post a new HijackThis log in your next reply and tell me how everything is working.
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium

Unread postby josec » September 12th, 2007, 4:03 am

Thank you for your time helping me resolve me computer problem(s).

I ran HighjackThis checked the boxes suggested and clicked Fix checked and ran the Fix.bat file.

I was not able to delete the folder $sys$filesystem or the file CDProxyServ.exe. A box popped up that read "Cannot delete $Sys$DRMServer.exe: Access denied" Also there is a padlock icon in front of $Sys$DRMServer.exe.

I ran Kaspersky Online Scanner but it locked-up again 2% into the scan.

I was able to run TrajanHunter. This is what it found:

Scanning folder C:\System Volume Information
Found trojan file: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0004406.exe (TrojanDropper.PreInstall.100)
Found trojan file: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0004407.dll (Exploit.MS06-001.100)
Found trojan file: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0004408.dll (Exploit.MS06-001.100)
Found adware file: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0004409.exe (Adware.ZQuest.101)

I did not have TrajanHunter clean anything.

There is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:49 AM, on 9/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\CDProxyServ.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\Updater.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\QuickTime\qttask.exe
E:\iTunes\iTunesHelper.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\TrojanHunter 4.7\THGuard.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\CreataCard\Plus\FMRemind.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Handspring\AlarmApp.exe
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Program Files\TrueSwitchComcast\TrueWizard.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\JOSE\Application Data\Mozilla\Profiles\default\gt4uvsk2.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\JOSE\Application Data\Mozilla\Profiles\default\gt4uvsk2.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [InetCntrl] C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [osCheck] "E:\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Startup: Alarm Manager.LNK = C:\Program Files\Handspring\AlarmApp.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueSwitchComcast\TrueWizard.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk = C:\Program Files\CreataCard\Plus\FMRemind.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId= ... lcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - E:\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12254 bytes
josec
Regular Member
 
Posts: 17
Joined: September 5th, 2007, 4:03 pm

Unread postby Simon V. » September 12th, 2007, 1:16 pm

    Hi :)

    Combofix

  • Please download Combofix from one of the links below:

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
  • Open Notepad, and copy/paste the text in the quotebox below into it:

    Code: Select all
    File::
    
    C:\windows\CDProxyServ.exe
    C:\windows\system32\$sys$caj.dll
    C:\windows\system32\$sys$upgtool.exe
    C:\windows\system32\driver\$sys$cor.sys
    
    Folder::
    
    C:\Windows\System32\$sys$filesystem
    
    Driver::
    
    $sys$aries
    $sys$cor
    $sys$crater
    LEGACY_$SYS$OCT
    LEGACY_$SYS$LIM
    CD_Proxy
    $sys$DRMServer

  • Save this as "CFScript".

    Image
  • Referring to the picture above, drag CFScript into ComboFix.exe.
  • It will create a log (C:\Combofix.txt). Post it here, along with a new HijackThis log. Also tell me how everything is working.
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium

Unread postby josec » September 13th, 2007, 1:26 am

Hi Simon V. javascript:emoticon(':)')
Smile

I completed all you requested. My computer is operating better but still a bit slow.

Here are the logs.

ComboFix 07-09-10.6 - "Jose" 2007-09-12 20:58:49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.38 [GMT -7:00]
Command switches used :: C:\Documents and Settings\Jose\Desktop\CFScript
* Created a new restore point

FILE::
C:\windows\CDProxyServ.exe
C:\windows\system32\$sys$caj.dll
C:\windows\system32\$sys$upgtool.exe
C:\windows\system32\driver\$sys$cor.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\svhost
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\windows\CDProxyServ.exe
C:\windows\system32\$sys$caj.dll
C:\Windows\System32\$sys$filesystem
C:\Windows\System32\$sys$filesystem\$sys$DRMServer.exe
C:\Windows\System32\$sys$filesystem\$sys$parking
C:\Windows\System32\$sys$filesystem\crater.sys
C:\Windows\System32\$sys$filesystem\DbgHelp.dll
C:\Windows\System32\$sys$filesystem\lim.sys
C:\Windows\System32\$sys$filesystem\oct.sys
C:\Windows\System32\$sys$filesystem\Unicows.dll
C:\windows\system32\$sys$upgtool.exe
C:\WINDOWS\system32\A1
C:\WINDOWS\system32\B1
C:\WINDOWS\system32\configs
C:\WINDOWS\system32\f10WtR
C:\WINDOWS\system32\win
C:\WINDOWS\system32\X2


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_$SYS$ARIES
-------\LEGACY_$SYS$DRMSERVER
-------\LEGACY_CD_PROXY
-------\$sys$cor
-------\$sys$crater
-------\$sys$DRMServer
-------\CD_Proxy


((((((((((((((((((((((((( Files Created from 2007-08-13 to 2007-09-13 )))))))))))))))))))))))))))))))
.

2007-09-12 20:26 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-12 00:37 <DIR> d-------- C:\DOCUME~1\Jose\APPLIC~1\TrojanHunter
2007-09-09 19:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-09-09 19:00 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2007-09-05 17:38 <DIR> d-------- C:\Program Files\TrojanHunter 4.7
2007-09-04 22:44 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-31 14:43 12,160 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mouhid.sys
2007-08-31 14:43 12,160 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\mouhid.sys
2007-08-30 19:28 <DIR> d-------- C:\Program Files\TrueSwitch
2007-08-30 19:28 <DIR> d-------- C:\DOCUME~1\Jose\APPLIC~1\TrueSwitch
2007-08-30 19:27 <DIR> d-------- C:\Program Files\TrueSwitchComcast
2007-08-30 18:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2007-08-29 17:36 20,992 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.sys
2007-08-29 17:36 20,992 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\rtl8139.sys
2007-08-25 20:41 <DIR> d-------- C:\Program Files\support.com
2007-08-25 20:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Support.com
2007-08-22 17:56 <DIR> d-------- C:\WINDOWS\pss
2007-08-22 17:26 22,112 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\COH_Mon.sys
2007-08-21 21:21 28,672 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\CO_Mon.sys
2007-08-20 10:13 <DIR> d-------- C:\Program Files\Teaching Textbooks
2007-08-20 10:12 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-08-18 21:29 1,088 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pxfsf.dat
2007-08-18 13:20 77,312 --a------ C:\WINDOWS\ua2.dll
2007-08-15 13:58 549,376 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\oleaut32.dll
2007-08-15 13:58 1,033,216 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\explorer.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-11 16:57 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-09 18:36 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-08-30 22:06 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-24 14:26 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-21 23:48 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-08-21 23:48 8014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-08-21 23:48 115000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-08-21 23:48 --------- d-------- C:\Program Files\Symantec
2007-08-09 20:25 --------- d-------- C:\Program Files\Handspring
2007-08-01 22:57 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-07-31 14:38 --------- d-------- C:\DOCUME~1\Jose\APPLIC~1\Wal-Mart Digital Photo Manager
2007-07-31 14:37 --------- d-------- C:\Program Files\Wal-Mart
2007-07-30 15:53 --------- d-------- C:\DOCUME~1\Jose\APPLIC~1\OverDrive
2007-06-13 03:23 1033216 --a------ C:\WINDOWS\explorer.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 08:59]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 08:59]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 17:47]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2006-01-19 12:06]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-03-08 21:30]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 02:50]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 00:04]
"AcctMgr"="C:\Program Files\Norton Password Manager\AcctMgr.exe" [2004-08-18 14:41]
"iRiver Updater"="\Updater.exe" [2004-07-01 14:20]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe" [2006-01-19 12:06]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-17 12:57]
"InetCntrl"="C:\WINDOWS\system32\InetCntrl\InetCntrl.exe" [2007-01-29 11:10]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="E:\iTunes\iTunesHelper.exe" []
"osCheck"="E:\Norton Internet Security\osCheck.exe" []
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 18:12]
"Mouse Suite 98 Daemon"="ICO.EXE" [2003-11-20 14:08 C:\WINDOWS\SYSTEM32\ico.exe]
"THGuard"="C:\Program Files\TrojanHunter 4.7\THGuard.exe" [2007-08-11 20:49]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2007-01-08 17:55:46]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk - C:\Program Files\CreataCard\Plus\FMRemind.exe [2005-02-27 14:59:15]
DESKTOP.INI [2002-09-03 07:00:00]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 01:06:58]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 08:05:56]
officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2003-04-06 00:37:38]

C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 07:00:00]

C:\DOCUME~1\Jose\STARTM~1\Programs\Startup\
Alarm Manager.LNK - C:\Program Files\Handspring\AlarmApp.exe [2004-06-05 11:30:24]
DESKTOP.INI [2002-09-03 07:00:00]
HotSync Manager.lnk - C:\Program Files\Handspring\HOTSYNC.EXE [2004-06-05 11:30:25]
TrueAssistant.lnk - C:\Program Files\TrueSwitchComcast\TrueWizard.exe [2007-08-23 07:44:38]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

R0 IFP700;iriver Internet Audio Player IFP-700;C:\WINDOWS\system32\drivers\ifp700.sys
R1 cdrbsvsd;cdrbsvsd;C:\WINDOWS\system32\drivers\cdrbsvsd.sys
R2 BCMNTIO;BCMNTIO;\??\C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys
R2 MAPMEM;MAPMEM;\??\C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys
R3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
R3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys
R3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys
S3 SDdriver;SDdriver;\??\C:\WINDOWS\system32\Drivers\sddriver.sys
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-08-31 23:22:09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2004-10-02 20:36:34 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1096749329.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
"2004-04-28 05:38:08 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
"2007-09-01 05:21:18 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Jose.job"
- E:\NORTON~1\NORTON~1\Navw32.exe
"2007-09-10 19:00:00 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
"2007-09-12 07:00:10 C:\WINDOWS\Tasks\Symantec Drmc.job"
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-12 21:12:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-12 21:20:21 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-12 21:20
.
--- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:37 PM, on 9/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Updater.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\TrojanHunter 4.7\THGuard.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\CreataCard\Plus\FMRemind.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Handspring\AlarmApp.exe
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Program Files\TrueSwitchComcast\TrueWizard.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\JOSE\Application Data\Mozilla\Profiles\default\gt4uvsk2.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\JOSE\Application Data\Mozilla\Profiles\default\gt4uvsk2.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [InetCntrl] C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [osCheck] "E:\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Startup: Alarm Manager.LNK = C:\Program Files\Handspring\AlarmApp.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueSwitchComcast\TrueWizard.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk = C:\Program Files\CreataCard\Plus\FMRemind.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId= ... lcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - E:\Norton Internet Security\isPwdSvc.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11581 bytes
josec
Regular Member
 
Posts: 17
Joined: September 5th, 2007, 4:03 pm

Unread postby josec » September 13th, 2007, 2:06 am

I just realized that my Norton Internet Security is not working (it does not start-up). I tried to reinstall it and found that my CD drive functions but does not communicate with the computer. :(

Any help is appreciated.
josec
Regular Member
 
Posts: 17
Joined: September 5th, 2007, 4:03 pm

Unread postby Simon V. » September 13th, 2007, 12:34 pm

    Hi :)

    We will fix the problem with your CD drive later on. I’m currently researching a fix for it, you can do the following in the meanwhile:

    To speed up performance, you can fix a few optional lines in HijackThis. All these programs can be started manually when you need them.

    Fix Entries with HijackThis

  • Open HijackThis, perform a scan and put a check next to the following items (if present):

    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup


    Close all programs except HijackThis and click on Fix checked.
  • If you can, scan with the Kaspersky Online Scan and post the report back here. Otherwise, try this one:

    F-Secure Online Scan
  • Note: You will need to use Internet explorer for this scan.
    • Go here to run an online scan from F-Secure.
    • Click on Start scanning.
    • This will open a new internet explorer window.
    • It will require an activex control, please install it.
    • Click Accept.
    • Click Full System Scan.
    • It will now download the scanner, this may take a while, please be patient.
    • It will then start scanning, wait for the scan to finish.
    • Click Automatic cleaning (recommended).
    • Wait for it finish the cleaning process.
    • Click show report.
    • This will open up a window with the results of the scan, copy and paste those results as a reply to this topic.
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium

Unread postby josec » September 14th, 2007, 2:23 am

Hi Simon V.javascript:emoticon(':)')
Smile

My computer is running better. I was able to do a full scan with Kaspersky Online San.

Here are the two reports you requested: :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:23 PM, on 9/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Norton Password Manager\AcctMgr.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\TrojanHunter 4.7\THGuard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\CreataCard\Plus\FMRemind.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Handspring\AlarmApp.exe
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Program Files\TrueSwitchComcast\TrueWizard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\JOSE\Application Data\Mozilla\Profiles\default\gt4uvsk2.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\JOSE\Application Data\Mozilla\Profiles\default\gt4uvsk2.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [InetCntrl] C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.7\THGuard.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Startup: Alarm Manager.LNK = C:\Program Files\Handspring\AlarmApp.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueSwitchComcast\TrueWizard.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk = C:\Program Files\CreataCard\Plus\FMRemind.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O10 - Unknown file in Winsock LSP: inetcntrl0007.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId= ... lcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - E:\Norton Internet Security\isPwdSvc.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10770 bytes


KASPERSKY ONLINE SCANNER REPORT
Thursday, September 13, 2007 10:55:53 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 14/09/2007
Kaspersky Anti-Virus database records: 418126
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
H:\
Scan Statistics
Total number of scanned objects 113423
Number of viruses found 12
Number of infected objects 143
Number of suspicious objects 147
Duration of the scan process 04:25:39

Infected Object Name Virus Name Last Action
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\josec\gvchmvkb.slt\Mail\mail.lanset.com\Trash/[From taisha15 ][Date Date header was inserted by SMTP.Prodigy.Net.mx]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\josec\gvchmvkb.slt\Mail\mail.lanset.com\Trash/[From taisha15 ][Date Date header was inserted by SMTP.Prodigy.Net.mx]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\josec\gvchmvkb.slt\Mail\mail.lanset.com\Trash Mail Berkeley mbox: suspicious - 2 skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "Ed & Patty Gillespie" ][Date Sat, 20 Jul 2002 10:25:52 -0700]/text/[From Jerry Jozwiak ][Date Mon, 22 Jul 2002 13:33:40 -0700]/text/[From lbellini@starstream.net (Bellini, Mike)][Date Wed, 24 Jul 2002 08:26:35 -0700 (Pacific Daylight Time)]/UNNAMED/[From TCLIEB2@aol.com][Date Wed, 24 Jul 2002 12:14:42 EDT]/UNNAMED/[From Jer ... /[From "Jon Crump /(DGWEB TECHNICAL SUPPORT/)" ][Date Fri, 16 Aug 2002 15:04:51 -0700]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "Ed & Patty Gillespie" ][Date Sat, 20 Jul 2002 10:25:52 -0700]/text/[From Jerry Jozwiak ][Date Mon, 22 Jul 2002 13:33:40 -0700]/text/[From lbellini@starstream.net (Bellini, Mike)][Date Wed, 24 Jul 2002 08:26:35 -0700 (Pacific Daylight Time)]/UNNAMED/[From TCLIEB2@aol.com][Date Wed, 24 Jul 2002 12:14:42 EDT]/UNNAMED/[From Jerry Jozwiak < ... /[Fro ... /[Fro ... /[From Sylvia ][Date Thu, 15 Aug 2002 14:05:36 -0700]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "Ed & Patty Gillespie" ][Date Sat, 20 Jul 2002 10:25:52 -0700]/text/[From Jerry Jozwiak ][Date Mon, 22 Jul 2002 13:33:40 -0700]/text/[From lbellini@starstream.net (Bellini, Mike)][Date Wed, 24 Jul 2002 08:26:35 -0700 (Pacific Daylight Time)]/UNNAMED/[From TCLIEB2@aol.com][Date Wed, 24 Jul 2002 12:14:42 EDT]/UNNAMED/[From Jerry Jozwiak < ... /[Fro ... /[From Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "Ed & Patty Gillespie" ][Date Sat, 20 Jul 2002 10:25:52 -0700]/text/[From Jerry Jozwiak ][Date Mon, 22 Jul 2002 13:33:40 -0700]/text/[From lbellini@starstream.net (Bellini, Mike)][Date Wed, 24 Jul 2002 08:26:35 -0700 (Pacific Daylight Time)]/UNNAMED/[From TCLIEB2@aol.com][Date Wed, 24 Jul 2002 12:14:42 EDT]/UNNAMED/[F ... /[From lbellini ... /[From marthayourd ][Date Tue, 20 Aug 2002 22:59:45 -0400 (EDT ... /html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "Ed & Patty Gillespie" ][Date Sat, 20 Jul 2002 10:25:52 -0700]/text/[From Jerry Jozwiak ][Date Mon, 22 Jul 2002 13:33:40 -0700]/text/[From lbellini@starstream.net (Bellini, Mike)][Date Wed, 24 Jul 2002 08:26:35 -0700 (Pacific Daylight Time)]/UNNAMED/[From TCLIEB2@aol.com][Date Wed, 24 Jul 2002 12:14:42 EDT]/UNNAMED/[F ... /[From lbellini ... /[From marthayourd ][Date Tue, 20 Aug 2002 22:59:45 -0400 (EDT)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "Ed & Patty Gillespie" ][Date Sat, 20 Jul 2002 10:25:52 -0700]/text/[From Jerry Jozwiak ][Date Mon, 22 Jul 2002 13:33:40 -0700]/text/[From lbellini@starstream.net (Bellini, Mike)][Date Wed, 24 Jul 2002 08:26:35 -0700 (Pacific Daylight Time)]/UNNAMED/[From TCLIEB2@aol.com][Date Wed, 24 Jul 2002 12:14:42 EDT]/UNNAMED/[F ... /[From lbellini@starstream.net (Bellini, Mike)][Date Tue, 20 Aug 2002 13:45:38 -0700 (Pacific Daylight Time)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "Ed & Patty Gillespie" ][Date Sat, 20 Jul 2002 10:25:52 -0700]/text/[From Jerry Jozwiak ][Date Mon, 22 Jul 2002 13:33:40 -0700]/text/[From lbellini@starstream.net (Bellini, Mike)][Date Wed, 24 Jul 2002 08:26:35 -0700 (Pacific Daylight Time)]/UNNAMED/[From TCLIEB2@aol.com][Date Wed, 24 Jul 2002 12:14:42 EDT]/UNNAMED/[F ... /[From lbellini@starstream.net (Bellini, Mike)][Date Mon, 19 Aug 2002 17:02:26 -0700 (Pacific Daylight Time)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "Ed & Patty Gillespie" ][Date Sat, 20 Jul 2002 10:25:52 -0700]/text/[From Jerry Jozwiak ][Date Mon, 22 Jul 2002 13:33:40 -0700]/text/[From lbellini@starstream.net (Bellini, Mike)][Date Wed, 24 Jul 2002 08:26:35 -0700 (Pacific Daylight Time)]/UNNAMED/[From TCLIEB2@aol.com][Date Wed, 24 Jul 2002 12:14:42 EDT]/UNNAMED/[F ... /[From lbellini@starstream.net (Bellini, Mike)][Date Mon, 19 Aug 2002 15:09:21 -0700 (Pacific Daylight Time)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "Ed & Patty Gillespie" ][Date Sat, 20 Jul 2002 10:25:52 -0700]/text/[From Jerry Jozwiak ][Date Mon, 22 Jul 2002 13:33:40 -0700]/text/[From lbellini@starstream.net (Bellini, Mike)][Date Wed, 24 Jul 2002 08:26:35 -0700 (Pacific Daylight Time)]/UNNAMED/[From TCLIEB2@aol.com][Date Wed, 24 Jul 2002 12:14:42 EDT]/UNNAMED/[F ... /[From lbellini@starstream.net (Bellini, Mike)][Date Mon, 19 Aug 2002 08:42:17 -0700 (Pacific Daylight Time)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "Ed & Patty Gillespie" ][Date Sat, 20 Jul 2002 10:25:52 -0700]/text/[From Jerry Jozwiak ][Date Mon, 22 Jul 2002 13:33:40 -0700]/text/[From lbellini@starstream.net (Bellini, Mike)][Date Wed, 24 Jul 2002 08:26:35 -0700 (Pacific Daylight Time)]/UNNAMED/[From TCLIEB2@aol.com][Date Wed, 24 Jul 2002 12:14:42 EDT]/UNNAMED/[F ... /[From lbellini@starstream. ... /[From nicpipkin ][Date Mon, 26 Aug 2002 06:04:44 -050 ... /html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "Ed & Patty Gillespie" ][Date Sat, 20 Jul 2002 10:25:52 -0700]/text/[From Jerry Jozwiak ][Date Mon, 22 Jul 2002 13:33:40 -0700]/text/[From lbellini@starstream.net (Bellini, Mike)][Date Wed, 24 Jul 2002 08:26:35 -0700 (Pacific Daylight Time)]/UNNAMED/[From TCLIEB2@aol.com][Date Wed, 24 Jul 2002 12:14:42 EDT]/UNNAMED/[F ... /[From lbell ... /[From computersolutions ][Date Mon, 26 Aug 2002 19:08:05 -0500]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "Ed & Patty Gillespie" ][Date Sat, 20 Jul 2002 10:25:52 -0700]/text/[From Jerry Jozwiak ][Date Mon, 22 Jul 2002 13:33:40 -0700]/text/[From lbellini@starstream.net (Bellini, Mike)][Date Wed, 24 Jul 2002 08:26:35 -0700 (Pacific Daylight Time)]/UNNAMED/[From TCLIEB2@aol.com][Date Wed, 24 Jul 2002 12:14:42 EDT]/UNNAMED/[F ... /[From lbelli ... /[From "Tappan/Mor ... /[From letmepamperu@juno.com][Date Wed, 4 Sep 2002 21:57:10 -0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "Ed & Patty Gillespie" ][Date Sat, 20 Jul 2002 10:25:52 -0700]/text/[From Jerry Jozwiak ][Date Mon, 22 Jul 2002 13:33:40 -0700]/text/[From lbellini@starstream.net (Bellini, Mike)][Date Wed, 24 Jul 2002 08:26:35 -0700 (Pacific Daylight Time)]/UNNAMED/[From TCLIEB2@aol.com][Date Wed, 24 Jul 2002 12:14:42 EDT]/UNNAMED/[F ... /[From lbelli ... /[From "Tappan/Morrison" ][Date Wed, 4 Sep 2002 22:10:46 -0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "Ed & Patty Gillespie" ][Date Sat, 20 Jul 2002 10:25:52 -0700]/text/[From Jerry Jozwiak ][Date Mon, 22 Jul 2002 13:33:40 -0700]/text/[From lbellini@starstream.net (Bellini, Mike)][Date Wed, 24 Jul 2002 08:26:35 -0700 (Pacific Daylight Time)]/UNNAMED/[From TCLIEB2@aol.com][Date Wed, 24 Jul 2002 12:14:42 EDT]/UNNAMED/[F ... /[From lbelli ... /[From "Tappan/Morrison" ][Date Wed, 4 Sep 2002 14:31:30 -0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "Ed & Patty Gillespie" ][Date Sat, 20 Jul 2002 10:25:52 -0700]/text/[From Jerry Jozwiak ][Date Mon, 22 Jul 2002 13:33:40 -0700]/text/[From lbellini@starstream.net (Bellini, Mike)][Date Wed, 24 Jul 2002 08:26:35 -0700 (Pacific Daylight Time)]/UNNAMED/[From TCLIEB2@aol.com][Date Wed, 24 Jul 2002 12:14:42 EDT]/UNNAMED/[F ... /[From lbelli ... /[From "Tappan/Morr ... /[From letmepamperu@juno.com][Date Wed, 4 Sep 2002 11:57:26 -0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "Ed & Patty Gillespie" ][Date Sat, 20 Jul 2002 10:25:52 -0700]/text/[From Jerry Jozwiak ][Date Mon, 22 Jul 2002 13:33:40 -0700]/text/[From lbellini@starstream.net (Bellini, Mike)][Date Wed, 24 Jul 2002 08:26:35 -0700 (Pacific Daylight Time)]/UNNAMED/[From TCLIEB2@aol.com][Date Wed, 24 Jul 2002 12:14:42 EDT]/UNNAMED/[F ... /[From lbelli ... /[From "Tappan/Morrison" ][Date Fri, 30 Aug 2002 21:09:53 -0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "Ed & Patty Gillespie" ][Date Sat, 20 Jul 2002 10:25:52 -0700]/text/[From Jerry Jozwiak ][Date Mon, 22 Jul 2002 13:33:40 -0700]/text/[From lbellini@starstream.net (Bellini, Mike)][Date Wed, 24 Jul 2002 08:26:35 -0700 (Pacific Daylight Time)]/UNNAMED/[From TCLIEB2@aol.com][Date Wed, 24 Jul 2002 12:14:42 EDT]/UNNAMED/[F ... /[From lbelli ... /[From " ... /[From "Elena Barron" ][Date Mon, 26 Aug 2002 18:42:30 -0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "Ed & Patty Gillespie" ][Date Sat, 20 Jul 2002 10:25:52 -0700]/text/[From Jerry Jozwiak ][Date Mon, 22 Jul 2002 13:33:40 -0700]/text/[From lbellini@starstream.net (Bellini, Mike)][Date Wed, 24 Jul 2002 08:26:35 -0700 (Pacific Daylight Time)]/UNNAMED/[From TCLIEB2@aol.com][Date Wed, 24 Jul 2002 12:14:42 EDT]/UNNAMED/[F ... /[From lbelli ... /[From "Sheri Atkinson" ][Date Mon, 26 Aug 2002 09:25:42 -0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "Ed & Patty Gillespie" ][Date Sat, 20 Jul 2002 10:25:52 -0700]/text/[From Jerry Jozwiak ][Date Mon, 22 Jul 2002 13:33:40 -0700]/text/[From lbellini@starstream.net (Bellini, Mike)][Date Wed, 24 Jul 2002 08:26:35 -0700 (Pacific Daylight Time)]/UNNAMED/[From TCLIEB2@aol.com][Date Wed, 24 Jul 2002 12:14:42 EDT]/UNNAMED/[F ... /[From lbellini@starstream. ... /[From nicpipkin ][Date Mon, 26 Aug 2002 06:04:44 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "Ed & Patty Gillespie" ][Date Sat, 20 Jul 2002 10:25:52 -0700]/text/[From Jerry Jozwiak ][Date Mon, 22 Jul 2002 13:33:40 -0700]/text/[From lbellini@starstream.net (Bellini, Mike)][Date Wed, 24 Jul 2002 08:26:35 -0700 (Pacific Daylight Time)]/UNNAMED/[From TCLIEB2@aol.com][Date Wed, 24 Jul 2002 12:14:42 EDT]/UNNAMED/[F ... /[From lbellini@starstream.net (Bellini, Mike)][Date Fri, 23 Aug 2002 14:59:30 -0700 (Pacific Daylight Time)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "Ed & Patty Gillespie" ][Date Sat, 20 Jul 2002 10:25:52 -0700]/text/[From Jerry Jozwiak ][Date Mon, 22 Jul 2002 13:33:40 -0700]/text/[From lbellini@starstream.net (Bellini, Mike)][Date Wed, 24 Jul 2002 08:26:35 -0700 (Pacific Daylight Time)]/UNNAMED/[From TCLIEB2@aol.com][Date Wed, 24 Jul 2002 12:14:42 EDT]/UNNAMED/[F ... /[From lbellini@starstream.net (Bellini, Mike)][Date Fri, 23 Aug 2002 14:00:09 -0700 (Pacific Daylight Time)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "Ed & Patty Gillespie" ][Date Sat, 20 Jul 2002 10:25:52 -0700]/text/[From Jerry Jozwiak ][Date Mon, 22 Jul 2002 13:33:40 -0700]/text/[From lbellini@starstream.net (Bellini, Mike)][Date Wed, 24 Jul 2002 08:26:35 -0700 (Pacific Daylight Time)]/UNNAMED/[From TCLIEB2@aol.com][Date Wed, 24 Jul 2002 12:14:42 EDT]/UNNAMED/[F ... /[From lbellini@starstream.net (Bellini, Mike)][Date Fri, 23 Aug 2002 13:40:31 -0700 (Pacific Daylight Time)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "Ed & Patty Gillespie" ][Date Sat, 20 Jul 2002 10:25:52 -0700]/text/[From Jerry Jozwiak ][Date Mon, 22 Jul 2002 13:33:40 -0700]/text/[From lbellini@starstream.net (Bellini, Mike)][Date Wed, 24 Jul 2002 08:26:35 -0700 (Pacific Daylight Time)]/UNNAMED/[From TCLIEB2@aol.com][Date Wed, 24 Jul 2002 12:14:42 EDT]/UNNAMED/[F ... /[From lbellini@starstream.net (Bellini, Mike)][Date Thu, 22 Aug 2002 13:59:00 -0700 (Pacific Daylight Time)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "Ed & Patty Gillespie" ][Date Sat, 20 Jul 2002 10:25:52 -0700]/text/[From Jerry Jozwiak ][Date Mon, 22 Jul 2002 13:33:40 -0700]/text/[From lbellini@starstream.net (Bellini, Mike)][Date Wed, 24 Jul 2002 08:26:35 -0700 (Pacific Daylight Time)]/UNNAMED/[From TCLIEB2@aol.com][Date Wed, 24 Jul 2002 12:14:42 EDT]/UNNAMED/[F ... /[From lbellini@starstream.net (Bellini, Mike)][Date Thu, 22 Aug 2002 13:43:13 -0700 (Pacific Daylight Time)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "Ed & Patty Gillespie" ][Date Sat, 20 Jul 2002 10:25:52 -0700]/text/[From Jerry Jozwiak ][Date Mon, 22 Jul 2002 13:33:40 -0700]/text/[From lbellini@starstream.net (Bellini, Mike)][Date Wed, 24 Jul 2002 08:26:35 -0700 (Pacific Daylight Time)]/UNNAMED/[From TCLIEB2@aol.com][Date Wed, 24 Jul 2002 12:14:42 EDT]/UNNAMED/[F ... /[From lbellini@starstream.net (Bellini, Mike)][Date Thu, 22 Aug 2002 08:29:53 -0700 (Pacific Daylight Time)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "Ed & Patty Gillespie" ][Date Sat, 20 Jul 2002 10:25:52 -0700]/text/[From Jerry Jozwiak ][Date Mon, 22 Jul 2002 13:33:40 -0700]/text/[From lbellini@starstream.net (Bellini, Mike)][Date Wed, 24 Jul 2002 08:26:35 -0700 (Pacific Daylight Time)]/UNNAMED/[From TCLIEB2@aol.com][Date Wed, 24 Jul 2002 12:14:42 EDT]/UNNAMED/[F ... /[From lbellini@starstream.net (Bellini, Mike)][Date Wed, 21 Aug 2002 21:45:21 -0700 (Pacific Daylight Time)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "Ed & Patty Gillespie" ][Date Sat, 20 Jul 2002 10:25:52 -0700]/text/[From Jerry Jozwiak ][Date Mon, 22 Jul 2002 13:33:40 -0700]/text/[From lbellini@starstream.net (Bellini, Mike)][Date Wed, 24 Jul 2002 08:26:35 -0700 (Pacific Daylight Time)]/UNNAMED/[From TCLIEB2@aol.com][Date Wed, 24 Jul 2002 12:14:42 EDT]/UNNAMED/[From Jer ... /[From "Jon Crump /(DGWEB TECHNICAL SUPPORT/)" ][Date Sun, 18 Aug 2002 12:57:14 -0700]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "Ed & Patty Gillespie" ][Date Sat, 20 Jul 2002 10:25:52 -0700]/text/[From Jerry Jozwiak ][Date Mon, 22 Jul 2002 13:33:40 -0700]/text/[From lbellini@starstream.net (Bellini, Mike)][Date Wed, 24 Jul 2002 08:26:35 -0700 (Pacific Daylight Time)]/UNNAMED/[From TCLIEB2@aol.com][Date Wed, 24 Jul 2002 12:14:42 EDT]/UNNAMED/[From Jerry Jozwiak < ... /[Fro ... /[From ][Date Wed, 14 Aug 2002 12:32:12 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "Ed & Patty Gillespie" ][Date Sat, 20 Jul 2002 10:25:52 -0700]/text/[From Jerry Jozwiak ][Date Mon, 22 Jul 2002 13:33:40 -0700]/text/[From lbellini@starstream.net (Bellini, Mike)][Date Wed, 24 Jul 2002 08:26:35 -0700 (Pacific Daylight Time)]/UNNAMED/[From TCLIEB2@aol.com][Date Wed, 24 Jul 2002 12:14:42 EDT]/UNNAMED/[From Jerry Jozwiak < ... /[Fro ... /[From Jerry Jozwiak ][Date Tue, 13 Aug 2002 19:28:52 -0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "Ed & Patty Gillespie" ][Date Sat, 20 Jul 2002 10:25:52 -0700]/text/[From Jerry Jozwiak ][Date Mon, 22 Jul 2002 13:33:40 -0700]/text/[From lbellini@starstream.net (Bellini, Mike)][Date Wed, 24 Jul 2002 08:26:35 -0700 (Pacific Daylight Time)]/UNNAMED/[From TCLIEB2@aol.com][Date Wed, 24 Jul 2002 12:14:42 EDT]/UNNAMED/[From Jerry Jozwiak < ... /[From "Tappan/Morrison" ][Date Mon, 12 Aug 2002 22:26:40 -0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "Ed & Patty Gillespie" ][Date Sat, 20 Jul 2002 10:25:52 -0700]/text/[From Jerry Jozwiak ][Date Mon, 22 Jul 2002 13:33:40 -0700]/text/[From lbellini@starstream.net (Bellini, Mike)][Date Wed, 24 Jul 2002 08:26:35 -0700 (Pacific Daylight Time)]/UNNAMED/[From TCLIEB2@aol.com][Date Wed, 24 Jul 2002 12:14:42 EDT]/UNNAMED/[From Jerry Jozwiak Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "Ed & Patty Gillespie" ][Date Sat, 20 Jul 2002 10:25:52 -0700]/text/[From Jerry Jozwiak ][Date Mon, 22 Jul 2002 13:33:40 -0700]/text/[From lbellini@starstream.net (Bellini, Mike)][Date Wed, 24 Jul 2002 08:26:35 -0700 (Pacific Daylight Time)]/UNNAMED/[From TCLIEB2@aol.com][Date Wed, 24 Jul 2002 12:14:42 EDT]/UNNAMED/[From Jerry Jozwiak ][Date Sun, 11 Aug 2002 22:42:42 -0700]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "Ed & Patty Gillespie" ][Date Sat, 20 Jul 2002 10:25:52 -0700]/text/[From Jerry Jozwiak ][Date Mon, 22 Jul 2002 13:33:40 -0700]/text/[From lbellini@starstream.net (Bellini, Mike)][Date Wed, 24 Jul 2002 08:26:35 -0700 (Pacific Daylight Time)]/UNNAMED/[From TCLIEB2@aol.com][Date Wed, 24 Jul 2002 12:14:42 EDT]/UNNAMED/[From Jerry Jozwiak ][Date Sun, 11 Aug 2002 14:11:20 -0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "Ed & Patty Gillespie" ][Date Sat, 20 Jul 2002 10:25:52 -0700]/text/[From Jerry Jozwiak ][Date Mon, 22 Jul 2002 13:33:40 -0700]/text/[From lbellini@starstream.net (Bellini, Mike)][Date Wed, 24 Jul 2002 08:26:35 -0700 (Pacific Daylight Time)]/UNNAMED/[From TCLIEB2@aol.com][Date Wed, 24 Jul 2002 12:14:42 EDT]/UNNAMED/[From Jerry Jozwiak ][Date Sun, 11 Aug 2002 13:15:54 -0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "Ed & Patty Gillespie" ][Date Sat, 20 Jul 2002 10:25:52 -0700]/text/[From Jerry Jozwiak ][Date Mon, 22 Jul 2002 13:33:40 -0700]/text/[From lbellini@starstream.net (Bellini, Mike)][Date Wed, 24 Jul 2002 08:26:35 -0700 (Pacific Daylight Time)]/UNNAMED/[From TCLIEB2@aol.com][Date Wed, 24 Jul 2002 12:14:42 EDT]/UNNAMED/[From Jerry Jozwiak ][Date Wed, 07 Aug 2002 15:18:31 -0700]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "Ed & Patty Gillespie" ][Date Sat, 20 Jul 2002 10:25:52 -0700]/text/[From Jerry Jozwiak ][Date Mon, 22 Jul 2002 13:33:40 -0700]/text/[From lbellini@starstream.net (Bellini, Mike)][Date Wed, 24 Jul 2002 08:26:35 -0700 (Pacific Daylight Time)]/UNNAMED/[From TCLIEB2@aol.com][Date Wed, 24 Jul 2002 12:14:42 EDT]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "Ed & Patty Gillespie" ][Date Sat, 20 Jul 2002 10:25:52 -0700]/text/[From Jerry Jozwiak ][Date Mon, 22 Jul 2002 13:33:40 -0700]/text/[From lbellini@starstream.net (Bellini, Mike)][Date Wed, 24 Jul 2002 08:26:35 -0700 (Pacific Daylight Time)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "Ed & Patty Gillespie" ][Date Sat, 20 Jul 2002 10:25:52 -0700]/text/[From Jerry Jozwiak ][Date Mon, 22 Jul 2002 13:33:40 -0700]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "Ed & Patty Gillespie" ][Date Sat, 20 Jul 2002 10:25:52 -0700]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "ellisfamjp " ][Date Sun, 12 Jan 2003 06:09:31 -0000]/text/[From "herjeulucy " ][Date Sun, 12 Jan 2003 07:19:12 -0000]/text/[From "eric engle" ][Date Sat, 11 Jan 2003 23:41:40 -0800]/text/[From "Leslie Bellini" ][Date Mon, 13 Jan 2003 08:51:54 ... /[From "Diane Kradel ][Date Mon, 13 Jan 2003 15:36:13 --0800]/Movie_0074.mpeg.pi Infected: Email-Worm.Win32.Sobig.a skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "ellisfamjp " ][Date Sun, 12 Jan 2003 06:09:31 -0000]/text/[From "herjeulucy " ][Date Sun, 12 Jan 2003 07:19:12 -0000]/text/[From "eric engle" ][Date Sat, 11 Jan 2003 23:41:40 -0800]/text/[From "Leslie Bellini" ][Date Mon, 13 Jan 2003 08:51:54 ... /[From "Diane Kradel Infected: Email-Worm.Win32.Sobig.a skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "ellisfamjp " ][Date Sun, 12 Jan 2003 06:09:31 -0000]/text/[From "herjeulucy " ][Date Sun, 12 Jan 2003 07:19:12 -0000]/text/[From "eric engle" ][Date Sat, 11 Jan 2003 23:41:40 -0800]/text/[From "Leslie Bellini" ][Date Mon, 13 Jan 2003 08:51:54 ... /[From "Diane Kradel " ][Date Mon, 13 Jan 2003 16:50:29 -0000]/text Infected: Email-Worm.Win32.Sobig.a skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "ellisfamjp " ][Date Sun, 12 Jan 2003 06:09:31 -0000]/text/[From "herjeulucy " ][Date Sun, 12 Jan 2003 07:19:12 -0000]/text/[From "eric engle" ][Date Sat, 11 Jan 2003 23:41:40 -0800]/text/[From "Leslie Bellini" ][Date Mon, 13 Jan 2003 08:51:54 -0800 (Pacific Standard Time)]/UNNAMED Infected: Email-Worm.Win32.Sobig.a skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "ellisfamjp " ][Date Sun, 12 Jan 2003 06:09:31 -0000]/text/[From "herjeulucy " ][Date Sun, 12 Jan 2003 07:19:12 -0000]/text/[From "eric engle" ][Date Sat, 11 Jan 2003 23:41:40 -0800]/text Infected: Email-Worm.Win32.Sobig.a skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "ellisfamjp " ][Date Sun, 12 Jan 2003 06:09:31 -0000]/text/[From "herjeulucy " ][Date Sun, 12 Jan 2003 07:19:12 -0000]/text Infected: Email-Worm.Win32.Sobig.a skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "ellisfamjp " ][Date Sun, 12 Jan 2003 06:09:31 -0000]/text Infected: Email-Worm.Win32.Sobig.a skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "sdosaka" ][Date Fri, 19 Sep 2003 05:27:39 -0000]/text/[From "Anne Kincaid" ][Date Sun, 7 Dec 2003 19:50:13 -0900]/UNNAMED/[From "Leslie Bellini" ][Date Fri, 16 Jan 2004 13:39:37 -0800]/UNNAMED/[From "Leslie Bellini" ][Date Sat, 24 Jan 2004 08:22:38 ... /[From "Travelocity.com" Infected: Email-Worm.Win32.NetSky.c skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "sdosaka" ][Date Fri, 19 Sep 2003 05:27:39 -0000]/text/[From "Anne Kincaid" ][Date Sun, 7 Dec 2003 19:50:13 -0900]/UNNAMED/[From "Leslie Bellini" ][Date Fri, 16 Jan 2004 13:39:37 -0800]/UNNAMED/[From "Leslie Bellini" ][Date Sat, 24 Jan 2004 08:22:38 ... /[From "Travelocity.com" Infected: Email-Worm.Win32.NetSky.c skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "sdosaka" ][Date Fri, 19 Sep 2003 05:27:39 -0000]/text/[From "Anne Kincaid" ][Date Sun, 7 Dec 2003 19:50:13 -0900]/UNNAMED/[From "Leslie Bellini" ][Date Fri, 16 Jan 2004 13:39:37 -0800]/UNNAMED/[From "Leslie Bellini" ][Date Sat, 24 Jan 2004 08:22:38 ... /[From "Travelocity.com" Infected: Email-Worm.Win32.NetSky.c skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "sdosaka" ][Date Fri, 19 Sep 2003 05:27:39 -0000]/text/[From "Anne Kincaid" ][Date Sun, 7 Dec 2003 19:50:13 -0900]/UNNAMED/[From "Leslie Bellini" ][Date Fri, 16 Jan 2004 13:39:37 -0800]/UNNAMED/[From "Leslie Bellini" ][Date Sat, 24 Jan 2004 08:22:38 ... /[From "Travelocity.com" Infected: Email-Worm.Win32.NetSky.c skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "sdosaka" ][Date Fri, 19 Sep 2003 05:27:39 -0000]/text/[From "Anne Kincaid" ][Date Sun, 7 Dec 2003 19:50:13 -0900]/UNNAMED/[From "Leslie Bellini" ][Date Fri, 16 Jan 2004 13:39:37 -0800]/UNNAMED/[From "Leslie Bellini" ][Date Sat, 24 Jan 2004 08:22:38 ... /[From "Travelocity.com" Infected: Email-Worm.Win32.NetSky.c skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "sdosaka" ][Date Fri, 19 Sep 2003 05:27:39 -0000]/text/[From "Anne Kincaid" ][Date Sun, 7 Dec 2003 19:50:13 -0900]/UNNAMED/[From "Leslie Bellini" ][Date Fri, 16 Jan 2004 13:39:37 -0800]/UNNAMED/[From "Leslie Bellini" ][Date Sat, 24 Jan 2004 08:22:38 ... /[From "Travelocity.com" Infected: Email-Worm.Win32.NetSky.c skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "sdosaka" ][Date Fri, 19 Sep 2003 05:27:39 -0000]/text/[From "Anne Kincaid" ][Date Sun, 7 Dec 2003 19:50:13 -0900]/UNNAMED/[From "Leslie Bellini" ][Date Fri, 16 Jan 2004 13:39:37 -0800]/UNNAMED/[From "Leslie Bellini" ][Date Sat, 24 Jan 2004 08:22:38 ... /[From "Travelocity.com" Infected: Email-Worm.Win32.NetSky.c skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "sdosaka" ][Date Fri, 19 Sep 2003 05:27:39 -0000]/text/[From "Anne Kincaid" ][Date Sun, 7 Dec 2003 19:50:13 -0900]/UNNAMED/[From "Leslie Bellini" ][Date Fri, 16 Jan 2004 13:39:37 -0800]/UNNAMED/[From "Leslie Bellini" ][Date Sat, 24 Jan 2004 08:22:38 ... /[From "Travelocity.com" ][Date Tue, 2 Mar 2004 18:38:36 -0800]/text Infected: Email-Worm.Win32.NetSky.c skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "sdosaka" ][Date Fri, 19 Sep 2003 05:27:39 -0000]/text/[From "Anne Kincaid" ][Date Sun, 7 Dec 2003 19:50:13 -0900]/UNNAMED/[From "Leslie Bellini" ][Date Fri, 16 Jan 2004 13:39:37 -0800]/UNNAMED/[From "Leslie Bellini" ][Date Sat, 24 Jan 2004 08:22:38 ... /[From "Travelocity.com" ][Date Tue, 2 Mar 2004 14:47:14 -0600 (CST)]/UNNAMED Infected: Email-Worm.Win32.NetSky.c skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "sdosaka" ][Date Fri, 19 Sep 2003 05:27:39 -0000]/text/[From "Anne Kincaid" ][Date Sun, 7 Dec 2003 19:50:13 -0900]/UNNAMED/[From "Leslie Bellini" ][Date Fri, 16 Jan 2004 13:39:37 -0800]/UNNAMED/[From "Leslie Bellini" ][Date Sat, 24 Jan 2004 08:22:38 -0800]/UNNAMED/[From "Sheri Atkinson ... /[From TWTMHighSchool Moderator ][Date 4 May 2004 02:39:06 -0000]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "sdosaka" ][Date Fri, 19 Sep 2003 05:27:39 -0000]/text/[From "Anne Kincaid" ][Date Sun, 7 Dec 2003 19:50:13 -0900]/UNNAMED/[From "Leslie Bellini" ][Date Fri, 16 Jan 2004 13:39:37 -0800]/UNNAMED/[From "Leslie Bellini" ][Date Sat, 24 Jan 2004 08:22:38 -0800]/UNNAMED/[From "Sheri Atkinson" ][Date Mon, 3 May 2004 14:15:16 -0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "sdosaka" ][Date Fri, 19 Sep 2003 05:27:39 -0000]/text/[From "Anne Kincaid" ][Date Sun, 7 Dec 2003 19:50:13 -0900]/UNNAMED/[From "Leslie Bellini" ][Date Fri, 16 Jan 2004 13:39:37 -0800]/UNNAMED/[From "Leslie Bellini" ][Date Sat, 24 Jan 2004 08:22:38 -0800]/UNNAMED/[From "Sheri Atkinson" ][Date Sun, 2 May 2004 17:54:16 -0700]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "sdosaka" ][Date Fri, 19 Sep 2003 05:27:39 -0000]/text/[From "Anne Kincaid" ][Date Sun, 7 Dec 2003 19:50:13 -0900]/UNNAMED/[From "Leslie Bellini" ][Date Fri, 16 Jan 2004 13:39:37 -0800]/UNNAMED/[From "Leslie Bellini" ][Date Sat, 24 Jan 2004 08:22:38 -0800]/UNNAMED/[From "Sheri Atkinson" ][Date Fri, 30 Apr 2004 13:05:47 -0700]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "sdosaka" ][Date Fri, 19 Sep 2003 05:27:39 -0000]/text/[From "Anne Kincaid" ][Date Sun, 7 Dec 2003 19:50:13 -0900]/UNNAMED/[From "Leslie Bellini" ][Date Fri, 16 Jan 2004 13:39:37 -0800]/UNNAMED/[From "Leslie Bellini" ][Date Sat, 24 Jan 2004 08:22:38 -0800]/UNNAMED/[From "Sheri Atkinson" ][Date Tue, 27 Apr 2004 13:06:34 -0700]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "sdosaka" ][Date Fri, 19 Sep 2003 05:27:39 -0000]/text/[From "Anne Kincaid" ][Date Sun, 7 Dec 2003 19:50:13 -0900]/UNNAMED/[From "Leslie Bellini" ][Date Fri, 16 Jan 2004 13:39:37 -0800]/UNNAMED/[From "Leslie Bellini" ][Date Sat, 24 Jan 2004 08:22:38 -0800]/UNNAMED/[From "Sheri Atkinson" ][Date Thu, 5 Feb 2004 08:36:27 -0800]/text Infected: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "sdosaka" ][Date Fri, 19 Sep 2003 05:27:39 -0000]/text/[From "Anne Kincaid" ][Date Sun, 7 Dec 2003 19:50:13 -0900]/UNNAMED/[From "Leslie Bellini" ][Date Fri, 16 Jan 2004 13:39:37 -0800]/UNNAMED/[From "Leslie Bellini" ][Date Sat, 24 Jan 2004 08:22:38 -0800]/UNNAMED Infected: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "sdosaka" ][Date Fri, 19 Sep 2003 05:27:39 -0000]/text/[From "Anne Kincaid" ][Date Sun, 7 Dec 2003 19:50:13 -0900]/UNNAMED/[From "Leslie Bellini" ][Date Fri, 16 Jan 2004 13:39:37 -0800]/UNNAMED Infected: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "sdosaka" ][Date Fri, 19 Sep 2003 05:27:39 -0000]/text/[From "Anne Kincaid" ][Date Sun, 7 Dec 2003 19:50:13 -0900]/UNNAMED Infected: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox/[From "sdosaka" ][Date Fri, 19 Sep 2003 05:27:39 -0000]/text Infected: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Inbox Mail Berkeley mbox: infected - 21, suspicious - 44 skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Trash/[From Kenna ][Date Thu, 18 Sep 2003 20:37:06 -0500]/UNNAMED/[From "Bruce Johannes" ][Date Fri, 19 Sep 2003 16:08:12 -0700]/text/[From "Lisa Harder" ][Date Mon, 1 Mar 2004 10:05:21 -0800]/UNNAMED/[From carolyn.dc@juno.com][Date Tue, 2 Mar 2004 14:04:04 -0800]/talk_msg.zip/talk_msg.exe Infected: Email-Worm.Win32.NetSky.c skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Trash/[From Kenna ][Date Thu, 18 Sep 2003 20:37:06 -0500]/UNNAMED/[From "Bruce Johannes" ][Date Fri, 19 Sep 2003 16:08:12 -0700]/text/[From "Lisa Harder" ][Date Mon, 1 Mar 2004 10:05:21 -0800]/UNNAMED/[From carolyn.dc@juno.com][Date Tue, 2 Mar 2004 14:04:04 -0800]/talk_msg.zip Infected: Email-Worm.Win32.NetSky.c skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Trash/[From Kenna ][Date Thu, 18 Sep 2003 20:37:06 -0500]/UNNAMED/[From "Bruce Johannes" ][Date Fri, 19 Sep 2003 16:08:12 -0700]/text/[From "Lisa Harder" ][Date Mon, 1 Mar 2004 10:05:21 -0800]/UNNAMED/[From "John McDougall, M.D." ][Date Mon, 1 Mar 2004 21:04:22 -1000]/UNNAMED/[From 166522828@snj-us-pcwp-702.kodak.com][Date Tue, 2 Mar 2004 18:17:51 -0800]/material.rtf.scr Infected: Email-Worm.Win32.NetSky.c skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Trash/[From Kenna ][Date Thu, 18 Sep 2003 20:37:06 -0500]/UNNAMED/[From "Bruce Johannes" ][Date Fri, 19 Sep 2003 16:08:12 -0700]/text/[From "Lisa Harder" ][Date Mon, 1 Mar 2004 10:05:21 -0800]/UNNAMED/[From "John McDougall, M.D." ][Date Mon, 1 Mar 2004 21:04:22 -1000]/UNNAMED/[From lisa@tridc.com][Date Wed, 3 Mar 2004 13:50:13 -0800]/UNNAMED/party.zip/party.doc.pif Infected: Email-Worm.Win32.NetSky.c skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Trash/[From Kenna ][Date Thu, 18 Sep 2003 20:37:06 -0500]/UNNAMED/[From "Bruce Johannes" ][Date Fri, 19 Sep 2003 16:08:12 -0700]/text/[From "Lisa Harder" ][Date Mon, 1 Mar 2004 10:05:21 -0800]/UNNAMED/[From "John McDougall, M.D." ][Date Mon, 1 Mar 2004 21:04:22 -1000]/UNNAMED/[From lisa@tridc.com][Date Wed, 3 Mar 2004 13:50:13 -0800]/UNNAMED/party.zip Infected: Email-Worm.Win32.NetSky.c skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Trash/[From Kenna ][Date Thu, 18 Sep 2003 20:37:06 -0500]/UNNAMED/[From "Bruce Johannes" ][Date Fri, 19 Sep 2003 16:08:12 -0700]/text/[From "Lisa Harder" ][Date Mon, 1 Mar 2004 10:05:21 -0800]/UNNAMED/[From "John McDougall, M.D." ][Date Mon, 1 Mar 2004 21:04:22 -1000]/UNNAMED/[From lisa@tr .. ... /[From christina miner Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Trash/[From Kenna ][Date Thu, 18 Sep 2003 20:37:06 -0500]/UNNAMED/[From "Bruce Johannes" ][Date Fri, 19 Sep 2003 16:08:12 -0700]/text/[From "Lisa Harder" ][Date Mon, 1 Mar 2004 10:05:21 -0800]/UNNAMED/[From "John McDougall, M.D." ][Date Mon, 1 Mar 2004 21:04:22 -1000]/UNNAMED/[From lisa@tr .. ... /[From christina miner Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Trash/[From Kenna ][Date Thu, 18 Sep 2003 20:37:06 -0500]/UNNAMED/[From "Bruce Johannes" ][Date Fri, 19 Sep 2003 16:08:12 -0700]/text/[From "Lisa Harder" ][Date Mon, 1 Mar 2004 10:05:21 -0800]/UNNAMED/[From "John McDougall, M.D." ][Date Mon, 1 Mar 2004 21:04:22 -1000]/UNNAMED/[From lisa@tr .. ... /[From christina miner Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Trash/[From Kenna ][Date Thu, 18 Sep 2003 20:37:06 -0500]/UNNAMED/[From "Bruce Johannes" ][Date Fri, 19 Sep 2003 16:08:12 -0700]/text/[From "Lisa Harder" ][Date Mon, 1 Mar 2004 10:05:21 -0800]/UNNAMED/[From "John McDougall, M.D." ][Date Mon, 1 Mar 2004 21:04:22 -1000]/UNNAMED/[From lisa@tr .. ... /[From christina miner Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Trash/[From Kenna ][Date Thu, 18 Sep 2003 20:37:06 -0500]/UNNAMED/[From "Bruce Johannes" ][Date Fri, 19 Sep 2003 16:08:12 -0700]/text/[From "Lisa Harder" ][Date Mon, 1 Mar 2004 10:05:21 -0800]/UNNAMED/[From "John McDougall, M.D." ][Date Mon, 1 Mar 2004 21:04:22 -1000]/UNNAMED/[From lisa@tr .. ... /[From christina miner ][Date Wed, 14 Apr 2004 15:18:58 -0700 (PDT)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Trash/[From Kenna ][Date Thu, 18 Sep 2003 20:37:06 -0500]/UNNAMED/[From "Bruce Johannes" ][Date Fri, 19 Sep 2003 16:08:12 -0700]/text/[From "Lisa Harder" ][Date Mon, 1 Mar 2004 10:05:21 -0800]/UNNAMED/[From "John McDougall, M.D." ][Date Mon, 1 Mar 2004 21:04:22 -1000]/UNNAMED/[From lisa@tr ... /[From Mail Delivery Subsyste ... /[From smithersd@juno.com][Date Mon, 12 Apr 2004 21:21:23 -0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Trash/[From Kenna ][Date Thu, 18 Sep 2003 20:37:06 -0500]/UNNAMED/[From "Bruce Johannes" ][Date Fri, 19 Sep 2003 16:08:12 -0700]/text/[From "Lisa Harder" ][Date Mon, 1 Mar 2004 10:05:21 -0800]/UNNAMED/[From "John McDougall, M.D." ][Date Mon, 1 Mar 2004 21:04:22 -1000]/UNNAMED/[From lisa@tr ... /[From Mail Delivery Subsystem ][Date Fri, 5 Mar 2004 21:12:18 -0500 (EST)]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Trash/[From Kenna ][Date Thu, 18 Sep 2003 20:37:06 -0500]/UNNAMED/[From "Bruce Johannes" ][Date Fri, 19 Sep 2003 16:08:12 -0700]/text/[From "Lisa Harder" ][Date Mon, 1 Mar 2004 10:05:21 -0800]/UNNAMED/[From "John McDougall, M.D." ][Date Mon, 1 Mar 2004 21:04:22 -1000]/UNNAMED/[From lisa@tridc.com][Date Wed, 3 Mar 20 ... /[From Sylvia ][Date Fri, 05 Mar 2004 18:21:57 -0800]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Trash/[From Kenna ][Date Thu, 18 Sep 2003 20:37:06 -0500]/UNNAMED/[From "Bruce Johannes" ][Date Fri, 19 Sep 2003 16:08:12 -0700]/text/[From "Lisa Harder" ][Date Mon, 1 Mar 2004 10:05:21 -0800]/UNNAMED/[From "John McDougall, M.D." ][Date Mon, 1 Mar 2004 21:04:22 -1000]/UNNAMED/[From lisa@tridc.com][Date Wed, 3 Mar 20 ... /[From Lisa Eastman ][Date Wed, 3 Mar 2004 17:16:52 -0800]/text Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Trash/[From Kenna ][Date Thu, 18 Sep 2003 20:37:06 -0500]/UNNAMED/[From "Bruce Johannes" ][Date Fri, 19 Sep 2003 16:08:12 -0700]/text/[From "Lisa Harder" ][Date Mon, 1 Mar 2004 10:05:21 -0800]/UNNAMED/[From "John McDougall, M.D." ][Date Mon, 1 Mar 2004 21:04:22 -1000]/UNNAMED/[From lisa@tridc.com][Date Wed, 3 Mar 2004 13:50:13 -0800]/UNNAMED Infected: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Trash/[From Kenna ][Date Thu, 18 Sep 2003 20:37:06 -0500]/UNNAMED/[From "Bruce Johannes" ][Date Fri, 19 Sep 2003 16:08:12 -0700]/text/[From "Lisa Harder" ][Date Mon, 1 Mar 2004 10:05:21 -0800]/UNNAMED/[From "John McDougall, M.D." ][Date Mon, 1 Mar 2004 21:04:22 -1000]/UNNAMED Infected: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Trash/[From Kenna ][Date Thu, 18 Sep 2003 20:37:06 -0500]/UNNAMED/[From "Bruce Johannes" ][Date Fri, 19 Sep 2003 16:08:12 -0700]/text/[From "Lisa Harder" ][Date Mon, 1 Mar 2004 10:05:21 -0800]/UNNAMED Infected: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Trash/[From Kenna ][Date Thu, 18 Sep 2003 20:37:06 -0500]/UNNAMED/[From "Bruce Johannes" ][Date Fri, 19 Sep 2003 16:08:12 -0700]/text Infected: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Trash/[From Kenna ][Date Thu, 18 Sep 2003 20:37:06 -0500]/UNNAMED Infected: Exploit.HTML.Iframe.FileDownload skipped
C:\Den Computer\Den E-Drive\Saved 5-14-04\mozllia\Mozilla\Profiles\socrown\4ggh2yie.slt\Mail\mail.lanset.com\Trash Mail Berkeley mbox: infected - 10, suspicious - 9 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip/v1.8.1/wbuninst.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-09-13_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Log.LiveUpdate Object is locked skipped
C:\Documents and Settings\Jose\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Jose\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\Jose\Application Data\GTek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Documents and Settings\Jose\Application Data\GTek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\Jose\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Jose\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Jose\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jose\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jose\Local Settings\Application Data\Musicmatch\Jukebox\mmjbaltlog.txt Object is locked skipped
C:\Documents and Settings\Jose\Local Settings\Application Data\Musicmatch\Jukebox\mmjblog.txt Object is locked skipped
C:\Documents and Settings\Jose\Local Settings\Application Data\Musicmatch\MIM\Database\Default.ldb Object is locked skipped
C:\Documents and Settings\Jose\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skipped
C:\Documents and Settings\Jose\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Jose\Local Settings\History\History.IE5\MSHist012007091320070914\index.dat Object is locked skipped
C:\Documents and Settings\Jose\Local Settings\Temp\JET99AB.tmp Object is locked skipped
C:\Documents and Settings\Jose\Local Settings\Temp\~DF3161.tmp Object is locked skipped
C:\Documents and Settings\Jose\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Jose\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jose\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jose\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\016F702E Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\018A4011/[From ggotony@wmconnect.com][Date Mon, 9 Aug 2004 23:42:24 -0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\018A4011/[From ggotony@wmconnect.com][Date Mon, 9 Aug 2004 23:42:24 -0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\018A4011 Mail: suspicious - 2 skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\018A4011 CryptFF: suspicious - 2 skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\091C0D63 Infected: Email-Worm.Win32.Mydoom.an skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\098876EC Infected: Email-Worm.Win32.Mydoom.an skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0BE03418 Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\108653DB/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\108653DB ZIP: infected - 1 skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\108653DB CryptFF: infected - 1 skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\15B85020.tmp/Notice.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\15B85020.tmp ZIP: infected - 1 skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\15B85020.tmp CryptFF: infected - 1 skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\18775F65 Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\18955944/[From 3dkattalk@sbcglobal.net][Date Wed, 11 Aug 2004 20:00:30 -0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\18955944/[From 3dkattalk@sbcglobal.net][Date Wed, 11 Aug 2004 20:00:30 -0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\18955944 Mail: suspicious - 2 skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\18955944 CryptFF: suspicious - 2 skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\19046CCA Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\191114BC/[From jenig@igarashi.us][Date Thu, 12 Aug 2004 00:03:07 -0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\191114BC/[From jenig@igarashi.us][Date Thu, 12 Aug 2004 00:03:07 -0700]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\191114BC Mail: suspicious - 2 skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\191114BC CryptFF: suspicious - 2 skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\279A4571 Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\27AE415B/[From sandy1day@charter.net][Date Tue, 7 Sep 2004 02:15:35 -0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload s
josec
Regular Member
 
Posts: 17
Joined: September 5th, 2007, 4:03 pm

Unread postby Simon V. » September 14th, 2007, 6:05 am

Hi :)

Your Kaspersky log got cut off. It is possible you will need more than one relpy to post the full log. It ends with this line: Scan process completed.
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 62 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware