Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

my HIJACKTHIS log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

my HIJACKTHIS log

Unread postby K7hrs » December 14th, 2007, 1:36 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:57:34 AM, on 12/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Belarc\BelMonitor\BANTMonitorSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.dogpile.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: PrintPunk Activate Toolbar - {D408001A-E1C0-4FA9-B256-D6CDF2754E7D} - C:\Program Files\PrintPunk\PrintPunk.dll
O3 - Toolbar: PrintPunk - {C6429812-4127-47C6-88BA-EF79B6735132} - C:\Program Files\PrintPunk\PrintPunk.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [BelNotify] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\Belarc\Advisor\System\NPBelv32.dll,RunDll32_BelNotify
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: PrintPunk Print to Fit - file://C:\Program Files\PrintPunk\\PrintPunkPrintToFit.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PrintPunk - {B6D2D93F-2723-41a5-BD16-F853CA6FC460} - C:\Program Files\PrintPunk\PrintPunk.dll
O9 - Extra 'Tools' menuitem: PrintPunk Toolbar - {B6D2D93F-2723-41a5-BD16-F853CA6FC460} - C:\Program Files\PrintPunk\PrintPunk.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6474054315
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = havemilk.local
O17 - HKLM\Software\..\Telephony: DomainName = havemilk.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = havemilk.local
O23 - Service: BelMonitor Service (BelMonitorService) - Belarc, Inc. - C:\PROGRA~1\Belarc\BelMonitor\BANTMonitorSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 9071 bytesmy HIJACKTHIS log-need help
K7hrs
Active Member
 
Posts: 3
Joined: December 14th, 2007, 1:07 pm
Advertisement
Register to Remove

Re: my HIJACKTHIS log

Unread postby Bob4 » December 15th, 2007, 12:02 am

_________________________________
Welcome to the Forums.

The fixes we will use are specific to your problems and should only be used for this issue on this machine.

Please only use this topic to reply to. Do not start another thread.
If any other issues arise let me know.
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear. So lets do this to the end!

  • All hijackthis logs I ask for should be done in normal mode ( not safe mode)
  • These logs should be done last after you have followed my instructions in the previous post.


Please if you decide to seek help at another forum let us know. There is a shortage of helpers and tying 2 of us up is a waste of time.
If you have any questions about any advice given here please STOP and ask!



___________________________________________
Your log seems to be OK except for this I can find no info on.

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = havemilk.local
O17 - HKLM\Software\..\Telephony: DomainName = havemilk.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = havemilk.local

Any idea what havemilk.local is ?



_________________________
In your next reply I would like to see:
  • A new HJT log
  • Let me know about havemilk.local
  • Describe if any problems your having.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: my HIJACKTHIS log

Unread postby K7hrs » December 17th, 2007, 12:42 pm

Thanks for your reply. Below is a new HJT log. Ran Housecall before first log and found "RingZero" and "Exe_bug.hooker". Norton AV couldn't find any files to remove. Other tried programs were no help.

Havemilk.local is exchange server.

Computer is VERY slow to open anything. Can't send emails in HTML from outlook. Also when booted computer this morning - start menu showed "new program installed" - didn't see one when I looked.

Thanks for your help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:23:13 AM, on 12/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Belarc\BelMonitor\BANTMonitorSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.dogpile.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: PrintPunk Activate Toolbar - {D408001A-E1C0-4FA9-B256-D6CDF2754E7D} - C:\Program Files\PrintPunk\PrintPunk.dll
O3 - Toolbar: PrintPunk - {C6429812-4127-47C6-88BA-EF79B6735132} - C:\Program Files\PrintPunk\PrintPunk.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [BelNotify] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\Belarc\Advisor\System\NPBelv32.dll,RunDll32_BelNotify
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: PrintPunk Print to Fit - file://C:\Program Files\PrintPunk\\PrintPunkPrintToFit.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PrintPunk - {B6D2D93F-2723-41a5-BD16-F853CA6FC460} - C:\Program Files\PrintPunk\PrintPunk.dll
O9 - Extra 'Tools' menuitem: PrintPunk Toolbar - {B6D2D93F-2723-41a5-BD16-F853CA6FC460} - C:\Program Files\PrintPunk\PrintPunk.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6474054315
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = havemilk.local
O17 - HKLM\Software\..\Telephony: DomainName = havemilk.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = havemilk.local
O23 - Service: BelMonitor Service (BelMonitorService) - Belarc, Inc. - C:\PROGRA~1\Belarc\BelMonitor\BANTMonitorSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 9111 bytes
K7hrs
Active Member
 
Posts: 3
Joined: December 14th, 2007, 1:07 pm

Re: my HIJACKTHIS log

Unread postby Bob4 » December 17th, 2007, 3:39 pm

OK let's look a bit deeper.

Thanks for your reply. Below is a new HJT log. Ran Housecall before first log and found "RingZero" and "Exe_bug.hooker


Did it clean them or just find them ??



______________________________

Download and install CCleaner from here


If you use either the Firefox or Mozilla browsers, the box to uncheck for Cookies is on the Applications tab, under Firefox/Mozilla.

  • Set Cookie Retention.
    Click on the Options block on the left, then choose Cookies.
    Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
  • Reset Temp File Removal for Regular Use.
    Click on the Options block on the left. Select the Advanced button.
    Check "Only delete files in Windows Temp folders older than 48 hours".


    Now run the program and click on Run Cleaner
    ( Do not use the Registry function to clean anything with this program. Having anything auto clean your regisrty is risky).


___________________________________
Download the trial version of AVG Anti-Spyware from here and install it. When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open. Do not run a scan yet.

If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following:
  • Click the Update icon at the top and under Manual Update click the Start update button.
  • The program will either update or inform you that no update was available.
  • It is essential that you get the update - keep trying until successful. (Note: If you have problems getting the update, you can download an installer for the full database from here (save it on your desktop). Once you have downloaded the installer, make sure that AVG Anti-Spyware is closed and then double-click on avgas-signatures-full-current.exe to install the database).



    Reboot your computer in Safe Mode.
    • If the computer is running, shut down Windows, and then turn off the power.
    • Wait 30 seconds, and then turn the computer on.
    • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
    • Ensure that the Safe Mode option is selected.
    • Press Enter. The computer then begins to start in Safe mode.
    • Login on your usual account.
    • Open up AVG anti Malware

Please set up the program as follows:
  • Click the Shield icon at the top and under Resident shield is... click active. This should now change to inactive.
  • Click the Update icon and untick the automatic update option.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act? - make sure that Quarantine is selected.
    • Under How to scan? - All checkboxes should be ticked.
    • Under Possibly unwanted software - All checkboxes should be ticked.
    • Under Reports - Select Do not automatically generate reports.
    • Under What to scan? - Select Scan every file.
Close all open windows.
  • Click on Scanner on the toolbar.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan your computer.
  • When the scan has finished, follow the instructions below:
  • Make sure that Set all elements to: shows Quarantine
  • Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
  • When the program has finished, it will display the message All actions have been applied.
  • Then click the Save Scan Report button.
  • Click the Save Report as button.
  • Save the report to your Desktop.
  • Right-click the AVG Tray Icon and select Exit.
  • Reboot in normal mode.



_________________________________
Please do an online scan with Kaspersky Online Scanner
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:
Scan using the following Anti-Virus database:

Extended (If available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK

Now under select a target to scan select My Computer


Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.



The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:

Save the file to your desktop.

Copy and paste that information in your next post.
__________________________________

open CCleaner
click on tools
highlight uninstall

down on the bottom click save to text file.
Save it to your desktop and post
the contents
of that log for me.



_________________________
In your next reply I would like to see:
  • A new HJT log
  • The report from AVG anti Spyware
  • The report from Kasperskys
  • The report from Uninstall list from CCleaner
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: my HIJACKTHIS log

Unread postby K7hrs » December 18th, 2007, 6:56 pm

All requested actions have been completed and here are the reports.

The scan from Housecall did not remove - it asked me to manually remove.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:53:48 PM, on 12/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Belarc\BelMonitor\BANTMonitorSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.dogpile.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: PrintPunk Activate Toolbar - {D408001A-E1C0-4FA9-B256-D6CDF2754E7D} - C:\Program Files\PrintPunk\PrintPunk.dll
O3 - Toolbar: PrintPunk - {C6429812-4127-47C6-88BA-EF79B6735132} - C:\Program Files\PrintPunk\PrintPunk.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [BelNotify] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\Belarc\Advisor\System\NPBelv32.dll,RunDll32_BelNotify
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: PrintPunk Print to Fit - file://C:\Program Files\PrintPunk\\PrintPunkPrintToFit.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PrintPunk - {B6D2D93F-2723-41a5-BD16-F853CA6FC460} - C:\Program Files\PrintPunk\PrintPunk.dll
O9 - Extra 'Tools' menuitem: PrintPunk Toolbar - {B6D2D93F-2723-41a5-BD16-F853CA6FC460} - C:\Program Files\PrintPunk\PrintPunk.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6474054315
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = havemilk.local
O17 - HKLM\Software\..\Telephony: DomainName = havemilk.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = havemilk.local
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BelMonitor Service (BelMonitorService) - Belarc, Inc. - C:\PROGRA~1\Belarc\BelMonitor\BANTMonitorSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 9581 bytes

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:17:15 AM 12/18/2007

+ Scan result:



C:\Documents and Settings\Lynne\Cookies\lynne@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.


::Report end

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, December 18, 2007 2:47:57 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/12/2007
Kaspersky Anti-Virus database records: 486393
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
P:\

Scan Statistics:
Total number of scanned objects: 477623
Number of viruses found: 10
Number of infected objects: 115
Number of suspicious objects: 10
Duration of the scan process: 04:50:45

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Lynne\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Lynne\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\Lynne\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Documents and Settings\Lynne\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\Lynne\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Lynne\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Lynne\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Lynne\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Lynne\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Lynne\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Lynne\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Lynne\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0699NAV~.TMP Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0718NAV~.TMP Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped
C:\System Volume Information\catalog.wci\00010001.ci Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped
C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP418\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\Netlogon.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_2a8.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
P:\Angela\Rats\2007-2008 School Year\Winter 2008 Session\Web page labels.doc Object is locked skipped
P:\Blair\Mail\mailbox.pst/Personal Folders/Deleted Items/03 Feb 1999 19:06 from Linda Eatherton:REVISED ISSUE ADVISORY: L/Facts about Listeria monocytogenes.doc Infected: Virus.MSWord.Class.d skipped
P:\Blair\Mail\mailbox.pst/Personal Folders/Deleted Items/25 Feb 1999 16:38 from Steve Matzen:FW: The Dairy FAX/2_22_99e.doc Infected: Virus.MSWord.Class.d skipped
P:\Blair\Mail\mailbox.pst/Personal Folders/Deleted Items/25 Feb 1999 16:49 from Steve Matzen:FW: Dairy FAX Revision/2_22_99REVe.doc Infected: Virus.MSWord.Class.d skipped
P:\Blair\Mail\mailbox.pst/Personal Folders/Deleted Items/17 Mar 1999 00:59 from Steve Matzen:FW: Mr. Food Mega-Cheese Rec/Mr. Food Mega Cheese Recipe Contest.doc Infected: Virus.MSWord.Class.d skipped
P:\Blair\Mail\mailbox.pst/Personal Folders/Deleted Items/22 Mar 1999 20:35 from Steve Matzen:FW: MILK.XLS/announcemt.doc Infected: Virus.MSWord.Class.d skipped
P:\Blair\Mail\mailbox.pst/Personal Folders/Deleted Items/29 Mar 1999 20:50 from Linda Magiera:Important Message From Lind/PTIDiscussions11.doc Infected: Virus.MSWord.Melissa skipped
P:\Blair\Mail\mailbox.pst/Personal Folders/Deleted Items/29 Mar 1999 20:51 from Marykate Ginter:Important Message From Ma/PTIDiscussions11.doc Infected: Virus.MSWord.Melissa skipped
P:\Blair\Mail\mailbox.pst/Personal Folders/Deleted Items/29 Mar 1999 20:52 from Carol Ostling:Important Message From Caro/PTIDiscussions11.doc Infected: Virus.MSWord.Melissa skipped
P:\Blair\Mail\mailbox.pst/Personal Folders/Deleted Items/06 Apr 1999 20:11 from Julie Furlong:FW: Domain Transfer Letter/cowtv_domain_xfer.doc Infected: Virus.MSWord.Class.d skipped
P:\Blair\Mail\mailbox.pst/Personal Folders/Deleted Items/05 Apr 1999 18:11 from Steve Matzen:FW: the next nutrition artic/Time for a Nutrition Check.doc Infected: Virus.MSWord.Class.d skipped
P:\Blair\Mail\mailbox.pst/Personal Folders/Deleted Items/13 Apr 1999 19:39 from Steve Matzen:FW: Update on Warehouse Proj/Whse-Order Fulfillment Proj..doc Infected: Virus.MSWord.Class.d skipped
P:\Blair\Mail\mailbox.pst/Personal Folders/Deleted Items/13 Apr 1999 19:31 from Steve Matzen:FW: 1999 1Q Product Publicit/'99 1Q Commitment-Audit Form.doc Infected: Virus.MSWord.Class.d skipped
P:\Blair\Mail\mailbox.pst/Personal Folders/Deleted Items/19 Apr 1999 16:54 from System Administrator:Undeliverable: ISSUE/19 Apr 1999 16:54 to 'cmizee@havemilk.com':FW: ISSUE ADVISORY - /PlasticsF_041699__2.doc Infected: Virus.MSWord.Class.d skipped
P:\Blair\Mail\mailbox.pst/Personal Folders/Deleted Items/19 Apr 1999 16:54 from System Administrator:Undeliverable: ISSUE/19 Apr 1999 16:54 to 'cmizee@havemilk.com':FW: ISSUE ADVISORY - /Plastic Wrap.doc Infected: Virus.MSWord.Class.d skipped
P:\Blair\Mail\mailbox.pst/Personal Folders/Deleted Items/01 Jun 1999 21:42 from Kurt Morrison:Jokes/Small.exe Infected: not-virus:BadJoke.Win16.Stupid.a skipped
P:\Blair\Mail\mailbox.pst/Personal Folders/Deleted Items/12 Jul 1999 22:36 from Steve Matzen:RE: Seafair/Happy99.exe Infected: Email-Worm.Win32.Happy skipped
P:\Blair\Mail\mailbox.pst/Personal Folders/Sent Items/09 Mar 1999 18:12 to 'cmizee@mww.com':FW: I.M. DAILY REPORT 3/8//03_08_99.doc Infected: Virus.MSWord.Class.d skipped
P:\Blair\Mail\mailbox.pst/Personal Folders/Sent Items/11 Mar 1999 00:41 to 'cmizee@mww.com':FW: ISSUE ADVISORY: DAIRY /drop in bfp.doc Infected: Virus.MSWord.Class.d skipped
P:\Blair\Mail\mailbox.pst/Personal Folders/Sent Items/15 Mar 1999 18:57 to 'cmizee@mww.com':FW: I.M. DAILY REPORT 3/12/03_12_99.doc Infected: Virus.MSWord.Class.d skipped
P:\Blair\Mail\mailbox.pst/Personal Folders/Sent Items/07 Apr 1999 16:55 to 'celeste@havemilk.com':BoD news release/BoD rls.doc Infected: Virus.MSWord.Class.d skipped
P:\Blair\Mail\mailbox.pst/Personal Folders/Sent Items/19 Apr 1999 16:54 to 'cmizee@havemilk.com':FW: ISSUE ADVISORY - /PlasticsF_041699__2.doc Infected: Virus.MSWord.Class.d skipped
P:\Blair\Mail\mailbox.pst/Personal Folders/Sent Items/19 Apr 1999 16:54 to 'cmizee@havemilk.com':FW: ISSUE ADVISORY - /Plastic Wrap.doc Infected: Virus.MSWord.Class.d skipped
P:\Blair\Mail\mailbox.pst/Personal Folders/Sent Items/05 May 1999 15:41 to 'cmizee@mww.com':FW: ISSUE ALERT: Dairy Foo/Purdue Pr.doc Infected: Virus.MSWord.Class.d skipped
P:\Blair\Mail\mailbox.pst/Personal Folders/Sent Items/05 May 1999 15:41 to 'cmizee@mww.com':FW: ISSUE ALERT: Dairy Foo/ConfSumm.doc Infected: Virus.MSWord.Class.d skipped
P:\Blair\Mail\mailbox.pst/Personal Folders/Sent Items/17 May 1999 20:25 to 'cmizee@mww.com':FW: For Immediate Release:/April 99 Dairy prices release__.doc Infected: Virus.MSWord.Class.d skipped
P:\Blair\Mail\mailbox.pst Mail MS Mail: infected - 25 skipped
P:\Celeste\Flysheets\FlysheetOct.xls Object is locked skipped
P:\Celeste\outlook.pst/Personal Folders/Deleted Items/27 Dec 1999 21:49 from steve matzen:Minutes for the November 8, /Dec Minutes_.doc Infected: Virus.MSWord.Class.d skipped
P:\Celeste\outlook.pst/Personal Folders/Deleted Items/29 Dec 1999 20:09 from French:DAIRY NUTRITION AND MARKETING MANA/commission minutes 12-15-99.doc Infected: Virus.MSWord.Class.fm skipped
P:\Celeste\outlook.pst/Personal Folders/Deleted Items/11 Jan 2000 22:21 from steve matzen:Minutes for the November 8, /Dec Minutes__.doc Infected: Virus.MSWord.Class.d skipped
P:\Celeste\outlook.pst/Personal Folders/Deleted Items/23 Jan 2000 04:47 from steve matzen:Tentative Agenda for Commiss/Tentative Agenda.doc Infected: Virus.MSWord.Class.d skipped
P:\Celeste\outlook.pst/Personal Folders/Inbox/10 Jan 2000 19:34 from steve matzen:Memorandum of Understanding/Montana Memorandum of Understanding.doc Infected: Virus.MSWord.Class.d skipped
P:\Celeste\outlook.pst/Personal Folders/Sent Items/07 Jul 1999 22:43 to 'Steve Matzen':Minutes/June '99 minutes_.doc Infected: Virus.MSWord.Class.d skipped
P:\Celeste\outlook.pst/Personal Folders/Sent Items/26 Apr 1999 23:15 to 'Steve Matzen':April Minutes/April '99 minutes.doc Infected: Virus.MSWord.Class.d skipped
P:\Celeste\outlook.pst/Personal Folders/Sent Items/10 Mar 1999 18:55 to 'Steve Matzen':Board Meeting Minutes/Feb '99 Minutes.doc Infected: Virus.MSWord.Class.d skipped
P:\Celeste\outlook.pst/Personal Folders/Sent Items/23 Jul 1999 18:34 to 'Willis, Lynn':/Washington Dairy Products Commission.doc Infected: Virus.MSWord.Class.d skipped
P:\Celeste\outlook.pst/Personal Folders/Sent Items/06 Aug 1999 18:43 to 'Steve Matzen':/Jul '99 minutes_.doc Infected: Virus.MSWord.Class.d skipped
P:\Celeste\outlook.pst/Personal Folders/Sent Items/16 Sep 1999 17:06 to steve matzen:/Aug '99 minutes__.doc Infected: Virus.MSWord.Class.d skipped
P:\Celeste\outlook.pst/Personal Folders/Sent Items/20 Sep 1999 17:37 to steve matzen:/Aug '99 minutes__.doc Infected: Virus.MSWord.Class.d skipped
P:\Celeste\outlook.pst/Personal Folders/Sent Items/14 Oct 1999 17:02 to Bob Gilbert (E-mail):FW: Milk TV Creative A/Q4 TV Creupdate.doc Infected: Virus.MSWord.Class.d skipped
P:\Celeste\outlook.pst/Personal Folders/Sent Items/14 Oct 1999 17:02 to Bob Gilbert (E-mail):FW: Milk TV Creative A/Tape Order Form - Broadcast.doc Infected: Virus.MSWord.Class.d skipped
P:\Celeste\outlook.pst/Personal Folders/Sent Items/14 Oct 1999 17:02 to Bob Gilbert (E-mail):FW: Milk TV Creative A/Tape Order Form - NonBroadcast.doc Infected: Virus.MSWord.Class.d skipped
P:\Celeste\outlook.pst/Personal Folders/Sent Items/21 Oct 1999 18:02 to steve matzen:/Oct '99 minutes.doc Infected: Virus.MSWord.Class.d skipped
P:\Celeste\outlook.pst/Personal Folders/Sent Items/22 Oct 1999 18:39 to steve matzen:/Oct '99 minutes.doc Infected: Virus.MSWord.Class.d skipped
P:\Celeste\outlook.pst/Personal Folders/Sent Items/17 Nov 1999 19:24 to Brian Lindeman (E-mail); Carey Donaldson (E/Gandhi.doc Infected: Virus.MSWord.Class.d skipped
P:\Celeste\outlook.pst/Personal Folders/Sent Items/21 Dec 1999 19:37 to Tina Sohan (E-mail):/Tape Order Form - Broadcast.doc Infected: Virus.MSWord.Class.d skipped
P:\Celeste\outlook.pst/Personal Folders/Sent Items/23 Dec 1999 00:26 to steve matzen:/Dec Minutes.doc Infected: Virus.MSWord.Class.d skipped
P:\Celeste\outlook.pst/Personal Folders/Sent Items/11 Jan 2000 17:17 to steve matzen:/Dec Minutes_.doc Infected: Virus.MSWord.Class.d skipped
P:\Celeste\outlook.pst/Personal Folders/Sent Items/31 Jan 2000 23:34 to steve matzen:/Jan Minutes.doc Infected: Virus.MSWord.Class.d skipped
P:\Celeste\outlook.pst Mail MS Mail: infected - 22 skipped
P:\Kara\2007 Reports\Inventory\2007 Inventory Count Sheet.xls Object is locked skipped
P:\Lynne\Desktop\MyFunCardsSetup2.0.3.26.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
P:\PST\AMY.PST/Personal Folders/Deleted Items/08 Jun 2004 19:48 from kellie.cox@sheraton.com:read it immediate/dinner.zip/dinner.rtf.com Infected: Email-Worm.Win32.NetSky.b skipped
P:\PST\AMY.PST/Personal Folders/Deleted Items/08 Jun 2004 19:48 from kellie.cox@sheraton.com:read it immediate/dinner.zip Infected: Email-Worm.Win32.NetSky.b skipped
P:\PST\AMY.PST/Personal Folders/Deleted Items/07 Feb 2004 03:30 from mzqe@yahoo.com:HI/body.pif Infected: Email-Worm.Win32.Mydoom.a skipped
P:\PST\AMY.PST/Personal Folders/Deleted Items/30 Jan 2004 22:25 from MAILER-DAEMON@mail.speakeasy.net:failure .eml/[From amy@havemilk.org][Date Fri, 30 Jan 2004 11:04:40 -0800]/UNNAMED/message.zip/message.pif Infected: Email-Worm.Win32.Mydoom.a skipped
P:\PST\AMY.PST/Personal Folders/Deleted Items/30 Jan 2004 22:25 from MAILER-DAEMON@mail.speakeasy.net:failure .eml/[From amy@havemilk.org][Date Fri, 30 Jan 2004 11:04:40 -0800]/UNNAMED/message.zip Infected: Email-Worm.Win32.Mydoom.a skipped
P:\PST\AMY.PST/Personal Folders/Deleted Items/30 Jan 2004 22:25 from MAILER-DAEMON@mail.speakeasy.net:failure .eml/[From amy@havemilk.org][Date Fri, 30 Jan 2004 11:04:40 -0800]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
P:\PST\AMY.PST/Personal Folders/Deleted Items/30 Jan 2004 22:25 from MAILER-DAEMON@mail.speakeasy.net:failure .eml Infected: Email-Worm.Win32.Mydoom.a skipped
P:\PST\AMY.PST/Personal Folders/Deleted Items/27 Jan 2004 01:59 from Mail Delivery System:Mail delivery failed.eml/[From amy@havemilk.org][Date Mon, 26 Jan 2004 18:01:46 -0800]/UNNAMED/data.zip/data.pif Infected: Email-Worm.Win32.Mydoom.a skipped
P:\PST\AMY.PST/Personal Folders/Deleted Items/27 Jan 2004 01:59 from Mail Delivery System:Mail delivery failed.eml/[From amy@havemilk.org][Date Mon, 26 Jan 2004 18:01:46 -0800]/UNNAMED/data.zip Infected: Email-Worm.Win32.Mydoom.a skipped
P:\PST\AMY.PST/Personal Folders/Deleted Items/27 Jan 2004 01:59 from Mail Delivery System:Mail delivery failed.eml/[From amy@havemilk.org][Date Mon, 26 Jan 2004 18:01:46 -0800]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
P:\PST\AMY.PST/Personal Folders/Deleted Items/27 Jan 2004 01:59 from Mail Delivery System:Mail delivery failed.eml Infected: Email-Worm.Win32.Mydoom.a skipped
P:\PST\AMY.PST/Personal Folders/Deleted Items/26 Jan 2004 21:55 from cbirkmey@mail.bcpl.lib.md.us/document.zip/document.scr Infected: Email-Worm.Win32.Mydoom.a skipped
P:\PST\AMY.PST/Personal Folders/Deleted Items/26 Jan 2004 21:55 from cbirkmey@mail.bcpl.lib.md.us/document.zip Infected: Email-Worm.Win32.Mydoom.a skipped
P:\PST\AMY.PST Mail MS Mail: infected - 13 skipped
P:\PST\ANDREA.PST/Personal Folders/Deleted Items/07 Jun 2004 18:13 from craidolson@misd.wed.net.edu:something for/jokes.zip/jokes.rtf.com Infected: Email-Worm.Win32.NetSky.b skipped
P:\PST\ANDREA.PST/Personal Folders/Deleted Items/07 Jun 2004 18:13 from craidolson@misd.wed.net.edu:something for/jokes.zip Infected: Email-Worm.Win32.NetSky.b skipped
P:\PST\ANDREA.PST/Personal Folders/Deleted Items/03 Mar 2004 04:35 from smyer@bastyr.edu:^_^ mew-mew (-:/Readme.zip/wnedoo.exe Infected: Email-Worm.Win32.Bagle.g skipped
P:\PST\ANDREA.PST/Personal Folders/Deleted Items/03 Mar 2004 04:35 from smyer@bastyr.edu:^_^ mew-mew (-:/Readme.zip Infected: Email-Worm.Win32.Bagle.g skipped
P:\PST\ANDREA.PST/Personal Folders/Deleted Items/28 Jan 2004 08:52 from Mail Delivery System:Mail delivery failed.eml/[From hill@eatsmart.org][Date Tue, 27 Jan 2004 10:55:18 -0800]/UNNAMED/document.zip/document.exe Infected: Email-Worm.Win32.Mydoom.a skipped
P:\PST\ANDREA.PST/Personal Folders/Deleted Items/28 Jan 2004 08:52 from Mail Delivery System:Mail delivery failed.eml/[From hill@eatsmart.org][Date Tue, 27 Jan 2004 10:55:18 -0800]/UNNAMED/document.zip Infected: Email-Worm.Win32.Mydoom.a skipped
P:\PST\ANDREA.PST/Personal Folders/Deleted Items/28 Jan 2004 08:52 from Mail Delivery System:Mail delivery failed.eml/[From hill@eatsmart.org][Date Tue, 27 Jan 2004 10:55:18 -0800]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a skipped
P:\PST\ANDREA.PST/Personal Folders/Deleted Items/28 Jan 2004 08:52 from Mail Delivery System:Mail delivery failed.eml Infected: Email-Worm.Win32.Mydoom.a skipped
P:\PST\ANDREA.PST/Personal Folders/Deleted Items/26 Jan 2004 22:10 from gregparros@consultparros.com:Mail Transac/doc.zip/doc.pif Infected: Email-Worm.Win32.Mydoom.a skipped
P:\PST\ANDREA.PST/Personal Folders/Deleted Items/26 Jan 2004 22:10 from gregparros@consultparros.com:Mail Transac/doc.zip Infected: Email-Worm.Win32.Mydoom.a skipped
P:\PST\ANDREA.PST/Personal Folders/Deleted Items/26 Jan 2004 22:02 from System Administrator:Undeliverable: HELLO/26 Jan 2004 22:34 to kaye@10xmarketing.com:HELLO/body.zip/body.pif Infected: Email-Worm.Win32.Mydoom.a skipped
P:\PST\ANDREA.PST/Personal Folders/Deleted Items/26 Jan 2004 22:02 from System Administrator:Undeliverable: HELLO/26 Jan 2004 22:34 to kaye@10xmarketing.com:HELLO/body.zip Infected: Email-Worm.Win32.Mydoom.a skipped
P:\PST\ANDREA.PST/Personal Folders/Deleted Items/26 Jan 2004 21:50 from rebeccaadams@mindspring.com:Mail Delivery/kjdtc.zip/kjdtc.txt .exe Infected: Email-Worm.Win32.Mydoom.a skipped
P:\PST\ANDREA.PST/Personal Folders/Deleted Items/26 Jan 2004 21:50 from rebeccaadams@mindspring.com:Mail Delivery/kjdtc.zip Infected: Email-Worm.Win32.Mydoom.a skipped
P:\PST\ANDREA.PST/Personal Folders/Deleted Items/26 Jan 2004 21:50 from sfaxlimo@aol.com:Test/message.zip/message.pif Infected: Email-Worm.Win32.Mydoom.a skipped
P:\PST\ANDREA.PST/Personal Folders/Deleted Items/26 Jan 2004 21:50 from sfaxlimo@aol.com:Test/message.zip Infected: Email-Worm.Win32.Mydoom.a skipped
P:\PST\ANDREA.PST/Personal Folders/Deleted Items/26 Jan 2004 21:46 from Mail Delivery Subsystem:Returned mail: se.eml/[From hill@eatsmart.org][Date Mon, 26 Jan 2004 14:13:13 -0800]/readme.zip/readme.htm .scr Infected: Email-Worm.Win32.Mydoom.a skipped
P:\PST\ANDREA.PST/Personal Folders/Deleted Items/26 Jan 2004 21:46 from Mail Delivery Subsystem:Returned mail: se.eml/[From hill@eatsmart.org][Date Mon, 26 Jan 2004 14:13:13 -0800]/readme.zip Infected: Email-Worm.Win32.Mydoom.a skipped
P:\PST\ANDREA.PST/Personal Folders/Deleted Items/26 Jan 2004 21:46 from Mail Delivery Subsystem:Returned mail: se.eml Infected: Email-Worm.Win32.Mydoom.a skipped
P:\PST\ANDREA.PST/Personal Folders/Deleted Items/26 Jan 2004 21:36 from abeth.martin@pss.boeing.com:Omrk/doc.zip/doc.exe Infected: Email-Worm.Win32.Mydoom.a skipped
P:\PST\ANDREA.PST/Personal Folders/Deleted Items/26 Jan 2004 21:36 from abeth.martin@pss.boeing.com:Omrk/doc.zip Infected: Email-Worm.Win32.Mydoom.a skipped
P:\PST\ANDREA.PST Mail MS Mail: infected - 21 skipped
P:\PST\MENDOZA.PST/Personal Folders/Deleted Items/20 Jul 2004 15:56 from Mail Delivery Subsystem:Returned mail: se/20 Jul 2004 14:54 to mmoore@fwg.com:(*****) Mail Delivery (failu//ATT00040.htm Suspicious: Exploit.HTML.Iframe.FileDownload skipped
P:\PST\MENDOZA.PST/Personal Folders/Deleted Items/19 Jul 2004 15:26 from Mail Delivery Subsystem:Returned mail: se/19 Jul 2004 14:09 to ed81a8c0@fwg.com:(*****) Mail Delivery (fai//ATT00042.htm Suspicious: Exploit.HTML.Iframe.FileDownload skipped
P:\PST\MENDOZA.PST/Personal Folders/Deleted Items/18 Jul 2004 01:39 from Postmaster:Undeliverable Mail.eml/[From mendoza@eatsmart.org][Date Sat, 17 Jul 2004 20:40:33 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
P:\PST\MENDOZA.PST/Personal Folders/Deleted Items/18 Jul 2004 01:39 from Postmaster:Undeliverable Mail.eml/[From mendoza@eatsmart.org][Date Sat, 17 Jul 2004 20:40:33 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
P:\PST\MENDOZA.PST/Personal Folders/Deleted Items/18 Jul 2004 01:39 from Postmaster:Undeliverable Mail.eml Suspicious: Exploit.HTML.Iframe.FileDownload skipped
P:\PST\MENDOZA.PST/Personal Folders/Deleted Items/15 Jul 2004 14:45 from Mail Delivery Subsystem:Returned mail: se/15 Jul 2004 14:47 to .wtoteff@fwg.com:(*****) Mail Delivery (fai//ATT03329.htm Suspicious: Exploit.HTML.Iframe.FileDownload skipped
P:\PST\MENDOZA.PST/Personal Folders/Deleted Items/07 Jul 2004 20:32 from Mail Delivery Subsystem:Returned mail: se/07 Jul 2004 20:33 to c780a8c0@fwg.com:(*****) Mail Delivery (fai//ATT00448.htm Suspicious: Exploit.HTML.Iframe.FileDownload skipped
P:\PST\MENDOZA.PST Mail MS Mail: suspicious - 7 skipped
P:\PST\MOSS.PST/Personal Folders/Deleted Items/07 May 2004 05:37 from info@hssinternational.com:{Dangerous Atta.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
P:\PST\MOSS.PST Mail MS Mail: suspicious - 1 skipped
P:\smatzen\mail\outlook.ost/Offline store/Root - Mailbox/IPM_SUBTREE/Inbox/DMI Issues Alerts/Reports/08 Feb 1999 21:31 from Linda Eatherton:I.M. DAILY REPORT 2/8/99/02_08_99.doc Infected: Virus.MSWord.Class.d skipped
P:\smatzen\mail\outlook.ost/Offline store/Root - Mailbox/IPM_SUBTREE/Inbox/DMI Issues Alerts/Reports/09 Mar 1999 20:51 from Linda Eatherton:FW: Issue Advisory Update/statements 30999.doc Infected: Virus.MSWord.Class.d skipped
P:\smatzen\mail\outlook.ost/Offline store/Root - Mailbox/IPM_SUBTREE/Inbox/DMI Issues Alerts/Reports/10 Mar 1999 20:27 from Sue Markgraf:FW: ISSUE ADVISORY: DAIRY PR/drop in bfp.doc Infected: Virus.MSWord.Class.d skipped
P:\smatzen\mail\outlook.ost/Offline store/Root - Mailbox/IPM_SUBTREE/Inbox/DMI General /04 Mar 1999 23:32 from Linda Eatherton:BUTTER INDUSTRY RELATIONS/99time2.doc Infected: Virus.MSWord.Class.d skipped
P:\smatzen\mail\outlook.ost/Offline store/Root - Mailbox/IPM_SUBTREE/Sent Items/04 Feb 1999 00:10 to 'Doug Marshall':FW: REVISED ISSUE ADVISORY:/Facts about Listeria monocytogenes.doc Infected: Virus.MSWord.Class.d skipped
P:\smatzen\mail\outlook.ost/Offline store/Root - Mailbox/IPM_SUBTREE/Sent Items/25 Feb 1999 16:55 to 'Blair Thompson'; 'Steve Malloch':FW: The D/2_22_99e.doc Infected: Virus.MSWord.Class.d skipped
P:\smatzen\mail\outlook.ost/Offline store/Root - Mailbox/IPM_SUBTREE/Sent Items/25 Feb 1999 17:06 to 'Blair Thompson':FW: Dairy FAX Revision/2_22_99REVe.doc Infected: Virus.MSWord.Class.d skipped
P:\smatzen\mail\outlook.ost/Offline store/Root - Mailbox/IPM_SUBTREE/Sent Items/10 Mar 1999 19:23 to 'Celeste Piette':Tentative Agenda/Tentative Agenda March.doc Infected: Virus.MSWord.Class.d skipped
P:\smatzen\mail\outlook.ost/Offline store/Root - Mailbox/IPM_SUBTREE/Sent Items/10 Mar 1999 19:26 to 'Celeste Piette':Tentative Agenda-Revise/Tentative Agenda March.doc Infected: Virus.MSWord.Class.d skipped
P:\smatzen\mail\outlook.ost/Offline store/Root - Mailbox/IPM_SUBTREE/Sent Items/10 Mar 1999 20:46 to 'Celeste Piette': Feb. '99 Minutes/Feb '99 Minutes_.doc Infected: Virus.MSWord.Class.d skipped
P:\smatzen\mail\outlook.ost/Offline store/Root - Mailbox/IPM_SUBTREE/Sent Items/17 Mar 1999 01:07 to 'Blair Thompson':FW: Mr. Food Mega-Cheese R/Mr. Food Mega Cheese Recipe Contest.doc Infected: Virus.MSWord.Class.d skipped
P:\smatzen\mail\outlook.ost/Offline store/Root - Mailbox/IPM_SUBTREE/Sent Items/22 Mar 1999 20:43 to 'Blair Thompson'; 'Steve Malloch'; 'Celeste/announcemt.doc Infected: Virus.MSWord.Class.d skipped
P:\smatzen\mail\outlook.ost/Offline store/Root - Mailbox/IPM_SUBTREE/Sent Items/26 Mar 1999 23:41 to 'Julie Haakenson':Memorandum/Memo to BOD 3-26-99.doc Infected: Virus.MSWord.Class.d skipped
P:\smatzen\mail\outlook.ost/Offline store/Root - Mailbox/IPM_SUBTREE/Sent Items/26 Mar 1999 23:48 to 'Karen Olson':Memo to BOD/Memo to BOD 3-26-99.doc Infected: Virus.MSWord.Class.d skipped
P:\smatzen\mail\outlook.ost/Offline store/Root - Mailbox/IPM_SUBTREE/Sent Items/31 Mar 1999 23:58 to 'Celeste Piette':PRESENT:/March '99 minutes.doc Infected: Virus.MSWord.Class.d skipped
P:\smatzen\mail\outlook.ost/Offline store/Root - Mailbox/IPM_SUBTREE/Sent Items/05 Apr 1999 18:22 to 'Blair Thompson':FW: the next nutrition art/Time for a Nutrition Check.doc Infected: Virus.MSWord.Class.d skipped
P:\smatzen\mail\outlook.ost/Offline store/Root - Mailbox/IPM_SUBTREE/Sent Items/05 Apr 1999 19:17 to 'Celeste Piette':FW: March minutes/March '99 minutes.doc Infected: Virus.MSWord.Class.d skipped
P:\smatzen\mail\outlook.ost/Offline store/Root - Mailbox/IPM_SUBTREE/Sent Items/13 Apr 1999 19:43 to 'Blair Thompson':FW: 1999 1Q Product Public/'99 1Q Commitment-Audit Form.doc Infected: Virus.MSWord.Class.d skipped
P:\smatzen\mail\outlook.ost/Offline store/Root - Mailbox/IPM_SUBTREE/Sent Items/13 Apr 1999 19:51 to 'Blair Thompson'; 'Celeste Piette'; 'Vala H/Whse-Order Fulfillment Proj..doc Infected: Virus.MSWord.Class.d skipped
P:\smatzen\mail\outlook.ost/Offline store/Root - Mailbox/IPM_SUBTREE/Sent Items/23 Apr 1999 05:26 to 'Celeste Piette':FW: SAAM distribution proc/Crosswalk-New to Old.doc Infected: Virus.MSWord.Class.d skipped
P:\smatzen\mail\outlook.ost/Offline store/Root - Mailbox/IPM_SUBTREE/Sent Items/05 May 1999 19:39 to 'Celeste Piette':FW: I.M. DAILY REPORT 5/5//05_05_99.doc Infected: Virus.MSWord.Class.d skipped
P:\smatzen\mail\outlook.ost/Offline store/Root - Mailbox/IPM_SUBTREE/Sent Items/11 May 1999 16:28 to 'Celeste Piette':April Minutes/April '99 minutes_.doc Infected: Virus.MSWord.Class.d skipped
P:\smatzen\mail\outlook.ost/Offline store/Root - Mailbox/IPM_SUBTREE/Sent Items/11 May 1999 21:49 to 'Celeste Piette':MayTentative Agenda/May Tentative Agenda.doc Infected: Virus.MSWord.Class.d skipped
P:\smatzen\mail\outlook.ost/Offline store/Root - Mailbox/IPM_SUBTREE/Sent Items/13 May 1999 20:36 to 'French@eatsmart.org':FW: Special Cartons f/big 200DISTLETT.DOC Infected: Virus.MSWord.Class.d skipped
P:\smatzen\mail\outlook.ost/Offline store/Root - Mailbox/IPM_SUBTREE/Sent Items/04 Jun 1999 22:15 to 'Debbie French':FW: I.M. Daily Report 06/01/06_01_99.doc Infected: Virus.MSWord.Class.d skipped
P:\smatzen\mail\outlook.ost/Offline store/Root - Mailbox/IPM_SUBTREE/Sent Items/08 Jun 1999 22:01 to 'Celeste Piette':FW: minutes/May '99 minutes_.doc Infected: Virus.MSWord.Class.d skipped
P:\smatzen\mail\outlook.ost/Offline store/Root - Mailbox/IPM_SUBTREE/Sent Items/10 Aug 1999 16:19 to 'Celeste Piette':July Minutes/Jul '99 minutes__.doc Infected: Virus.MSWord.Class.d skipped
P:\smatzen\mail\outlook.ost/Offline store/Root - Mailbox/IPM_SUBTREE/Sent Items/10 Aug 1999 16:23 to 'Celeste Piette':JULY MINUTES/Jul '99 minutes__.doc Infected: Virus.MSWord.Class.d skipped
P:\smatzen\mail\outlook.ost Mail MS Mail: infected - 28 skipped

Scan process completed.

Adobe Acrobat 5.0
Adobe Flash Player 9
Adobe PageMaker 7.0
Adobe Reader 8.1.1
Apple Software Update
Avery Assistant for the Personal Label Printer
Avery DesignPro
AVG Anti-Spyware 7.5
CCleaner (remove only)
CCScore
Classic PhoneTools
Conexant D850 56K V.9x DFVc Modem
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell System Restore
DellSupport
Digital Content Portal
Digital Line Detect
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB926239)
HouseCall 6.6
Intel Matrix Storage Manager
Intel(R) PRO Network Connections Drivers
Intel(R) PROSafe for Wired Connections
Intel(R) PROSet for Wired Connections
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
Kaspersky Online Scanner
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
LiveUpdate 2.6 (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Meeting 2005
Microsoft Office Outlook 2003 with Business Contact Manager Update
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Media Content
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Modem Helper
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
netbrdg
NetWaiting
NVIDIA Drivers
OfotoXMI
PCDADDIN
PCDHELP
PrintPunk 1.1.2
QuickTime
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Search Assist
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB936509)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB936514)
Security Update for Publisher 2007 (KB936646)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944653)
SFR
SHASTA
skin0001
SKINXSDK
Sonic Activation Module
Sonic Update Manager
staticcr
Symantec AntiVirus
tooltips
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB934393)
Update for Outlook 2007 (KB937608)
Update for Outlook 2007 Junk Email Filter (kb943597)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Word 2007 (KB934173)
URL Assistant
VPRINTOL
WebCyberCoach 3.2 Dell
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WIRELESS
XoftSpySE
K7hrs
Active Member
 
Posts: 3
Joined: December 14th, 2007, 1:07 pm

Re: my HIJACKTHIS log

Unread postby Bob4 » December 20th, 2007, 7:59 am

I'm sorry it took a bit for me to get back to you.
I'm not sure I will be able to help you and I will explain.

First the Exe_bug.hooker virus.

http://vil.nai.com/vil/content/v_432.htm << read this

This virus is set in action by a boot disk. What this means is if the system was more than likely attacked by a boot disk. If you used a boot disk (Floppy or CD ) To reboot/fix the system that is where the hooker virus came from. Since you are part of a windows domain. (gotmilk) I''m not sure where to start. As I don't know where the virus was found.
Second.
The kasperskys scan showed that there are many infected e mails around this domain.

Since this is a domain my best advice is to alert the administrator of this domain that he/she more than likely has infected emails on the domain and could infect any other computers on this domain or computers that access it.
I am sorry I couldn't be of more help but we are here to try and help the personal /single PC. My actions in trying to clean your machine could effect other machines undesirably.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: my HIJACKTHIS log

Unread postby NonSuch » December 27th, 2007, 6:33 pm

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 48 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware