Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My HijackThis Log: Need help w/ Win32.Small.ddx, system-defender [RESO


  • This topic is locked This topic is locked

#1
Cannon

Cannon

    Member

  • Member
  • PipPip
  • 37 posts
Hey guys, I recently downloaded something that has just recked havic on my computer. Here's some the info:
----
WinXP Media Ed with SP2
----
I have ran Spybot, SUPERAntispyware, Ad-Aware SE, AVG, ATF Cleaner, Norton - all of which found various stuff over and over again...
----
Some of the crap:
Tagasaurus, WIN32.Small.ddx, AdRotator, System-Defender.com, monpower.exe, several various temp????.exe, downloader.alphabet, downloader.adload, Trojan.Dialer.yz, etc.
----
I get various Monpower.exe and temp.exe file popups trying to be added to the registry. Also, sometimes when viewing sites, it will automatically take the page to searchmeta.net or myshovel.com.

Anyways, the only scan I could not get to run is the Panda online... nothing happens.

Here's my HijackThis Log. Any help would be GREATLY appreciated.
----
Logfile of HijackThis v1.99.1
Scan saved at 6:26:03 PM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\msiexec.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\Jeff & Mary\My Documents\My Downloads\HiJack This\HijackThis.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [Ulead Quick-Drop] "C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Disc Creator TBYB\Ulead Quick-Drop 1.0\Quick-Drop.exe" WINDOWCALL
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: VolumeMon - {bc4ad0bc-2c29-41fa-b7da-fc43b7824d60} - C:\WINDOWS\Installer\{bc4ad0bc-2c29-41fa-b7da-fc43b7824d60}\VolumeMon.dll
O21 - SSODL: zip - {fd22355c-0635-43c0-a967-784eb54ace29} - C:\WINDOWS\Installer\{fd22355c-0635-43c0-a967-784eb54ace29}\zip.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: GEARSecurity (GEARSecurity_BackUp) - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello Cannon

Welcome to G2Go. :)
=================
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
Cannon

Cannon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Thanks for the quick reply. Here's the two .txt files you asked for:
***********************************************************
Deckard's System Scanner v20071014.68
Run by Jeff & Mary on 2008-02-17 19:12:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Jeff & Mary.exe) -----------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 7:12:15 PM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Jeff & Mary\Desktop\dss.exe
C:\DOCUME~1\JEFF&M~1\MYDOCU~1\MYDOWN~1\HIJACK~1\JEFF&M~1.EXE

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [Ulead Quick-Drop] "C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Disc Creator TBYB\Ulead Quick-Drop 1.0\Quick-Drop.exe" WINDOWCALL
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: VolumeMon - {bc4ad0bc-2c29-41fa-b7da-fc43b7824d60} - C:\WINDOWS\Installer\{bc4ad0bc-2c29-41fa-b7da-fc43b7824d60}\VolumeMon.dll
O21 - SSODL: zip - {fd22355c-0635-43c0-a967-784eb54ace29} - C:\WINDOWS\Installer\{fd22355c-0635-43c0-a967-784eb54ace29}\zip.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: GEARSecurity (GEARSecurity_BackUp) - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


-- Files created between 2008-01-17 and 2008-02-17 -----------------------------

2008-02-17 18:28:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-02-17 16:46:39 0 --a------ C:\WINDOWS\ORUN32.EXE
2008-02-17 16:46:34 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2008-02-17 16:40:01 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-02-17 16:40:00 0 d-------- C:\Documents and Settings\Jeff & Mary\Application Data\SUPERAntiSpyware.com
2008-02-17 16:39:38 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-17 11:31:19 691545 --a------ C:\WINDOWS\unins000.exe
2008-02-16 07:34:13 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-16 07:33:45 0 d-------- C:\Program Files\Spyware Doctor
2008-02-16 07:33:45 0 d-------- C:\Documents and Settings\Jeff & Mary\Application Data\PC Tools
2008-02-16 07:27:17 39936 --a------ C:\WINDOWS\system32\ssqnllj.dll
2008-02-14 06:04:20 9961472 --a------ C:\Documents and Settings\Jeff & Mary\ntuser.dat
2008-02-14 06:03:54 6830 --ahs---- C:\WINDOWS\system32\ijjlm.ini2
2008-02-11 19:28:02 0 d-------- C:\Documents and Settings\Jeff & Mary\Application Data\vlc
2008-02-10 18:27:18 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-02-10 18:24:17 0 d-------- C:\Program Files\PIXELA
2008-02-10 17:16:34 0 d-------- C:\Program Files\PIXELA(2)
2008-02-09 20:31:13 0 d-------- C:\Program Files\Picasa2
2008-02-09 20:27:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-02-09 20:25:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-08 20:20:56 6458 --a------ C:\WINDOWS\unins000.dat
2008-02-07 20:09:16 0 d-------- C:\Documents and Settings\Jeff & Mary\Application Data\Ulead Systems
2008-02-07 20:07:56 0 d-------- C:\Program Files\Common Files\InterVideo
2008-02-07 20:07:52 0 d-------- C:\Documents and Settings\All Users\Application Data\InterVideo
2008-02-04 18:36:38 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-02-04 18:36:37 282624 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-02-04 18:36:37 1559040 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-02-04 18:36:36 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-02-04 18:36:36 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-02-04 18:36:35 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-02-04 18:36:35 682496 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-04 06:06:52 0 d-------- C:\Program Files\Microsoft SQL Server
2008-02-04 05:57:47 171008 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>
2008-02-04 05:55:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
2008-02-04 05:53:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-02-04 05:53:11 0 d-------- C:\Program Files\Pinnacle
2008-02-04 05:52:52 14165 --a------ C:\WINDOWS\system32\drivers\Pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
2008-02-03 18:51:08 0 d-------- C:\Documents and Settings\Jeff & Mary\Application Data\GetRightToGo
2008-02-03 18:30:29 0 d-------- C:\Documents and Settings\All Users\Application Data\PIXELA
2008-01-21 18:45:41 0 d-------- C:\Program Files\AviSynth 2.5
2008-01-21 18:45:25 0 d-------- C:\Program Files\Gabest
2008-01-21 18:45:07 0 d-------- C:\Program Files\AutoGK
2008-01-21 18:25:10 0 d-------- C:\Program Files\DVD Decrypter
2008-01-19 12:00:26 0 d-------- C:\Program Files\PrintKey2000


-- Find3M Report ---------------------------------------------------------------

2008-02-17 19:07:17 0 d-------- C:\Program Files\Common Files
2008-02-17 19:00:22 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-17 18:40:27 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-02-17 18:28:11 0 d--h----- C:\Documents and Settings\Jeff & Mary\Application Data\Gtek
2008-02-17 16:11:36 0 d-------- C:\Documents and Settings\Jeff & Mary\Application Data\1st Free Solitaire
2008-02-16 07:29:59 0 d-------- C:\Program Files\Google
2008-02-16 06:50:54 0 d-------- C:\Documents and Settings\Jeff & Mary\Application Data\U3
2008-02-11 18:44:09 0 d-------- C:\Program Files\VideoLAN
2008-02-10 18:27:18 0 d-------- C:\Program Files\Zune
2008-02-10 18:27:18 0 d-------- C:\Documents and Settings\Jeff & Mary\Application Data\DivX
2008-02-10 18:27:00 0 d-------- C:\Program Files\DivX
2008-02-10 18:26:57 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-09 20:53:53 0 d-------- C:\Documents and Settings\Jeff & Mary\Application Data\Google
2008-02-07 20:07:13 0 d-------- C:\Program Files\Common Files\Ulead Systems
2008-02-04 05:58:03 95 --a------ C:\AUTOEXEC.BAT
2008-02-02 10:49:46 196 --a------ C:\Documents and Settings\Jeff & Mary\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
2008-01-25 21:30:49 91200 --a------ C:\Documents and Settings\Jeff & Mary\Application Data\GDIPFONTCACHEV1.DAT
2008-01-23 21:03:28 600 --a------ C:\Documents and Settings\Jeff & Mary\Application Data\AutoGK.ini
2008-01-09 20:38:46 0 d-------- C:\Program Files\BearShare
2008-01-08 17:25:56 0 d-------- C:\Program Files\ImTOO
2008-01-08 17:04:22 0 d-------- C:\Program Files\Cucusoft
2008-01-04 13:35:15 0 d-------- C:\Documents and Settings\Jeff & Mary\Application Data\Adobe
2007-12-23 10:08:45 0 d-------- C:\Program Files\Lexmark X5100 Series
2007-12-22 06:27:51 0 d-------- C:\Program Files\Calypso3


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [03/22/2005 10:20 PM C:\WINDOWS\stsystra.exe]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 02:50 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 02:50 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [07/19/2005 09:09 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [07/19/2005 09:10 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [07/19/2005 09:06 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/05/2004 11:05 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/27/2006 11:31 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 01:25 AM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [12/10/2007 02:53 PM]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [11/15/2007 09:51 PM]
"USIUDF_Eject_Monitor"="C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe" []
"Ulead Quick-Drop"="C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Disc Creator TBYB\Ulead Quick-Drop 1.0\Quick-Drop.exe" []
"Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/29/2005 07:40 PM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [11/24/2005 07:51 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 03:48 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07/16/2006 06:24 PM]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [01/17/2006 12:03 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" []
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/10/2004 02:04 AM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 02:19 PM]
"ATIPTA"="C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE" [08/05/2005 09:05 PM]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [10/22/2006 10:24 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" []
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 10:09 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39 AM]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [11/13/2007 01:46 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [3/5/2005 8:18:22 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"VolumeMon"= {bc4ad0bc-2c29-41fa-b7da-fc43b7824d60} - C:\WINDOWS\Installer\{bc4ad0bc-2c29-41fa-b7da-fc43b7824d60}\VolumeMon.dll [02/16/2008 07:27 AM 14374]
"zip"= {fd22355c-0635-43c0-a967-784eb54ace29} - C:\WINDOWS\Installer\{fd22355c-0635-43c0-a967-784eb54ace29}\zip.dll [02/16/2008 07:27 AM 38438]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mljji.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)




-- End of Deckard's System Scanner: finished at 2008-02-17 19:12:40 ------------

********************************************************************************
**
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 64%
Physical Memory (total/avail): 1022.07 MiB / 362.25 MiB
Pagefile Memory (total/avail): 2446.05 MiB / 1688.62 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.38 MiB

C: is Fixed (NTFS) - 69.82 GiB total, 37.79 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is CDROM (No Media)
I: is Fixed (FAT32) - 149.01 GiB total, 115.71 GiB free.

\\.\PHYSICALDRIVE0 - ST380013AS - 74.5 GiB - 3 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 69.82 GiB - C:
\PARTITION2 - Unknown - 4.64 GiB

\\.\PHYSICALDRIVE1 - Seagate External Drive USB Device - 149.05 GiB - 1 partition
\PARTITION0 - Unknown - 149.05 GiB - I:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Norton Internet Security v2005 (Symantec Corporation)
AV: Norton Internet Security v2005 (Symantec Corporation) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Disabled:AOL"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\1140481855\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1140481855\\ee\\aim6.exe:*:Disabled:AIM"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Disabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Disabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Disabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1140481855\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1140481855\\ee\\aolsoftware.exe:*:Disabled:AOL Services"
"C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"="C:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe:*:Disabled:Sentinel Protection Server"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe:*:Enabled:Studio"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe:*:Enabled:umi"
"C:\\WINDOWS\\TEMP\\win33FA.tmp.exe"="C:\\WINDOWS\\TEMP\\win33FA.tmp.exe:*:Enabled:win33FA.tmp"
"C:\\WINDOWS\\TEMP\\win1CA.exe"="C:\\WINDOWS\\TEMP\\win1CA.exe:*:Enabled:win1CA"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jeff & Mary\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LUNARBUNNY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jeff & Mary
LOGONSERVER=\\LUNARBUNNY
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Pinnacle\Shared Files\Filter
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0403
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JEFF&M~1\LOCALS~1\Temp
tmodwin=C:\tmconfig\tmodwin.ini
TMP=C:\DOCUME~1\JEFF&M~1\LOCALS~1\Temp
USERDOMAIN=LUNARBUNNY
USERNAME=Jeff & Mary
USERPROFILE=C:\Documents and Settings\Jeff & Mary
windir=C:\WINDOWS
__COMPAT_LAYER=DisableNXShowUI


-- User Profiles ---------------------------------------------------------------

Jeff & Mary (admin)
Dash (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------



-- Application Event Log -------------------------------------------------------

Event Record #/Type14222 / Error
Event Submitted/Written: 02/17/2008 06:22:48 PM
Event ID/Source: 1023 / MsiInstaller
Event Description:
Product: Microsoft .NET Framework 2.0 Service Pack 1 - Update '.NET Framework PreXP' could not be installed. Error code 1603. Additional information is available in the log file C:\DOCUME~1\JEFF&M~1\LOCALS~1\Temp\dd_NET_Framework20_Setup08E0.txt.

Event Record #/Type14221 / Error
Event Submitted/Written: 02/17/2008 06:22:48 PM
Event ID/Source: 1023 / MsiInstaller
Event Description:
Product: Microsoft .NET Framework 2.0 Service Pack 1 - Update '.NET Framework CLR' could not be installed. Error code 1603. Additional information is available in the log file C:\DOCUME~1\JEFF&M~1\LOCALS~1\Temp\dd_NET_Framework20_Setup08E0.txt.

Event Record #/Type14220 / Error
Event Submitted/Written: 02/17/2008 06:22:48 PM
Event ID/Source: 1023 / MsiInstaller
Event Description:
Product: Microsoft .NET Framework 2.0 Service Pack 1 - Update '.NET Framework 1' could not be installed. Error code 1603. Additional information is available in the log file C:\DOCUME~1\JEFF&M~1\LOCALS~1\Temp\dd_NET_Framework20_Setup08E0.txt.

Event Record #/Type14219 / Error
Event Submitted/Written: 02/17/2008 06:22:48 PM
Event ID/Source: 1023 / MsiInstaller
Event Description:
Product: Microsoft .NET Framework 2.0 Service Pack 1 - Update 'Dr. Watson' could not be installed. Error code 1603. Additional information is available in the log file C:\DOCUME~1\JEFF&M~1\LOCALS~1\Temp\dd_NET_Framework20_Setup08E0.txt.

Event Record #/Type14218 / Error
Event Submitted/Written: 02/17/2008 06:22:48 PM
Event ID/Source: 1023 / MsiInstaller
Event Description:
Product: Microsoft .NET Framework 2.0 Service Pack 1 - Update '.NET Framework ASP .NET' could not be installed. Error code 1603. Additional information is available in the log file C:\DOCUME~1\JEFF&M~1\LOCALS~1\Temp\dd_NET_Framework20_Setup08E0.txt.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type17315 / Error
Event Submitted/Written: 02/17/2008 06:59:18 PM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The GEARSecurity service has reported an invalid current state 0.

Event Record #/Type17310 / Error
Event Submitted/Written: 02/17/2008 06:23:15 PM
Event ID/Source: 20 / Windows Update Agent
Event Description:
Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 2.0 Service Pack 1 (KB110806).

Event Record #/Type17270 / Error
Event Submitted/Written: 02/17/2008 06:14:30 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The IPSEC Services service terminated with the following error:
%%1747

Event Record #/Type17254 / Error
Event Submitted/Written: 02/17/2008 04:39:18 PM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\MFC80U.DLL.
Reference error message: The operation completed successfully.
.

Event Record #/Type17253 / Error
Event Submitted/Written: 02/17/2008 04:39:18 PM
Event ID/Source: 59 / SideBySide
Event Description:
Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.



-- End of Deckard's System Scanner: finished at 2008-02-17 19:00:24 ------------
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome :)
=========================
1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\Installer\{bc4ad0bc-2c29-41fa-b7da-fc43b7824d60}\VolumeMon.dll
C:\WINDOWS\Installer\{fd22355c-0635-43c0-a967-784eb54ace29}\zip.dll
C:\WINDOWS\system32\ssqnllj.dll
C:\WINDOWS\system32\ijjlm.ini2
C:\WINDOWS\system32\mljji.dll
C:\WINDOWS\TEMP\win33FA.tmp.exe
C:\WINDOWS\TEMP\win1CA.exe

Registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | VolumeMon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | zip


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log by using Add/Reply
  • 0

#5
Cannon

Cannon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
OK...Here's the new info. FYI - I only got one restart from Avenger.
******************
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\hthgrend

*******************

Script file located at: \??\C:\Documents and Settings\vcpawesy.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\Installer\{bc4ad0bc-2c29-41fa-b7da-fc43b7824d60}\VolumeMon.dll deleted successfully.
File C:\WINDOWS\Installer\{fd22355c-0635-43c0-a967-784eb54ace29}\zip.dll deleted successfully.
File C:\WINDOWS\system32\ssqnllj.dll deleted successfully.
File C:\WINDOWS\system32\ijjlm.ini2 deleted successfully.


File C:\WINDOWS\system32\mljji.dll not found!
Deletion of file C:\WINDOWS\system32\mljji.dll failed!

Could not process line:
C:\WINDOWS\system32\mljji.dll
Status: 0xc0000034



File C:\WINDOWS\TEMP\win33FA.tmp.exe not found!
Deletion of file C:\WINDOWS\TEMP\win33FA.tmp.exe failed!

Could not process line:
C:\WINDOWS\TEMP\win33FA.tmp.exe
Status: 0xc0000034



File C:\WINDOWS\TEMP\win1CA.exe not found!
Deletion of file C:\WINDOWS\TEMP\win1CA.exe failed!

Could not process line:
C:\WINDOWS\TEMP\win1CA.exe
Status: 0xc0000034

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad|VolumeMon deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad|zip deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

******************************************************

Logfile of HijackThis v1.99.1
Scan saved at 9:36:48 PM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Jeff & Mary\My Documents\My Downloads\HiJack This\HijackThis.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [Ulead Quick-Drop] "C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Disc Creator TBYB\Ulead Quick-Drop 1.0\Quick-Drop.exe" WINDOWCALL
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [hndhlqkx] C:\jcipjkat.bat
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: VolumeMon - {bc4ad0bc-2c29-41fa-b7da-fc43b7824d60} - C:\WINDOWS\Installer\{bc4ad0bc-2c29-41fa-b7da-fc43b7824d60}\VolumeMon.dll (file missing)
O21 - SSODL: zip - {fd22355c-0635-43c0-a967-784eb54ace29} - C:\WINDOWS\Installer\{fd22355c-0635-43c0-a967-784eb54ace29}\zip.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: GEARSecurity (GEARSecurity_BackUp) - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please re-open Hijackthis and click on "Do a system scan only"
Then place a check mark next to these entries below:

O4 - HKLM\..\Run: [hndhlqkx] C:\jcipjkat.bat
O21 - SSODL: VolumeMon - {bc4ad0bc-2c29-41fa-b7da-fc43b7824d60} - C:\WINDOWS\Installer\{bc4ad0bc-2c29-41fa-b7da-fc43b7824d60}\VolumeMon.dll (file missing)
O21 - SSODL: zip - {fd22355c-0635-43c0-a967-784eb54ace29} - C:\WINDOWS\Installer\{fd22355c-0635-43c0-a967-784eb54ace29}\zip.dll (file missing)



Now click on Fix Checked and then close Hijackthis.
===================================================
Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#7
Cannon

Cannon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
OK, I did that scan... wow, that takes a while. And OUCH!!! OMG!!!
==================
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, February 18, 2008 10:06:01 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/02/2008
Kaspersky Anti-Virus database records: 570716
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
I:\

Scan Statistics:
Total number of scanned objects: 127055
Number of viruses found: 20
Number of infected objects: 388
Number of suspicious objects: 2
Duration of the scan process: 02:17:09


Infected Object Name / Virus Name / Last Action
C:\avenger\backup.zip/avenger/ssqnllj.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\avenger\backup.zip/avenger/VolumeMon.dll Infected: Trojan.Win32.Agent.feh skipped
C:\avenger\backup.zip/avenger/zip.dll Infected: Trojan-Downloader.Win32.BHO.ct skipped
C:\avenger\backup.zip ZIP: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_5b150187-0f05-4c72-917c-77c8e6964ac4 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\YazzleSudoku.zip/Yazzle1552OinUninstaller.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\YazzleSudoku.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\Jeff & Mary\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Burton" <[email protected]>][Date Thu, 19 Jul 2007 01:09:46 -1100]/text/[From Bank of America Alert <[email protected]>][Date Fri, 20 Jul 2007 12:14:23 -0700 (PDT)]/UNNAMED/[From "Nikki Hansen" <[email protected]>][Date Sat, 21 Jul 2007 10:26:50 +0400]/UNN ... /[From ... /[From "Hillary Aldridge" <[email protected]>][Date Fri, 10 Aug 2007 13:05:38 ... /Game.exe Infected: Trojan-Downloader.Win32.Diehard.bw skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Burton" <[email protected]>][Date Thu, 19 Jul 2007 01:09:46 -1100]/text/[From Bank of America Alert <[email protected]>][Date Fri, 20 Jul 2007 12:14:23 -0700 (PDT)]/UNNAMED/[From "Nikki Hansen" <[email protected]>][Date Sat, 21 Jul 2007 10:26:50 +0400]/UNN ... /[From ... /[From "Hillary Aldridge" <[email protected]>][Date Fri, 10 Aug 2007 13:05:38 -0200]/UNNAMED Infected: Trojan-Downloader.Win32.Diehard.bw skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Burton" <[email protected]>][Date Thu, 19 Jul 2007 01:09:46 -1100]/text/[From Bank of America Alert <[email protected]>][Date Fri, 20 Jul 2007 12:14:23 -0700 (PDT)]/UNNAMED/[From "Nikki Hansen" <[email protected]>][Date Sat, 21 Jul 2007 10:26:50 +0400]/UNN ... /[From B . ... / ... /[From "RealPlayer" <[email protected]>][Date Thu, 09 Aug 2007 20:10:59 -0700]/UNNAMED Infected: Trojan-Downloader.Win32.Diehard.bw skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Burton" <[email protected]>][Date Thu, 19 Jul 2007 01:09:46 -1100]/text/[From Bank of America Alert <[email protected]>][Date Fri, 20 Jul 2007 12:14:23 -0700 (PDT)]/UNNAMED/[From "Nikki Hansen" <[email protected]>][Date Sat, 21 Jul 2007 10:26:50 +0400]/UNN ... /[From B . ... /[Fr ... /[Fr ... /[From [email protected]][Date Thu, 9 Aug 2007 13:47:47 +0100]/UNNAMED Infected: Trojan-Downloader.Win32.Diehard.bw skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Burton" <[email protected]>][Date Thu, 19 Jul 2007 01:09:46 -1100]/text/[From Bank of America Alert <[email protected]>][Date Fri, 20 Jul 2007 12:14:23 -0700 (PDT)]/UNNAMED/[From "Nikki Hansen" <[email protected]>][Date Sat, 21 Jul 2007 10:26:50 +0400]/UNN ... /[From B . ... /[Fr ... /[From "Linker" <[email protected]>][Date Thu, 9 Aug 2007 09:26:27 +0200]/UNNAMED Infected: Trojan-Downloader.Win32.Diehard.bw skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Burton" <[email protected]>][Date Thu, 19 Jul 2007 01:09:46 -1100]/text/[From Bank of America Alert <[email protected]>][Date Fri, 20 Jul 2007 12:14:23 -0700 (PDT)]/UNNAMED/[From "Nikki Hansen" <[email protected]>][Date Sat, 21 Jul 2007 10:26:50 +0400]/UNN ... /[From B . ... /[Fr ... /[From "Ben Crouch" <[email protected]>][Date Wed, 8 Aug 2007 19:05:43 -0900]/UNNAMED Infected: Trojan-Downloader.Win32.Diehard.bw skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Burton" <[email protected]>][Date Thu, 19 Jul 2007 01:09:46 -1100]/text/[From Bank of America Alert <[email protected]>][Date Fri, 20 Jul 2007 12:14:23 -0700 (PDT)]/UNNAMED/[From "Nikki Hansen" <[email protected]>][Date Sat, 21 Jul 2007 10:26:50 +0400]/UNN ... /[From B . ... /[From "Lane Gaston" <[email protected]>][Date Wed, 8 Aug 2007 15:06:19 -0200]/UNNAMED Infected: Trojan-Downloader.Win32.Diehard.bw skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Burton" <[email protected]>][Date Thu, 19 Jul 2007 01:09:46 -1100]/text/[From Bank of America Alert <[email protected]>][Date Fri, 20 Jul 2007 12:14:23 -0700 (PDT)]/UNNAMED/[From "Nikki Hansen" <[email protected]>][Date Sat, 21 Jul 2007 10:26:50 +0400]/UNN ... /[From B ... /[Fr ... /[From "Letty" <[email protected]>][Date Tue, 07 Aug 2007 13:07:31 -0700]/text Infected: Trojan-Downloader.Win32.Diehard.bw skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Burton" <[email protected]>][Date Thu, 19 Jul 2007 01:09:46 -1100]/text/[From Bank of America Alert <[email protected]>][Date Fri, 20 Jul 2007 12:14:23 -0700 (PDT)]/UNNAMED/[From "Nikki Hansen" <[email protected]>][Date Sat, 21 Jul 2007 10:26:50 +0400]/UNN ... /[From B ... /[From revision ... /[From [email protected]][Date Wed, 25 Jul 2007 12:05:15 -0700]/UNNAMED Infected: Trojan-Downloader.Win32.Diehard.bw skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Burton" <[email protected]>][Date Thu, 19 Jul 2007 01:09:46 -1100]/text/[From Bank of America Alert <[email protected]>][Date Fri, 20 Jul 2007 12:14:23 -0700 (PDT)]/UNNAMED/[From "Nikki Hansen" <[email protected]>][Date Sat, 21 Jul 2007 10:26:50 +0400]/UNN ... /[From B ... /[From revision it <[email protected]>][Date Tue, 31 Jul 2007 20:30:53 +0200]/UNNAMED Infected: Trojan-Downloader.Win32.Diehard.bw skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Burton" <[email protected]>][Date Thu, 19 Jul 2007 01:09:46 -1100]/text/[From Bank of America Alert <[email protected]>][Date Fri, 20 Jul 2007 12:14:23 -0700 (PDT)]/UNNAMED/[From "Nikki Hansen" <[email protected]>][Date Sat, 21 Jul 2007 10:26:50 +0400]/UNN ... /[From BabyWeek ... /[From "Dudley Ladner" <[email protected]>][Date Wed, 25 Jul 2007 15:57:24 -0100]/UNNAMED Infected: Trojan-Downloader.Win32.Diehard.bw skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Burton" <[email protected]>][Date Thu, 19 Jul 2007 01:09:46 -1100]/text/[From Bank of America Alert <onlinebank[email protected]>][Date Fri, 20 Jul 2007 12:14:23 -0700 (PDT)]/UNNAMED/[From "Nikki Hansen" <[email protected]>][Date Sat, 21 Jul 2007 10:26:50 +0400]/UNN ... /[From BabyWeekly <[email protected]>][Date Mon, 23 Jul 2007 06:57:40 -0700]/UNNAMED Infected: Trojan-Downloader.Win32.Diehard.bw skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Burton" <[email protected]>][Date Thu, 19 Jul 2007 01:09:46 -1100]/text/[From Bank of America Alert <[email protected]>][Date Fri, 20 Jul 2007 12:14:23 -0700 (PDT)]/UNNAMED/[From "Nikki Hansen" <[email protected]>][Date Sat, 21 Jul 2007 10:26:50 +0400]/UNNAMED/[Fro ... /[From "Tonia Flanagan" <[email protected]>][Date Sun, 22 Jul 2007 11:12:35 -0100]/UNNAMED Infected: Trojan-Downloader.Win32.Diehard.bw skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Burton" <[email protected]>][Date Thu, 19 Jul 2007 01:09:46 -1100]/text/[From Bank of America Alert <[email protected]>][Date Fri, 20 Jul 2007 12:14:23 -0700 (PDT)]/UNNAMED/[From "Nikki Hansen" <[email protected]>][Date Sat, 21 Jul 2007 10:26:50 +0400]/UNNAMED/[From Richard Shell <[email protected]>][Date Sat, 21 Jul 2007 15:26:18 -0300]/text Infected: Trojan-Downloader.Win32.Diehard.bw skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Burton" <[email protected]>][Date Thu, 19 Jul 2007 01:09:46 -1100]/text/[From Bank of America Alert <[email protected]>][Date Fri, 20 Jul 2007 12:14:23 -0700 (PDT)]/UNNAMED/[From "Nikki Hansen" <[email protected]>][Date Sat, 21 Jul 2007 10:26:50 +0400]/UNNAMED Infected: Trojan-Downloader.Win32.Diehard.bw skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Burton" <[email protected]>][Date Thu, 19 Jul 2007 01:09:46 -1100]/text/[From Bank of America Alert <[email protected]>][Date Fri, 20 Jul 2007 12:14:23 -0700 (PDT)]/UNNAMED Infected: Trojan-Downloader.Win32.Diehard.bw skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Burton" <[email protected]>][Date Thu, 19 Jul 2007 01:09:46 -1100]/text Infected: Trojan-Downloader.Win32.Diehard.bw skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Lasonya" <[email protected]>][Date Sat, 11 Aug 2007 19:32:40 +1000]/UNNAMED/[From Torrent" <[email protected]>][Date 12 Aug 2007 13:54:09 +0500]/UNNAMED/[From Sears" <[email protected]>][Date 13 Aug 2007 06:15:09 -0200]/UNNAMED/LGame/lgame.exe Infected: Trojan-Downloader.Win32.Agent.brk skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Lasonya" <[email protected]>][Date Sat, 11 Aug 2007 19:32:40 +1000]/UNNAMED/[From Torrent" <[email protected]>][Date 12 Aug 2007 13:54:09 +0500]/UNNAMED/[From Sears" <[email protected]>][Date 13 Aug 2007 06:15:09 -0200]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.brk skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Lasonya" <[email protected]>][Date Sat, 11 Aug 2007 19:32:40 +1000]/UNNAMED/[From Torrent" <[email protected]>][Date 12 Aug 2007 13:54:09 +0500]/UNNAMED/[From "Violeta Roberts" <[email protected]>][Date Mon, 13 Aug 2007 05:56:43 -0100]/text/[From BabyWeekly <babyweekly ... /[From Ys ... /[From "Clint Pace" <[email protected]>][Date Wed, 15 Aug 2007 04 ... /LGame/lgame.exe Infected: Trojan-Downloader.Win32.Agent.brk skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Lasonya" <[email protected]>][Date Sat, 11 Aug 2007 19:32:40 +1000]/UNNAMED/[From Torrent" <[email protected]>][Date 12 Aug 2007 13:54:09 +0500]/UNNAMED/[From "Violeta Roberts" <[email protected]>][Date Mon, 13 Aug 2007 05:56:43 -0100]/text/[From BabyWeekly <babyweekly ... /[From Ys ... /[From "Clint Pace" <[email protected]>][Date Wed, 15 Aug 2007 04:48:48 -0900]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.brk skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Lasonya" <[email protected]>][Date Sat, 11 Aug 2007 19:32:40 +1000]/UNNAMED/[From Torrent" <[email protected]>][Date 12 Aug 2007 13:54:09 +0500]/UNNAMED/[From "Violeta Roberts" <[email protected]>][Date Mon, 13 Aug 2007 05:56:43 -0100]/text/[From BabyWeekly <babywe ... /[From ... /[From "Darrin Powell" <[email protected]>][Date Wed, 15 Aug 2007 22:37:25 ... /isit.exe Infected: Trojan-Downloader.Win32.Agent.brk skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Lasonya" <[email protected]>][Date Sat, 11 Aug 2007 19:32:40 +1000]/UNNAMED/[From Torrent" <[email protected]>][Date 12 Aug 2007 13:54:09 +0500]/UNNAMED/[From "Violeta Roberts" <[email protected]>][Date Mon, 13 Aug 2007 05:56:43 -0100]/text/[From BabyWeekly <babywe ... /[From ... /[From "Darrin Powell" <[email protected]>][Date Wed, 15 Aug 2007 22:37:25 -0100]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.brk skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Lasonya" <[email protected]>][Date Sat, 11 Aug 2007 19:32:40 +1000]/UNNAMED/[From Torrent" <[email protected]>][Date 12 Aug 2007 13:54:09 +0500]/UNNAMED/[From "Violeta Roberts" <[email protected]>][Date Mon, 13 Aug 2007 05:56:43 -0100]/text/[From BabyWeekly <babywe ... /[From ... ... /[From "Ada Albright" <[email protected]>][Date Wed, 15 Aug 2007 04:56:59 -0900]/text Infected: Trojan-Downloader.Win32.Agent.brk skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Lasonya" <[email protected]>][Date Sat, 11 Aug 2007 19:32:40 +1000]/UNNAMED/[From Torrent" <[email protected]>][Date 12 Aug 2007 13:54:09 +0500]/UNNAMED/[From "Violeta Roberts" <[email protected]>][Date Mon, 13 Aug 2007 05:56:43 -0100]/text/[From BabyWeekly <babywe ... /[From ... /[From "Vaughan Schipper" <[email protected]>][Date Wed, 15 Aug 2007 13:17:53 -0400]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.brk skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Lasonya" <[email protected]>][Date Sat, 11 Aug 2007 19:32:40 +1000]/UNNAMED/[From Torrent" <[email protected]>][Date 12 Aug 2007 13:54:09 +0500]/UNNAMED/[From "Violeta Roberts" <[email protected]>][Date Mon, 13 Aug 2007 05:56:43 -0100]/text/[From BabyWeekly <babywe ... /[From ... /[From "Conrad Osborn" <[email protected]>][Date Wed, 15 Aug 2007 15:35:13 -0100]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.brk skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Lasonya" <[email protected]>][Date Sat, 11 Aug 2007 19:32:40 +1000]/UNNAMED/[From Torrent" <[email protected]>][Date 12 Aug 2007 13:54:09 +0500]/UNNAMED/[From "Violeta Roberts" <[email protected]>][Date Mon, 13 Aug 2007 05:56:43 -0100]/text/[From BabyWeekly <babywe ... /[From "James Mccracken" <[email protected]>][Date Wed, 15 Aug 2007 13:05:34 -0200]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.brk skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Lasonya" <[email protected]>][Date Sat, 11 Aug 2007 19:32:40 +1000]/UNNAMED/[From Torrent" <[email protected]>][Date 12 Aug 2007 13:54:09 +0500]/UNNAMED/[From "Violeta Roberts" <[email protected]>][Date Mon, 13 Aug 2007 05:56:43 -0100]/text/[From BabyWeekly <babyweekly ... /[From Ys ... /[From "Tony H ... / ... /[From [email protected]][Date Wed, 15 Aug 2007 01:42:26 GMT]/text Infected: Trojan-Downloader.Win32.Agent.brk skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Lasonya" <[email protected]>][Date Sat, 11 Aug 2007 19:32:40 +1000]/UNNAMED/[From Torrent" <[email protected]>][Date 12 Aug 2007 13:54:09 +0500]/UNNAMED/[From "Violeta Roberts" <[email protected]>][Date Mon, 13 Aug 2007 05:56:43 -0100]/text/[From BabyWeekly <babyweekly ... /[From Ys ... /[From "Tony H ... /[From 760553318[email protected]][Date Tue, 14 Aug 2007 13:54:22 -0700]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.brk skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Lasonya" <[email protected]>][Date Sat, 11 Aug 2007 19:32:40 +1000]/UNNAMED/[From Torrent" <[email protected]>][Date 12 Aug 2007 13:54:09 +0500]/UNNAMED/[From "Violeta Roberts" <[email protected]>][Date Mon, 13 Aug 2007 05:56:43 -0100]/text/[From BabyWeekly <babyweekly ... /[From Ys ... /[From "Tony Hare" <[email protected]>][Date Tue, 14 Aug 2007 20:25:35 +0500]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.brk skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Lasonya" <[email protected]>][Date Sat, 11 Aug 2007 19:32:40 +1000]/UNNAMED/[From Torrent" <[email protected]>][Date 12 Aug 2007 13:54:09 +0500]/UNNAMED/[From "Violeta Roberts" <[email protected]>][Date Mon, 13 Aug 2007 05:56:43 -0100]/text/[From BabyWeekly <babyweekly ... /[From Yso ... /[From "Phil ... /[From [email protected]][Date Tue, 14 Aug 2007 13:51:35 +0100]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.brk skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Lasonya" <[email protected]>][Date Sat, 11 Aug 2007 19:32:40 +1000]/UNNAMED/[From Torrent" <[email protected]>][Date 12 Aug 2007 13:54:09 +0500]/UNNAMED/[From "Violeta Roberts" <[email protected]>][Date Mon, 13 Aug 2007 05:56:43 -0100]/text/[From BabyWeekly <babyweekly ... /[From Yso ... /[From "Philip Ott" <[email protected]>][Date Tue, 14 Aug 2007 11:49:22 +0000]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.brk skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Lasonya" <[email protected]>][Date Sat, 11 Aug 2007 19:32:40 +1000]/UNNAMED/[From Torrent" <[email protected]>][Date 12 Aug 2007 13:54:09 +0500]/UNNAMED/[From "Violeta Roberts" <[email protected]>][Date Mon, 13 Aug 2007 05:56:43 -0100]/text/[From BabyWeekly <babyweekly ... /[From Yso-8859-1?B?Q2l0aSBDYXJkcw<[email protected]>][Date Mon, 13 Aug 2007 12:31:44 EDT]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.brk skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Lasonya" <[email protected]>][Date Sat, 11 Aug 2007 19:32:40 +1000]/UNNAMED/[From Torrent" <[email protected]>][Date 12 Aug 2007 13:54:09 +0500]/UNNAMED/[From "Violeta Roberts" <[email protected]>][Date Mon, 13 Aug 2007 05:56:43 -0100]/text/[From BabyWeekly <[email protected]>][Date Mon, 13 Aug 2007 06:30:03 -0700]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.brk skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Lasonya" <[email protected]>][Date Sat, 11 Aug 2007 19:32:40 +1000]/UNNAMED/[From Torrent" <[email protected]>][Date 12 Aug 2007 13:54:09 +0500]/UNNAMED/[From "Violeta Roberts" <[email protected]>][Date Mon, 13 Aug 2007 05:56:43 -0100]/text Infected: Trojan-Downloader.Win32.Agent.brk skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Lasonya" <[email protected]>][Date Sat, 11 Aug 2007 19:32:40 +1000]/UNNAMED/[From Torrent" <[email protected]>][Date 12 Aug 2007 13:54:09 +0500]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.brk skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Lasonya" <[email protected]>][Date Sat, 11 Aug 2007 19:32:40 +1000]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.brk skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Kalyn Garza" <[email protected]>][Date Mon, 24 Sep 2007 17:42:33 +0200]/UNNAMED/[From Yso-8859-1?B?Q2l0aSBDYXJkcw<[email protected]>][Date Wed, 05 Dec 2007 09:58:25 EST]/UNNAMED/[From "sales" <[email protected]>][Date Wed, 05 Dec 2007 18:26:01 +0000]/text/[From Yso-8 ... /[From "I ... /[From Veriz ... /[From "Bryson" <[email protected]>][Date Sat, 15 Dec 2007 21:49:08 ... /card.scr Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Kalyn Garza" <[email protected]>][Date Mon, 24 Sep 2007 17:42:33 +0200]/UNNAMED/[From Yso-8859-1?B?Q2l0aSBDYXJkcw<[email protected]>][Date Wed, 05 Dec 2007 09:58:25 EST]/UNNAMED/[From "sales" <[email protected]>][Date Wed, 05 Dec 2007 18:26:01 +0000]/text/[From Yso-8 ... /[From "I ... /[From Veriz ... /[From "Bryson" <[email protected]>][Date Sat, 15 Dec 2007 21:49:08 +0200]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Kalyn Garza" <[email protected]>][Date Mon, 24 Sep 2007 17:42:33 +0200]/UNNAMED/[From Yso-8859-1?B?Q2l0aSBDYXJkcw<[email protected]>][Date Wed, 05 Dec 2007 09:58:25 EST]/UNNAMED/[From "sales" <[email protected]>][Date Wed, 05 Dec 2007 18:26:01 +0000]/text/[From Yso-8 ... /[From "I ... /[From Verizon <[email protected]>][Date Thu, 13 Dec 2007 11:38:13 -0500 (EST)]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Kalyn Garza" <[email protected]>][Date Mon, 24 Sep 2007 17:42:33 +0200]/UNNAMED/[From Yso-8859-1?B?Q2l0aSBDYXJkcw<[email protected]>][Date Wed, 05 Dec 2007 09:58:25 EST]/UNNAMED/[From "sales" <[email protected]>][Date Wed, 05 Dec 2007 18:26:01 +0000]/text/[From Yso-8 ... /[From "Ira Hun ... /[From [Nor ... /[From [email protected]][Date Thu, 13 Dec 2007 08:33:41 -0800]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Kalyn Garza" <[email protected]>][Date Mon, 24 Sep 2007 17:42:33 +0200]/UNNAMED/[From Yso-8859-1?B?Q2l0aSBDYXJkcw<[email protected]>][Date Wed, 05 Dec 2007 09:58:25 EST]/UNNAMED/[From "sales" <[email protected]>][Date Wed, 05 Dec 2007 18:26:01 +0000]/text/[From Yso-8 ... /[From "Ira Hun ... /[From [Norton AntiSpam] FW: Message from the CAO][Date Wed, 12 Dec 2007 14:23:27 -0800]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Kalyn Garza" <[email protected]>][Date Mon, 24 Sep 2007 17:42:33 +0200]/UNNAMED/[From Yso-8859-1?B?Q2l0aSBDYXJkcw<[email protected]>][Date Wed, 05 Dec 2007 09:58:25 EST]/UNNAMED/[From "sales" <[email protected]>][Date Wed, 05 Dec 2007 18:26:01 +0000]/text/[From Yso-8 ... /[From "Ira Hunter" <[email protected] ... /[From "evenings" <[email protected]>][Date Wed, 12 Dec 2007 13:55:55 -0500]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Kalyn Garza" <[email protected]>][Date Mon, 24 Sep 2007 17:42:33 +0200]/UNNAMED/[From Yso-8859-1?B?Q2l0aSBDYXJkcw<[email protected]>][Date Wed, 05 Dec 2007 09:58:25 EST]/UNNAMED/[From "sales" <[email protected]>][Date Wed, 05 Dec 2007 18:26:01 +0000]/text/[From Yso-8 ... /[From "Ira Hunter" <[email protected]>][Date Wed, 12 Dec 2007 09:13:56 -0600 (Central Standard Time)]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Kalyn Garza" <[email protected]>][Date Mon, 24 Sep 2007 17:42:33 +0200]/UNNAMED/[From Yso-8859-1?B?Q2l0aSBDYXJkcw<[email protected]>][Date Wed, 05 Dec 2007 09:58:25 EST]/UNNAMED/[From "sales" <[email protected]>][Date Wed, 05 Dec 2007 18:26:01 +0000]/text/[From Yso-8859-1?B?Q2l0aSBDYXJkcw ... /[From "Jimmy Bullard" <[email protected]>][Date Tue, 11 Dec 2007 20:19:21 +0100]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Kalyn Garza" <[email protected]>][Date Mon, 24 Sep 2007 17:42:33 +0200]/UNNAMED/[From Yso-8859-1?B?Q2l0aSBDYXJkcw<[email protected]>][Date Wed, 05 Dec 2007 09:58:25 EST]/UNNAMED/[From "sales" <[email protected]>][Date Wed, 05 Dec 2007 18:26:01 +0000]/text/[From Yso-8859-1?B?Q2l0aSBDYXJkcw<[email protected] ... /[From "euvTyson" <[email protected]>][Date Fri, 7 Dec 2007 23:51:17 +0100]/text Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Kalyn Garza" <[email protected]>][Date Mon, 24 Sep 2007 17:42:33 +0200]/UNNAMED/[From Yso-8859-1?B?Q2l0aSBDYXJkcw<[email protected]>][Date Wed, 05 Dec 2007 09:58:25 EST]/UNNAMED/[From "sales" <[email protected]>][Date Wed, 05 Dec 2007 18:26:01 +0000]/text/[From Yso-8859-1?B?Q2l0aSBDYXJkcw<[email protected]>][Date Wed, 05 Dec 2007 21:03:24 EST]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Kalyn Garza" <[email protected]>][Date Mon, 24 Sep 2007 17:42:33 +0200]/UNNAMED/[From Yso-8859-1?B?Q2l0aSBDYXJkcw<[email protected]>][Date Wed, 05 Dec 2007 09:58:25 EST]/UNNAMED/[From "sales" <[email protected]>][Date Wed, 05 Dec 2007 18:26:01 +0000]/text Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Kalyn Garza" <[email protected]>][Date Mon, 24 Sep 2007 17:42:33 +0200]/UNNAMED/[From Yso-8859-1?B?Q2l0aSBDYXJkcw<[email protected]>][Date Wed, 05 Dec 2007 09:58:25 EST]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text/[From "Kalyn Garza" <[email protected]>][Date Mon, 24 Sep 2007 17:42:33 +0200]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox/[From [email protected]][Date Thu, 16 Feb 2006 15:20:21 -0800]/text Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Inbox Mail Berkeley mbox: infected - 51 skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Junk/[From "dora hamilton" <[email protected]>][Date Sat, 07 Oct 2006 03:29:46 -0800]/UNNAMED/[From DesiMTV" <[email protected]>][Date 7 Oct 2006 19:06:55 -0200]/UNNAMED/[From "vanita castillo" <[email protected]>][Date Mon, 09 Oct 2006 16:15:25 +1000]/UNNAMED/[From "reda anderson" <[email protected]>][Date Tue, 10 Oct 2006 18:41:59 -0800]/UNNAMED ... ... /[Fro ... /[From "Hillary Aldridge" <[email protected]>][Date Fri, 10 Aug 2007 13:05:38 ... /Game.exe Infected: Trojan-Downloader.Win32.Diehard.bw skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Junk/[From "dora hamilton" <[email protected]>][Date Sat, 07 Oct 2006 03:29:46 -0800]/UNNAMED/[From DesiMTV" <[email protected]>][Date 7 Oct 2006 19:06:55 -0200]/UNNAMED/[From "vanita castillo" <[email protected]>][Date Mon, 09 Oct 2006 16:15:25 +1000]/UNNAMED/[From "reda anderson" <[email protected]>][Date Tue, 10 Oct 2006 18:41:59 -0800]/UNNAMED ... ... /[Fro ... /[From "Hillary Aldridge" <[email protected]>][Date Fri, 10 Aug 2007 13:05:38 -0200]/UNNAMED Infected: Trojan-Downloader.Win32.Diehard.bw skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Junk/[From "dora hamilton" <[email protected]>][Date Sat, 07 Oct 2006 03:29:46 -0800]/UNNAMED/[From DesiMTV" <[email protected]>][Date 7 Oct 2006 19:06:55 -0200]/UNNAMED/[From "vanita castillo" <[email protected]>][Date Mon, 09 Oct 2006 16:15:25 +1000]/UNNAMED/[From "reda anderson" <[email protected]>][Date Tue, 10 Oct 2006 18:41:59 -0800]/UNNAMED ... ... /[From ... /[From "Billie Condon" <[email protected]>][Date Thu, 9 Aug 2007 17:03:57 +0200]/UNNAMED Infected: Trojan-Downloader.Win32.Diehard.bw skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Junk/[From "dora hamilton" <[email protected]>][Date Sat, 07 Oct 2006 03:29:46 -0800]/UNNAMED/[From DesiMTV" <[email protected]>][Date 7 Oct 2006 19:06:55 -0200]/UNNAMED/[From "vanita castillo" <[email protected]>][Date Mon, 09 Oct 2006 16:15:25 +1000]/UNNAMED/[From "reda anderson" <[email protected]>][Date Tue, 10 Oct 2006 18:41:59 -0800]/UNNAMED ... ... /[From "P ... /[Fr ... /[From "Linker" <[email protected]>][Date Thu, 9 Aug 2007 09:26:27 +0200]/UNNAMED Infected: Trojan-Downloader.Win32.Diehard.bw skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Junk/[From "dora hamilton" <[email protected]>][Date Sat, 07 Oct 2006 03:29:46 -0800]/UNNAMED/[From DesiMTV" <[email protected]>][Date 7 Oct 2006 19:06:55 -0200]/UNNAMED/[From "vanita castillo" <[email protected]>][Date Mon, 09 Oct 2006 16:15:25 +1000]/UNNAMED/[From "reda anderson" <[email protected]>][Date Tue, 10 Oct 2006 18:41:59 -0800]/UNNAMED ... ... /[From "P ... /[Fr ... /[From "Ben Crouch" <[email protected]>][Date Wed, 8 Aug 2007 19:05:43 -0900]/UNNAMED Infected: Trojan-Downloader.Win32.Diehard.bw skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Junk/[From "dora hamilton" <[email protected]>][Date Sat, 07 Oct 2006 03:29:46 -0800]/UNNAMED/[From DesiMTV" <[email protected]>][Date 7 Oct 2006 19:06:55 -0200]/UNNAMED/[From "vanita castillo" <[email protected]>][Date Mon, 09 Oct 2006 16:15:25 +1000]/UNNAMED/[From "reda anderson" <[email protected]>][Date Tue, 10 Oct 2006 18:41:59 -0800]/UNNAMED ... ... /[From "P ... /[From "Lane Gaston" <[email protected]>][Date Wed, 8 Aug 2007 15:06:19 -0200]/UNNAMED Infected: Trojan-Downloader.Win32.Diehard.bw skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Junk/[From "dora hamilton" <[email protected]>][Date Sat, 07 Oct 2006 03:29:46 -0800]/UNNAMED/[From DesiMTV" <[email protected]>][Date 7 Oct 2006 19:06:55 -0200]/UNNAMED/[From "vanita castillo" <[email protected]>][Date Mon, 09 Oct 2006 16:15:25 +1000]/UNNAMED/[From "reda anderson" <[email protected]>][Date Tue, 10 Oct 2006 18:41:59 -0800]/UNNAMED ... ... /[From "Patric . ... /[From "Letty" <[email protected]>][Date Tue, 07 Aug 2007 13:07:31 -0700]/text Infected: Trojan-Downloader.Win32.Diehard.bw skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Junk/[From "dora hamilton" <[email protected]>][Date Sat, 07 Oct 2006 03:29:46 -0800]/UNNAMED/[From DesiMTV" <[email protected]>][Date 7 Oct 2006 19:06:55 -0200]/UNNAMED/[From "vanita castillo" <[email protected]>][Date Mon, 09 Oct 2006 16:15:25 +1000]/UNNAMED/[From "reda anderson" <[email protected]>][Date Tue, 10 Oct 2006 18:41:59 -0800]/UNNAMED ... ... /[From "Patric ... /[From "Sales" <[email protected]>][Date Mon, 06 Aug 2007 23:43:09 +0000]/text Infected: Trojan-Downloader.Win32.Diehard.bw skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Junk/[From "dora hamilton" <[email protected]>][Date Sat, 07 Oct 2006 03:29:46 -0800]/UNNAMED/[From DesiMTV" <[email protected]>][Date 7 Oct 2006 19:06:55 -0200]/UNNAMED/[From "vanita castillo" <[email protected]>][Date Mon, 09 Oct 2006 16:15:25 +1000]/UNNAMED/[From "reda anderson" <[email protected]>][Date Tue, 10 Oct 2006 18:41:59 -0800]/UNNAMED ... ... /[From "Patrica Teague" <[email protected]>][Date Sun, 5 Aug 2007 17:07:17 +0000]/UNNAMED Infected: Trojan-Downloader.Win32.Diehard.bw skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Junk/[From "dora hamilton" <[email protected]>][Date Sat, 07 Oct 2006 03:29:46 -0800]/UNNAMED/[From DesiMTV" <[email protected]>][Date 7 Oct 2006 19:06:55 -0200]/UNNAMED/[From "vanita castillo" <[email protected]>][Date Mon, 09 Oct 2006 16:15:25 +1000]/UNNAMED/[From "reda anderson" <[email protected]>][Date Tue, 10 Oct 2006 18:41:59 -0800]/UNNAMED ... . ... .. ... / ... ... /[From "Kelsey Amos" <[email protected]>][Date Sat, 4 Aug 2007 23:07:10 -0100]/text Infected: Trojan-Downloader.Win32.Diehard.bw skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Junk/[From "dora hamilton" <[email protected]>][Date Sat, 07 Oct 2006 03:29:46 -0800]/UNNAMED/[From DesiMTV" <[email protected]>][Date 7 Oct 2006 19:06:55 -0200]/UNNAMED/[From "vanita castillo" <[email protected]>][Date Mon, 09 Oct 2006 16:15:25 +1000]/UNNAMED/[From "reda anderson" <[email protected]>][Date Tue, 10 Oct 2006 18:41:59 -0800]/UNNAMED ... . ... .. ... / ... /[From Melonie <[email protected]>][Date Wed, 2 Aug 2000 09:27:14 +0200]/UNNAMED Infected: Trojan-Downloader.Win32.Diehard.bw skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Junk/[From "dora hamilton" <[email protected]>][Date Sat, 07 Oct 2006 03:29:46 -0800]/UNNAMED/[From DesiMTV" <[email protected]>][Date 7 Oct 2006 19:06:55 -0200]/UNNAMED/[From "vanita castillo" <[email protected]>][Date Mon, 09 Oct 2006 16:15:25 +1000]/UNNAMED/[From "reda anderson" <[email protected]>][Date Tue, 10 Oct 2006 18:41:59 -0800]/UNNAMED ... . ... .. ... /[Fr ... /[From ... /[From John <[email protected]>][Date Wed, 1 Aug 2007 06:05:42 +0900]/UNNAMED Infected: Trojan-Downloader.Win32.Diehard.bw skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Junk/[From "dora hamilton" <[email protected]>][Date Sat, 07 Oct 2006 03:29:46 -0800]/UNNAMED/[From DesiMTV" <[email protected]>][Date 7 Oct 2006 19:06:55 -0200]/UNNAMED/[From "vanita castillo" <[email protected]>][Date Mon, 09 Oct 2006 16:15:25 +1000]/UNNAMED/[From "reda anderson" <[email protected]>][Date Tue, 10 Oct 2006 18:41:59 -0800]/UNNAMED ... . ... .. ... /[Fr ... /[From "Marcelino" <[email protected]>][Date Sun, 29 Jul 2007 20:08:12 +0530 (EET)]/text Infected: Trojan-Downloader.Win32.Diehard.bw skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Junk/[From "dora hamilton" <[email protected]>][Date Sat, 07 Oct 2006 03:29:46 -0800]/UNNAMED/[From DesiMTV" <[email protected]>][Date 7 Oct 2006 19:06:55 -0200]/UNNAMED/[From "vanita castillo" <[email protected]>][Date Mon, 09 Oct 2006 16:15:25 +1000]/UNNAMED/[From "reda anderson" <[email protected]>][Date Tue, 10 Oct 2006 18:41:59 -0800]/UNNAMED ... . ... .. ... /[From "L ... /[From Matt Barker <[email protected]>][Date Sun, 29 Jul 2007 11:12:13 -0900]/text Infected: Trojan-Downloader.Win32.Diehard.bw skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Junk/[From "dora hamilton" <[email protected]>][Date Sat, 07 Oct 2006 03:29:46 -0800]/UNNAMED/[From DesiMTV" <[email protected]>][Date 7 Oct 2006 19:06:55 -0200]/UNNAMED/[From "vanita castillo" <[email protected]>][Date Mon, 09 Oct 2006 16:15:25 +1000]/UNNAMED/[From "reda anderson" <[email protected]>][Date Tue, 10 Oct 2006 18:41:59 -0800]/UNNAMED ... . ... .. ... /[From "Lessie Richter" <[email protected]>][Date Thu, 26 Jul 2007 18:57:55 +0400]/UNNAMED Infected: Trojan-Downloader.Win32.Diehard.bw skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Junk/[From "dora hamilton" <[email protected]>][Date Sat, 07 Oct 2006 03:29:46 -0800]/UNNAMED/[From DesiMTV" <[email protected]>][Date 7 Oct 2006 19:06:55 -0200]/UNNAMED/[From "vanita castillo" <[email protected]>][Date Mon, 09 Oct 2006 16:15:25 +1000]/UNNAMED/[From "reda anderson" <[email protected]>][Date Tue, 10 Oct 2006 18:41:59 -0800]/UNNAMED ... . ... .. ... /[From "Carroll" <[email protected]>][Date Thu, 26 Jul 2007 08:57:36 +0600]/text Infected: Trojan-Downloader.Win32.Diehard.bw skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Junk/[From "dora hamilton" <[email protected]>][Date Sat, 07 Oct 2006 03:29:46 -0800]/UNNAMED/[From DesiMTV" <[email protected]>][Date 7 Oct 2006 19:06:55 -0200]/UNNAMED/[From "vanita castillo" <[email protected]>][Date Mon, 09 Oct 2006 16:15:25 +1000]/UNNAMED/[From "reda anderson" <[email protected]>][Date Tue, 10 Oct 2006 18:41:59 -0800]/UNNAMED ... . ... ... /[F . ... /[From "Maribeth" <[email protected]>][Date Wed, 25 Jul 2007 18:51:08 -0200]/UNNAMED Infected: Trojan-Downloader.Win32.Diehard.bw skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Junk/[From "dora hamilton" <[email protected]>][Date Sat, 07 Oct 2006 03:29:46 -0800]/UNNAMED/[From DesiMTV" <[email protected]>][Date 7 Oct 2006 19:06:55 -0200]/UNNAMED/[From "vanita castillo" <[email protected]>][Date Mon, 09 Oct 2006 16:15:25 +1000]/UNNAMED/[From "reda anderson" <[email protected]>][Date Tue, 10 Oct 2006 18:41:59 -0800]/UNNAMED ... . ... ... /[F ... / ... /[From Ritter P. Elsie <[email protected]>][Date Wed, 25 Jul 2007 13:13:44 -0400]/UNNAMED Infected: Trojan-Downloader.Win32.Diehard.bw skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Junk/[From "dora hamilton" <[email protected]>][Date Sat, 07 Oct 2006 03:29:46 -0800]/UNNAMED/[From DesiMTV" <[email protected]>][Date 7 Oct 2006 19:06:55 -0200]/UNNAMED/[From "vanita castillo" <[email protected]>][Date Mon, 09 Oct 2006 16:15:25 +1000]/UNNAMED/[From "reda anderson" <[email protected]>][Date Tue, 10 Oct 2006 18:41:59 -0800]/UNNAMED ... . ... ... /[F ... / ... /[From "Dudley Ladner" <[email protected]>][Date Wed, 25 Jul 2007 15:57:24 -0100]/text Infected: Trojan-Downloader.Win32.Diehard.bw skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Junk/[From "dora hamilton" <[email protected]>][Date Sat, 07 Oct 2006 03:29:46 -0800]/UNNAMED/[From DesiMTV" <[email protected]>][Date 7 Oct 2006 19:06:55 -0200]/UNNAMED/[From "vanita castillo" <[email protected]>][Date Mon, 09 Oct 2006 16:15:25 +1000]/UNNAMED/[From "reda anderson" <[email protected]>][Date Tue, 10 Oct 2006 18:41:59 -0800]/UNNAMED ... . ... ... /[F ... /[ ... /[From "Melita Fox" <[email protected]>][Date Sun, 22 Jul 2007 15:36:02 +0200]/text Infected: Trojan-Downloader.Win32.Diehard.bw skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Junk/[From "dora hamilton" <[email protected]>][Date Sat, 07 Oct 2006 03:29:46 -0800]/UNNAMED/[From DesiMTV" <[email protected]>][Date 7 Oct 2006 19:06:55 -0200]/UNNAMED/[From "vanita castillo" <[email protected]>][Date Mon, 09 Oct 2006 16:15:25 +1000]/UNNAMED/[From "reda anderson" <[email protected]>][Date Tue, 10 Oct 2006 18:41:59 -0800]/UNNAMED ... . ... ... /[F ... /[From Richard Shell <[email protected]>][Date Sat, 21 Jul 2007 15:26:18 -0300]/text Infected: Trojan-Downloader.Win32.Diehard.bw skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Junk/[From "dora hamilton" <[email protected]>][Date Sat, 07 Oct 2006 03:29:46 -0800]/UNNAMED/[From DesiMTV" <[email protected]>][Date 7 Oct 2006 19:06:55 -0200]/UNNAMED/[From "vanita castillo" <[email protected]>][Date Mon, 09 Oct 2006 16:15:25 +1000]/UNNAMED/[From "reda anderson" <[email protected]>][Date Tue, 10 Oct 2006 18:41:59 -0800]/UNNAMED ... . ... ... /[From "Nikki Hansen" <[email protected]>][Date Sat, 21 Jul 2007 10:26:50 +0400]/UNNAMED Infected: Trojan-Downloader.Win32.Diehard.bw skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Junk/[From "dora hamilton" <[email protected]>][Date Sat, 07 Oct 2006 03:29:46 -0800]/UNNAMED/[From DesiMTV" <[email protected]>][Date 7 Oct 2006 19:06:55 -0200]/UNNAMED/[From "vanita castillo" <[email protected]>][Date Mon, 09 Oct 2006 16:15:25 +1000]/UNNAMED/[From "reda anderson" <[email protected]>][Date Tue, 10 Oct 2006 18:41:59 -0800]/UNNAMED ... . ... ... /[Fr ... /[From "Elizabeth Diggs" <[email protected]>][Date Sat, 21 Jul 2007 01:23:55 -0900]/html Infected: Trojan-Downloader.Win32.Diehard.bw skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Junk/[From "dora hamilton" <[email protected]>][Date Sat, 07 Oct 2006 03:29:46 -0800]/UNNAMED/[From DesiMTV" <[email protected]>][Date 7 Oct 2006 19:06:55 -0200]/UNNAMED/[From "vanita castillo" <[email protected]>][Date Mon, 09 Oct 2006 16:15:25 +1000]/UNNAMED/[From "reda anderson" <[email protected]>][Date Tue, 10 Oct 2006 18:41:59 -0800]/UNNAMED ... . ... ... /[From Nas ... /[From "Burton" <[email protected]>][Date Thu, 19 Jul 2007 01:09:46 -1100]/text Infected: Trojan-Downloader.Win32.Diehard.bw skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Junk/[From "dora hamilton" <[email protected]>][Date Sat, 07 Oct 2006 03:29:46 -0800]/UNNAMED/[From DesiMTV" <[email protected]>][Date 7 Oct 2006 19:06:55 -0200]/UNNAMED/[From "vanita castillo" <[email protected]>][Date Mon, 09 Oct 2006 16:15:25 +1000]/UNNAMED/[From "reda anderson" <[email protected]>][Date Tue, 10 Oct 2006 18:41:59 -0800]/UNNAMED ... . ... ... /[Fr ... /[From Sears" <[email protected]>][Date 13 Aug 2007 06 ... /LGame/lgame.exe Infected: Trojan-Downloader.Win32.Agent.brk skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Junk/[From "dora hamilton" <[email protected]>][Date Sat, 07 Oct 2006 03:29:46 -0800]/UNNAMED/[From DesiMTV" <[email protected]>][Date 7 Oct 2006 19:06:55 -0200]/UNNAMED/[From "vanita castillo" <[email protected]>][Date Mon, 09 Oct 2006 16:15:25 +1000]/UNNAMED/[From "reda anderson" <[email protected]>][Date Tue, 10 Oct 2006 18:41:59 -0800]/UNNAMED ... . ... ... /[Fr ... /[From Sears" <[email protected]>][Date 13 Aug 2007 06:15:09 -0200]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.brk skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Junk/[From "dora hamilton" <[email protected]>][Date Sat, 07 Oct 2006 03:29:46 -0800]/UNNAMED/[From DesiMTV" <[email protected]>][Date 7 Oct 2006 19:06:55 -0200]/UNNAMED/[From "vanita castillo" <[email protected]>][Date Mon, 09 Oct 2006 16:15:25 +1000]/UNNAMED/[From "reda anderson" <[email protected]>][Date Tue, 10 Oct 2006 18:41:59 -0800]/UNNAMED ... ... /[From "Faye Drummond" <[email protected]>][Date Wed, 15 Aug 2007 08 ... /LGame/lgame.exe Infected: Trojan-Downloader.Win32.Agent.brk skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Junk/[From "dora hamilton" <[email protected]>][Date Sat, 07 Oct 2006 03:29:46 -0800]/UNNAMED/[From DesiMTV" <[email protected]>][Date 7 Oct 2006 19:06:55 -0200]/UNNAMED/[From "vanita castillo" <[email protected]>][Date Mon, 09 Oct 2006 16:15:25 +1000]/UNNAMED/[From "reda anderson" <[email protected]>][Date Tue, 10 Oct 2006 18:41:59 -0800]/UNNAMED ... ... /[From "Faye Drummond" <[email protected]>][Date Wed, 15 Aug 2007 08:45:16 - ... /UNNAMED Infected: Trojan-Downloader.Win32.Agent.brk skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Junk/[From "dora hamilton" <[email protected]>][Date Sat, 07 Oct 2006 03:29:46 -0800]/UNNAMED/[From DesiMTV" <[email protected]>][Date 7 Oct 2006 19:06:55 -0200]/UNNAMED/[From "vanita castillo" <[email protected]>][Date Mon, 09 Oct 2006 16:15:25 +1000]/UNNAMED/[From "reda anderson" <[email protected]>][Date Tue, 10 Oct 2006 18:41:59 -0800]/UNNAMED ... /[From DISH Net ... /[From "eddy neira" <[email protected]>][Date Sat, 18 Aug 2007 15:54: ... /game.exe Infected: Trojan-Downloader.Win32.Agent.acl skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Junk/[From "dora hamilton" <[email protected]>][Date Sat, 07 Oct 2006 03:29:46 -0800]/UNNAMED/[From DesiMTV" <[email protected]>][Date 7 Oct 2006 19:06:55 -0200]/UNNAMED/[From "vanita castillo" <[email protected]>][Date Mon, 09 Oct 2006 16:15:25 +1000]/UNNAMED/[From "reda anderson" <[email protected]>][Date Tue, 10 Oct 2006 18:41:59 -0800]/UNNAMED ... /[From DISH Net ... /[From "eddy neira" <[email protected]>][Date Sat, 18 Aug 2007 15:54:3 ... /UNNAMED Infected: Trojan-Downloader.Win32.Agent.acl skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Junk/[From "dora hamilton" <[email protected]>][Date Sat, 07 Oct 2006 03:29:46 -0800]/UNNAMED/[From DesiMTV" <[email protected]>][Date 7 Oct 2006 19:06:55 -0200]/UNNAMED/[From "vanita castillo" <[email protected]>][Date Mon, 09 Oct 2006 16:15:25 +1000]/UNNAMED/[From "reda anderson" <[email protected]>][Date Tue, 10 Oct 2006 18:41:59 -0800]/UNNAMED ... /[From DISH Net ... /[From "eddy neira" <[email protected]>][Date Sat, 18 Aug 2007 15:54:34 +0200]/text Infected: Trojan-Downloader.Win32.Agent.acl skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Junk/[From "dora hamilton" <[email protected]>][Date Sat, 07 Oct 2006 03:29:46 -0800]/UNNAMED/[From DesiMTV" <[email protected]>][Date 7 Oct 2006 19:06:55 -0200]/UNNAMED/[From "vanita castillo" <[email protected]>][Date Mon, 09 Oct 2006 16:15:25 +1000]/UNNAMED/[From "reda anderson" <[email protected]>][Date Tue, 10 Oct 2006 18:41:59 -0800]/UNNAMED ... /[From DISH Network <[email protected]>][Date Thu, 16 Aug 2007 16:32:47 -0400 (EDT)]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.acl skipped
C:\Documents and Settings\Jeff & Mary\Application Data\Thunderbird\Profiles\ci4jz5ll.Mary\Mail\Local Folders\Junk/[From "dora hamilton" <[email protected]>][Date Sat, 07 Oct 2006 03:29:46 -0800]/UNNAMED/[From DesiMTV" <gomozsxgt
  • 0

#8
Cannon

Cannon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
OK, I just realized that the text is way too big to all fit in one post. I uploaded the .txt file to my website for your download.

http://www.jeffcannon.net/K-Scan.txt - As a text doc.

http://www.jeffcannon.net/K-Scan.doc - As a Word doc.
  • 0

#9
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Wow thats a big log :)

I am sure you can see those e-mails that are infected.
Please go into your Thunderbird e-mail account and delete those infected e-mails.
=========================================================
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\Installer\{2e03aacb-a173-4f8b-93ac-da860f0bf5f9}\zip.dll
C:\WINDOWS\Installer\{5354c29d-f032-4143-855a-5178d6f773e6}\zip.dll
C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe
C:\Documents and Settings\Jeff & Mary\My Documents\www.jeffcannon.net\Forum Misc\Back Ups\02132006bu\admin\tool.php
C:\Documents and Settings\Jeff & Mary\My Documents\www.jeffcannon.net\Forum Misc\Back Ups\021306a\admin\tool.php
C:\Documents and Settings\Jeff & Mary\My Documents\My Downloads\Bearshare\BSINSTALL.exe
C:\Documents and Settings\Jeff & Mary\My Documents\My Downloads\Bearshare\BSINSTALL5.2.0.1.exe


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log by using Add/Reply
  • 0

#10
Cannon

Cannon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Wow thats a big log :)

Wish I heard that more often! LMAO.

I tried as best I could to manually remove the e-mail files but the "folder" they say there are in contains encypted backup files of some sort. I did a complete compaction of all users and reran the Kyp. scan on those folders. It found nothing so I hope it's clear. Here's the other info you requested:

+++++++++++++++++++++++++++++++++++++++++++++++++++

Logfile of HijackThis v1.99.1
Scan saved at 5:45:23 PM, on 2/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Jeff & Mary\My Documents\My Downloads\HiJack This\HijackThis.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [Ulead Quick-Drop] "C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Disc Creator TBYB\Ulead Quick-Drop 1.0\Quick-Drop.exe" WINDOWCALL
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: VolumeMon - {bc4ad0bc-2c29-41fa-b7da-fc43b7824d60} - (no file)
O21 - SSODL: zip - {fd22355c-0635-43c0-a967-784eb54ace29} - (no file)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: GEARSecurity (GEARSecurity_BackUp) - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\cbiauifa

*******************

Script file located at: \??\C:\hbahfnqc.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\Installer\{2e03aacb-a173-4f8b-93ac-da860f0bf5f9}\zip.dll deleted successfully.
File C:\WINDOWS\Installer\{5354c29d-f032-4143-855a-5178d6f773e6}\zip.dll deleted successfully.
File C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe deleted successfully.
File C:\Documents and Settings\Jeff & Mary\My Documents\www.jeffcannon.net\Forum Misc\Back Ups\02132006bu\admin\tool.php deleted successfully.
File C:\Documents and Settings\Jeff & Mary\My Documents\www.jeffcannon.net\Forum Misc\Back Ups\021306a\admin\tool.php deleted successfully.
File C:\Documents and Settings\Jeff & Mary\My Documents\My Downloads\Bearshare\BSINSTALL.exe deleted successfully.
File C:\Documents and Settings\Jeff & Mary\My Documents\My Downloads\Bearshare\BSINSTALL5.2.0.1.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
  • 0

Advertisements


#11
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts

Wish I heard that more often!

:)

If you rescanned the folder then it is clean.
===========================
Please re-open Hijackthis and click on "Do a system scan only"
Then place a check mark next to these entries below:

O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O21 - SSODL: VolumeMon - {bc4ad0bc-2c29-41fa-b7da-fc43b7824d60} - (no file)
O21 - SSODL: zip - {fd22355c-0635-43c0-a967-784eb54ace29} - (no file)



Now click on Fix Checked and then close Hijackthis.
=================================
Also go ahead and delete the Avenger icon and folder on your desktop and the dss.exe icon also these folders >C:\Avenger and C:\Deckard
===============================
After that please update your Java:
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Ugrading Java:After that
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
=================================
Then I will need you to reset your System Restore points, please note that you will need to log into your computer with an account which has full administrator access.
You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
Click on *Start
Right-click *My Computer
Click *Properties
Click the *System Restore tab
Check *Turn off System Restore
Click *Apply, and then click *OK.

2. Reboot.

3. Turn ON System Restore.
Click on *Start
Right-click *My Computer
Click *Properties
*UN-Check *Turn off System Restore*
Check *Turn on System Restore
Click *Apply, and then click *OK.


How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb;en-us;310405
========================================
After that Your log is clean. :)

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein ->Here
  • 0

#12
Cannon

Cannon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
OK, did everythhing you asked and reran the Kyp. Scan. Here is the report. The ones in red are ones I went back and manually deleted. Is there anything else I should be worried about? I am not sure where the 2 virus' are.

========================================================================

KASPERSKY ONLINE SCANNER REPORT
Monday, February 18, 2008 8:55:18 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/02/2008
Kaspersky Anti-Virus database records: 572657


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target Folders
C:\

Scan Statistics
Total number of scanned objects 109719
Number of viruses found 2
Number of infected objects 1
Number of suspicious objects 2
Duration of the scan process 01:25:30

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_5b150187-0f05-4c72-917c-77c8e6964ac4 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\YazzleSudoku.zip/Yazzle1552OinUninstaller.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\YazzleSudoku.zip ZIP: suspicious - 1 skipped


C:\Documents and Settings\Jeff & Mary\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped

C:\Documents and Settings\Jeff & Mary\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Jeff & Mary\Local Settings\Application Data\ApplicationHistory\TransferAgent.exe.91f03f4d.ini.inuse Object is locked skipped

C:\Documents and Settings\Jeff & Mary\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Jeff & Mary\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Jeff & Mary\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Jeff & Mary\Local Settings\History\History.IE5\MSHist012008021820080219\index.dat Object is locked skipped

C:\Documents and Settings\Jeff & Mary\Local Settings\Temp\~DFFEC.tmp Object is locked skipped

C:\Documents and Settings\Jeff & Mary\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Jeff & Mary\My Documents\www.jeffcannon.net\Forum Misc\Back Ups\021306ab\admin\tool.php Infected: HackTool.Win32.Defacer.a skipped

C:\Documents and Settings\Jeff & Mary\ntuser.dat Object is locked skipped

C:\Documents and Settings\Jeff & Mary\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\ModemLog_PCTEL Platinum V.90 Modem.txt Object is locked skipped

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{DDC39676-5B4F-4AB8-9BA1-CF60A26D2CB7}.crmlog Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{B308CB1A-A06A-475F-8810-CB95BD8B130A}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
  • 0

#13
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
The one with red on them first are in Sypbot backups the other one is a hack tool like a password cracker or something of that sort you probably downloaded a while back they are not viruses.
None the less we will remove it.
=============================================
Open spybot and on the recovery tab place a check next to whatever is there.
Then click remove.


Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Documents and Settings\Jeff & Mary\My Documents\www.jeffcannon.net\Forum Misc\Back Ups\021306ab\admin\tool.php


  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.
========================================================================
Then if you still want to rescan again feel free.

If you are satisfied then delete C:\Killbox and the icon from your desktop.

Then that is it.
  • 0

#14
Cannon

Cannon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
OK, I think everything is good. I do not seem to have any popups or strange things happening. The computer is also running smooth.

Thank you for everything!
  • 0

#15
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok great we will wrap this one up then.

You are welcome :)


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP