Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

IN trouble

Started by The Coffee Lady , May 08 2008 04:48 PM

  • Please log in to reply

#1
The Coffee Lady
Posted 08 May 2008 - 04:48 PM

The Coffee Lady

    Member

  • Member
  • PipPip
  • 28 posts
Thank you guys so much for being here!!!!!!!!!!!!!!!!!!



Runtime errors

HELP, CAN'T RUN MY PROGRAMS

I am getting different run-time errors for different programs, I am getting '76'-Path not found and for this one I was told to reinstall and that did not work, trying to run my accounting software.

'438' object doesn't support the method, whatever that means, trying to run system guard to clean up the reg.

System32 Folder Opens

I am trying to find out why the System32 Folder Opens for no reason. Every once in a while the System32 Folder Opens and I can not find out why.

Can't find hard drive, Have an extra drive for backup, not showing up

I use a different drive for backing up and now it will not show up. I see my C drive, my usb drive and my CD drive but not my other hard drive.

Operating System
Windows XP Professional Service Pack 2 (build 2600)

Processor a
1.30 gigahertz AMD Duron
128 kilobyte primary memory cache
64 kilobyte secondary memory cache

Virus Protection
AVG Internet Security Version 8.0
Realtime File Scanning On

All required security hotfixes (using the 04/08/2008 Microsoft Security Bulletin Summary) have been installed.







Malwarebytes' Anti-Malware 1.12
Database version: 726

Scan type: Quick Scan
Objects scanned: 47662
Time elapsed: 19 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 18
Files Infected: 34

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1962c5bc-e475-465b-823b-133e711bceb9} (Adware.Starware) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\Manager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\Configurator (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\Dating (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\Free_Credit_Score (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\Ringtones (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\Lottery (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\Sweepstakes (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\Weather (Adware.Starware) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Debra\Application Data\Starware365\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\Configurator\Configurator.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\Configurator\Configurator.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\RelatedSearch\RelatedSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\RelatedSearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\TravelSearch\TravelSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\TravelSearch\TravelSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\ToolbarLogo\ToolbarLogoOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\ToolbarLogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\Dating\DatingOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\Dating\DatingOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\Free_Credit_Score\Free_Credit_ScoreOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\Free_Credit_Score\Free_Credit_ScoreOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\Ringtones\RingtonesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\Ringtones\RingtonesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\Lottery\LotteryOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\Lottery\LotteryOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\Sweepstakes\SweepstakesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\Sweepstakes\SweepstakesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\ToolbarSearch\ToolbarSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\ToolbarSearch\ToolbarSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\Weather\WeatherOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\Weather\WeatherOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Debra\Application Data\Starware365\Weather\AlertArchive.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSGDILNW.DLL (Trojan.Vundo) -> Quarantined and deleted successfully.


SUPERAntiSpyware Scan Log
Generated 05/06/2008 at 09:52 PM

Application Version : 3.6.1000

Core Rules Database Version : 3453
Trace Rules Database Version: 1445

Scan type : Complete Scan
Total Scan Time : 02:53:55

Memory items scanned : 560
Memory threats detected : 0
Registry items scanned : 7681
Registry threats detected : 0
File items scanned : 62572
File threats detected : 2

Adware.Tracking Cookie
C:\Documents and Settings\Debra\Cookies\[email protected][1].txt

Registry Cleaner Trial
C:\Documents and Settings\Debra\Application Data\Registry Cleaner



HIJACKTHIS LOG


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:12 PM, on 06-May-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\AIV Reminder\aivreminder.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ShortKeys2\shortkey.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\uReach\uScreen\uscreen.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homecoffeeservice.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CookieHlprObj Class - {4DF1DB24-A57C-11d3-A180-00A0C90AE44B} - C:\Program Files\ZillaSoft.ws\ZWinCNO\PopUpKiller\ZillaBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Program Files\Jetico\BCWipe\BCWipeTM.exe" startup
O4 - HKLM\..\Run: [AIV Reminder] C:\Program Files\AIV Reminder\aivreminder.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: uScreen.lnk = C:\Program Files\uReach\uScreen\uscreen.exe
O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Global Startup: ShortKeys 2.lnk = C:\Program Files\ShortKeys2\shortkey.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: VersionTrackerPro.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\ieSpell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\ieSpell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Options - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: C:\Program Files\eGrabber\AddressGrabber Business 2008\AddressGrabber - {90A81828-92DB-400e-AECD-78C540F5EB49} - C:\Program Files\eGrabber\AddressGrabber Business 2008\InternetAddress.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.homecoffeeservice.com
O15 - Trusted Zone: *.ureach
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.a...aller_2-0-0.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1193882445714
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.h.../qdiagh.cab?326
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: sgSchedulerService - Unknown owner - C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
O23 - Service: WUSB54GSCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
--
End of file - 14784 bytes


ActiveScan-Panda


;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-05-08 12:57:15
PROTECTIONS: 1
MALWARE: 8
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
AVG Internet Security 8.0 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00041446 application/myway HackTools No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{66FC8717-EFA7-4546-8C4A-E224F3A80C76}
00041446 application/myway HackTools No 0 Yes No hkey_classes_root\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76}
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Debra\Cookies\[email protected][1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Debra\Cookies\[email protected][2].txt
00140385 Adware/Transponder Adware No 0 Yes No C:\WINDOWS\INF\POLMX2.INF
00147517 Cookie/Versiontracker TrackingCookie No 0 Yes No C:\Documents and Settings\Debra\Cookies\[email protected][2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Debra\Cookies\[email protected][1].txt
00168077 Cookie/Versiontracker TrackingCookie No 0 Yes No C:\Documents and Settings\Debra\Cookies\[email protected][2].txt
00279434 Spyware/Conducent-Timesink Spyware No 1 Yes No personal folders\debra\free sol \tsuninstaller.exe
00279434 Spyware/Conducent-Timesink Spyware No 1 Yes No personal folders\2002 great\debra\free sol \tsuninstaller.exe
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location 5
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description 5
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================


Uninstall HijackThis Log

Ad-Aware 2007
AddressGrabber Business 2008
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
AIV Reminder 2.0
AnalogX Keyword Extractor
Apple Software Update
Ask Toolbar
AusLogics Disk Defrag
AusLogics Registry Defrag
AVG 8.0
BCWipe 3.0
Belarc Advisor 7.2
BUSlink USB-Optical Driver
C-Media WDM Audio Driver
CoffeeCup Direct FTP
CoffeeCup PC TuneUp Pro
CoffeeCup Website Color Schemer
Compact Wireless-G USB Network Adapter with SpeedBooster
Customizable Alerts
Delta60
DirPrinting
EasyCleaner
Free Download Manager 2.1
getPlus®_ocx
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HouseCall 6.6
HP Product Detection
ieSpell
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 9
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ SE Runtime Environment 6 Update 1
Learn ReportBuilder
Lernout & Hauspie TruVoice American English TTS Engine
LogMeIn
MailWasher Pro
Malwarebytes' Anti-Malware
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Professional
Microsoft Office Access 2003 Runtime
Microsoft Outlook Personal Folders Backup
Microsoft Plus! for Windows XP
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (BADATAMMC)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Word Supplemental Templates and Wizards
mOrders V2.14
MP3 Player Utilities 3.75
MP3 Player Utilities 4.05
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers
PC Pitstop Optimize2 2.0
QuickTime
Samsung ML-2510 Series
Security Task Manager 1.7e
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939373)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942830)
Security Update for Windows XP (KB942831)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
ShortKeys 2
SiS 300/305
SiS 900 PCI Fast Ethernet Adapter Driver
Sonic Update Manager
Sound Blaster Audigy 2
SoundFont Bank Manager
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Stamps.com
Stamps.com support for Microsoft Outlook 97-2007
SUPERAntiSpyware Free Edition
SystemGuards 1.1.0.0
Trojan Killer
Tweak UI
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
USB MP3 Player WIN98 Drivers
uScreen
VersionTracker Pro Windows
WeatherBug
Winamp3 (remove only)
Windows Defender
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinHTTrack Website Copier 3.32-2
WinZip
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
  • 0

Advertisements

#2
Ness
Posted 08 May 2008 - 05:10 PM

Ness

    Banned

  • Banned
  • PipPipPip
  • 673 posts
Hello The Coffee Lady and welcome to Geeks to Go!

I will be helping you clean your computer :)

Please be patient as I review your log. I will be with you shortly.
  • 0

#3
The Coffee Lady
Posted 08 May 2008 - 07:16 PM

The Coffee Lady

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Thank you
  • 0

#4
Ness
Posted 09 May 2008 - 10:15 AM

Ness

    Banned

  • Banned
  • PipPipPip
  • 673 posts
Hello again The Coffee Lady

1. Clean Temporary Files
------------------------------------------------

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

2. Deckard's System Scanner
------------------------------------------------

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

In your next post
------------------------------------------------
  • DSS Log

  • 0

#5
The Coffee Lady
Posted 09 May 2008 - 11:38 AM

The Coffee Lady

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Duron™ Processor
Percentage of Memory in Use: 29%
Physical Memory (total/avail): 2047.48 MiB / 1448.47 MiB
Pagefile Memory (total/avail): 3945.85 MiB / 3341.55 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1912.64 MiB

C: is Fixed (FAT32) - 37.26 GiB total, 17.98 GiB free.
F: is Fixed (FAT32) - 37.24 GiB total, 33.9 GiB free.
G: is CDROM (No Media)
H: is Removable (FAT)

\\.\PHYSICALDRIVE1 - WDC WD400BB-53AUA1 - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 37.25 GiB - F:

\\.\PHYSICALDRIVE0 - WDC WD400EB-00CPF0 - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 37.27 GiB - C:

\\.\PHYSICALDRIVE2 - Lexar JD Mercury USB Device - 957 MiB - 1 partition
\PARTITION0 - 16-bit FAT - 959.48 MiB - H:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntivirusOverride is set.

FW: AVG Firewall v8.0 (AVG Technologies CZ, s.r.o.)
AV: AVG Internet Security v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\System32\\dpvsetup.exe"="C:\\WINDOWS\\System32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\System32\\RUNDLL32.EXE"="C:\\WINDOWS\\System32\\RUNDLL32.EXE:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\support.com\\bin\\tgcmd.exe"="C:\\Program Files\\support.com\\bin\\tgcmd.exe:*:Enabled:Support.com Scheduler and Command Dispatcher"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\uReach\\uScreen\\uScreen.exe"="C:\\Program Files\\uReach\\uScreen\\uScreen.exe:*:Enabled:uScreen"
"C:\\WINDOWS\\System32\\usmt\\migwiz.exe"="C:\\WINDOWS\\System32\\usmt\\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\\Program Files\\Stamps.com Internet Postage\\ipostage.exe"="C:\\Program Files\\Stamps.com Internet Postage\\ipostage.exe:*:Enabled:Stamps.com"
"C:\\Program Files\\eGrabber\\AGB\\AddrGrab.exe"="C:\\Program Files\\eGrabber\\AGB\\AddrGrab.exe:*:Enabled:AddressGrabber Business"
"C:\\Program Files\\CoffeeCup Software\\PC TuneUp Pro\\Apps\\coferam.exe"="C:\\Program Files\\CoffeeCup Software\\PC TuneUp Pro\\Apps\\coferam.exe:*:Enabled:CoffeeCup RAM Optimizer"
"C:\\Program Files\\Mals e-commerce\\morders V2\\mOrders.exe"="C:\\Program Files\\Mals e-commerce\\morders V2\\mOrders.exe:*:Enabled:mOrders 2.14"
"C:\\Program Files\\FireTrust\\MailWasher Pro\\MailWasher.exe"="C:\\Program Files\\FireTrust\\MailWasher Pro\\MailWasher.exe:*:Enabled:MailWasher Pro"
"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe"="C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe:*:Enabled:AVG Anti-Spyware"
"C:\\Program Files\\Compact Wireless-G USB Network Adapter with SpeedBooster\\InvokeSvc2.exe"="C:\\Program Files\\Compact Wireless-G USB Network Adapter with SpeedBooster\\InvokeSvc2.exe:*:Enabled:Wireless Network Monitor"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Debra\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LADYD
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Debra
LOGONSERVER=\\LADYD
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 7 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0701
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Debra\LOCALS~1\Temp
TMP=C:\DOCUME~1\Debra\LOCALS~1\Temp
USERDOMAIN=LADYD
USERNAME=Debra
USERPROFILE=C:\Documents and Settings\Debra
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Debra (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------



-- Application Event Log -------------------------------------------------------

Event Record #/Type10403 / Error
Event Submitted/Written: 05/09/2008 00:48:31 PM
Event ID/Source: 1802 / SecurityCenter
Event Description:
The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Event Record #/Type10380 / Warning
Event Submitted/Written: 05/09/2008 00:48:11 PM
Event ID/Source: 3 / SQLBrowser
Event Description:
The configuration of the AdminConnection\TCP protocol in the SQL instance BADATAMMC is not valid.

Event Record #/Type10363 / Warning
Event Submitted/Written: 05/09/2008 00:43:34 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type10344 / Warning
Event Submitted/Written: 05/08/2008 11:48:45 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x800401F0

Event Record #/Type10339 / Warning
Event Submitted/Written: 05/08/2008 11:45:23 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x800401F0



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type125198 / Error
Event Submitted/Written: 05/09/2008 01:16:11 PM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The GEARSecurity service has reported an invalid current state 0.

Event Record #/Type125197 / Warning
Event Submitted/Written: 05/09/2008 00:50:33 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001A70A7817E. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type125196 / Warning
Event Submitted/Written: 05/09/2008 00:50:29 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001A70A7817E. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type125178 / Error
Event Submitted/Written: 05/09/2008 00:49:58 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
cdudf_XP

Event Record #/Type125176 / Error
Event Submitted/Written: 05/09/2008 00:49:58 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The World Wide Web Publishing service terminated with the following error:
%%3



-- End of Deckard's System Scanner: finished at 2008-05-09 13:16:46 ------------










Deckard's System Scanner v20071014.68
Run by Debra on 2008-05-09 13:12:39
Computer is in Normal Mode.--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
13: 2008-05-09 17:12:48 UTC - RP46 - Deckard's System Scanner Restore Point
12: 2008-05-09 05:34:14 UTC - RP45 - Software Distribution Service 3.0
11: 2008-05-09 03:34:17 UTC - RP44 - Installed WinZip 11.1
10: 2008-05-09 03:23:02 UTC - RP43 - Installed Java™ 6 Update 5
9: 2008-05-09 03:21:46 UTC - RP42 - Removed Java™ 6 Update 5


-- First Restore Point --
1: 2008-05-05 03:29:45 UTC - RP34 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Debra.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:15:53 PM, on 09-May-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\AIV Reminder\aivreminder.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\ShortKeys2\shortkey.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\uReach\uScreen\uscreen.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Secunia\PSI (RC1)\psi.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
F:\Downloads\Deckard's System Scanner (DSS)\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Debra.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homecoffeeservice.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CookieHlprObj Class - {4DF1DB24-A57C-11d3-A180-00A0C90AE44B} - C:\Program Files\ZillaSoft.ws\ZWinCNO\PopUpKiller\ZillaBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\PROGRA~1\FREEDO~1\iefdm2.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Program Files\Jetico\BCWipe\BCWipeTM.exe" startup
O4 - HKLM\..\Run: [AIV Reminder] C:\Program Files\AIV Reminder\aivreminder.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: uScreen.lnk = C:\Program Files\uReach\uScreen\uscreen.exe
O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Startup: Secunia PSI (RC1).lnk = C:\Program Files\Secunia\PSI (RC1)\psi.exe
O4 - Global Startup: ShortKeys 2.lnk = C:\Program Files\ShortKeys2\shortkey.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\ieSpell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\ieSpell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Options - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: C:\Program Files\eGrabber\AddressGrabber Business 2008\AddressGrabber - {90A81828-92DB-400e-AECD-78C540F5EB49} - C:\Program Files\eGrabber\AddressGrabber Business 2008\InternetAddress.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.homecoffeeservice.com
O15 - Trusted Zone: *.ureach
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.a...aller_2-0-0.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1193882445714
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.h.../qdiagh.cab?326
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: sgSchedulerService - Unknown owner - C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
O23 - Service: WUSB54GSCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe

--
End of file - 15246 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080429-164535-240 O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
backup-20080429-164535-704 O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
backup-20080429-164535-484 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20080429-164535-879 O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
backup-20080429-164536-255 O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
backup-20080429-164536-392 O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - http://h30155.www3.h...nosticsxp2k.cab
backup-20080429-164536-833 O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.h...ctDetection.cab
backup-20080429-164536-571 O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
backup-20080429-164537-306 O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
backup-20080429-164537-497 O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
backup-20080429-164735-898 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SbcpHid - c:\windows\system32\drivers\sbcphid.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 DgiVecp (Team MFP Comm Driver) - c:\windows\system32\drivers\dgivecp.sys <Not Verified; Samsung Electronics Co., Ltd.; Samsung Electronics Co., Ltd. VECP for Windows 2000, XP>
R2 LxrSII1d (Secure II Driver) - c:\windows\system32\drivers\lxrsii1d.sys
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S2 PLUSBRW (BUSlink USB-Optical Adapter) - c:\windows\system32\drivers\scd1pl.sys <Not Verified; ; USB-IDE/ATAPI Bridge Driver>
S3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys <Not Verified; Creative Technology Ltd; E-mu Plug-In Architecture>
S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 PLSCSIRW - c:\windows\system32\drivers\scd0pl.sys <Not Verified; ; SCSI Mini Port Driver>
S3 PSI - c:\windows\system32\drivers\psi_mf.sys <Not Verified; Secunia; Secunia Personal Software Inspector>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S4 BCSWAP - c:\windows\system32\drivers\bcswap.sys <Not Verified; Jetico, Inc.; Jetico® BestCrypt™ Security System for Windows NT™>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 GEARSecurity - system32\gearsec.exe (file missing)
R2 LxrSII1s (Lexar Secure II) - lxrsii1s.exe (file missing)
R2 sgSchedulerService - c:\program files\systemguards.com\systemguards\sgscheduleservice.exe

S3 AresChatServer (Ares Chatroom server) -


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: SiS 900 PCI Fast Ethernet Adapter
Device ID: PCI\VEN_1039&DEV_0900&SUBSYS_09001039&REV_90\3&61AAA01&0&18
Manufacturer: SiS
Name: SiS 900 PCI Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1039&DEV_0900&SUBSYS_09001039&REV_90\3&61AAA01&0&18
Service: SISNICXP


-- Scheduled Tasks -------------------------------------------------------------

2008-05-09 12:51:02 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-05-09 05:00:04 380 --a------ C:\WINDOWS\Tasks\Recycle bin-daily.job
2008-05-09 03:30:02 392 --a------ C:\WINDOWS\Tasks\RegClean Scheduled Scan.job
2008-05-09 02:00:48 328 --a------ C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
2008-05-08 15:51:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-05-05 14:11:08 266 --a------ C:\WINDOWS\Tasks\Disk Cleanup.job
2008-05-04 02:00:54 406 --a------ C:\WINDOWS\Tasks\Local Drive shred free space.job


-- Files created between 2008-04-09 and 2008-05-09 -----------------------------

2008-05-09 12:47:54 0 dr-h----- C:\Documents and Settings\Debra\Recent
2008-05-08 23:34:26 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-05-08 16:50:41 0 d-------- C:\Change the Name of the Start Button
2008-05-08 13:15:58 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-07 21:13:48 0 d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-05-07 15:14:28 0 d-------- C:\Program Files\Panda Security
2008-05-07 14:40:03 17801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
2008-05-07 14:39:46 0 d-------- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster
2008-05-07 14:28:00 0 d--hs---- C:\FOUND.000
2008-05-06 18:48:28 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-06 18:48:09 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-06 18:48:09 0 d-------- C:\Documents and Settings\Debra\Application Data\SUPERAntiSpyware.com
2008-05-06 18:16:25 0 d-------- C:\Documents and Settings\Debra\Application Data\Malwarebytes
2008-05-06 18:15:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-06 18:15:19 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-04 22:30:24 0 d-------- C:\Documents and Settings\Debra\Application Data\WeatherBug
2008-05-04 22:30:23 0 d-------- C:\Program Files\AWS
2008-05-04 22:30:14 0 d-------- C:\Program Files\AskSBar
2008-05-04 20:59:35 0 d-------- C:\Program Files\Trojan Killer
2008-05-03 21:41:10 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-02 18:31:42 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-02 18:29:20 0 d-------- C:\Program Files\AVG
2008-05-02 18:29:14 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-01 22:57:57 0 d-------- C:\Paypal Plug-n
2008-04-30 21:47:43 0 d-------- C:\Program Files\Windows Defender
2008-04-28 15:03:07 0 d-------- C:\Documents and Settings\Debra\Application Data\Auslogics
2008-04-28 15:02:54 0 d-------- C:\Program Files\Auslogics
2008-04-25 00:57:37 0 d-------- C:\Documents and Settings\Debra\Application Data\HouseCall 6.6
2008-04-24 19:28:37 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-04-24 19:28:26 0 d-------- C:\Program Files\Security Task Manager
2008-04-23 23:50:13 0 d-------- C:\Program Files\TechTracker
2008-04-21 21:55:46 319488 --a------ C:\WINDOWS\system32\PolarZIPLight.dll <Not Verified; Polar [email protected] www.polarsoftware.com; Polar ZIP Light Component>
2008-04-19 23:50:01 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-17 22:48:42 691545 --a------ C:\WINDOWS\unins000.exe
2008-04-17 22:48:42 2540 --a------ C:\WINDOWS\unins000.dat
2008-04-17 17:11:27 0 d-------- C:\Daily Uses
2008-04-13 22:55:23 0 d-------- C:\WINDOWS\system32\Delta60
2008-04-13 22:55:23 0 d-------- C:\Delta60
2008-04-13 22:55:14 6029312 --a------ C:\Documents and Settings\Debra\NTUSER.DAT
2008-04-12 19:39:55 3840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-04-12 19:39:55 0 d-------- C:\Program Files\Belarc
2008-04-12 19:10:54 0 d-------- C:\Program Files\Trend Micro


-- Find3M Report ---------------------------------------------------------------

2008-05-09 12:56:58 1852 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-06 16:30:00 36 --ah----- C:\WINDOWS\system32\f9t.dat
2008-05-04 02:36:30 1277952 --a------ C:\WINDOWS\system32\msxml4.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP 2>
2008-04-19 22:14:22 1740 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-07 17:20:16 0 d-------- C:\Program Files\QuickTime
2008-03-26 15:08:40 0 d-------- C:\Program Files\Microsoft SQL Server
2008-03-22 02:56:52 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-20 01:00:54 0 d-------- C:\Program Files\SystemGuards.com
2008-03-19 05:47:00 1845248 --a------ C:\WINDOWS\system32\win32k.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-18 22:45:02 0 d-------- C:\Documents and Settings\Debra\Application Data\IrfanView
2008-03-10 13:08:06 0 d-------- C:\Program Files\dw20
2008-03-10 12:50:44 24312 -----n--- C:\WINDOWS\system32\pgdfgsvc.exe
2008-03-10 12:47:42 163908 -----n--- C:\WINDOWS\nsf981.exe
2008-03-10 12:47:40 151619 -----n--- C:\WINDOWS\nsfxp1.exe
2008-03-10 12:47:40 208966 -----n--- C:\WINDOWS\nsf1.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown



-- Hosts -----------------------------------------------------------------------

127.0.0.1 ZillaPopupKiller


-- End of Deckard's System Scanner: finished at 2008-05-09 13:16:46 ------------
  • 0

#6
Ness
Posted 11 May 2008 - 08:14 PM

Ness

    Banned

  • Banned
  • PipPipPip
  • 673 posts
Hello again The Coffee Lady

1. File Associations
------------------------------------------------

Please go to Start > Run and type or copy/paste the following in the run box (including the quotation marks):

"%userprofile%\desktop\dss.exe" /daft

Then click OK.

2. Jotti Scans
------------------------------------------------

Jotti File Submission:
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:

    • C:\WINDOWS\nsf981.exe
  • Click on the submit button
  • Follow the same steps for each of the following files:
    • C:\WINDOWS\nsfxp1.exe
    • C:\WINDOWS\nsf1.exe
    • C:\WINDOWS\system32\pgdfgsvc.exe
    • C:\Program Files\dw20
  • Please post the results in your next reply.

3. Kaspersky Online Scanner
------------------------------------------------

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Finally post a new DSS log.

In your next post
------------------------------------------------
  • Jotti Scan Logs (5)
  • Kaspersky Log
  • Fresh DSS Log

Edited by Nys, 11 May 2008 - 08:15 PM.

  • 0

#7
The Coffee Lady
Posted 14 May 2008 - 07:13 PM

The Coffee Lady

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
I have been trying to run the Kaspersky WebScanner but my system keeps crashing so it never gets finished, but here is the Jotti's malware scan

C:\WINDOWS\nsf981.exe, Found nothing

C:\WINDOWS\nsfxp1.exe, I THINK THIS IS WHAT IS MAKING ME CRASH
Norman Virus Control Found Sandbox: W32/Malware; [ General information ]

* File length: 151619 bytes.

[ Changes to registry ]
* Modifies value "Shell"="explorer.exe" in key "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon".

[ Process/window information ]
* Will automatically restart after boot (I'll be back...).

C:\WINDOWS\nsf1.exe
Found nothing


C:\WINDOWS\system32\pgdfgsvc.exe
Found nothing

C:\Program Files\dw20
The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file


Now I am getting Internet explorer has encountered a problem and needs to close and I have enclosed the error message in an uploaded file

Thanks so much for all your help

Attached Thumbnails

  • Internet_ex_1.jpg

  • 0

#8
Ness
Posted 16 May 2008 - 02:12 PM

Ness

    Banned

  • Banned
  • PipPipPip
  • 673 posts
Please follow through with all my instructions. I need you to do steps 1 and 3 from my previous post.
  • 0

#9
The Coffee Lady
Posted 18 May 2008 - 04:02 PM

The Coffee Lady

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
May 18, 2008 6:00:17 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/05/2008
Kaspersky Anti-Virus database records: 781871
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 72229
Number of viruses found: 2
Number of infected objects: 8
Number of suspicious objects: 177
Duration of the scan process: 21:41:49

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\outlook.pst/Personal Folders/Coffee/Customers/Lisa J. Riehl/10 Jun 2005 21:45 from [email protected]:Item #17163268 -.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\WINDOWS\outlook.pst/Personal Folders/Coffee/Customers/Mel Reinhardt/14 Mar 2005 13:56 from [email protected]:Notifica.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\WINDOWS\outlook.pst/Personal Folders/Coffee/Customers/Estelle Demotte/29 Apr 2005 04:30 from [email protected]:Item #17119518 - No.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\WINDOWS\outlook.pst/Personal Folders/Coffee/Customers/Mary Kelley/21 Jan 2005 17:01 from [email protected]:Item #17005834 - N.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\WINDOWS\outlook.pst/Personal Folders/Coffee/Customers/Barbara A. Dukeman/31 May 2005 12:44 from [email protected]:Item #17152152 - Notifi.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\WINDOWS\outlook.pst/Personal Folders/Coffee/Customers/William Silbert/18 Jan 2005 19:03 from [email protected]:Item #17002112 - N.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\WINDOWS\outlook.pst/Personal Folders/Coffee/Customers/Kirk D Roller/05 May 2005 15:39 from [email protected]:Item #17126329 - No.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\WINDOWS\outlook.pst/Personal Folders/Coffee/Customers/Russell Vertrees/14 Jan 2005 16:45 from [email protected]:Notification of Paymen.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\WINDOWS\outlook.pst/Personal Folders/Coffee/Customers/Scott Talhelm/25 Jan 2005 06:06 from [email protected]:Item #17010356 - Notific.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\WINDOWS\outlook.pst/Personal Folders/Coffee/Customers/Douglas Soper/28 Jan 2005 13:34 from [email protected]:Item #17014400 - No.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\WINDOWS\outlook.pst/Personal Folders/Coffee/Customers/Tina LaClair-Scruton/03 Feb 2005 23:18 from [email protected]:Item #17022391 - Noti.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\WINDOWS\outlook.pst/Personal Folders/Coffee/Customers/Scott Brudevold/20 Feb 2005 22:52 from [email protected]:Notification of Payment .rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\WINDOWS\outlook.pst/Personal Folders/Coffee/Customers/Scott Brudevold/21 Feb 2005 20:50 from [email protected]:Notification of Payment .rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\WINDOWS\outlook.pst/Personal Folders/Coffee/Customers/Chris Lindemann/27 Feb 2005 23:57 from [email protected]:Notification of .rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\WINDOWS\outlook.pst/Personal Folders/Coffee/Customers/Jennifer Peterson Riser/01 Mar 2005 16:18 from [email protected]:Notification of Paym.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\WINDOWS\outlook.pst/Personal Folders/Coffee/Customers/Adolph Billings/05 Mar 2005 00:00 from [email protected]:Notification of Pay.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\WINDOWS\outlook.pst/Personal Folders/Coffee/Customers/Davis Bright/16 Mar 2005 02:05 from [email protected]:Notification of Paym.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\WINDOWS\outlook.pst/Personal Folders/Coffee/Customers/Alaina Ramer/20 Mar 2005 17:23 from [email protected]:Notification of Paymen.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\WINDOWS\outlook.pst/Personal Folders/Coffee/Customers/Sarah Houstin/24 Mar 2005 13:19 from [email protected]:Notification of .rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\WINDOWS\outlook.pst/Personal Folders/Coffee/Customers/Thomas Simmomds/02 Apr 2005 12:35 from [email protected]:Notification of Pay.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\WINDOWS\outlook.pst/Personal Folders/Coffee/Customers/Mark Lester/05 Apr 2005 16:39 from [email protected]:Notification of .rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\WINDOWS\outlook.pst/Personal Folders/Coffee/Customers/Grace Valdes/05 Apr 2005 17:15 from [email protected]:Notification of Pay.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\WINDOWS\outlook.pst/Personal Folders/Coffee/Customers/John Ainsworth/19 Apr 2005 18:09 from [email protected]:Item #17108648 - Noti.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\WINDOWS\outlook.pst/Personal Folders/Coffee/Customers/Michele Mattos/27 Apr 2005 17:00 from [email protected]:Item #17117619 .rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\WINDOWS\outlook.pst/Personal Folders/Coffee/Customers/Diana Leatherman/28 Apr 2005 01:55 from [email protected]:Item #17118255 - Notifi.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\WINDOWS\outlook.pst/Personal Folders/Coffee/Customers/Kathryn Klouzsal/01 May 2005 04:17 from [email protected]:Notification of Pa.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\WINDOWS\outlook.pst/Personal Folders/Coffee/Customers/Tim Reinke/06 May 2005 00:44 from [email protected]:Item #17126849 - Notificat.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\WINDOWS\outlook.pst/Personal Folders/Coffee/Customers/Everett E. Jones/07 May 2005 17:24 from [email protected]:Item #17128414 - Noti.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\WINDOWS\outlook.pst/Personal Folders/Coffee/Customers/Alice Honey/07 May 2005 17:13 from [email protected]:Item #17128404 - No.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\WINDOWS\outlook.pst/Personal Folders/Coffee/Customers/Craig Schultz/15 May 2005 15:35 from [email protected]:Item #17136463 - Not.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\WINDOWS\outlook.pst/Personal Folders/Coffee/Customers/Jacqueline Kucharski/17 May 2005 17:44 from [email protected]:Item #17138845 - Notif.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\WINDOWS\outlook.pst/Personal Folders/Coffee/Customers/Jerel Heritage/18 May 2005 18:26 from [email protected]:Item #17139990 - Noti.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\WINDOWS\outlook.pst/Personal Folders/Coffee/Customers/Chris Glassburn/20 May 2005 02:04 from [email protected]:Item #17141573 - Noti.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\WINDOWS\outlook.pst/Personal Folders/Coffee/Customers/Bonnie Masse/29 May 2005 12:51 from [email protected]:Item #17150593 - Notif.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\WINDOWS\outlook.pst/Personal Folders/Coffee/Customers/Diane Sutter/30 May 2005 22:10 from [email protected]:Item #17151715 - Noti.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\WINDOWS\outlook.pst/Personal Folders/Debra/21 Aug 2000 16:50 from greenmag1:Free SOL /TSUninstaller.exe Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\WINDOWS\outlook.pst MailMSMaill: infected - 1, suspicious - 35 skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-04302008-214748.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\emc\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\AvgAm\avgam.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgwd.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgam.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgsched.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgns.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\commonpub.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgui.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgfw8u.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgsrm.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\commonpriv.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Antispam\scoffset.bin.incr Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_a4c.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Debra\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\Debra\Local Settings\Temp\Free Download Manager\tic2.tmp Object is locked skipped
C:\Documents and Settings\Debra\Local Settings\Temp\~DF3291.tmp Object is locked skipped
C:\Documents and Settings\Debra\Local Settings\Temp\9F4A0.dmp Object is locked skipped
C:\Documents and Settings\Debra\Local Settings\Temp\Perflib_Perfdata_cf0.dat Object is locked skipped
C:\Documents and Settings\Debra\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Debra\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/2002 great/Coffee/Customers/Lisa J. Riehl/10 Jun 2005 21:45 from [email protected]:Item #17163268 -.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/2002 great/Coffee/Customers/Mel Reinhardt/14 Mar 2005 13:56 from [email protected]:Notifica.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/2002 great/Coffee/Customers/Estelle Demotte/29 Apr 2005 04:30 from [email protected]:Item #17119518 - No.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/2002 great/Coffee/Customers/Mary Kelley/21 Jan 2005 17:01 from [email protected]:Item #17005834 - N.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/2002 great/Coffee/Customers/Barbara A. Dukeman/31 May 2005 12:44 from [email protected]:Item #17152152 - Notifi.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/2002 great/Coffee/Customers/William Silbert/18 Jan 2005 19:03 from [email protected]:Item #17002112 - N.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/2002 great/Coffee/Customers/Kirk D Roller/05 May 2005 15:39 from [email protected]:Item #17126329 - No.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/2002 great/Coffee/Customers/Russell Vertrees/14 Jan 2005 16:45 from [email protected]:Notification of Paymen.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/2002 great/Coffee/Customers/Scott Talhelm/25 Jan 2005 06:06 from [email protected]:Item #17010356 - Notific.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/2002 great/Coffee/Customers/Douglas Soper/28 Jan 2005 13:34 from [email protected]:Item #17014400 - No.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/2002 great/Coffee/Customers/Tina LaClair-Scruton/03 Feb 2005 23:18 from [email protected]:Item #17022391 - Noti.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/2002 great/Coffee/Customers/Scott Brudevold/20 Feb 2005 22:52 from [email protected]:Notification of Payment .rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/2002 great/Coffee/Customers/Scott Brudevold/21 Feb 2005 20:50 from [email protected]:Notification of Payment .rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/2002 great/Coffee/Customers/Chris Lindemann/27 Feb 2005 23:57 from [email protected]:Notification of .rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/2002 great/Coffee/Customers/Jennifer Peterson Riser/01 Mar 2005 16:18 from [email protected]:Notification of Paym.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/2002 great/Coffee/Customers/Adolph Billings/05 Mar 2005 00:00 from [email protected]:Notification of Pay.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/2002 great/Coffee/Customers/Davis Bright/16 Mar 2005 02:05 from [email protected]:Notification of Paym.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/2002 great/Coffee/Customers/Alaina Ramer/20 Mar 2005 17:23 from [email protected]:Notification of Paymen.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/2002 great/Coffee/Customers/Sarah Houstin/24 Mar 2005 13:19 from [email protected]:Notification of .rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/2002 great/Coffee/Customers/Thomas Simmomds/02 Apr 2005 12:35 from [email protected]:Notification of Pay.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/2002 great/Coffee/Customers/Mark Lester/05 Apr 2005 16:39 from [email protected]:Notification of .rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/2002 great/Coffee/Customers/Grace Valdes/05 Apr 2005 17:15 from [email protected]:Notification of Pay.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/2002 great/Coffee/Customers/John Ainsworth/19 Apr 2005 18:09 from [email protected]:Item #17108648 - Noti.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/2002 great/Coffee/Customers/Michele Mattos/27 Apr 2005 17:00 from [email protected]:Item #17117619 .rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/2002 great/Coffee/Customers/Diana Leatherman/28 Apr 2005 01:55 from [email protected]:Item #17118255 - Notifi.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/2002 great/Coffee/Customers/Kathryn Klouzsal/01 May 2005 04:17 from [email protected]:Notification of Pa.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/2002 great/Coffee/Customers/Tim Reinke/06 May 2005 00:44 from [email protected]:Item #17126849 - Notificat.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/2002 great/Coffee/Customers/Everett E. Jones/07 May 2005 17:24 from [email protected]:Item #17128414 - Noti.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/2002 great/Coffee/Customers/Alice Honey/07 May 2005 17:13 from [email protected]:Item #17128404 - No.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/2002 great/Coffee/Customers/Craig Schultz/15 May 2005 15:35 from [email protected]:Item #17136463 - Not.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/2002 great/Coffee/Customers/Jacqueline Kucharski/17 May 2005 17:44 from [email protected]:Item #17138845 - Notif.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/2002 great/Coffee/Customers/Jerel Heritage/18 May 2005 18:26 from [email protected]:Item #17139990 - Noti.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/2002 great/Coffee/Customers/Chris Glassburn/20 May 2005 02:04 from [email protected]:Item #17141573 - Noti.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/2002 great/Coffee/Customers/Bonnie Masse/29 May 2005 12:51 from [email protected]:Item #17150593 - Notif.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/2002 great/Coffee/Customers/Diane Sutter/30 May 2005 22:10 from [email protected]:Item #17151715 - Noti.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/2002 great/Debra/21 Aug 2000 16:50 from greenmag1:Free SOL /TSUninstaller.exe Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/Coffee/Customers/Lisa J. Riehl/10 Jun 2005 21:45 from [email protected]:Item #17163268 -.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/Coffee/Customers/Mel Reinhardt/14 Mar 2005 13:56 from [email protected]:Notifica.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/Coffee/Customers/Kirk D Roller/05 May 2005 15:39 from [email protected]:Item #17126329 - No.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/Coffee/Customers/Estelle Demotte/29 Apr 2005 04:30 from [email protected]:Item #17119518 - No.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/Coffee/Customers/Russell Vertrees/14 Jan 2005 16:45 from [email protected]:Notification of Paymen.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/Coffee/Customers/Mary Kelley/21 Jan 2005 17:01 from [email protected]:Item #17005834 - N.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/Coffee/Customers/Barbara A. Dukeman/31 May 2005 12:44 from [email protected]:Item #17152152 - Notifi.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/Coffee/Customers/William Silbert/18 Jan 2005 19:03 from [email protected]:Item #17002112 - N.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/Coffee/Customers/Douglas Soper/28 Jan 2005 13:34 from [email protected]:Item #17014400 - No.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/Coffee/Customers/Scott Talhelm/25 Jan 2005 06:06 from [email protected]:Item #17010356 - Notific.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/Coffee/Customers/Tina LaClair-Scruton/03 Feb 2005 23:18 from [email protected]:Item #17022391 - Noti.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/Coffee/Customers/Scott Brudevold/20 Feb 2005 22:52 from [email protected]:Notification of Payment .rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/Coffee/Customers/Scott Brudevold/21 Feb 2005 20:50 from [email protected]:Notification of Payment .rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/Coffee/Customers/Chris Lindemann/27 Feb 2005 23:57 from [email protected]:Notification of .rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/Coffee/Customers/Jennifer Peterson Riser/01 Mar 2005 16:18 from [email protected]:Notification of Paym.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/Coffee/Customers/Adolph Billings/05 Mar 2005 00:00 from [email protected]:Notification of Pay.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/Coffee/Customers/Davis Bright/16 Mar 2005 02:05 from [email protected]:Notification of Paym.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/Coffee/Customers/Alaina Ramer/20 Mar 2005 17:23 from [email protected]:Notification of Paymen.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/Coffee/Customers/Sarah Houstin/24 Mar 2005 13:19 from [email protected]:Notification of .rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/Coffee/Customers/Thomas Simmomds/02 Apr 2005 12:35 from [email protected]:Notification of Pay.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/Coffee/Customers/Mark Lester/05 Apr 2005 16:39 from [email protected]:Notification of .rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/Coffee/Customers/Grace Valdes/05 Apr 2005 17:15 from [email protected]:Notification of Pay.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/Coffee/Customers/John Ainsworth/19 Apr 2005 18:09 from [email protected]:Item #17108648 - Noti.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/Coffee/Customers/Michele Mattos/27 Apr 2005 17:00 from [email protected]:Item #17117619 .rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/Coffee/Customers/Diana Leatherman/28 Apr 2005 01:55 from [email protected]:Item #17118255 - Notifi.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/Coffee/Customers/Kathryn Klouzsal/01 May 2005 04:17 from [email protected]:Notification of Pa.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/Coffee/Customers/Tim Reinke/06 May 2005 00:44 from [email protected]:Item #17126849 - Notificat.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/Coffee/Customers/Everett E. Jones/07 May 2005 17:24 from [email protected]:Item #17128414 - Noti.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/Coffee/Customers/Alice Honey/07 May 2005 17:13 from [email protected]:Item #17128404 - No.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/Coffee/Customers/Craig Schultz/15 May 2005 15:35 from [email protected]:Item #17136463 - Not.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/Coffee/Customers/Jacqueline Kucharski/17 May 2005 17:44 from [email protected]:Item #17138845 - Notif.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/Coffee/Customers/Jerel Heritage/18 May 2005 18:26 from [email protected]:Item #17139990 - Noti.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/Coffee/Customers/Chris Glassburn/20 May 2005 02:04 from [email protected]:Item #17141573 - Noti.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/Coffee/Customers/Bonnie Masse/29 May 2005 12:51 from [email protected]:Item #17150593 - Notif.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/Coffee/Customers/Diane Sutter/30 May 2005 22:10 from [email protected]:Item #17151715 - Noti.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst/Personal Folders/Debra/21 Aug 2000 16:50 from greenmag1:Free SOL /TSUninstaller.exe Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\0704mailbox.pst MailMSMaill: infected - 2, suspicious - 70 skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Sent Items/21 Mar 2005 02:46 to 'usbebase':RE: RE: Please send me total amo.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Debra\Local Settings\Application Data\Microsoft\Outlook\archive.pst MailMSMaill: suspicious - 1 skipped
C:\Documents and Settings\Debra\ntuser.dat Object is locked skipped
C:\Documents and Settings\Debra\Cookies\index.dat Object is locked skipped
C:\Program Files\Common Files\System\SYSTEM.ldb Object is locked skipped
C:\Program Files\Common Files\System\SYSTEM.MDW Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_52.trc Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf Object is locked skipped
C:\System Volume Information\_restore{879AC60B-6DD0-4B25-9B94-3DFDBE95C37A}\RP77\change.log Object is locked skipped
C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped
C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped
C:\Inetpub\catalog.wci\CiSP0000.000 Object is locked skipped
C:\Inetpub\catalog.wci\INDEX.000 Object is locked skipped
C:\Inetpub\catalog.wci\CiCL0001.000 Object is locked skipped
C:\Inetpub\catalog.wci\CiSL0001.000 Object is locked skipped
C:\Inetpub\catalog.wci\CiP10000.000 Object is locked skipped
C:\Inetpub\catalog.wci\CiP20000.000 Object is locked skipped
C:\Inetpub\catalog.wci\CiPT0000.000 Object is locked skipped
C:\Inetpub\catalog.wci\CiST0000.000 Object is locked skipped
C:\Inetpub\catalog.wci\propstor.bk1 Object is locked skipped
C:\Inetpub\catalog.wci\propstor.bk2 Object is locked skipped
C:\Inetpub\catalog.wci\cicat.hsh Object is locked skipped
C:\Inetpub\catalog.wci\CiVP0000.000 Object is locked skipped
C:\Inetpub\catalog.wci\cicat.fid Object is locked skipped
C:\Inetpub\catalog.wci\00000002.ps1 Object is locked skipped
C:\Inetpub\catalog.wci\00000002.ps2 Object is locked skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/2002 great/Coffee/Customers/Lisa J. Riehl/10 Jun 2005 21:45 from [email protected]:Item #17163268 -.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/2002 great/Coffee/Customers/Mel Reinhardt/14 Mar 2005 13:56 from [email protected]:Notifica.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/2002 great/Coffee/Customers/Estelle Demotte/29 Apr 2005 04:30 from [email protected]:Item #17119518 - No.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/2002 great/Coffee/Customers/Mary Kelley/21 Jan 2005 17:01 from [email protected]:Item #17005834 - N.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/2002 great/Coffee/Customers/Barbara A. Dukeman/31 May 2005 12:44 from [email protected]:Item #17152152 - Notifi.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/2002 great/Coffee/Customers/William Silbert/18 Jan 2005 19:03 from [email protected]:Item #17002112 - N.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/2002 great/Coffee/Customers/Kirk D Roller/05 May 2005 15:39 from [email protected]:Item #17126329 - No.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/2002 great/Coffee/Customers/Russell Vertrees/14 Jan 2005 16:45 from [email protected]:Notification of Paymen.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/2002 great/Coffee/Customers/Scott Talhelm/25 Jan 2005 06:06 from [email protected]:Item #17010356 - Notific.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/2002 great/Coffee/Customers/Douglas Soper/28 Jan 2005 13:34 from [email protected]:Item #17014400 - No.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/2002 great/Coffee/Customers/Tina LaClair-Scruton/03 Feb 2005 23:18 from [email protected]:Item #17022391 - Noti.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/2002 great/Coffee/Customers/Scott Brudevold/20 Feb 2005 22:52 from [email protected]:Notification of Payment .rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/2002 great/Coffee/Customers/Scott Brudevold/21 Feb 2005 20:50 from [email protected]:Notification of Payment .rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/2002 great/Coffee/Customers/Chris Lindemann/27 Feb 2005 23:57 from [email protected]:Notification of .rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/2002 great/Coffee/Customers/Jennifer Peterson Riser/01 Mar 2005 16:18 from [email protected]:Notification of Paym.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/2002 great/Coffee/Customers/Adolph Billings/05 Mar 2005 00:00 from [email protected]:Notification of Pay.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/2002 great/Coffee/Customers/Davis Bright/16 Mar 2005 02:05 from [email protected]:Notification of Paym.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/2002 great/Coffee/Customers/Alaina Ramer/20 Mar 2005 17:23 from [email protected]:Notification of Paymen.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/2002 great/Coffee/Customers/Sarah Houstin/24 Mar 2005 13:19 from [email protected]:Notification of .rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/2002 great/Coffee/Customers/Thomas Simmomds/02 Apr 2005 12:35 from [email protected]:Notification of Pay.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/2002 great/Coffee/Customers/Mark Lester/05 Apr 2005 16:39 from [email protected]:Notification of .rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/2002 great/Coffee/Customers/Grace Valdes/05 Apr 2005 17:15 from [email protected]:Notification of Pay.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/2002 great/Coffee/Customers/John Ainsworth/19 Apr 2005 18:09 from [email protected]:Item #17108648 - Noti.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/2002 great/Coffee/Customers/Michele Mattos/27 Apr 2005 17:00 from [email protected]:Item #17117619 .rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/2002 great/Coffee/Customers/Diana Leatherman/28 Apr 2005 01:55 from [email protected]:Item #17118255 - Notifi.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/2002 great/Coffee/Customers/Kathryn Klouzsal/01 May 2005 04:17 from [email protected]:Notification of Pa.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/2002 great/Coffee/Customers/Tim Reinke/06 May 2005 00:44 from [email protected]:Item #17126849 - Notificat.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/2002 great/Coffee/Customers/Everett E. Jones/07 May 2005 17:24 from [email protected]:Item #17128414 - Noti.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/2002 great/Coffee/Customers/Alice Honey/07 May 2005 17:13 from [email protected]:Item #17128404 - No.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/2002 great/Coffee/Customers/Craig Schultz/15 May 2005 15:35 from [email protected]:Item #17136463 - Not.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/2002 great/Coffee/Customers/Jacqueline Kucharski/17 May 2005 17:44 from [email protected]:Item #17138845 - Notif.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/2002 great/Coffee/Customers/Jerel Heritage/18 May 2005 18:26 from [email protected]:Item #17139990 - Noti.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/2002 great/Coffee/Customers/Chris Glassburn/20 May 2005 02:04 from [email protected]:Item #17141573 - Noti.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/2002 great/Coffee/Customers/Bonnie Masse/29 May 2005 12:51 from [email protected]:Item #17150593 - Notif.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/2002 great/Coffee/Customers/Diane Sutter/30 May 2005 22:10 from [email protected]:Item #17151715 - Noti.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/2002 great/Debra/21 Aug 2000 16:50 from greenmag1:Free SOL /TSUninstaller.exe Infected: not-a-virus:AdWare.Win32.TimeSink skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/Coffee/Customers/Lisa J. Riehl/10 Jun 2005 21:45 from [email protected]:Item #17163268 -.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/Coffee/Customers/Mel Reinhardt/14 Mar 2005 13:56 from [email protected]:Notifica.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/Coffee/Customers/Kirk D Roller/05 May 2005 15:39 from [email protected]:Item #17126329 - No.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/Coffee/Customers/Estelle Demotte/29 Apr 2005 04:30 from [email protected]:Item #17119518 - No.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/Coffee/Customers/Russell Vertrees/14 Jan 2005 16:45 from [email protected]:Notification of Paymen.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/Coffee/Customers/Mary Kelley/21 Jan 2005 17:01 from [email protected]:Item #17005834 - N.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/Coffee/Customers/Barbara A. Dukeman/31 May 2005 12:44 from [email protected]:Item #17152152 - Notifi.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/Coffee/Customers/William Silbert/18 Jan 2005 19:03 from [email protected]:Item #17002112 - N.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/Coffee/Customers/Douglas Soper/28 Jan 2005 13:34 from [email protected]:Item #17014400 - No.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/Coffee/Customers/Scott Talhelm/25 Jan 2005 06:06 from [email protected]:Item #17010356 - Notific.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/Coffee/Customers/Tina LaClair-Scruton/03 Feb 2005 23:18 from [email protected]:Item #17022391 - Noti.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/Coffee/Customers/Scott Brudevold/20 Feb 2005 22:52 from [email protected]:Notification of Payment .rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/Coffee/Customers/Scott Brudevold/21 Feb 2005 20:50 from [email protected]:Notification of Payment .rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/Coffee/Customers/Chris Lindemann/27 Feb 2005 23:57 from [email protected]:Notification of .rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/Coffee/Customers/Jennifer Peterson Riser/01 Mar 2005 16:18 from [email protected]:Notification of Paym.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/Coffee/Customers/Adolph Billings/05 Mar 2005 00:00 from [email protected]:Notification of Pay.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/Coffee/Customers/Davis Bright/16 Mar 2005 02:05 from [email protected]:Notification of Paym.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/Coffee/Customers/Alaina Ramer/20 Mar 2005 17:23 from [email protected]:Notification of Paymen.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/Coffee/Customers/Sarah Houstin/24 Mar 2005 13:19 from [email protected]:Notification of .rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/Coffee/Customers/Thomas Simmomds/02 Apr 2005 12:35 from [email protected]:Notification of Pay.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/Coffee/Customers/Mark Lester/05 Apr 2005 16:39 from [email protected]:Notification of .rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/Coffee/Customers/Grace Valdes/05 Apr 2005 17:15 from [email protected]:Notification of Pay.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/Coffee/Customers/John Ainsworth/19 Apr 2005 18:09 from [email protected]:Item #17108648 - Noti.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/Coffee/Customers/Michele Mattos/27 Apr 2005 17:00 from [email protected]il.com:Item #17117619 .rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/Coffee/Customers/Diana Leatherman/28 Apr 2005 01:55 from [email protected]:Item #17118255 - Notifi.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/Coffee/Customers/Kathryn Klouzsal/01 May 2005 04:17 from [email protected]:Notification of Pa.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/Coffee/Customers/Tim Reinke/06 May 2005 00:44 from [email protected]:Item #17126849 - Notificat.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/Coffee/Customers/Everett E. Jones/07 May 2005 17:24 from [email protected]:Item #17128414 - Noti.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/Coffee/Customers/Alice Honey/07 May 2005 17:13 from [email protected]:Item #17128404 - No.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/Coffee/Customers/Craig Schultz/15 May 2005 15:35 from [email protected]:Item #17136463 - Not.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/Coffee/Customers/Jacqueline Kucharski/17 May 2005 17:44 from [email protected]:Item #17138845 - Notif.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/Coffee/Customers/Jerel Heritage/18 May 2005 18:26 from [email protected]:Item #17139990 - Noti.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/Coffee/Customers/Chris Glassburn/20 May 2005 02:04 from [email protected]:Item #17141573 - Noti.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/Coffee/Customers/Bonnie Masse/29 May 2005 12:51 from [email protected]:Item #17150593 - Notif.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/Coffee/Customers/Diane Sutter/30 May 2005 22:10 from [email protected]:Item #17151715 - Noti.rtf Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\E-mail Back-up\0704mailbox backup.pst/Personal Folders/Debra/21 Aug 2000 16:50 from greenmag1:Free SOL /TSUninstaller.exe Infected: not-a-virus:AdWare.Win32.TimeSink skipped
F:\E-mail Back-up\0704mailbox backup.pst MailMSMaill: infected - 2, suspicious - 70 skipped
F:\System Volume Information\_restore{879AC60B-6DD0-4B25-9B94-3DFDBE95C37A}\RP77\change.log Object is locked skipped

Scan process completed.





Deckard's System Scanner v20071014.68
Run by Debra on 2008-05-17 19:00:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Debra.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:00:49 PM, on 17-May-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\AIV Reminder\aivreminder.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ShortKeys2\shortkey.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\Program Files\uReach\uScreen\uscreen.exe
C:\Program Files\Secunia\PSI (RC1)\psi.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Documents and Settings\Debra\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Debra.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homecoffeeservice.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = Back to top -->

#10
Ness
Posted 19 May 2008 - 07:15 PM

Ness

    Banned

  • Banned
  • PipPipPip
  • 673 posts
Hello again The Coffee Lady

Sorry for the delay on my post. My high school prom was this weekend :)

I know it's kind of dumb to have waited for 2 days for a post like this, but I promise it won't happen again.

I need you to post the entire DSS log. It was cut off.
  • 0

#11
The Coffee Lady
Posted 18 July 2008 - 01:37 AM

The Coffee Lady

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
:) I am sorry that I didn't get back to you. I moved and it took forever to get internet back. I have the dss log here and will run the KASPERSKY ONLINE SCANNER REPORT again and post it and now maybe I can get this computer fixed

Attached Files


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP