[kahdah]

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

First, we need to backup your registry:
Please go to Start > Run
Paste in the following line:

• regedit /e c:\registrybackup.reg
  Click OK.
  It won't appear to be doing anything, that's normal.
  Your mouse pointer may turn to an hour glass for a minute.
  Please continue when it no longer has the hour glass.
  
  Please open up Notepad and copy all of the items in the code box below.
  Change the "Save As Type" to "All Files". Save it as fixthis.reg on your Desktop.
  

  REGEDIT4
  
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
  "Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\00
  
  [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Viewpoint Manager Service]

  Now double-click fixthis.reg.
  A window will come up asking if you want to let it merge with the registry.
  Click yes.
  ==================
  After that please re-open Hijackthis and click on "Do a system scan only"
  Then place a check mark next to these entries below:
  
  O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
  O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
  O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\Chris\Application Data\Microsoft\dtsc\26452.exe
  O4 - HKCU\..\Run: [IEUpdate] C:\WINDOWS\system32\AdobeFnt07i.exe
  O4 - HKCU\..\RunServices: [IEUpdate] C:\WINDOWS\system32\AdobeFnt07i.exe
  O4 - HKUS\S-1-5-18\..\Run: [IEUpdate] C:\WINDOWS\system32\AdobeFnt07i.exe (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [IEUpdate] C:\WINDOWS\system32\AdobeFnt07i.exe (User 'Default user')
  
  
  
  Now click on Fix Checked and then close Hijackthis.
  ====================================================
  Please download the OTMoveIt2 by OldTimer.
  [list]
• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  C:\WINDOWS\system32\hljwugsf.bin
  C:\WINDOWS\system32\AdobeFnt07i.exe

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
======================================================
After that please post a new dss log and then let me know how things are running?

[Advertisements]

C:\WINDOWS\system32\hljwugsf.bin moved successfully.
File/Folder C:\WINDOWS\system32\AdobeFnt07i.exe not found.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05262008_181559


I haven't rebooted yet since it did not ask me. Should I restart?

Thanks.

[Kritayot]

C:\WINDOWS\system32\hljwugsf.bin moved successfully.
File/Folder C:\WINDOWS\system32\AdobeFnt07i.exe not found.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05262008_181559


I haven't rebooted yet since it did not ask me. Should I restart?

Thanks.

[kahdah]

Yes go ahead and reboot.
Then Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
=====================================
Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as button:
• Save the file in txt format to your desktop.
• Post that information in your next post.

[Kritayot]

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, May 27, 2008 7:13:27 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/05/2008
Kaspersky Anti-Virus database records: 801107
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 151323
Number of viruses found: 28
Number of infected objects: 321
Number of suspicious objects: 0
Duration of the scan process: 09:39:45

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Desktop.htt Infected: not-virus:Hoax.HTML.Secureinvites.b skipped
C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Output\Chris\~Running.ping Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-5-26-2008( 19-4-36 ).LOG Object is locked skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\Local Folders\Inbox/[From <[email protected]>][Date Tue, 6 Nov 2007 10:36:00 -0500]/text/[From "Charles Abod" <[email protected]>][Date Thu, 29 Nov 2007 09:41:20 -0500]/UNNAMED/[From "Charles Abod" <[email protected]>][Date Fri, 28 Dec 2007 15:38:12 -0500]/UNNAMED/[From "Rowena O'donnell" <[email protected]>][Date Mon, 31 Dec 2007 10:46:08 -0500]/UNNAMED/[From [email protected]][Dat ... /[From "Fax from . .. . ... /[From "Earl Sanc ... /[From <[email protected]>][Date 18 May 2008 15:36:32 ... /photo.scr Infected: Trojan-Downloader.Win32.Agent.pgz skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\Local Folders\Inbox/[From <[email protected]>][Date Tue, 6 Nov 2007 10:36:00 -0500]/text/[From "Charles Abod" <[email protected]>][Date Thu, 29 Nov 2007 09:41:20 -0500]/UNNAMED/[From "Charles Abod" <[email protected]>][Date Fri, 28 Dec 2007 15:38:12 -0500]/UNNAMED/[From "Rowena O'donnell" <[email protected]>][Date Mon, 31 Dec 2007 10:46:08 -0500]/UNNAMED/[From [email protected]][Dat ... /[From "Fax from . .. . ... /[From "Earl Sanc ... /[From <[email protected]>][Date 18 May 2008 15:36:32 +0900]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.pgz skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\Local Folders\Inbox/[From <[email protected]>][Date Tue, 6 Nov 2007 10:36:00 -0500]/text/[From "Charles Abod" <[email protected]>][Date Thu, 29 Nov 2007 09:41:20 -0500]/UNNAMED/[From "Charles Abod" <[email protected]>][Date Fri, 28 Dec 2007 15:38:12 -0500]/UNNAMED/[From "Rowena O'donnell" <[email protected]>][Date Mon, 31 Dec 2007 10:46:08 -0500]/UNNAMED/[From [email protected]][Dat ... /[From "Fax from . .. . ... /[From "Earl Sanchez" <[email protected]>][Date Sat, 17 May 2008 23:31:34 +0700]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.pgz skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\Local Folders\Inbox/[From <[email protected]>][Date Tue, 6 Nov 2007 10:36:00 -0500]/text/[From "Charles Abod" <[email protected]>][Date Thu, 29 Nov 2007 09:41:20 -0500]/UNNAMED/[From "Charles Abod" <[email protected]>][Date Fri, 28 Dec 2007 15:38:12 -0500]/UNNAMED/[From "Rowena O'donnell" <[email protected]>][Date Mon, 31 Dec 2007 10:46:08 -0500]/UNNAMED/[From [email protected]][Dat ... /[From "Fax from . .. . ... /[From "Errol Guerra" <[email protected]>][Date Sat, 17 May 2008 13:05:51 -0300]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.pgz skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\Local Folders\Inbox/[From <[email protected]>][Date Tue, 6 Nov 2007 10:36:00 -0500]/text/[From "Charles Abod" <[email protected]>][Date Thu, 29 Nov 2007 09:41:20 -0500]/UNNAMED/[From "Charles Abod" <[email protected]>][Date Fri, 28 Dec 2007 15:38:12 -0500]/UNNAMED/[From "Rowena O'donnell" <[email protected]>][Date Mon, 31 Dec 2007 10:46:08 -0500]/UNNAMED/[From [email protected]][Dat ... /[From "Fax from . .. . ... /[From "harlan marco" <[email protected]>][Date Sat, 17 May 2008 11:32:20 +0000]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.pgz skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\Local Folders\Inbox/[From <[email protected]>][Date Tue, 6 Nov 2007 10:36:00 -0500]/text/[From "Charles Abod" <[email protected]>][Date Thu, 29 Nov 2007 09:41:20 -0500]/UNNAMED/[From "Charles Abod" <[email protected]>][Date Fri, 28 Dec 2007 15:38:12 -0500]/UNNAMED/[From "Rowena O'donnell" <[email protected]>][Date Mon, 31 Dec 2007 10:46:08 -0500]/UNNAMED/[From [email protected]][Dat ... /[From "Fax from . .. ... /[From sakorn manorotkul <[email protected]>][Date Sat, 17 May 2008 04:23:00 +0000]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.pgz skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\Local Folders\Inbox/[From <[email protected]>][Date Tue, 6 Nov 2007 10:36:00 -0500]/text/[From "Charles Abod" <[email protected]>][Date Thu, 29 Nov 2007 09:41:20 -0500]/UNNAMED/[From "Charles Abod" <[email protected]>][Date Fri, 28 Dec 2007 15:38:12 -0500]/UNNAMED/[From "Rowena O'donnell" <[email protected]>][Date Mon, 31 Dec 2007 10:46:08 -0500]/UNNAMED/[From [email protected]][Dat ... /[From "Fax from . ... /[From VIAGRA ® Official Site <[email protected]>][Date Fri, 16 May 2008 22:23:59 -0600]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.pgz skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\Local Folders\Inbox/[From <[email protected]>][Date Tue, 6 Nov 2007 10:36:00 -0500]/text/[From "Charles Abod" <[email protected]>][Date Thu, 29 Nov 2007 09:41:20 -0500]/UNNAMED/[From "Charles Abod" <[email protected]>][Date Fri, 28 Dec 2007 15:38:12 -0500]/UNNAMED/[From "Rowena O'donnell" <[email protected]>][Date Mon, 31 Dec 2007 10:46:08 -0500]/UNNAMED/[From [email protected]][Dat ... /[From "Fax from ... /[From "Jeffrey Whalen" <[email protected]>][Date Fri, 16 May 2008 22:24:10 +0100]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.pgz skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\Local Folders\Inbox/[From <[email protected]>][Date Tue, 6 Nov 2007 10:36:00 -0500]/text/[From "Charles Abod" <[email protected]>][Date Thu, 29 Nov 2007 09:41:20 -0500]/UNNAMED/[From "Charles Abod" <[email protected]>][Date Fri, 28 Dec 2007 15:38:12 -0500]/UNNAMED/[From "Rowena O'donnell" <[email protected]>][Date Mon, 31 Dec 2007 10:46:08 -0500]/UNNAMED/[From [email protected]][Dat ... /[From "Fax from 715-833-3940, LORMAN ED SVCS" <[email protected]>][Date Fri, 16 May 2008 13:43:59 -0700]/text Infected: Trojan-Downloader.Win32.Agent.pgz skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\Local Folders\Inbox/[From <[email protected]>][Date Tue, 6 Nov 2007 10:36:00 -0500]/text/[From "Charles Abod" <[email protected]>][Date Thu, 29 Nov 2007 09:41:20 -0500]/UNNAMED/[From "Charles Abod" <[email protected]>][Date Fri, 28 Dec 2007 15:38:12 -0500]/UNNAMED/[From "Rowena O'donnell" <[email protected]>][Date Mon, 31 Dec 2007 10:46:08 -0500]/UNNAMED/[From [email protected]][Dat ... /[Fr ... ... /[Fr ... /[Fr ... /[From "Petra Combs" <[email protected]>][Date Fri, 16 May 2008 14:11:41 -0500]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.pgz skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\Local Folders\Inbox/[From <[email protected]>][Date Tue, 6 Nov 2007 10:36:00 -0500]/text/[From "Charles Abod" <[email protected]>][Date Thu, 29 Nov 2007 09:41:20 -0500]/UNNAMED/[From "Charles Abod" <[email protected]>][Date Fri, 28 Dec 2007 15:38:12 -0500]/UNNAMED/[From "Rowena O'donnell" <[email protected]>][Date Mon, 31 Dec 2007 10:46:08 -0500]/UNNAMED/[From [email protected]][Dat ... /[Fr ... ... /[Fr ... /[From VIAGRA ® Official Site <[email protected]>][Date Fri, 16 May 2008 10:40:13 -0600]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.pgz skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\Local Folders\Inbox/[From <[email protected]>][Date Tue, 6 Nov 2007 10:36:00 -0500]/text/[From "Charles Abod" <[email protected]>][Date Thu, 29 Nov 2007 09:41:20 -0500]/UNNAMED/[From "Charles Abod" <[email protected]>][Date Fri, 28 Dec 2007 15:38:12 -0500]/UNNAMED/[From "Rowena O'donnell" <[email protected]>][Date Mon, 31 Dec 2007 10:46:08 -0500]/UNNAMED/[From [email protected]][Dat ... /[Fr ... ... /[Fr ... /[From "Chase" <[email protected]>][Date Fri, 16 May 2008 09:50:06 -0600]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.pgz skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\Local Folders\Inbox/[From <[email protected]>][Date Tue, 6 Nov 2007 10:36:00 -0500]/text/[From "Charles Abod" <[email protected]>][Date Thu, 29 Nov 2007 09:41:20 -0500]/UNNAMED/[From "Charles Abod" <[email protected]>][Date Fri, 28 Dec 2007 15:38:12 -0500]/UNNAMED/[From "Rowena O'donnell" <[email protected]>][Date Mon, 31 Dec 2007 10:46:08 -0500]/UNNAMED/[From [email protected]][Dat ... /[Fr ... ... /[Fr ... /[From "Ashley Richard" <[email protected]>][Date Fri, 16 May 2008 14:56:11 GMT]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.pgz skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\Local Folders\Inbox/[From <[email protected]>][Date Tue, 6 Nov 2007 10:36:00 -0500]/text/[From "Charles Abod" <[email protected]>][Date Thu, 29 Nov 2007 09:41:20 -0500]/UNNAMED/[From "Charles Abod" <[email protected]>][Date Fri, 28 Dec 2007 15:38:12 -0500]/UNNAMED/[From "Rowena O'donnell" <[email protected]>][Date Mon, 31 Dec 2007 10:46:08 -0500]/UNNAMED/[From [email protected]][Dat ... /[Fr ... ... /[From "Fax from 200-000-0650" <[email protected]>][Date Fri, 16 May 2008 06:19:56 -070 ... /text Infected: Trojan-Downloader.Win32.Agent.pgz skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\Local Folders\Inbox/[From <[email protected]>][Date Tue, 6 Nov 2007 10:36:00 -0500]/text/[From "Charles Abod" <[email protected]>][Date Thu, 29 Nov 2007 09:41:20 -0500]/UNNAMED/[From "Charles Abod" <[email protected]>][Date Fri, 28 Dec 2007 15:38:12 -0500]/UNNAMED/[From "Rowena O'donnell" <[email protected]>][Date Mon, 31 Dec 2007 10:46:08 -0500]/UNNAMED/[From [email protected]][Dat ... /[Fr ... ... /[From "Fax from 200-000-0650" <[email protected]>][Date Fri, 16 May 2008 06:19:56 -0700]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.pgz skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\Local Folders\Inbox/[From <[email protected]>][Date Tue, 6 Nov 2007 10:36:00 -0500]/text/[From "Charles Abod" <[email protected]>][Date Thu, 29 Nov 2007 09:41:20 -0500]/UNNAMED/[From "Charles Abod" <[email protected]>][Date Fri, 28 Dec 2007 15:38:12 -0500]/UNNAMED/[From "Rowena O'donnell" <[email protected]>][Date Mon, 31 Dec 2007 10:46:08 -0500]/UNNAMED/[From [email protected]][Dat ... /[Fr ... /[From "Fax from 301-251-6249, C Abod" <[email protected]>][Date Fri, 16 May 2008 06:04:40 -0700]/text Infected: Trojan-Downloader.Win32.Agent.pgz skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\Local Folders\Inbox/[From <[email protected]>][Date Tue, 6 Nov 2007 10:36:00 -0500]/text/[From "Charles Abod" <[email protected]>][Date Thu, 29 Nov 2007 09:41:20 -0500]/UNNAMED/[From "Charles Abod" <[email protected]>][Date Fri, 28 Dec 2007 15:38:12 -0500]/UNNAMED/[From "Rowena O'donnell" <[email protected]>][Date Mon, 31 Dec 2007 10:46:08 -0500]/UNNAMED/[From [email protected]][Dat ... /[From "Fax ... /[From "Fax from 4 ... /[From "dunc hyo" <[email protected]>][Date Fri, 16 May 2008 00:51:31 +0000]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.pgz skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\Local Folders\Inbox/[From <[email protected]>][Date Tue, 6 Nov 2007 10:36:00 -0500]/text/[From "Charles Abod" <[email protected]>][Date Thu, 29 Nov 2007 09:41:20 -0500]/UNNAMED/[From "Charles Abod" <[email protected]>][Date Fri, 28 Dec 2007 15:38:12 -0500]/UNNAMED/[From "Rowena O'donnell" <[email protected]>][Date Mon, 31 Dec 2007 10:46:08 -0500]/UNNAMED/[From [email protected]][Dat ... /[From "Fax ... /[From "Fax from 416-847-1150" <[email protected]>][Date Thu, 15 May 2008 19:23:01 -0700]/text Infected: Trojan-Downloader.Win32.Agent.pgz skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\Local Folders\Inbox/[From <[email protected]>][Date Tue, 6 Nov 2007 10:36:00 -0500]/text/[From "Charles Abod" <[email protected]>][Date Thu, 29 Nov 2007 09:41:20 -0500]/UNNAMED/[From "Charles Abod" <[email protected]>][Date Fri, 28 Dec 2007 15:38:12 -0500]/UNNAMED/[From "Rowena O'donnell" <[email protected]>][Date Mon, 31 Dec 2007 10:46:08 -0500]/UNNAMED/[From [email protected]][Dat ... /[From "Fax from 703-465-81 ... /[From "barney austin" <[email protected]>][Date Thu, 15 May 2008 22:50:03 +0000]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.pgz skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\Local Folders\Inbox/[From <[email protected]>][Date Tue, 6 Nov 2007 10:36:00 -0500]/text/[From "Charles Abod" <[email protected]>][Date Thu, 29 Nov 2007 09:41:20 -0500]/UNNAMED/[From "Charles Abod" <[email protected]>][Date Fri, 28 Dec 2007 15:38:12 -0500]/UNNAMED/[From "Rowena O'donnell" <[email protected]>][Date Mon, 31 Dec 2007 10:46:08 -0500]/UNNAMED/[From [email protected]][Dat ... /[From "Fax from 703-465-8129, VERVE HLTH FITN" ... /[From <[email protected]>][Date 14 May 2008 09:31:26 -0700]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.pgz skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\Local Folders\Inbox/[From <[email protected]>][Date Tue, 6 Nov 2007 10:36:00 -0500]/text/[From "Charles Abod" <[email protected]>][Date Thu, 29 Nov 2007 09:41:20 -0500]/UNNAMED/[From "Charles Abod" <[email protected]>][Date Fri, 28 Dec 2007 15:38:12 -0500]/UNNAMED/[From "Rowena O'donnell" <[email protected]>][Date Mon, 31 Dec 2007 10:46:08 -0500]/UNNAMED/[From [email protected]][Dat ... /[From "Fax from 703-465-8129, VERVE HLTH FITN" <[email protected]>][Date Wed, 14 May 2008 09:29:12 -0700]/text Infected: Trojan-Downloader.Win32.Agent.pgz skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\Local Folders\Inbox/[From <[email protected]>][Date Tue, 6 Nov 2007 10:36:00 -0500]/text/[From "Charles Abod" <[email protected]>][Date Thu, 29 Nov 2007 09:41:20 -0500]/UNNAMED/[From "Charles Abod" <[email protected]>][Date Fri, 28 Dec 2007 15:38:12 -0500]/UNNAMED/[From "Rowena O'donnell" <[email protected]>][Date Mon, 31 Dec 2007 10:46:08 -0500]/UNNAMED/[From [email protected]][Date 1 Jan 2008 18:02:23 -0500]/html/[From "Charles Abod" <[email protected]>][Date Tue, 13 May 2008 23:04:15 -0400]/text Infected: Trojan-Downloader.Win32.Agent.pgz skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\Local Folders\Inbox/[From <[email protected]>][Date Tue, 6 Nov 2007 10:36:00 -0500]/text/[From "Charles Abod" <[email protected]>][Date Thu, 29 Nov 2007 09:41:20 -0500]/UNNAMED/[From "Charles Abod" <[email protected]>][Date Fri, 28 Dec 2007 15:38:12 -0500]/UNNAMED/[From "Rowena O'donnell" <[email protected]>][Date Mon, 31 Dec 2007 10:46:08 -0500]/UNNAMED/[From [email protected]][Date 1 Jan 2008 18:02:23 -0500]/html Infected: Trojan-Downloader.Win32.Agent.pgz skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\Local Folders\Inbox/[From <[email protected]>][Date Tue, 6 Nov 2007 10:36:00 -0500]/text/[From "Charles Abod" <[email protected]>][Date Thu, 29 Nov 2007 09:41:20 -0500]/UNNAMED/[From "Charles Abod" <[email protected]>][Date Fri, 28 Dec 2007 15:38:12 -0500]/UNNAMED/[From "Rowena O'donnell" <[email protected]>][Date Mon, 31 Dec 2007 10:46:08 -0500]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.pgz skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\Local Folders\Inbox/[From <[email protected]>][Date Tue, 6 Nov 2007 10:36:00 -0500]/text/[From "Charles Abod" <[email protected]>][Date Thu, 29 Nov 2007 09:41:20 -0500]/UNNAMED/[From "Charles Abod" <[email protected]>][Date Fri, 28 Dec 2007 15:38:12 -0500]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.pgz skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\Local Folders\Inbox/[From <[email protected]>][Date Tue, 6 Nov 2007 10:36:00 -0500]/text/[From "Charles Abod" <[email protected]>][Date Thu, 29 Nov 2007 09:41:20 -0500]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.pgz skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\Local Folders\Inbox/[From <[email protected]>][Date Tue, 6 Nov 2007 10:36:00 -0500]/text Infected: Trojan-Downloader.Win32.Agent.pgz skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\Local Folders\Inbox MailBerkeleymboxx: infected - 27 skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[From .. ... /[From Finest ... /[From "Volksbanken Raiffeisenbanken" <[email protected]>]/html Infected: Trojan-Spy.HTML.Bankfraud.od skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[From .. ... /[From Finest RX Pharmacy <efccac@careonecredit ... /[Date Wed, 20 Dec 2006 11:56:12 -0700]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.od skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[From .. ... /[From Finest RX Pharmacy <[email protected]>][Date Wed, 20 Dec 2006 17:22:56 +0000]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.od skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[From ... /[From "Wilbur Bruce" <[email protected]>][Date Wed, 20 Dec 2006 13:44:43 +0180]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.od skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[From "Kri . ... /[From Mortgage center <[email protected]>][Date Wed, 20 Dec 2006 11:32:02 -0060]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.od skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[From "Kri ... /[From "Louie Farley" <[email protected]>][Date Thu, 21 Dec 2006 06:55:00 +0600]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.od skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[From "Kri ... /[From ... /[From "Promo" <[email protected]>][Date Tue, 19 Dec 2006 22:37:12 -0800]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.od skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 .. ... /[From "Fifth Third Bank" <[email protected]>][Date Sun, 25 Feb 2007 06:29:34 +0600]/html Infected: Trojan-Spy.HTML.Bankfraud.qy skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 ... /[From "Fifth Third Bank" <[email protected]>][Date Sun, 25 Feb 2007 06:29:34 +0600]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.qy skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[F ... /[From "Emi . ... /[From "Volfbeyn" <[email protected]>][Date Sat, 24 Feb 2007 21:52:12 -0100]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.qy skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[F ... /[From "Emi ... /[From "Mae Trujillo" <[email protected]>][Date Sun, 25 Feb 2007 18:56:42 +0100]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.qy skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[F ... /[From "Emily Collins" <[email protected]>][Date Sat, 24 Feb 2007 17:22:25 -0060]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.qy skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[From "Kri ... /[ ... /[From John <[email protected]>][Date Sat, 24 Feb 2007 16:35:43 +0300]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.qy skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[From "Kri ... /[ ... /[From "Elliott Rubin" <[email protected]>][Date Sat, 24 Feb 2007 22:41:06 +0900]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.qy skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[From "Kri ... /[From "Rating Tuesday" <top ... /[From "Karla Cowan" <[email protected]>]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.qy skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[ ... /[F ... /[From ... /[From "BB&T" <support05781490ib@bbt ... /[From "BB&T" <[email protected]>]/html Infected: Trojan-Spy.HTML.Bankfraud.ra skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[ ... /[F ... /[From ... /[From "BB&T" <support05781490ib ... /[From "BB&T" <[email protected]>]/doge.gif Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[ ... /[F ... /[From ... /[From "BB&T" <[email protected]>][Date Tue, 27 Feb 2007 14:55:36 -0700]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 + ... /[From "Branch Banking and Trust" <r ... /[From "Branch Banking and Trust" <[email protected]>]/html Infected: Trojan-Spy.HTML.Bankfraud.ra skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 + ... /[From "Branch Banking and T ... /[From "Branch Banking and Trust" <[email protected]>]/baritone.gif Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 + ... /[From "Branch Banking and Trust" <[email protected]>][Date Tue, 27 Feb 2007 17:03:29 -0700]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[ ... /[F ... / ... /[From "Seleznova Olena" <[email protected]>][Date Tue, 27 Feb 2007 23:39:13 +0000]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[ ... /[F ... /[From "Berna ... /[From "Sears" <[email protected]>][Date Tue, 27 Feb 2007 17:18:57 -0000]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[ ... /[F ... /[From "Bernardo Thomsonyy" <[email protected]>][Date Tue, 27 Feb 2007 13:42:55 -0400]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[ ... /[From "Kat ... /[From "Matthew F. Webber" <[email protected]>][Date Tue, 27 Feb 2007 16:08:06 +0100]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[ ... /[From "Katheryn Charles" ... /[From Hammond <[email protected]>][Date Tue, 27 Feb 2007 11:38:52 +0100]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[ ... /[From "Katheryn Charles" <[email protected]>][Date Fri, 27 Feb 1987 18:26:39 +0800]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[From "Kri ... /[From "Ra ... /[From "Cleo Rhodes" <[email protected]>][Date Tue, 27 Feb 2007 11:18:14 +0100]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... / ... /[From "Elis ... /[From "BB&T" <clients-7379749716ib@ ... /[From "BB&T" <[email protected]>]/html Infected: Trojan-Spy.HTML.Bankfraud.ra skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... / ... /[From "Elis ... /[From "BB&T" <clients-73797497 ... /[From "BB&T" <[email protected]>]/boise.gif Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... / ... /[From "Elis ... /[From "BB&T" <[email protected]>][Date Mon, 05 Mar 2007 14:30:29 -0700]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... / ... /[From "Elishia Doepker" <[email protected]>][Date Mon, 5 Mar 2007 20:37:09 -0060]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[From "K ... /[From "Doloris ... /[From "threadDate" <[email protected]>][Date Mon, 5 Mar 2007 21:13:57 +0100]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[From "K ... /[From "Doloris Delong" <[email protected]>][Date Mon, 5 Mar 2007 15:31:12 +0300]/text Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[From "Kri ... /[From "Tran Linh" <[email protected]>][Date Mon, 05 Mar 2007 11:51:49 +0000]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[From "Kri ... /[F ... /[From "BB&T" <service-id8041209ib@b ... /[From "BB&T" <[email protected]>]/html Infected: Trojan-Spy.HTML.Bankfraud.ra skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[From "Kri ... /[F ... /[From "BB&T" <service-id8041 ... /[From "BB&T" <[email protected]>]/ariadne.gif Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[From "Kri ... /[F ... /[From "BB&T" <[email protected]>][Date Sat, 17 Mar 2007 21:19:59 -0600]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[From "Kri ... /[F ... ... /[From "slate" <[email protected]>][Date Sat, 17 Mar 2007 15:41:45 +0100]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[From "Kri ... /[F ... /[From "Krystyna" <[email protected]>][Date Sat, 17 Mar 2007 17:41:07 +0300]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 + .. ... /[From "Branch Banking and Trust" <[email protected]>][Date Wed, 21 Mar 2007 16:47:04 -0500]/html Infected: Trojan-Spy.HTML.Bankfraud.rw skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 + ... /[From "Branch Banking and Trust" <[email protected]>][Date Wed, 21 Mar 2007 16:47:04 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.rw skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[F ... ... /[From "Dmailmen attribute" <[email protected]>][Date Wed, 21 Mar 2007 15:03:30 +0100]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.rw skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[F ... / ... /[From "Dominique Lockhart" <[email protected]>][Date Wed, 21 Mar 2007 12:16:22 -0100]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.rw skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[F ... /[From "Wreconcile rejecter" <[email protected]>][Date Thu, 22 Mar 2007 06:52:51 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.rw skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[From "Kri ... /[From "stripper open" <[email protected]>][Date Wed, 21 Mar 2007 08:53:35 +0100]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.rw skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[From "Branch Banking and Trust" <r ... /[From "Branch Banking and Trust" <[email protected]>]/html Infected: Trojan-Spy.HTML.Bankfraud.ra skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[From "Branch Banking and Tr ... /[From "Branch Banking and Trust" <[email protected]>]/bingham.gif Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[From "Branch Banking and Trust" <[email protected]>][Date Fri, 23 Mar 2007 04:03:42 -0600]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[From ... /[Fro ... /[From "Pcaiman ... /[From "Branch Banking and Trust" <[email protected]>]/html Infected: Trojan-Spy.HTML.Bankfraud.ra skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[From ... /[Fro ... /[From ... /[From "Branch Banking and Trust" <[email protected]>]/clergymen.gif Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[From ... /[Fro ... /[From "Pcaiman cyprus" <pcaiman@dosinas ... /[Date Fri, 23 Mar 2007 20:38:14 - ... /UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[From ... /[Fro ... /[From "Pcaiman cyprus" <pcaiman@dosinas ... /[Date Fri, 23 Mar 2007 20:38:14 -0600]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[From ... /[Fro ... /[From "Pcaiman cyprus" <[email protected]>][Date Sat, 24 Mar 2007 07:12:33 +0800]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[From ... /[From "R ... /[From "Clea Duvall" <[email protected]>][Date Fri, 23 Mar 2007 17:38:39 +0100]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ri skipped
C:\Documents and Settings\Chris\Application Data\Thunderbird\Profiles\2tw05kf6.default\Mail\mail.giftchris-1.com\Junk/[From "tagged existing" <[email protected]>][Date Sun, 3 Dec 2006 08:23:07 +0800]/UNNAMED/[From "Keiper H. Cirillo" <[email protected]>][Date Sun, 03 Dec 2006 02:26:42 -0500]/UNNAMED/[From "mildrid pattie" <[email protected]>][Date Sun, 3 Dec 2006 05:49:22 -0600]/UNNAMED/[From Linwood Spicer <[email protected]>][Date Sun, 3 Dec 2006 13:41:43 +010 ... /[

[Kritayot]

 kasper.txt   339.31KB   139 downloads

[kahdah]

Hi please empty your inbox and your junk mail folders in thunderbird.
AFter that :

• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  C:\Documents and Settings\Chris\My Documents\My Download Files\rss17b.exe
  C:\Documents and Settings\Chris\Desktop\SmitfraudFix.exe 
  C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Desktop.htt

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=========================
PLease post the OTMove it log and a new Hijackthis log and let me know how it is running.

[Kritayot]

C:\Documents and Settings\Chris\My Documents\My Download Files\rss17b.exe moved successfully.
C:\Documents and Settings\Chris\Desktop\SmitfraudFix.exe moved successfully.
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Desktop.htt moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05272008_094303

kahdah,
The system is running much better now. No more Cyberlog-x and Win32@mx pop up.

[kahdah]

Great can you please post a new Hijackthis log please.

[Kritayot]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:55:07 PM, on 5/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\GlobeSoft\MultiNetwork Manager\NTx\GSBootTimeSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\ZyXEL\AG-225H\NICServ.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TSSchBkpService.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\GlobeSoft\MultiNetwork Manager\NTx\MNMCtrl.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Maxtor\Maxtor Quick Start\maxbackservice.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Maxtor\Maxtor Quick Start\msssort.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\SamsungODD\Magic Speed\MagicSL.exe
C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\palmOne\AlarmApp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\SiteDevelopers.Com\Dynamic DNS Client .NET Edition - Desktop\ClientGUI.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
C:\Program Files\ZyXEL\AG-225H\AG-225Hv2.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [MNM] "C:\Program Files\GlobeSoft\MultiNetwork Manager\NTx\MNMCtrl.exe" /h
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] "C:\Program Files\Logitech\Video\CameraAssistant.exe"
O4 - HKLM\..\Run: [LogitechVideo[inspector]] "C:\Program Files\Logitech\Video\InstallHelper.exe" /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] "C:\WINDOWS\system32\ElkCtrl.exe" /automation
O4 - HKLM\..\Run: [MaxBackSchedule] "C:\Program Files\Maxtor\Maxtor Quick Start\maxbackservice.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [mssSort] "C:\Program Files\Maxtor\Maxtor Quick Start\msssort.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [vptray] "C:\Program Files\NavNT\vptray.exe"
O4 - HKLM\..\Run: [SweetIM] "C:\Program Files\Macrogaming\SweetIM\SweetIM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [MagicSpeed] "C:\Program Files\SamsungODD\Magic Speed\MagicSL.exe" /autorun
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [IEUpdate] C:\WINDOWS\system32\AdobeFnt07i.exe
O4 - HKLM\..\RunServices: [IEUpdate] C:\WINDOWS\system32\AdobeFnt07i.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SweetIM] "C:\Program Files\Macrogaming\SweetIM\SweetIM.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Alarm Manager.LNK = C:\Program Files\palmOne\AlarmApp.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Dynamic DNS Client.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: QuickBooks Web Connector.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
O4 - Global Startup: ZyXEL AG-225H Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcente...trolLite_EN.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {240EEE8D-91DB-4D74-A87E-671026601333} (EOLUP.Version) - http://www.rightnetw...eb/eolupcli.cab
O16 - DPF: {2D360201-FFF5-11D1-8D03-00A0C959BC0A} (DHTML Edit Control Safe for Scripting for IE5) - http://unakrt-wm.unlb.org/DHTMLED.cab
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webi...6-6D5536C585C9}
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120072921953
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://www.rightnetw...rdp20050324.cab
O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} (QuickBooks Online Edition Utilities Class v8) - https://accounting.q....255/qboax8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 8.0\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - Winlogon Notify: mnm_7_bta - C:\Program Files\GlobeSoft\MultiNetwork Manager\NTx\MNMEventNotify.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GSBootTimeSrv - Globesoft® Corporation - C:\Program Files\GlobeSoft\MultiNetwork Manager\NTx\GSBootTimeSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NICSer_AG225H - Unknown owner - C:\Program Files\ZyXEL\AG-225H\NICServ.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TimeslipsBackup (TSScheduleBackup) - Unknown owner - C:\WINDOWS\system32\TSSchBkpService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 15716 bytes

[kahdah]

Please re-open Hijackthis and click on "Do a system scan only"
Then place a check mark next to these entries below:

O4 - HKLM\..\Run: [IEUpdate] C:\WINDOWS\system32\AdobeFnt07i.exe
O4 - HKLM\..\RunServices: [IEUpdate] C:\WINDOWS\system32\AdobeFnt07i.exe
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll
(file missing)

Now click on Fix Checked and then close Hijackthis.
====================================
After that please update your Java:
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Ugrading Java:

• Download the latest version of Java Runtime Environment (JRE) 6 update 6.
• Choose Free Java Download
• Close any programs you may have running and follow the prompts.

After that

• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.

=======================
Cleanup::

• Make sure you have an Internet Connection.
• Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Click on the CleanUp! button
• A list of tool components used in the Cleanup of malware will be downloaded.
• If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
• Click Yes to begin the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Delete\uninstall anything else that we have used.
==========================
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb/310405/en-us
================================
After that your log is clean.

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Ad-Aware-Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

IE-SPYAD- puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Tony Klein article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.

[Kritayot]

kahdah,
I would like to take the opportunity to thank you for all your help. You have been great with the instructions and know what you are doing. I do appreciate your time and timely responses even though on the weekend. I'm working on the computer too and I do it for living. This is my first time that I asked for help from the internet forum and I'm very impressed. I usually search and find the tools to remove all the spyware by myself but this time I cannot. I tried everything I can but it did not work until I found you. Is it possible that I can get the general instructions on how to remove or clean up all the spyware or pop ups or it has to be case by case? I have many people around here (where I live) asking me to help removing the spyware and pop ups. What I have been doing is to clean it with many downloaded software (randomly) without knowing what can clean what. Not like you, you guided me with the right software and step by step. I would love to be a part of your team (Geekstogo) and help people out if I have more time. I have 2 kids that keep me very busy all the time.

Again Thank you very much kahdah and keep up all the great works.

CP

[kahdah]

You are certainly welcome.
Each case is different.

You can certainly join our team.
You can sign up here > http://www.geekstogo...ware-t4817.html

Fill out the applicaition and they will send you an e-mail invite and then you can begin your training.

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.