Thank you in advance for any help.
Kellee
Edited by Kellee, 12 July 2008 - 05:30 PM.
Norton AV found "903872836.exe" [RESOLVED]
Started by
Kellee
, Jul 12 2008 05:27 PM
-
This topic is locked
#1
Posted 12 July 2008 - 05:27 PM
Kellee
-
- Member
-
- 24 posts
Member
Thank you in advance for any help.
Kellee
#2
Posted 12 July 2008 - 05:57 PM
Kellee
- Topic Starter
-
- Member
-
- 24 posts
Member
I saw this reply in another post so I downloaded DSS and copied & pasted the main.txt & extra.txt files here:
Deckard's System Scanner v20071014.68
Run by Kellee Albrecht on 2008-07-12 16:49:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
62: 2008-07-12 23:50:02 UTC - RP700 - Deckard's System Scanner Restore Point
61: 2008-07-12 16:57:34 UTC - RP699 - System Checkpoint
60: 2008-07-11 01:40:46 UTC - RP698 - System Checkpoint
59: 2008-07-10 00:11:30 UTC - RP697 - Software Distribution Service 3.0
58: 2008-07-09 14:34:56 UTC - RP696 - Software Distribution Service 3.0
-- First Restore Point --
1: 2008-04-15 03:57:32 UTC - RP639 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-12 16:52:07
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Documents and Settings\Kellee Albrecht\Desktop\dss.exe
C:\Program Files\Spyware Doctor\sdloader.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...l...&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co...l...&channel=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar5.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe -logon
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (file missing)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.demr.opt.fimserve.com (HKCU)
O15 - Trusted Zone: *.www.google.com (HKCU)
O15 - Trusted Zone: http://api.msappspace.com (HKCU)
O15 - Trusted Zone: *.myspace.com (HKCU)
O15 - Trusted Zone: http://secure.myspace.com (HKCU)
O15 - Trusted Zone: http://www.myspace.com (HKCU)
O15 - Trusted Zone: http://webmail.sti.net (HKCU)
O15 - Trusted Zone: *.www.sti.net (HKCU)
O15 - Trusted Zone: http://www.webkinz.com (HKCU)
O15 - Trusted Zone: http://www.yosemitearea.com (HKCU)
O15 - Trusted Zone: http://www.yosemiteforums.com (HKCU)
O15 - Trusted Zone: *.www.youtube.com (HKCU)
O15 - Trusted Zone: http://www.youtube.com (HKCU)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ntent/opuc3.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1152115822535
O16 - DPF: {85BA505F-FD01-4A91-836C-F7D502E89C9A} (Image Uploader Control) - http://www.evite.com...geUploader4.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.ma...t/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 14547 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
S2 qandr - c:\windows\system32\drivers\qandr.sys (file missing)
S3 tbhsd (Tunebite High-Speed Dubbing) - c:\windows\system32\drivers\tbhsd.sys <Not Verified; RapidSolution Software AG; Tunebite High-Speed Dubbing>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-07-12 13:37:09 432 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-07-11 21:12:13 484 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
2008-07-07 21:30:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-06-12 and 2008-07-12 -----------------------------
2008-07-12 15:18:19 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-12 15:17:59 0 d-------- C:\Program Files\Spyware Doctor
2008-07-12 15:17:59 0 d-------- C:\Documents and Settings\Kellee Albrecht\Application Data\PC Tools
2008-06-19 16:30:39 0 d-------- C:\Program Files\Pizza Chef
2008-06-18 15:59:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
2008-06-18 15:56:16 0 d-------- C:\Program Files\Go Go Gourmet
-- Find3M Report ---------------------------------------------------------------
2008-07-12 13:36:08 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-12 13:35:53 0 d-------- C:\Program Files\Common Files
2008-07-11 20:24:39 0 d-------- C:\Program Files\Hello Kitty Studio
2008-06-06 07:54:26 0 d-------- C:\Program Files\The Weather Channel FW
2008-05-29 17:48:56 0 d-------- C:\Program Files\HP
2008-05-27 20:46:39 0 d-------- C:\Documents and Settings\Kellee Albrecht\Application Data\SmartFTP
2008-05-27 20:46:23 0 d-------- C:\Program Files\SmartFTP Client
2008-05-27 20:46:08 0 d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-05-17 19:52:18 0 d-------- C:\Program Files\iTunes
2008-05-17 19:52:08 0 d-------- C:\Program Files\iPod
2008-05-17 19:50:42 0 d-------- C:\Program Files\QuickTime
2008-05-17 19:39:45 0 d-------- C:\Program Files\Apple Software Update
2008-05-16 19:14:25 0 d-------- C:\Documents and Settings\Kellee Albrecht\Application Data\LimeWire
2008-05-15 21:38:31 0 d-------- C:\Program Files\Sun
2008-05-15 21:38:19 0 d-------- C:\Program Files\Java
2008-05-15 21:34:24 0 d-------- C:\Program Files\Windows Live
2008-05-15 21:33:46 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}]
C:\Program Files\RXToolBar\sfcont.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 05:42 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [05/31/2005 07:05 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [12/09/2005 06:29 PM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/08/2005 03:20 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 02:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 02:50 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/16/2005 11:11 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/19/2002 10:22 PM]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [08/19/2002 10:23 PM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [10/14/2007 08:59 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/19/2007 09:16 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 AM]
"DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [06/10/2008 04:18 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [7/6/2006 7:29:00 AM]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [7/6/2006 7:20:31 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Reserved]
@="Driver Group"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminders Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminders Tray Icon.lnk
backup=C:\WINDOWS\pss\Event Planner Reminders Tray Icon.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kellee Albrecht^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Kellee Albrecht\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eac327ba-cf44-11dc-b57a-0013729ee92b}]
AutoRun\command- H:\setupSNK.exe
*Newly Created Service* - IKFILESEC
*Newly Created Service* - IKSYSFLT
*Newly Created Service* - IKSYSSEC
*Newly Created Service* - MCHINJDRV
*Newly Created Service* - SDAUXSERVICE
*Newly Created Service* - SDCORESERVICE
-- End of Deckard's System Scanner: finished at 2008-07-12 16:53:26 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 3.60GHz
CPU 1: Intel® Pentium® 4 CPU 3.60GHz
Percentage of Memory in Use: 25%
Physical Memory (total/avail): 3070.07 MiB / 2290.98 MiB
Pagefile Memory (total/avail): 4955.72 MiB / 4356.43 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1908.55 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 148.96 GiB total, 114.84 GiB free.
D: is CDROM (No Media)
E: is CDROM (CDFS)
F: is Fixed (FAT32) - 189.87 GiB total, 132.51 GiB free.
\\.\PHYSICALDRIVE0 - ST3160812AS - 149.01 GiB - 2 partitions
\PARTITION0 - Unknown - 54.88 MiB
\PARTITION1 (bootable) - Installable File System - 148.96 GiB - C:
\\.\PHYSICALDRIVE1 - Maxtor 6 L200P0 USB Device - 189.92 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 189.92 GiB - F:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AntiVirusDisableNotify is set.
AV: Norton AntiVirus v2003 (Symantec Corporation)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe:*:Enabled:Age of Empires 3"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"E:\\Setup.exe"="E:\\Setup.exe:*:Enabled:Setup"
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Kellee Albrecht\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ALBRECHT
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Kellee Albrecht
LOGONSERVER=\\ALBRECHT
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0403
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\KELLEE~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\KELLEE~1\LOCALS~1\Temp
USERDOMAIN=ALBRECHT
USERNAME=Kellee Albrecht
USERPROFILE=C:\Documents and Settings\Kellee Albrecht
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI
-- User Profiles ---------------------------------------------------------------
Kellee Albrecht (admin)
Administrator (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Illustrator 9.0.1 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Illustrator 9.0.1\Uninst.isu" -c"C:\Program Files\Adobe\Illustrator 9.0.1\Uninst.dll"
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Photoshop v4.0 --> C:\WINDOWS\uninst.exe -fC:\Adobe\Photoshop\DeIsL1.isu
Alice Greenfingers --> "C:\Program Files\Alice Greenfingers\ReflexiveArcade\unins000.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Boggle --> "C:\Program Files\Boggle\ReflexiveArcade\unins000.exe"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Broadcom Advanced Control Suite --> MsiExec.exe /I{058B32E2-6310-4359-B2D4-1988390C3B83}
Cake Mania 2 --> "C:\Program Files\Cake Mania 2\ReflexiveArcade\unins000.exe"
Chuzzle Deluxe --> "C:\Program Files\Chuzzle Deluxe\ReflexiveArcade\unins000.exe"
Ease Audio Converter 4.70 --> "C:\Program Files\easetech\EaseAudioConverter\unins000.exe"
Event Planner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B1182355-1464-4B43-8986-031A86808495}\Setup.exe"
GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Go Go Gourmet --> "C:\Program Files\Go Go Gourmet\ReflexiveArcade\unins000.exe"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar5.dll"
Hallmark Card Studio 2003 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Sierra\Hallmark Card Studio 2003\VuUninst.isu" -c"C:\Program Files\Sierra\Hallmark Card Studio 2003\Uninstpa.DLL"
Horsez --> C:\Program Files\UbiSoft\Lexis Numérique\Horsez\Desinst.exe
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
HP Extended Capabilities 4.7 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 4.7 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.7 --> "C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LimeWire 4.14.10 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Norton AntiVirus 2003 --> MsiExec.exe /I{47D5D869-FE57-4F2F-A358-83CFAA7B4968}
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
OpenOffice.org Installer 1.0 --> MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Palm --> MsiExec.exe /X{32EF6F81-583E-4127-918D-D3768A8957C4}
Photo Viewer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6B2ED65-7378-4065-802D-F2E5689F3A4E}\Setup.exe"
Pizza Chef --> "C:\Program Files\Pizza Chef\ReflexiveArcade\unins000.exe"
PowerDVD 5.7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Rhapsody --> C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sansa Media Converter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2A0F8F4-CE50-4857-A21C-3061682B2E87}\Setup.exe" -l0x9
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SmartFTP Client --> MsiExec.exe /I{6F23C1A3-9F62-470C-BD12-B83F04E67865}
SmartFTP Client 3.0 Setup Files (remove only) --> C:\Program Files\SmartFTP Client 3.0 Setup Files\uninst-sftp.exe
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
STK014_V2.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7C401C6-B490-4C92-9E6D-F6A862A27B65}\Setup.exe" -l0x9
The Weather Channel Desktop 6 --> C:\Program Files\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
The Weather Channel Toolbar --> C:\PROGRA~1\THEWEA~2\UNWISE.EXE C:\PROGRA~1\THEWEA~2\twcINSTALL.LOG
URL Assistant --> regsvr32 /u /s "c:\Program Files\BAE\BAE.dll"
Weather Services --> C:\WINDOWS\system32\control.exe C:\PROGRA~1\THEWEA~1\Framework\wxfw.cpl,4
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Rights Management Client Backwards Compatibility SP2 --> MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2 --> MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
-- Application Event Log -------------------------------------------------------
Event Record #/Type16666 / Success
Event Submitted/Written: 07/12/2008 01:36:46 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type16660 / Warning
Event Submitted/Written: 07/12/2008 01:27:19 PM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'
Event Record #/Type16659 / Warning
Event Submitted/Written: 07/12/2008 01:27:19 PM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.
Event Record #/Type16648 / Success
Event Submitted/Written: 07/12/2008 07:42:44 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type16644 / Warning
Event Submitted/Written: 07/12/2008 07:42:13 AM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type113404 / Error
Event Submitted/Written: 07/12/2008 01:27:19 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The qandr service failed to start due to the following error:
%%2
Event Record #/Type113261 / Error
Event Submitted/Written: 07/10/2008 08:25:40 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The qandr service failed to start due to the following error:
%%2
Event Record #/Type113259 / Error
Event Submitted/Written: 07/10/2008 08:25:38 AM
Event ID/Source: 19 / Print
Event Description:
Sharing printer failed + 1722, Printer Acrobat Distiller share name Printer4.
Event Record #/Type113100 / Error
Event Submitted/Written: 07/09/2008 05:07:33 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The qandr service failed to start due to the following error:
%%2
Event Record #/Type113002 / Error
Event Submitted/Written: 07/09/2008 08:17:44 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The qandr service failed to start due to the following error:
%%2
-- End of Deckard's System Scanner: finished at 2008-07-12 16:53:26 ------------
Deckard's System Scanner v20071014.68
Run by Kellee Albrecht on 2008-07-12 16:49:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
62: 2008-07-12 23:50:02 UTC - RP700 - Deckard's System Scanner Restore Point
61: 2008-07-12 16:57:34 UTC - RP699 - System Checkpoint
60: 2008-07-11 01:40:46 UTC - RP698 - System Checkpoint
59: 2008-07-10 00:11:30 UTC - RP697 - Software Distribution Service 3.0
58: 2008-07-09 14:34:56 UTC - RP696 - Software Distribution Service 3.0
-- First Restore Point --
1: 2008-04-15 03:57:32 UTC - RP639 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-12 16:52:07
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Documents and Settings\Kellee Albrecht\Desktop\dss.exe
C:\Program Files\Spyware Doctor\sdloader.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...l...&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co...l...&channel=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar5.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe -logon
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (file missing)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.demr.opt.fimserve.com (HKCU)
O15 - Trusted Zone: *.www.google.com (HKCU)
O15 - Trusted Zone: http://api.msappspace.com (HKCU)
O15 - Trusted Zone: *.myspace.com (HKCU)
O15 - Trusted Zone: http://secure.myspace.com (HKCU)
O15 - Trusted Zone: http://www.myspace.com (HKCU)
O15 - Trusted Zone: http://webmail.sti.net (HKCU)
O15 - Trusted Zone: *.www.sti.net (HKCU)
O15 - Trusted Zone: http://www.webkinz.com (HKCU)
O15 - Trusted Zone: http://www.yosemitearea.com (HKCU)
O15 - Trusted Zone: http://www.yosemiteforums.com (HKCU)
O15 - Trusted Zone: *.www.youtube.com (HKCU)
O15 - Trusted Zone: http://www.youtube.com (HKCU)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ntent/opuc3.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1152115822535
O16 - DPF: {85BA505F-FD01-4A91-836C-F7D502E89C9A} (Image Uploader Control) - http://www.evite.com...geUploader4.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.ma...t/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 14547 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
S2 qandr - c:\windows\system32\drivers\qandr.sys (file missing)
S3 tbhsd (Tunebite High-Speed Dubbing) - c:\windows\system32\drivers\tbhsd.sys <Not Verified; RapidSolution Software AG; Tunebite High-Speed Dubbing>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-07-12 13:37:09 432 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-07-11 21:12:13 484 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
2008-07-07 21:30:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-06-12 and 2008-07-12 -----------------------------
2008-07-12 15:18:19 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-12 15:17:59 0 d-------- C:\Program Files\Spyware Doctor
2008-07-12 15:17:59 0 d-------- C:\Documents and Settings\Kellee Albrecht\Application Data\PC Tools
2008-06-19 16:30:39 0 d-------- C:\Program Files\Pizza Chef
2008-06-18 15:59:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
2008-06-18 15:56:16 0 d-------- C:\Program Files\Go Go Gourmet
-- Find3M Report ---------------------------------------------------------------
2008-07-12 13:36:08 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-12 13:35:53 0 d-------- C:\Program Files\Common Files
2008-07-11 20:24:39 0 d-------- C:\Program Files\Hello Kitty Studio
2008-06-06 07:54:26 0 d-------- C:\Program Files\The Weather Channel FW
2008-05-29 17:48:56 0 d-------- C:\Program Files\HP
2008-05-27 20:46:39 0 d-------- C:\Documents and Settings\Kellee Albrecht\Application Data\SmartFTP
2008-05-27 20:46:23 0 d-------- C:\Program Files\SmartFTP Client
2008-05-27 20:46:08 0 d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-05-17 19:52:18 0 d-------- C:\Program Files\iTunes
2008-05-17 19:52:08 0 d-------- C:\Program Files\iPod
2008-05-17 19:50:42 0 d-------- C:\Program Files\QuickTime
2008-05-17 19:39:45 0 d-------- C:\Program Files\Apple Software Update
2008-05-16 19:14:25 0 d-------- C:\Documents and Settings\Kellee Albrecht\Application Data\LimeWire
2008-05-15 21:38:31 0 d-------- C:\Program Files\Sun
2008-05-15 21:38:19 0 d-------- C:\Program Files\Java
2008-05-15 21:34:24 0 d-------- C:\Program Files\Windows Live
2008-05-15 21:33:46 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}]
C:\Program Files\RXToolBar\sfcont.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 05:42 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [05/31/2005 07:05 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [12/09/2005 06:29 PM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/08/2005 03:20 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 02:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 02:50 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/16/2005 11:11 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/19/2002 10:22 PM]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [08/19/2002 10:23 PM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [10/14/2007 08:59 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/19/2007 09:16 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 AM]
"DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [06/10/2008 04:18 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [7/6/2006 7:29:00 AM]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [7/6/2006 7:20:31 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Reserved]
@="Driver Group"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminders Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminders Tray Icon.lnk
backup=C:\WINDOWS\pss\Event Planner Reminders Tray Icon.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kellee Albrecht^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Kellee Albrecht\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eac327ba-cf44-11dc-b57a-0013729ee92b}]
AutoRun\command- H:\setupSNK.exe
*Newly Created Service* - IKFILESEC
*Newly Created Service* - IKSYSFLT
*Newly Created Service* - IKSYSSEC
*Newly Created Service* - MCHINJDRV
*Newly Created Service* - SDAUXSERVICE
*Newly Created Service* - SDCORESERVICE
-- End of Deckard's System Scanner: finished at 2008-07-12 16:53:26 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 3.60GHz
CPU 1: Intel® Pentium® 4 CPU 3.60GHz
Percentage of Memory in Use: 25%
Physical Memory (total/avail): 3070.07 MiB / 2290.98 MiB
Pagefile Memory (total/avail): 4955.72 MiB / 4356.43 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1908.55 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 148.96 GiB total, 114.84 GiB free.
D: is CDROM (No Media)
E: is CDROM (CDFS)
F: is Fixed (FAT32) - 189.87 GiB total, 132.51 GiB free.
\\.\PHYSICALDRIVE0 - ST3160812AS - 149.01 GiB - 2 partitions
\PARTITION0 - Unknown - 54.88 MiB
\PARTITION1 (bootable) - Installable File System - 148.96 GiB - C:
\\.\PHYSICALDRIVE1 - Maxtor 6 L200P0 USB Device - 189.92 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 189.92 GiB - F:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AntiVirusDisableNotify is set.
AV: Norton AntiVirus v2003 (Symantec Corporation)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe:*:Enabled:Age of Empires 3"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"E:\\Setup.exe"="E:\\Setup.exe:*:Enabled:Setup"
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Kellee Albrecht\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ALBRECHT
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Kellee Albrecht
LOGONSERVER=\\ALBRECHT
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0403
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\KELLEE~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\KELLEE~1\LOCALS~1\Temp
USERDOMAIN=ALBRECHT
USERNAME=Kellee Albrecht
USERPROFILE=C:\Documents and Settings\Kellee Albrecht
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI
-- User Profiles ---------------------------------------------------------------
Kellee Albrecht (admin)
Administrator (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Illustrator 9.0.1 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Illustrator 9.0.1\Uninst.isu" -c"C:\Program Files\Adobe\Illustrator 9.0.1\Uninst.dll"
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Photoshop v4.0 --> C:\WINDOWS\uninst.exe -fC:\Adobe\Photoshop\DeIsL1.isu
Alice Greenfingers --> "C:\Program Files\Alice Greenfingers\ReflexiveArcade\unins000.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Boggle --> "C:\Program Files\Boggle\ReflexiveArcade\unins000.exe"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Broadcom Advanced Control Suite --> MsiExec.exe /I{058B32E2-6310-4359-B2D4-1988390C3B83}
Cake Mania 2 --> "C:\Program Files\Cake Mania 2\ReflexiveArcade\unins000.exe"
Chuzzle Deluxe --> "C:\Program Files\Chuzzle Deluxe\ReflexiveArcade\unins000.exe"
Ease Audio Converter 4.70 --> "C:\Program Files\easetech\EaseAudioConverter\unins000.exe"
Event Planner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B1182355-1464-4B43-8986-031A86808495}\Setup.exe"
GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Go Go Gourmet --> "C:\Program Files\Go Go Gourmet\ReflexiveArcade\unins000.exe"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar5.dll"
Hallmark Card Studio 2003 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Sierra\Hallmark Card Studio 2003\VuUninst.isu" -c"C:\Program Files\Sierra\Hallmark Card Studio 2003\Uninstpa.DLL"
Horsez --> C:\Program Files\UbiSoft\Lexis Numérique\Horsez\Desinst.exe
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
HP Extended Capabilities 4.7 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 4.7 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.7 --> "C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LimeWire 4.14.10 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Norton AntiVirus 2003 --> MsiExec.exe /I{47D5D869-FE57-4F2F-A358-83CFAA7B4968}
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
OpenOffice.org Installer 1.0 --> MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Palm --> MsiExec.exe /X{32EF6F81-583E-4127-918D-D3768A8957C4}
Photo Viewer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6B2ED65-7378-4065-802D-F2E5689F3A4E}\Setup.exe"
Pizza Chef --> "C:\Program Files\Pizza Chef\ReflexiveArcade\unins000.exe"
PowerDVD 5.7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Rhapsody --> C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sansa Media Converter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2A0F8F4-CE50-4857-A21C-3061682B2E87}\Setup.exe" -l0x9
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SmartFTP Client --> MsiExec.exe /I{6F23C1A3-9F62-470C-BD12-B83F04E67865}
SmartFTP Client 3.0 Setup Files (remove only) --> C:\Program Files\SmartFTP Client 3.0 Setup Files\uninst-sftp.exe
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
STK014_V2.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7C401C6-B490-4C92-9E6D-F6A862A27B65}\Setup.exe" -l0x9
The Weather Channel Desktop 6 --> C:\Program Files\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
The Weather Channel Toolbar --> C:\PROGRA~1\THEWEA~2\UNWISE.EXE C:\PROGRA~1\THEWEA~2\twcINSTALL.LOG
URL Assistant --> regsvr32 /u /s "c:\Program Files\BAE\BAE.dll"
Weather Services --> C:\WINDOWS\system32\control.exe C:\PROGRA~1\THEWEA~1\Framework\wxfw.cpl,4
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Rights Management Client Backwards Compatibility SP2 --> MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2 --> MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
-- Application Event Log -------------------------------------------------------
Event Record #/Type16666 / Success
Event Submitted/Written: 07/12/2008 01:36:46 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type16660 / Warning
Event Submitted/Written: 07/12/2008 01:27:19 PM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'
Event Record #/Type16659 / Warning
Event Submitted/Written: 07/12/2008 01:27:19 PM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.
Event Record #/Type16648 / Success
Event Submitted/Written: 07/12/2008 07:42:44 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type16644 / Warning
Event Submitted/Written: 07/12/2008 07:42:13 AM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type113404 / Error
Event Submitted/Written: 07/12/2008 01:27:19 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The qandr service failed to start due to the following error:
%%2
Event Record #/Type113261 / Error
Event Submitted/Written: 07/10/2008 08:25:40 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The qandr service failed to start due to the following error:
%%2
Event Record #/Type113259 / Error
Event Submitted/Written: 07/10/2008 08:25:38 AM
Event ID/Source: 19 / Print
Event Description:
Sharing printer failed + 1722, Printer Acrobat Distiller share name Printer4.
Event Record #/Type113100 / Error
Event Submitted/Written: 07/09/2008 05:07:33 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The qandr service failed to start due to the following error:
%%2
Event Record #/Type113002 / Error
Event Submitted/Written: 07/09/2008 08:17:44 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The qandr service failed to start due to the following error:
%%2
-- End of Deckard's System Scanner: finished at 2008-07-12 16:53:26 ------------
#3
Posted 12 July 2008 - 06:48 PM
andrewuk
-
- Malware Removal
-
- 5,297 posts
Trusted Helper
Hi Kellee
welcome to geekstogo
whilst i review your logs, could you look at the list below and tell me which of those sites, if any, should be in your trusted zones.
trusted zones contains Web sites that you trust as safe (such as Web sites that are on your organization's intranet or that come from established companies in whom you have confidence). When you add a Web site to the Trusted Sites zone, you believe that files you download or that you run from the Web site will not damage your computer or data. By default, there are no Web sites that are assigned to the Trusted Sites zone, and the security level is set to Low.
.....in other words, you are opening the door to them.
Trusted Zone: *.demr.opt.fimserve.com (HKCU)
Trusted Zone: *.www.google.com (HKCU)
Trusted Zone: http://api.msappspace.com (HKCU)
Trusted Zone: *.myspace.com (HKCU)
Trusted Zone: http://secure.myspace.com (HKCU)
Trusted Zone: http://www.myspace.com (HKCU)
Trusted Zone: http://webmail.sti.net (HKCU)
Trusted Zone: *.www.sti.net (HKCU)
Trusted Zone: http://www.webkinz.com (HKCU)
Trusted Zone: http://www.yosemitearea.com (HKCU)
Trusted Zone: http://www.yosemiteforums.com (HKCU)
Trusted Zone: *.www.youtube.com (HKCU)
Trusted Zone: http://www.youtube.com (HKCU)
andrewuk
welcome to geekstogo
whilst i review your logs, could you look at the list below and tell me which of those sites, if any, should be in your trusted zones.
trusted zones contains Web sites that you trust as safe (such as Web sites that are on your organization's intranet or that come from established companies in whom you have confidence). When you add a Web site to the Trusted Sites zone, you believe that files you download or that you run from the Web site will not damage your computer or data. By default, there are no Web sites that are assigned to the Trusted Sites zone, and the security level is set to Low.
.....in other words, you are opening the door to them.
Trusted Zone: *.demr.opt.fimserve.com (HKCU)
Trusted Zone: *.www.google.com (HKCU)
Trusted Zone: http://api.msappspace.com (HKCU)
Trusted Zone: *.myspace.com (HKCU)
Trusted Zone: http://secure.myspace.com (HKCU)
Trusted Zone: http://www.myspace.com (HKCU)
Trusted Zone: http://webmail.sti.net (HKCU)
Trusted Zone: *.www.sti.net (HKCU)
Trusted Zone: http://www.webkinz.com (HKCU)
Trusted Zone: http://www.yosemitearea.com (HKCU)
Trusted Zone: http://www.yosemiteforums.com (HKCU)
Trusted Zone: *.www.youtube.com (HKCU)
Trusted Zone: http://www.youtube.com (HKCU)
andrewuk
#4
Posted 12 July 2008 - 06:53 PM
Kellee
- Topic Starter
-
- Member
-
- 24 posts
Member
Hi Andrewuk,
Thank you for looking into this to me. I looked at the trusted sites and I have added those myself. The newer ones are from myspace because everytime I open my page, my computer keeps asking me if I trust the site. Since I had accessed the site so many times, I assume they are safe, I hope I didn't make a mistake. Other than those few, all of the rest are fine. Again, I added all of them in there myself.
Thank you for looking into this to me. I looked at the trusted sites and I have added those myself. The newer ones are from myspace because everytime I open my page, my computer keeps asking me if I trust the site. Since I had accessed the site so many times, I assume they are safe, I hope I didn't make a mistake. Other than those few, all of the rest are fine. Again, I added all of them in there myself.
#5
Posted 12 July 2008 - 07:19 PM
andrewuk
-
- Malware Removal
-
- 5,297 posts
Trusted Helper
Hi Kellee
in this post we will clear the malware i can see (which is not a lot, to be honest) and run a couple of scans to see what else is on your machine.
the scans will likely take 3 hours, quite possibly much longer. so just let them run.
====STEP 1====
Please download the OTMoveIt2 by OldTimer.
====STEP 2====
Download and scan with SUPERAntiSpyware Free for Home Users
====STEP 3====
Please do an online scan with Kaspersky WebScanner
Click on Accept
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
and could you re-run DSS again by double-clicking the DSS icon on your desktop. there will only be one report this time.
In your next reply could i see:
1. the OTMoveIT log
2. the SUPERantispyware log
3. the kaspersky scan log
4. the DSS log
The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.
andrewuk
thats ok, i was checking that you added them, and not malwareI looked at the trusted sites and I have added those myself
in this post we will clear the malware i can see (which is not a lot, to be honest) and run a couple of scans to see what else is on your machine.
the scans will likely take 3 hours, quite possibly much longer. so just let them run.
====STEP 1====
Please download the OTMoveIt2 by OldTimer.
- Save it to your desktop.
- Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
[kill explorer] C:\Program Files\RXToolBar\sfcont.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} HKEY_CLASSES_ROOT\CLSID\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2E5E800E-6AC0-411E-940A-369530A35E43} HKEY_CLASSES_ROOT\CLSID\{2E5E800E-6AC0-411E-940A-369530A35E43} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263} HKEY_CLASSES_ROOT\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eac327ba-cf44-11dc-b57a-0013729ee92b} qandr <delete service> EmptyTemp purity [start explorer] - Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
- Click the red Moveit! button.
- A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
- Close OTMoveIt2
====STEP 2====
Download and scan with SUPERAntiSpyware Free for Home Users
- Double-click SUPERAntiSpyware.exe and use the default settings for installation.
- An icon will be created on your desktop. Double-click that icon to launch the program.
- If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
- Under "Configuration and Preferences", click the Preferences button.
- Click the Scanning Control tab.
- Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
- Click the "Close" button to leave the control center screen.
- Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
- On the left, make sure you check C:\Fixed Drive.
- On the right, under "Complete Scan", choose Perform Complete Scan.
- Click "Next" to start the scan. Please be patient while it scans your computer.
- After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
- Make sure everything has a checkmark next to it and click "Next".
- A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
- If asked if you want to reboot, click "Yes".
- To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
- Click Close to exit the program.
====STEP 3====
Please do an online scan with Kaspersky WebScanner
Click on Accept
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Scan Options:
Scan Mail Bases - Click OK
- Now under select a target to scan:Select My Computer
- This will program will start and scan your system.
- The scan will take a while so be patient and let it run.
- Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
- Save the file to your desktop.
- Copy and paste that information in your next post.
and could you re-run DSS again by double-clicking the DSS icon on your desktop. there will only be one report this time.
In your next reply could i see:
1. the OTMoveIT log
2. the SUPERantispyware log
3. the kaspersky scan log
4. the DSS log
The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.
andrewuk
Edited by andrewuk, 12 July 2008 - 07:19 PM.
#6
Posted 12 July 2008 - 08:00 PM
Kellee
- Topic Starter
-
- Member
-
- 24 posts
Member
HERE'S STEP #1 ( I WILL DO ONE STEP PER POST AS I GET THEM)
File/Folder kill explorer] not found.
File/Folder C:\Program Files\RXToolBar\sfcont.dll not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}\\ deleted successfully.
< HKEY_CLASSES_ROOT\CLSID\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} >
Registry key HKEY_CLASSES_ROOT\CLSID\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}\\ deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2E5E800E-6AC0-411E-940A-369530A35E43} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2E5E800E-6AC0-411E-940A-369530A35E43}\\ deleted successfully.
< HKEY_CLASSES_ROOT\CLSID\{2E5E800E-6AC0-411E-940A-369530A35E43} >
Registry key HKEY_CLASSES_ROOT\CLSID\{2E5E800E-6AC0-411E-940A-369530A35E43}\\ deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\\ deleted successfully.
< HKEY_CLASSES_ROOT\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263} >
Registry key HKEY_CLASSES_ROOT\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\\ not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html\\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eac327ba-cf44-11dc-b57a-0013729ee92b} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eac327ba-cf44-11dc-b57a-0013729ee92b}\\ deleted successfully.
qandr service deleted successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\KELLEE~1\LOCALS~1\Temp\~DF538B.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07122008_184530
Files moved on Reboot...
File C:\DOCUME~1\KELLEE~1\LOCALS~1\Temp\~DF538B.tmp not found!
File/Folder kill explorer] not found.
File/Folder C:\Program Files\RXToolBar\sfcont.dll not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}\\ deleted successfully.
< HKEY_CLASSES_ROOT\CLSID\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} >
Registry key HKEY_CLASSES_ROOT\CLSID\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}\\ deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2E5E800E-6AC0-411E-940A-369530A35E43} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2E5E800E-6AC0-411E-940A-369530A35E43}\\ deleted successfully.
< HKEY_CLASSES_ROOT\CLSID\{2E5E800E-6AC0-411E-940A-369530A35E43} >
Registry key HKEY_CLASSES_ROOT\CLSID\{2E5E800E-6AC0-411E-940A-369530A35E43}\\ deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\\ deleted successfully.
< HKEY_CLASSES_ROOT\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263} >
Registry key HKEY_CLASSES_ROOT\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\\ not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html\\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eac327ba-cf44-11dc-b57a-0013729ee92b} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eac327ba-cf44-11dc-b57a-0013729ee92b}\\ deleted successfully.
qandr service deleted successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\KELLEE~1\LOCALS~1\Temp\~DF538B.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07122008_184530
Files moved on Reboot...
File C:\DOCUME~1\KELLEE~1\LOCALS~1\Temp\~DF538B.tmp not found!
#7
Posted 12 July 2008 - 09:16 PM
Kellee
- Topic Starter
-
- Member
-
- 24 posts
Member
HERE'S STEP #2
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/12/2008 at 07:56 PM
Application Version : 4.15.1000
Core Rules Database Version : 3503
Trace Rules Database Version: 1494
Scan type : Complete Scan
Total Scan Time : 00:50:36
Memory items scanned : 498
Memory threats detected : 0
Registry items scanned : 6098
Registry threats detected : 10
File items scanned : 80752
File threats detected : 4
Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}
HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}
HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}
HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\InprocServer32
HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\InprocServer32#ThreadingModel
HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\KeyPhrasesFileName
HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\ProgID
HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\VersionIndependentProgID
C:\PROGRAM FILES\RXTOOLBAR\SFCONT.DLL
Adware.Tracking Cookie
C:\Documents and Settings\Kellee Albrecht\Cookies\kellee_albrecht@specificclick[2].txt
C:\Documents and Settings\Kellee Albrecht\Cookies\[email protected][1].txt
C:\Documents and Settings\Kellee Albrecht\Cookies\kellee_albrecht@doubleclick[1].txt
Rootkit.Unclassified/SysDamp-Traces
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Reserved
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Reserved
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/12/2008 at 07:56 PM
Application Version : 4.15.1000
Core Rules Database Version : 3503
Trace Rules Database Version: 1494
Scan type : Complete Scan
Total Scan Time : 00:50:36
Memory items scanned : 498
Memory threats detected : 0
Registry items scanned : 6098
Registry threats detected : 10
File items scanned : 80752
File threats detected : 4
Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}
HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}
HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}
HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\InprocServer32
HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\InprocServer32#ThreadingModel
HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\KeyPhrasesFileName
HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\ProgID
HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\VersionIndependentProgID
C:\PROGRAM FILES\RXTOOLBAR\SFCONT.DLL
Adware.Tracking Cookie
C:\Documents and Settings\Kellee Albrecht\Cookies\kellee_albrecht@specificclick[2].txt
C:\Documents and Settings\Kellee Albrecht\Cookies\[email protected][1].txt
C:\Documents and Settings\Kellee Albrecht\Cookies\kellee_albrecht@doubleclick[1].txt
Rootkit.Unclassified/SysDamp-Traces
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Reserved
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Reserved
#8
Posted 13 July 2008 - 08:52 AM
Kellee
- Topic Starter
-
- Member
-
- 24 posts
Member
HERE IS STEP #3
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, July 13, 2008 7:49:38 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 13/07/2008
Kaspersky Anti-Virus database records: 947117
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
Scan Statistics:
Total number of scanned objects: 237081
Number of viruses found: 21
Number of infected objects: 1135
Number of suspicious objects: 539
Duration of the scan process: 02:49:30
Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F139AD188D782833B1/[From [email protected]][Date Mon, 16 May 2005 09:25:43 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F139AD188D782833B1/[From [email protected]][Date Mon, 16 May 2005 09:25:43 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F139AD188D782833B1/[From [email protected]][Date Mon, 16 May 2005 09:25:43 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F139AD188D782833B1 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F139AD188D782833B1 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F244D4906E0BD360EF/[From [email protected]][Date Mon, 16 May 2005 09:25:43 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F244D4906E0BD360EF/[From [email protected]][Date Mon, 16 May 2005 09:25:43 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F244D4906E0BD360EF/[From [email protected]][Date Mon, 16 May 2005 09:25:43 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F244D4906E0BD360EF Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F244D4906E0BD360EF CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F370EE5E206E4477A0/[From [email protected]][Date Mon, 16 May 2005 09:25:28 -0400]/msg11730.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F370EE5E206E4477A0 Mail: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F370EE5E206E4477A0 CryptFF: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F4746DE9C059651977/[From [email protected]][Date Sat, 21 May 2005 09:27:47 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F4746DE9C059651977/[From [email protected]][Date Sat, 21 May 2005 09:27:47 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F4746DE9C059651977/[From [email protected]][Date Sat, 21 May 2005 09:27:47 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F4746DE9C059651977 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F4746DE9C059651977 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F5451EB7B826DF20FC/[From [email protected]][Date Sat, 21 May 2005 09:27:47 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F5451EB7B826DF20FC/[From [email protected]][Date Sat, 21 May 2005 09:27:47 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F5451EB7B826DF20FC/[From [email protected]][Date Sat, 21 May 2005 09:27:47 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F5451EB7B826DF20FC Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F5451EB7B826DF20FC CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F62181148A89F6AB4D/[From [email protected]][Date Thu, 11 Aug 2005 09:38:28 -0400]/mail15274.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F62181148A89F6AB4D Mail: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F62181148A89F6AB4D CryptFF: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F7A15A2C9B916BC1FC/[From [email protected]][Date Thu, 11 Aug 2005 09:38:22 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F7A15A2C9B916BC1FC/[From [email protected]][Date Thu, 11 Aug 2005 09:38:22 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F7A15A2C9B916BC1FC/[From [email protected]][Date Thu, 11 Aug 2005 09:38:22 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F7A15A2C9B916BC1FC Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F7A15A2C9B916BC1FC CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F864FBD0B78EAAAED2/[From [email protected]][Date Thu, 11 Aug 2005 09:38:22 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F864FBD0B78EAAAED2/[From [email protected]][Date Thu, 11 Aug 2005 09:38:22 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F864FBD0B78EAAAED2/[From [email protected]][Date Thu, 11 Aug 2005 09:38:22 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F864FBD0B78EAAAED2 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F864FBD0B78EAAAED2 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F93BBECE65546A9529/[From [email protected]][Date Mon, 18 Apr 2005 09:11:12 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F93BBECE65546A9529/[From [email protected]][Date Mon, 18 Apr 2005 09:11:12 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F93BBECE65546A9529/[From [email protected]][Date Mon, 18 Apr 2005 09:11:12 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F93BBECE65546A9529 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F93BBECE65546A9529 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FAD7A9CD891BA30637/[From [email protected]][Date Mon, 18 Apr 2005 09:11:12 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FAD7A9CD891BA30637/[From [email protected]][Date Mon, 18 Apr 2005 09:11:12 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FAD7A9CD891BA30637/[From [email protected]][Date Mon, 18 Apr 2005 09:11:12 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FAD7A9CD891BA30637 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FAD7A9CD891BA30637 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FB4BC413184932D41F/[From [email protected]][Date Tue, 12 Jul 2005 09:41:46 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FB4BC413184932D41F/[From [email protected]][Date Tue, 12 Jul 2005 09:41:46 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FB4BC413184932D41F/[From [email protected]][Date Tue, 12 Jul 2005 09:41:46 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FB4BC413184932D41F Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FB4BC413184932D41F CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FC53596872243502A2/[From [email protected]][Date Tue, 12 Jul 2005 09:41:46 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FC53596872243502A2/[From [email protected]][Date Tue, 12 Jul 2005 09:41:46 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FC53596872243502A2/[From [email protected]][Date Tue, 12 Jul 2005 09:41:46 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FC53596872243502A2 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FC53596872243502A2 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FDCD821C50B7B66B63/[From [email protected]][Date Sat, 11 Jun 2005 09:33:26 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FDCD821C50B7B66B63/[From [email protected]][Date Sat, 11 Jun 2005 09:33:26 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FDCD821C50B7B66B63/[From [email protected]][Date Sat, 11 Jun 2005 09:33:26 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FDCD821C50B7B66B63 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FDCD821C50B7B66B63 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FE41A6B4A423154E05/[From [email protected]][Date Sat, 11 Jun 2005 09:33:26 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FE41A6B4A423154E05/[From [email protected]][Date Sat, 11 Jun 2005 09:33:26 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FE41A6B4A423154E05/[From [email protected]][Date Sat, 11 Jun 2005 09:33:26 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FE41A6B4A423154E05 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FE41A6B4A423154E05 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FFA53CE2029C6733DE/[From [email protected]][Date Fri, 15 Apr 2005 16:22:56 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FFA53CE2029C6733DE/[From [email protected]][Date Fri, 15 Apr 2005 16:22:56 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FFA53CE2029C6733DE/[From [email protected]][Date Fri, 15 Apr 2005 16:22:56 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FFA53CE2029C6733DE Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FFA53CE2029C6733DE CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000400AAE6622016B1A621/[From [email protected]][Date Fri, 15 Apr 2005 16:22:56 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000400AAE6622016B1A621/[From [email protected]][Date Fri, 15 Apr 2005 16:22:56 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000400AAE6622016B1A621/[From [email protected]][Date Fri, 15 Apr 2005 16:22:56 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000400AAE6622016B1A621 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000400AAE6622016B1A621 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000401A7F1A19BFDA2621B/[From [email protected]][Date Fri, 15 Apr 2005 16:16:13 -0400]/data8406.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000401A7F1A19BFDA2621B Mail: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000401A7F1A19BFDA2621B CryptFF: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040284D59AE0D6961100/[From [email protected]][Date Wed, 13 Apr 2005 09:14:54 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040284D59AE0D6961100/[From [email protected]][Date Wed, 13 Apr 2005 09:14:54 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040284D59AE0D6961100/[From [email protected]][Date Wed, 13 Apr 2005 09:14:54 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040284D59AE0D6961100 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040284D59AE0D6961100 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000403B9485145A77107A5/[From [email protected]][Date Wed, 13 Apr 2005 09:14:54 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000403B9485145A77107A5/[From [email protected]][Date Wed, 13 Apr 2005 09:14:54 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000403B9485145A77107A5/[From [email protected]][Date Wed, 13 Apr 2005 09:14:54 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000403B9485145A77107A5 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000403B9485145A77107A5 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000404D5D0183802FD9086/[From [email protected]][Date Wed, 13 Apr 2005 09:14:27 -0400]/data32026.zip Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000404D5D0183802FD9086 Mail: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000404D5D0183802FD9086 CryptFF: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040539AF96F52E9E61B4/[From [email protected]][Date Wed, 11 May 2005 09:18:06 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040539AF96F52E9E61B4/[From [email protected]][Date Wed, 11 May 2005 09:18:06 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040539AF96F52E9E61B4/[From [email protected]][Date Wed, 11 May 2005 09:18:06 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040539AF96F52E9E61B4 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040539AF96F52E9E61B4 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040664356D508345971D/[From [email protected]][Date Wed, 11 May 2005 09:18:06 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040664356D508345971D/[From [email protected]][Date Wed, 11 May 2005 09:18:06 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040664356D508345971D/[From [email protected]][Date Wed, 11 May 2005 09:18:06 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040664356D508345971D Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040664356D508345971D CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000407A06205EB1685201E/[From [email protected]][Date Tue, 16 Aug 2005 09:48:47 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000407A06205EB1685201E/[From [email protected]][Date Tue, 16 Aug 2005 09:48:47 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000407A06205EB1685201E/[From [email protected]][Date Tue, 16 Aug 2005 09:48:47 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000407A06205EB1685201E Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000407A06205EB1685201E CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000408CC59F78D9C654FAD/[From [email protected]][Date Tue, 16 Aug 2005 09:48:47 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000408CC59F78D9C654FAD/[From [email protected]][Date Tue, 16 Aug 2005 09:48:47 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000408CC59F78D9C654FAD/[From [email protected]][Date Tue, 16 Aug 2005 09:48:47 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000408CC59F78D9C654FAD Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000408CC59F78D9C654FAD CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004096B0A23DE2733E526/[From [email protected]][Date Tue, 2 Aug 2005 18:54:55 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004096B0A23DE2733E526/[From [email protected]][Date Tue, 2 Aug 2005 18:54:55 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004096B0A23DE2733E526/[From [email protected]][Date Tue, 2 Aug 2005 18:54:55 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004096B0A23DE2733E526 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004096B0A23DE2733E526 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040A9BE5DE91A9423905/[From [email protected]][Date Tue, 2 Aug 2005 18:54:55 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040A9BE5DE91A9423905/[From [email protected]][Date Tue, 2 Aug 2005 18:54:55 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040A9BE5DE91A9423905/[From [email protected]][Date Tue, 2 Aug 2005 18:54:55 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040A9BE5DE91A9423905 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040A9BE5DE91A9423905 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040BB48F6324147216B0/[From [email protected]][Date Thu, 7 Jul 2005 09:45:20 -0400]/data32163.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040BB48F6324147216B0 Mail: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040BB48F6324147216B0 CryptFF: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040C7ABB7C24683EF2AE/[From [email protected]][Date Thu, 7 Jul 2005 09:41:19 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040C7ABB7C24683EF2AE/[From [email protected]][Date Thu, 7 Jul 2005 09:41:19 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040C7ABB7C24683EF2AE/[From [email protected]][Date Thu, 7 Jul 2005 09:41:19 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040C7ABB7C24683EF2AE Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040C7ABB7C24683EF2AE CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040D6EF04636DEB266DD/[From [email protected]][Date Thu, 7 Jul 2005 09:41:19 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040D6EF04636DEB266DD/[From [email protected]][Date Thu, 7 Jul 2005 09:41:19 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040D6EF04636DEB266DD/[From [email protected]][Date Thu, 7 Jul 2005 09:41:19 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040D6EF04636DEB266DD Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040D6EF04636DEB266DD CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040EE9D32E0A0C6C77B3/[From [email protected]][Date Tue, 9 Aug 2005 09:13:48 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040EE9D32E0A0C6C77B3/[From [email protected]][Date Tue, 9 Aug 2005 09:13:48 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040EE9D32E0A0C6C77B3/[From [email protected]][Date Tue, 9 Aug 2005 09:13:48 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040EE9D32E0A0C6C77B3 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040EE9D32E0A0C6C77B3 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040F351248EF9CF5DFF1/[From [email protected]][Date Tue, 9 Aug 2005 09:13:48 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040F351248EF9CF5DFF1/[From [email protected]][Date Tue, 9 Aug 2005 09:13:48 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040F351248EF9CF5DFF1/[From [email protected]][Date Tue, 9 Aug 2005 09:13:48 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040F351248EF9CF5DFF1 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040F351248EF9CF5DFF1 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041028B94978F43B228D/[From [email protected]][Date Tue, 9 Aug 2005 09:13:11 -0400]/msg27598.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041028B94978F43B228D Mail: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041028B94978F43B228D CryptFF: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004118C4E94271577C11C/[From [email protected]][Date Tue, 24 May 2005 09:30:56 -0400]/data24475.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004118C4E94271577C11C Mail: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004118C4E94271577C11C CryptFF: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000412F929647B5DE5F711/[From [email protected]][Date Tue, 24 May 2005 09:30:30 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000412F929647B5DE5F711/[From [email protected]][Date Tue, 24 May 2005 09:30:30 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000412F929647B5DE5F711/[From [email protected]][Date Tue, 24 May 2005 09:30:30 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000412F929647B5DE5F711 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000412F929647B5DE5F711 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004132DD06C13885A50B5/[From [email protected]][Date Tue, 24 May 2005 09:30:30 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004132DD06C13885A50B5/[From [email protected]][Date Tue, 24 May 2005 09:30:30 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004132DD06C13885A50B5/[From [email protected]][Date Tue, 24 May 2005 09:30:30 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004132DD06C13885A50B5 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004132DD06C13885A50B5 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000414EE8EB830D3398EB5/[From [email protected]][Date Sat, 27 Aug 2005 09:57:17 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000414EE8EB830D3398EB5/[From [email protected]][Date Sat, 27 Aug 2005 09:57:17 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000414EE8EB830D3398EB5/[From [email protected]][Date Sat, 27 Aug 2005 09:57:17 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000414EE8EB830D3398EB5 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000414EE8EB830D3398EB5 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041523D23B3D85A18740/[From [email protected]][Date Sat, 27 Aug 2005 09:57:17 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041523D23B3D85A18740/[From [email protected]][Date Sat, 27 Aug 2005 09:57:17 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041523D23B3D85A18740/[From [email protected]][Date Sat, 27 Aug 2005 09:57:17 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041523D23B3D85A18740 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041523D23B3D85A18740 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000416979C42102C82EF17/[From [email protected]][Date Sat, 7 May 2005 09:21:04 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000416979C42102C82EF17/[From [email protected]][Date Sat, 7 May 2005 09:21:04 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000416979C42102C82EF17/[From [email protected]][Date Sat, 7 May 2005 09:21:04 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000416979C42102C82EF17 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000416979C42102C82EF17 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041779F14F6F527CC475/[From [email protected]][Date Sat, 7 May 2005 09:21:04 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041779F14F6F527CC475/[From [email protected]][Date Sat, 7 May 2005 09:21:04 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041779F14F6F527CC475/[From [email protected]][Date Sat, 7 May 2005 09:21:04 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041779F14F6F527CC475 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041779F14F6F527CC475 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000418DE54B5A64343D921/[From [email protected]][Date Sat, 7 May 2005 09:19:52 -0400]/data1372.zip Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000418DE54B5A64343D921 Mail: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000418DE54B5A64343D921 CryptFF: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000419E58DD744F11A1A59/[From [email protected]][Date Wed, 22 Jun 2005 09:31:48 -0400]/message17938.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000419E58DD744F11A1A59 Mail: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000419E58DD744F11A1A59 CryptFF: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041ACD096E19F3EC4271/[From [email protected]][Date Wed, 22 Jun 2005 09:31:37 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041ACD096E19F3EC4271/[From [email protected]][Date Wed, 22 Jun 2005 09:31:37 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041ACD096E19F3EC4271/[From [email protected]][Date Wed, 22 Jun 2005 09:31:37 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041ACD096E19F3EC4271 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041ACD096E19F3EC4271 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041B7FFF64C474E392AE/[From [email protected]][Date Wed, 22 Jun 2005 09:31:37 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041B7FFF64C474E392AE/[From [email protected]][Date Wed, 22 Jun 2005 09:31:37 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041B7FFF64C474E392AE/[From [email protected]][Date Wed, 22 Jun 2005 09:31:37 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041B7FFF64C474E392AE Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041B7FFF64C474E392AE CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041C1454AB139ABF96CB/[From [email protected]][Date Sun, 5 Jun 2005 15:04:53 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041C1454AB139ABF96CB/[From [email protected]][Date Sun, 5 Jun 2005 15:04:53 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041C1454AB139ABF96CB/[From [email protected]][Date Sun, 5 Jun 2005 15:04:53 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041C1454AB139ABF96CB Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041C1454AB139ABF96CB CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041D527FD46EBC78A142/[From [email protected]][Date Sun, 5 Jun 2005 15:04:53 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041D527FD46EBC78A142/[From [email protected]][Date Sun, 5 Jun 2005 15:04:53 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041D527FD46EBC78A142/[From [email protected]][Date Sun, 5 Jun 2005 15:04:53 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041D527FD46EBC78A142 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041D527FD46EBC78A142 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041E6C348D31BF5F7F27/[From [email protected]][Date Sun, 5 Jun 2005 15:04:43 -0400]/message13723.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041E6C348D31BF5F7F27 Mail: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041E6C348D31BF5F7F27 CryptFF: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041FDF17D96117DAEC4C/[From [email protected]][Date Tue, 26 Apr 2005 09:19:03 -0400]/message7187.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041FDF17D96117DAEC4C Mail: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041FDF17D96117DAEC4C CryptFF: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000420814F54DC18844855/[From [email protected]][Date Tue, 26 Apr 2005 09:19:01 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000420814F54DC18844855/[From [email protected]][Date Tue, 26 Apr 2005 09:19:01 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000420814F54DC18844855/[From [email protected]][Date Tue, 26 Apr 2005 09:19:01 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000420814F54DC18844855 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000420814F54DC18844855 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000421C73D79F6E72F4003/[From [email protected]][Date Tue, 26 Apr 2005 09:19:01 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000421C73D79F6E72F4003/[From [email protected]][Date Tue, 26 Apr 2005 09:19:01 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000421C73D79F6E72F4003/[From [email protected]][Date Tue, 26 Apr 2005 09:19:01 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000421C73D79F6E72F4003 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000421C73D79F6E72F4003 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000422D7ADC20A2093258F/[From [email protected]][Date Thu, 5 May 2005 09:25:42 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000422D7ADC20A2093258F/[From [email protected]][Date Thu, 5 May 2005 09:25:42 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000422D7ADC20A2093258F/[From [email protected]][Date Thu, 5 May 2005 09:25:42 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000422D7ADC20A2093258F Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000422D7ADC20A2093258F CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000423FB0AA73AC3730929/[From [email protected]][Date Thu, 5 May 2005 09:25:42 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000423FB0AA73AC3730929/[From [email protected]][Date Thu, 5 May 2005 09:25:42 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000423FB0AA73AC3730929/[From [email protected]][Date Thu, 5 May 2005 09:25:42 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000423FB0AA73AC3730929 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000423FB0AA73AC3730929 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042497807283351DAA73/[From [email protected]][Date Thu, 19 May 2005 09:20:44 -0400]/message31207.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042497807283351DAA73 Mail: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042497807283351DAA73 CryptFF: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004255A5E92F9C6AA4BAB/[From [email protected]][Date Thu, 19 May 2005 09:18:18 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004255A5E92F9C6AA4BAB/[From [email protected]][Date Thu, 19 May 2005 09:18:18 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004255A5E92F9C6AA4BAB/[From [email protected]][Date Thu, 19 May 2005 09:18:18 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004255A5E92F9C6AA4BAB Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004255A5E92F9C6AA4BAB CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004260C41D345CA4A84ED/[From [email protected]][Date Thu, 19 May 2005 09:18:18 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004260C41D345CA4A84ED/[From [email protected]][Date Thu, 19 May 2005 09:18:18 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004260C41D345CA4A84ED/[From [email protected]][Date Thu, 19 May 2005 09:18:18 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004260C41D345CA4A84ED Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004260C41D345CA4A84ED CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000427A070CA1C20DF7FD5/[From [email protected]][Date Thu, 25 Aug 2005 09:56:43 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000427A070CA1C20DF7FD5/[From [email protected]][Date Thu, 25 Aug 2005 09:56:43 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000427A070CA1C20DF7FD5/[From [email protected]][Date Thu, 25 Aug 2005 09:56:43 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000427A070CA1C20DF7FD5 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000427A070CA1C20DF7FD5 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000428E4CF761BE6FDD029/[From [email protected]][Date Thu, 25 Aug 2005 09:56:43 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000428E4CF761BE6FDD029/[From [email protected]][Date Thu, 25 Aug 2005 09:56:43 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000428E4CF761BE6FDD029/[From [email protected]][Date Thu, 25 Aug 2005 09:56:43 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000428E4CF761BE6FDD029 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000428E4CF761BE6FDD029 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042959E43FAE8A571CEB/[From [email protected]][Date Thu, 25 Aug 2005 09:53:19 -0400]/data16461.zip Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042959E43FAE8A571CEB Mail: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042959E43FAE8A571CEB CryptFF: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042A86081EE889BD983D/[From [email protected]][Date Fri, 22 Jul 2005 09:51:08 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042A86081EE889BD983D/[From [email protected]][Date Fri, 22 Jul 2005 09:51:08 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042A86081EE889BD983D/[From [email protected]][Date Fri, 22 Jul 2005 09:51:08 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042A86081EE889BD983D Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042A86081EE889BD983D CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042B377771EC7B8C5D9B/[From [email protected]][Date Fri, 22 Jul 2005 09:51:08 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042B377771EC7B8C5D9B/[From [email protected]][Date Fri, 22 Jul 2005 09:51:08 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042B377771EC7B8C5D9B/[From [email protected]][Date Fri, 22 Jul 2005 09:51:08 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042B377771EC7B8C5D9B Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042B377771EC7B8C5D9B CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042CEDFA39B77238F4B0/[From [email protected]][Date Fri, 22 Jul 2005 09:49:14 -0400]/mail25389.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042CEDFA39B77238F4B0 Mail: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042CEDFA39B77238F4B0 CryptFF: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042D8143751268B6194F/[From [email protected]][Date Fri, 15 Jul 2005 09:38:24 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042D8143751268B6194F/[From [email protected]][Date Fri, 15 Jul 2005 09:38:24 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042D8143751268B6194F/[From [email protected]][Date Fri, 15 Jul 2005 09:38:24 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042D8143751268B6194F Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042D8143751268B6194F CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042E393FEB46C4451563/[From [email protected]][Date Fri, 15 Jul 2005 09:38:24 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042E393FEB46C4451563/[From [email protected]][Date Fri, 15 Jul 2005 09:38:24 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042E393FEB46C4451563/[From [email protected]][Date Fri, 15 Jul 2005 09:38:24 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042E393FEB46C4451563 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042E393FEB46C4451563 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042F368DB57988D1E7ED/[From [email protected]][Date Mon, 6 Jun 2005 09:49:47 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042F368DB57988D1E7ED/[From [email protected]][Date Mon, 6 Jun 2005 09:49:47 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042F368DB57988D1E7ED/[From [email protected]][Date Mon, 6 Jun 2005 09:49:47 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042F368DB57988D1E7ED Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042F368DB57988D1E7ED CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004301E4040B87A7BE175/[From [email protected]][Date Mon, 6 Jun 2005 09:49:47 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004301E4040B87A7BE175/[From [email protected]][Date Mon, 6 Jun 2005 09:49:47 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004301E4040B87A7BE175/[From [email protected]][Date Mon, 6 Jun 2005 09:49:47 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004301E4040B87A7BE175 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004301E4040B87A7BE175 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004316DDD688FF0A3E3DC/[From [email protected]][Date Tue, 23 Aug 2005 10:07:29 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004316DDD688FF0A3E3DC/[From [email protected]][Date Tue, 23 Aug 2005 10:07:29 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004316DDD688FF0A3E3DC/[From [email protected]][Date Tue, 23 Aug 2005 10:07:29 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, July 13, 2008 7:49:38 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 13/07/2008
Kaspersky Anti-Virus database records: 947117
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
Scan Statistics:
Total number of scanned objects: 237081
Number of viruses found: 21
Number of infected objects: 1135
Number of suspicious objects: 539
Duration of the scan process: 02:49:30
Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F139AD188D782833B1/[From [email protected]][Date Mon, 16 May 2005 09:25:43 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F139AD188D782833B1/[From [email protected]][Date Mon, 16 May 2005 09:25:43 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F139AD188D782833B1/[From [email protected]][Date Mon, 16 May 2005 09:25:43 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F139AD188D782833B1 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F139AD188D782833B1 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F244D4906E0BD360EF/[From [email protected]][Date Mon, 16 May 2005 09:25:43 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F244D4906E0BD360EF/[From [email protected]][Date Mon, 16 May 2005 09:25:43 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F244D4906E0BD360EF/[From [email protected]][Date Mon, 16 May 2005 09:25:43 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F244D4906E0BD360EF Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F244D4906E0BD360EF CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F370EE5E206E4477A0/[From [email protected]][Date Mon, 16 May 2005 09:25:28 -0400]/msg11730.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F370EE5E206E4477A0 Mail: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F370EE5E206E4477A0 CryptFF: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F4746DE9C059651977/[From [email protected]][Date Sat, 21 May 2005 09:27:47 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F4746DE9C059651977/[From [email protected]][Date Sat, 21 May 2005 09:27:47 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F4746DE9C059651977/[From [email protected]][Date Sat, 21 May 2005 09:27:47 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F4746DE9C059651977 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F4746DE9C059651977 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F5451EB7B826DF20FC/[From [email protected]][Date Sat, 21 May 2005 09:27:47 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F5451EB7B826DF20FC/[From [email protected]][Date Sat, 21 May 2005 09:27:47 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F5451EB7B826DF20FC/[From [email protected]][Date Sat, 21 May 2005 09:27:47 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F5451EB7B826DF20FC Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F5451EB7B826DF20FC CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F62181148A89F6AB4D/[From [email protected]][Date Thu, 11 Aug 2005 09:38:28 -0400]/mail15274.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F62181148A89F6AB4D Mail: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F62181148A89F6AB4D CryptFF: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F7A15A2C9B916BC1FC/[From [email protected]][Date Thu, 11 Aug 2005 09:38:22 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F7A15A2C9B916BC1FC/[From [email protected]][Date Thu, 11 Aug 2005 09:38:22 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F7A15A2C9B916BC1FC/[From [email protected]][Date Thu, 11 Aug 2005 09:38:22 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F7A15A2C9B916BC1FC Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F7A15A2C9B916BC1FC CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F864FBD0B78EAAAED2/[From [email protected]][Date Thu, 11 Aug 2005 09:38:22 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F864FBD0B78EAAAED2/[From [email protected]][Date Thu, 11 Aug 2005 09:38:22 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F864FBD0B78EAAAED2/[From [email protected]][Date Thu, 11 Aug 2005 09:38:22 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F864FBD0B78EAAAED2 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F864FBD0B78EAAAED2 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F93BBECE65546A9529/[From [email protected]][Date Mon, 18 Apr 2005 09:11:12 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F93BBECE65546A9529/[From [email protected]][Date Mon, 18 Apr 2005 09:11:12 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F93BBECE65546A9529/[From [email protected]][Date Mon, 18 Apr 2005 09:11:12 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F93BBECE65546A9529 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003F93BBECE65546A9529 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FAD7A9CD891BA30637/[From [email protected]][Date Mon, 18 Apr 2005 09:11:12 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FAD7A9CD891BA30637/[From [email protected]][Date Mon, 18 Apr 2005 09:11:12 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FAD7A9CD891BA30637/[From [email protected]][Date Mon, 18 Apr 2005 09:11:12 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FAD7A9CD891BA30637 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FAD7A9CD891BA30637 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FB4BC413184932D41F/[From [email protected]][Date Tue, 12 Jul 2005 09:41:46 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FB4BC413184932D41F/[From [email protected]][Date Tue, 12 Jul 2005 09:41:46 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FB4BC413184932D41F/[From [email protected]][Date Tue, 12 Jul 2005 09:41:46 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FB4BC413184932D41F Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FB4BC413184932D41F CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FC53596872243502A2/[From [email protected]][Date Tue, 12 Jul 2005 09:41:46 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FC53596872243502A2/[From [email protected]][Date Tue, 12 Jul 2005 09:41:46 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FC53596872243502A2/[From [email protected]][Date Tue, 12 Jul 2005 09:41:46 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FC53596872243502A2 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FC53596872243502A2 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FDCD821C50B7B66B63/[From [email protected]][Date Sat, 11 Jun 2005 09:33:26 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FDCD821C50B7B66B63/[From [email protected]][Date Sat, 11 Jun 2005 09:33:26 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FDCD821C50B7B66B63/[From [email protected]][Date Sat, 11 Jun 2005 09:33:26 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FDCD821C50B7B66B63 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FDCD821C50B7B66B63 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FE41A6B4A423154E05/[From [email protected]][Date Sat, 11 Jun 2005 09:33:26 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FE41A6B4A423154E05/[From [email protected]][Date Sat, 11 Jun 2005 09:33:26 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FE41A6B4A423154E05/[From [email protected]][Date Sat, 11 Jun 2005 09:33:26 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FE41A6B4A423154E05 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FE41A6B4A423154E05 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FFA53CE2029C6733DE/[From [email protected]][Date Fri, 15 Apr 2005 16:22:56 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FFA53CE2029C6733DE/[From [email protected]][Date Fri, 15 Apr 2005 16:22:56 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FFA53CE2029C6733DE/[From [email protected]][Date Fri, 15 Apr 2005 16:22:56 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FFA53CE2029C6733DE Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000003FFA53CE2029C6733DE CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000400AAE6622016B1A621/[From [email protected]][Date Fri, 15 Apr 2005 16:22:56 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000400AAE6622016B1A621/[From [email protected]][Date Fri, 15 Apr 2005 16:22:56 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000400AAE6622016B1A621/[From [email protected]][Date Fri, 15 Apr 2005 16:22:56 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000400AAE6622016B1A621 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000400AAE6622016B1A621 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000401A7F1A19BFDA2621B/[From [email protected]][Date Fri, 15 Apr 2005 16:16:13 -0400]/data8406.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000401A7F1A19BFDA2621B Mail: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000401A7F1A19BFDA2621B CryptFF: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040284D59AE0D6961100/[From [email protected]][Date Wed, 13 Apr 2005 09:14:54 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040284D59AE0D6961100/[From [email protected]][Date Wed, 13 Apr 2005 09:14:54 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040284D59AE0D6961100/[From [email protected]][Date Wed, 13 Apr 2005 09:14:54 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040284D59AE0D6961100 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040284D59AE0D6961100 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000403B9485145A77107A5/[From [email protected]][Date Wed, 13 Apr 2005 09:14:54 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000403B9485145A77107A5/[From [email protected]][Date Wed, 13 Apr 2005 09:14:54 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000403B9485145A77107A5/[From [email protected]][Date Wed, 13 Apr 2005 09:14:54 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000403B9485145A77107A5 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000403B9485145A77107A5 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000404D5D0183802FD9086/[From [email protected]][Date Wed, 13 Apr 2005 09:14:27 -0400]/data32026.zip Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000404D5D0183802FD9086 Mail: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000404D5D0183802FD9086 CryptFF: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040539AF96F52E9E61B4/[From [email protected]][Date Wed, 11 May 2005 09:18:06 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040539AF96F52E9E61B4/[From [email protected]][Date Wed, 11 May 2005 09:18:06 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040539AF96F52E9E61B4/[From [email protected]][Date Wed, 11 May 2005 09:18:06 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040539AF96F52E9E61B4 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040539AF96F52E9E61B4 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040664356D508345971D/[From [email protected]][Date Wed, 11 May 2005 09:18:06 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040664356D508345971D/[From [email protected]][Date Wed, 11 May 2005 09:18:06 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040664356D508345971D/[From [email protected]][Date Wed, 11 May 2005 09:18:06 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040664356D508345971D Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040664356D508345971D CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000407A06205EB1685201E/[From [email protected]][Date Tue, 16 Aug 2005 09:48:47 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000407A06205EB1685201E/[From [email protected]][Date Tue, 16 Aug 2005 09:48:47 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000407A06205EB1685201E/[From [email protected]][Date Tue, 16 Aug 2005 09:48:47 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000407A06205EB1685201E Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000407A06205EB1685201E CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000408CC59F78D9C654FAD/[From [email protected]][Date Tue, 16 Aug 2005 09:48:47 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000408CC59F78D9C654FAD/[From [email protected]][Date Tue, 16 Aug 2005 09:48:47 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000408CC59F78D9C654FAD/[From [email protected]][Date Tue, 16 Aug 2005 09:48:47 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000408CC59F78D9C654FAD Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000408CC59F78D9C654FAD CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004096B0A23DE2733E526/[From [email protected]][Date Tue, 2 Aug 2005 18:54:55 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004096B0A23DE2733E526/[From [email protected]][Date Tue, 2 Aug 2005 18:54:55 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004096B0A23DE2733E526/[From [email protected]][Date Tue, 2 Aug 2005 18:54:55 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004096B0A23DE2733E526 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004096B0A23DE2733E526 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040A9BE5DE91A9423905/[From [email protected]][Date Tue, 2 Aug 2005 18:54:55 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040A9BE5DE91A9423905/[From [email protected]][Date Tue, 2 Aug 2005 18:54:55 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040A9BE5DE91A9423905/[From [email protected]][Date Tue, 2 Aug 2005 18:54:55 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040A9BE5DE91A9423905 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040A9BE5DE91A9423905 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040BB48F6324147216B0/[From [email protected]][Date Thu, 7 Jul 2005 09:45:20 -0400]/data32163.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040BB48F6324147216B0 Mail: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040BB48F6324147216B0 CryptFF: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040C7ABB7C24683EF2AE/[From [email protected]][Date Thu, 7 Jul 2005 09:41:19 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040C7ABB7C24683EF2AE/[From [email protected]][Date Thu, 7 Jul 2005 09:41:19 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040C7ABB7C24683EF2AE/[From [email protected]][Date Thu, 7 Jul 2005 09:41:19 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040C7ABB7C24683EF2AE Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040C7ABB7C24683EF2AE CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040D6EF04636DEB266DD/[From [email protected]][Date Thu, 7 Jul 2005 09:41:19 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040D6EF04636DEB266DD/[From [email protected]][Date Thu, 7 Jul 2005 09:41:19 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040D6EF04636DEB266DD/[From [email protected]][Date Thu, 7 Jul 2005 09:41:19 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040D6EF04636DEB266DD Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040D6EF04636DEB266DD CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040EE9D32E0A0C6C77B3/[From [email protected]][Date Tue, 9 Aug 2005 09:13:48 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040EE9D32E0A0C6C77B3/[From [email protected]][Date Tue, 9 Aug 2005 09:13:48 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040EE9D32E0A0C6C77B3/[From [email protected]][Date Tue, 9 Aug 2005 09:13:48 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040EE9D32E0A0C6C77B3 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040EE9D32E0A0C6C77B3 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040F351248EF9CF5DFF1/[From [email protected]][Date Tue, 9 Aug 2005 09:13:48 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040F351248EF9CF5DFF1/[From [email protected]][Date Tue, 9 Aug 2005 09:13:48 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040F351248EF9CF5DFF1/[From [email protected]][Date Tue, 9 Aug 2005 09:13:48 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040F351248EF9CF5DFF1 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000040F351248EF9CF5DFF1 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041028B94978F43B228D/[From [email protected]][Date Tue, 9 Aug 2005 09:13:11 -0400]/msg27598.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041028B94978F43B228D Mail: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041028B94978F43B228D CryptFF: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004118C4E94271577C11C/[From [email protected]][Date Tue, 24 May 2005 09:30:56 -0400]/data24475.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004118C4E94271577C11C Mail: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004118C4E94271577C11C CryptFF: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000412F929647B5DE5F711/[From [email protected]][Date Tue, 24 May 2005 09:30:30 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000412F929647B5DE5F711/[From [email protected]][Date Tue, 24 May 2005 09:30:30 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000412F929647B5DE5F711/[From [email protected]][Date Tue, 24 May 2005 09:30:30 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000412F929647B5DE5F711 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000412F929647B5DE5F711 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004132DD06C13885A50B5/[From [email protected]][Date Tue, 24 May 2005 09:30:30 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004132DD06C13885A50B5/[From [email protected]][Date Tue, 24 May 2005 09:30:30 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004132DD06C13885A50B5/[From [email protected]][Date Tue, 24 May 2005 09:30:30 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004132DD06C13885A50B5 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004132DD06C13885A50B5 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000414EE8EB830D3398EB5/[From [email protected]][Date Sat, 27 Aug 2005 09:57:17 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000414EE8EB830D3398EB5/[From [email protected]][Date Sat, 27 Aug 2005 09:57:17 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000414EE8EB830D3398EB5/[From [email protected]][Date Sat, 27 Aug 2005 09:57:17 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000414EE8EB830D3398EB5 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000414EE8EB830D3398EB5 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041523D23B3D85A18740/[From [email protected]][Date Sat, 27 Aug 2005 09:57:17 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041523D23B3D85A18740/[From [email protected]][Date Sat, 27 Aug 2005 09:57:17 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041523D23B3D85A18740/[From [email protected]][Date Sat, 27 Aug 2005 09:57:17 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041523D23B3D85A18740 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041523D23B3D85A18740 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000416979C42102C82EF17/[From [email protected]][Date Sat, 7 May 2005 09:21:04 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000416979C42102C82EF17/[From [email protected]][Date Sat, 7 May 2005 09:21:04 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000416979C42102C82EF17/[From [email protected]][Date Sat, 7 May 2005 09:21:04 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000416979C42102C82EF17 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000416979C42102C82EF17 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041779F14F6F527CC475/[From [email protected]][Date Sat, 7 May 2005 09:21:04 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041779F14F6F527CC475/[From [email protected]][Date Sat, 7 May 2005 09:21:04 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041779F14F6F527CC475/[From [email protected]][Date Sat, 7 May 2005 09:21:04 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041779F14F6F527CC475 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041779F14F6F527CC475 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000418DE54B5A64343D921/[From [email protected]][Date Sat, 7 May 2005 09:19:52 -0400]/data1372.zip Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000418DE54B5A64343D921 Mail: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000418DE54B5A64343D921 CryptFF: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000419E58DD744F11A1A59/[From [email protected]][Date Wed, 22 Jun 2005 09:31:48 -0400]/message17938.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000419E58DD744F11A1A59 Mail: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000419E58DD744F11A1A59 CryptFF: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041ACD096E19F3EC4271/[From [email protected]][Date Wed, 22 Jun 2005 09:31:37 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041ACD096E19F3EC4271/[From [email protected]][Date Wed, 22 Jun 2005 09:31:37 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041ACD096E19F3EC4271/[From [email protected]][Date Wed, 22 Jun 2005 09:31:37 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041ACD096E19F3EC4271 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041ACD096E19F3EC4271 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041B7FFF64C474E392AE/[From [email protected]][Date Wed, 22 Jun 2005 09:31:37 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041B7FFF64C474E392AE/[From [email protected]][Date Wed, 22 Jun 2005 09:31:37 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041B7FFF64C474E392AE/[From [email protected]][Date Wed, 22 Jun 2005 09:31:37 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041B7FFF64C474E392AE Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041B7FFF64C474E392AE CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041C1454AB139ABF96CB/[From [email protected]][Date Sun, 5 Jun 2005 15:04:53 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041C1454AB139ABF96CB/[From [email protected]][Date Sun, 5 Jun 2005 15:04:53 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041C1454AB139ABF96CB/[From [email protected]][Date Sun, 5 Jun 2005 15:04:53 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041C1454AB139ABF96CB Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041C1454AB139ABF96CB CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041D527FD46EBC78A142/[From [email protected]][Date Sun, 5 Jun 2005 15:04:53 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041D527FD46EBC78A142/[From [email protected]][Date Sun, 5 Jun 2005 15:04:53 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041D527FD46EBC78A142/[From [email protected]][Date Sun, 5 Jun 2005 15:04:53 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041D527FD46EBC78A142 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041D527FD46EBC78A142 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041E6C348D31BF5F7F27/[From [email protected]][Date Sun, 5 Jun 2005 15:04:43 -0400]/message13723.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041E6C348D31BF5F7F27 Mail: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041E6C348D31BF5F7F27 CryptFF: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041FDF17D96117DAEC4C/[From [email protected]][Date Tue, 26 Apr 2005 09:19:03 -0400]/message7187.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041FDF17D96117DAEC4C Mail: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000041FDF17D96117DAEC4C CryptFF: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000420814F54DC18844855/[From [email protected]][Date Tue, 26 Apr 2005 09:19:01 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000420814F54DC18844855/[From [email protected]][Date Tue, 26 Apr 2005 09:19:01 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000420814F54DC18844855/[From [email protected]][Date Tue, 26 Apr 2005 09:19:01 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000420814F54DC18844855 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000420814F54DC18844855 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000421C73D79F6E72F4003/[From [email protected]][Date Tue, 26 Apr 2005 09:19:01 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000421C73D79F6E72F4003/[From [email protected]][Date Tue, 26 Apr 2005 09:19:01 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000421C73D79F6E72F4003/[From [email protected]][Date Tue, 26 Apr 2005 09:19:01 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000421C73D79F6E72F4003 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000421C73D79F6E72F4003 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000422D7ADC20A2093258F/[From [email protected]][Date Thu, 5 May 2005 09:25:42 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000422D7ADC20A2093258F/[From [email protected]][Date Thu, 5 May 2005 09:25:42 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000422D7ADC20A2093258F/[From [email protected]][Date Thu, 5 May 2005 09:25:42 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000422D7ADC20A2093258F Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000422D7ADC20A2093258F CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000423FB0AA73AC3730929/[From [email protected]][Date Thu, 5 May 2005 09:25:42 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000423FB0AA73AC3730929/[From [email protected]][Date Thu, 5 May 2005 09:25:42 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000423FB0AA73AC3730929/[From [email protected]][Date Thu, 5 May 2005 09:25:42 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000423FB0AA73AC3730929 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000423FB0AA73AC3730929 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042497807283351DAA73/[From [email protected]][Date Thu, 19 May 2005 09:20:44 -0400]/message31207.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042497807283351DAA73 Mail: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042497807283351DAA73 CryptFF: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004255A5E92F9C6AA4BAB/[From [email protected]][Date Thu, 19 May 2005 09:18:18 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004255A5E92F9C6AA4BAB/[From [email protected]][Date Thu, 19 May 2005 09:18:18 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004255A5E92F9C6AA4BAB/[From [email protected]][Date Thu, 19 May 2005 09:18:18 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004255A5E92F9C6AA4BAB Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004255A5E92F9C6AA4BAB CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004260C41D345CA4A84ED/[From [email protected]][Date Thu, 19 May 2005 09:18:18 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004260C41D345CA4A84ED/[From [email protected]][Date Thu, 19 May 2005 09:18:18 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004260C41D345CA4A84ED/[From [email protected]][Date Thu, 19 May 2005 09:18:18 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004260C41D345CA4A84ED Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004260C41D345CA4A84ED CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000427A070CA1C20DF7FD5/[From [email protected]][Date Thu, 25 Aug 2005 09:56:43 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000427A070CA1C20DF7FD5/[From [email protected]][Date Thu, 25 Aug 2005 09:56:43 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000427A070CA1C20DF7FD5/[From [email protected]][Date Thu, 25 Aug 2005 09:56:43 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000427A070CA1C20DF7FD5 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000427A070CA1C20DF7FD5 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000428E4CF761BE6FDD029/[From [email protected]][Date Thu, 25 Aug 2005 09:56:43 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000428E4CF761BE6FDD029/[From [email protected]][Date Thu, 25 Aug 2005 09:56:43 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000428E4CF761BE6FDD029/[From [email protected]][Date Thu, 25 Aug 2005 09:56:43 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000428E4CF761BE6FDD029 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP00000428E4CF761BE6FDD029 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042959E43FAE8A571CEB/[From [email protected]][Date Thu, 25 Aug 2005 09:53:19 -0400]/data16461.zip Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042959E43FAE8A571CEB Mail: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042959E43FAE8A571CEB CryptFF: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042A86081EE889BD983D/[From [email protected]][Date Fri, 22 Jul 2005 09:51:08 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042A86081EE889BD983D/[From [email protected]][Date Fri, 22 Jul 2005 09:51:08 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042A86081EE889BD983D/[From [email protected]][Date Fri, 22 Jul 2005 09:51:08 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042A86081EE889BD983D Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042A86081EE889BD983D CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042B377771EC7B8C5D9B/[From [email protected]][Date Fri, 22 Jul 2005 09:51:08 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042B377771EC7B8C5D9B/[From [email protected]][Date Fri, 22 Jul 2005 09:51:08 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042B377771EC7B8C5D9B/[From [email protected]][Date Fri, 22 Jul 2005 09:51:08 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042B377771EC7B8C5D9B Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042B377771EC7B8C5D9B CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042CEDFA39B77238F4B0/[From [email protected]][Date Fri, 22 Jul 2005 09:49:14 -0400]/mail25389.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042CEDFA39B77238F4B0 Mail: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042CEDFA39B77238F4B0 CryptFF: infected - 1 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042D8143751268B6194F/[From [email protected]][Date Fri, 15 Jul 2005 09:38:24 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042D8143751268B6194F/[From [email protected]][Date Fri, 15 Jul 2005 09:38:24 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042D8143751268B6194F/[From [email protected]][Date Fri, 15 Jul 2005 09:38:24 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042D8143751268B6194F Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042D8143751268B6194F CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042E393FEB46C4451563/[From [email protected]][Date Fri, 15 Jul 2005 09:38:24 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042E393FEB46C4451563/[From [email protected]][Date Fri, 15 Jul 2005 09:38:24 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042E393FEB46C4451563/[From [email protected]][Date Fri, 15 Jul 2005 09:38:24 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042E393FEB46C4451563 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042E393FEB46C4451563 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042F368DB57988D1E7ED/[From [email protected]][Date Mon, 6 Jun 2005 09:49:47 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042F368DB57988D1E7ED/[From [email protected]][Date Mon, 6 Jun 2005 09:49:47 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042F368DB57988D1E7ED/[From [email protected]][Date Mon, 6 Jun 2005 09:49:47 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042F368DB57988D1E7ED Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP0000042F368DB57988D1E7ED CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004301E4040B87A7BE175/[From [email protected]][Date Mon, 6 Jun 2005 09:49:47 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004301E4040B87A7BE175/[From [email protected]][Date Mon, 6 Jun 2005 09:49:47 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004301E4040B87A7BE175/[From [email protected]][Date Mon, 6 Jun 2005 09:49:47 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004301E4040B87A7BE175 Mail: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004301E4040B87A7BE175 CryptFF: infected - 1, suspicious - 2 skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004316DDD688FF0A3E3DC/[From [email protected]][Date Tue, 23 Aug 2005 10:07:29 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004316DDD688FF0A3E3DC/[From [email protected]][Date Tue, 23 Aug 2005 10:07:29 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Deckard\System Scanner\20080712165743\backup\WINDOWS\temp\TMP000004316DDD688FF0A3E3DC/[From [email protected]][Date Tue, 23 Aug 2005 10:07:29 -0400]/message.pif Infected: Email-Worm.Win32.NetSky.r
#9
Posted 13 July 2008 - 08:54 AM
Kellee
- Topic Starter
-
- Member
-
- 24 posts
Member
AND FINALLY.....STEP #4 NOW I AM SCARED
Deckard's System Scanner v20071014.68
Run by Kellee Albrecht on 2008-07-13 07:52:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Kellee Albrecht.exe) -------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:52:53 AM, on 7/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Kellee Albrecht\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\KELLEE~1.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HotSync Manager.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: demr.opt.fimserve.com
O15 - Trusted Zone: http://api.msappspace.com
O15 - Trusted Zone: http://home.myspace.com
O15 - Trusted Zone: http://secure.myspace.com
O15 - Trusted Zone: http://www.myspace.com
O15 - Trusted Zone: *.myspace.com
O15 - Trusted Zone: http://webmail.sti.net
O15 - Trusted Zone: www.sti.net
O15 - Trusted Zone: http://www.webkinz.com
O15 - Trusted Zone: http://www.yosemitearea.com
O15 - Trusted Zone: http://www.yosemiteforums.com
O15 - Trusted Zone: www.youtube.com
O15 - Trusted Zone: http://www.youtube.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1152115822535
O16 - DPF: {85BA505F-FD01-4A91-836C-F7D502E89C9A} (Image Uploader Control) - http://www.evite.com...geUploader4.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 12023 bytes
-- Files created between 2008-06-13 and 2008-07-13 -----------------------------
2008-07-12 20:19:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-12 20:19:21 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-07-12 20:19:20 0 d-------- C:\WINDOWS\LastGood
2008-07-12 19:03:26 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-12 19:03:21 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-12 19:03:21 0 d-------- C:\Documents and Settings\Kellee Albrecht\Application Data\SUPERAntiSpyware.com
2008-07-12 19:02:57 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-12 16:59:01 0 d-------- C:\Program Files\Trend Micro
2008-07-12 15:18:19 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-12 15:17:59 0 d-------- C:\Program Files\Spyware Doctor
2008-07-12 15:17:59 0 d-------- C:\Documents and Settings\Kellee Albrecht\Application Data\PC Tools
2008-06-19 16:30:39 0 d-------- C:\Program Files\Pizza Chef
2008-06-18 15:59:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
2008-06-18 15:56:16 0 d-------- C:\Program Files\Go Go Gourmet
-- Find3M Report ---------------------------------------------------------------
2008-07-12 20:13:52 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-12 20:13:42 0 d-------- C:\Program Files\Common Files
2008-07-11 20:24:39 0 d-------- C:\Program Files\Hello Kitty Studio
2008-06-06 07:54:26 0 d-------- C:\Program Files\The Weather Channel FW
2008-05-29 17:48:56 0 d-------- C:\Program Files\HP
2008-05-27 20:46:39 0 d-------- C:\Documents and Settings\Kellee Albrecht\Application Data\SmartFTP
2008-05-27 20:46:23 0 d-------- C:\Program Files\SmartFTP Client
2008-05-27 20:46:08 0 d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-05-17 19:52:18 0 d-------- C:\Program Files\iTunes
2008-05-17 19:52:08 0 d-------- C:\Program Files\iPod
2008-05-17 19:50:42 0 d-------- C:\Program Files\QuickTime
2008-05-17 19:39:45 0 d-------- C:\Program Files\Apple Software Update
2008-05-16 19:14:25 0 d-------- C:\Documents and Settings\Kellee Albrecht\Application Data\LimeWire
2008-05-15 21:38:31 0 d-------- C:\Program Files\Sun
2008-05-15 21:38:19 0 d-------- C:\Program Files\Java
2008-05-15 21:34:24 0 d-------- C:\Program Files\Windows Live
2008-05-15 21:33:46 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 05:42 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [05/31/2005 07:05 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [12/09/2005 06:29 PM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/08/2005 03:20 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 02:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 02:50 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/16/2005 11:11 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/19/2002 10:22 PM]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [08/19/2002 10:23 PM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [10/14/2007 08:59 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/19/2007 09:16 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 AM]
"DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [06/10/2008 04:18 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33 AM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [7/6/2006 7:29:00 AM]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [7/6/2006 7:20:31 AM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminders Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminders Tray Icon.lnk
backup=C:\WINDOWS\pss\Event Planner Reminders Tray Icon.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kellee Albrecht^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Kellee Albrecht\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
-- End of Deckard's System Scanner: finished at 2008-07-13 07:53:11 ------------
Deckard's System Scanner v20071014.68
Run by Kellee Albrecht on 2008-07-13 07:52:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Kellee Albrecht.exe) -------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:52:53 AM, on 7/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Kellee Albrecht\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\KELLEE~1.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HotSync Manager.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: demr.opt.fimserve.com
O15 - Trusted Zone: http://api.msappspace.com
O15 - Trusted Zone: http://home.myspace.com
O15 - Trusted Zone: http://secure.myspace.com
O15 - Trusted Zone: http://www.myspace.com
O15 - Trusted Zone: *.myspace.com
O15 - Trusted Zone: http://webmail.sti.net
O15 - Trusted Zone: www.sti.net
O15 - Trusted Zone: http://www.webkinz.com
O15 - Trusted Zone: http://www.yosemitearea.com
O15 - Trusted Zone: http://www.yosemiteforums.com
O15 - Trusted Zone: www.youtube.com
O15 - Trusted Zone: http://www.youtube.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1152115822535
O16 - DPF: {85BA505F-FD01-4A91-836C-F7D502E89C9A} (Image Uploader Control) - http://www.evite.com...geUploader4.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 12023 bytes
-- Files created between 2008-06-13 and 2008-07-13 -----------------------------
2008-07-12 20:19:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-12 20:19:21 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-07-12 20:19:20 0 d-------- C:\WINDOWS\LastGood
2008-07-12 19:03:26 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-12 19:03:21 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-12 19:03:21 0 d-------- C:\Documents and Settings\Kellee Albrecht\Application Data\SUPERAntiSpyware.com
2008-07-12 19:02:57 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-12 16:59:01 0 d-------- C:\Program Files\Trend Micro
2008-07-12 15:18:19 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-12 15:17:59 0 d-------- C:\Program Files\Spyware Doctor
2008-07-12 15:17:59 0 d-------- C:\Documents and Settings\Kellee Albrecht\Application Data\PC Tools
2008-06-19 16:30:39 0 d-------- C:\Program Files\Pizza Chef
2008-06-18 15:59:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
2008-06-18 15:56:16 0 d-------- C:\Program Files\Go Go Gourmet
-- Find3M Report ---------------------------------------------------------------
2008-07-12 20:13:52 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-12 20:13:42 0 d-------- C:\Program Files\Common Files
2008-07-11 20:24:39 0 d-------- C:\Program Files\Hello Kitty Studio
2008-06-06 07:54:26 0 d-------- C:\Program Files\The Weather Channel FW
2008-05-29 17:48:56 0 d-------- C:\Program Files\HP
2008-05-27 20:46:39 0 d-------- C:\Documents and Settings\Kellee Albrecht\Application Data\SmartFTP
2008-05-27 20:46:23 0 d-------- C:\Program Files\SmartFTP Client
2008-05-27 20:46:08 0 d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-05-17 19:52:18 0 d-------- C:\Program Files\iTunes
2008-05-17 19:52:08 0 d-------- C:\Program Files\iPod
2008-05-17 19:50:42 0 d-------- C:\Program Files\QuickTime
2008-05-17 19:39:45 0 d-------- C:\Program Files\Apple Software Update
2008-05-16 19:14:25 0 d-------- C:\Documents and Settings\Kellee Albrecht\Application Data\LimeWire
2008-05-15 21:38:31 0 d-------- C:\Program Files\Sun
2008-05-15 21:38:19 0 d-------- C:\Program Files\Java
2008-05-15 21:34:24 0 d-------- C:\Program Files\Windows Live
2008-05-15 21:33:46 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 05:42 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [05/31/2005 07:05 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [12/09/2005 06:29 PM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/08/2005 03:20 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 02:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 02:50 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/16/2005 11:11 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/19/2002 10:22 PM]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [08/19/2002 10:23 PM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [10/14/2007 08:59 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/19/2007 09:16 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 AM]
"DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [06/10/2008 04:18 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33 AM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [7/6/2006 7:29:00 AM]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [7/6/2006 7:20:31 AM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminders Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminders Tray Icon.lnk
backup=C:\WINDOWS\pss\Event Planner Reminders Tray Icon.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kellee Albrecht^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Kellee Albrecht\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
-- End of Deckard's System Scanner: finished at 2008-07-13 07:53:11 ------------
#10
Posted 13 July 2008 - 09:59 AM
andrewuk
-
- Malware Removal
-
- 5,297 posts
Trusted Helper
Hi Kellee
no need to be worried, the kaspersky scan picked up infections that are safely quarantined and infact your logs look pretty good now.
in this post we will do one more scan and i also want to do a rootkil scan, the SUPERantispyware scan caught remnants of one. we will also update your java which is out of date.
====STEP 1====
Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
====STEP 2====
Download GMER from here:
http://www.gmer.net/files.php
Unzip it to the desktop.
Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.
====STEP 3====
Clearing the Java cache:
there is a nice set of instructions http://www.java.com/.../5000020300.xml
1. the malwarebytes log
2. the GMER log, if produced
3. a new hijackthis log
4. and some idea of how your machine is running now
The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.
andrewuk
no need to be worried, the kaspersky scan picked up infections that are safely quarantined and infact your logs look pretty good now.
in this post we will do one more scan and i also want to do a rootkil scan, the SUPERantispyware scan caught remnants of one. we will also update your java which is out of date.
====STEP 1====
Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
====STEP 2====
Download GMER from here:
http://www.gmer.net/files.php
Unzip it to the desktop.
Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.
====STEP 3====
Clearing the Java cache:
there is a nice set of instructions http://www.java.com/.../5000020300.xml
- Click Start > Control Panel.
- Double-click the Java icon in the control panel and then the Java Control Panel will appear.
- Click Settings under Temporary Internet Files and the Temporary Files Settings dialog box appears.
- Click Delete Files and the Delete Temporary Files dialog box appears.
- Make sure all three boxes are ticked: Downloaded Applets, Downloaded Applications and Other Files and then Click OK on Delete Temporary Files window. Note: This deletes all the Downloaded Applications and Applets from the cache.
- Click OK on Temporary Files Settings window.
- Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
- Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
- Click the "Download" button to the right.
- Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
- Click on Continue.
- Click on the link to download Windows Offline Installation (jre-6u7-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java version.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on the download to install the newest version.
1. the malwarebytes log
2. the GMER log, if produced
3. a new hijackthis log
4. and some idea of how your machine is running now
The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.
andrewuk
#11
Posted 13 July 2008 - 11:02 AM
Kellee
- Topic Starter
-
- Member
-
- 24 posts
Member
Andrew, thank you so much for your time and expertise on this, I greatly appreciate it
HERE IS 2ND PHASE STEP #1
Malwarebytes' Anti-Malware 1.20
Database version: 945
Windows 5.1.2600 Service Pack 2
9:59:26 AM 7/13/2008
mbam-log-7-13-2008 (09-59-26).txt
Scan type: Full Scan (C:\|)
Objects scanned: 118263
Time elapsed: 29 minute(s), 8 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP674\A0069476.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP674\A0069482.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP674\A0069483.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP674\A0069484.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP674\A0069486.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP674\A0069487.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP674\A0069491.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP674\A0069493.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP699\A0074955.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
HERE IS 2ND PHASE STEP #1
Malwarebytes' Anti-Malware 1.20
Database version: 945
Windows 5.1.2600 Service Pack 2
9:59:26 AM 7/13/2008
mbam-log-7-13-2008 (09-59-26).txt
Scan type: Full Scan (C:\|)
Objects scanned: 118263
Time elapsed: 29 minute(s), 8 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP674\A0069476.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP674\A0069482.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP674\A0069483.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP674\A0069484.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP674\A0069486.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP674\A0069487.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP674\A0069491.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP674\A0069493.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP699\A0074955.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
#12
Posted 13 July 2008 - 01:54 PM
Kellee
- Topic Starter
-
- Member
-
- 24 posts
Member
STEP #2
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-07-13 12:53:25
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.14 ----
SSDT 89F1E3F0 ZwConnectPort
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB0EBDF20] <-- ROOTKIT !!!
Code Mdgd32.sys ZwEnumerateKey [0xB9D766AD]
Code Mdgd32.sys ZwOpenKey [0xB9D76419]
---- Kernel code sections - GMER 1.0.14 ----
PAGE ntkrnlpa.exe!ZwEnumerateKey 80622B12 7 Bytes JMP B9D766B1 Mdgd32.sys
PAGE ntkrnlpa.exe!ZwOpenKey 80623668 5 Bytes JMP B9D7641D Mdgd32.sys
PAGENDSM NDIS.sys!NdisMIndicateStatus B9DF9A5F 11 Bytes [ 58, 68, 10, 38, FF, 89, 50, ... ]
---- User code sections - GMER 1.0.14 ----
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[944] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Windows Live Messenger/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1092] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 42F0F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1092] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 430A1667 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1092] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 430A15E8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1092] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 430A162C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1092] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 430A1574 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1092] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 430A15AE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1092] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 430A16A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1092] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 42F316B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.14 ----
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
---- Devices - GMER 1.0.14 ----
Device \FileSystem\Ntfs \Ntfs Mdgd32.sys
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
---- Threads - GMER 1.0.14 ----
Thread 4:3280 B128E0D0
---- Services - GMER 1.0.14 ----
Service (*** hidden *** ) [BOOT] Mdgd32 <-- ROOTKIT !!!
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\Mdgd32
Reg HKLM\SYSTEM\CurrentControlSet\Services\Mdgd32@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Mdgd32@Tag 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Mdgd32@Group System Reserved?Boot Bus Extender?System Bus Extender?SCSI miniport?Port?Primary Disk?SCSI Class?SCSI CDROM Class?FSFilter Infrastructure?FSFilter System?FSFilter Bottom?FSFilter Copy Protection?FSFilter Security Enhancer?FSFilter Open File?FSFilter Physical Quota Management?FSFilter Encryption?FSFilter Compression?FSFilter HSM?FSFilter Cluster File System?FSFilter System Recovery?FSFilter Quota Management?FSFilter Content Screener?FSFilter Continuous Backup?FSFilter Replication?FSFilter Anti-Virus?FSFilter Undelete?FSFilter Activity Monitor?FSFilter Top?Filter?Boot File System?Base?Pointer Port?Keyboard Port?Pointer Class?Keyboard Class?Video Init?Video?Video Save?File System?Event Log?Streams Drivers?NDIS Wrapper?COM Infrastructure?UIGroup?LocalValidation?PlugPlay?PNP_TDI?NDIS?TDI?Symantec Services?NetBIOSGroup?ShellSvcGroup?SchedulerGroup?SpoolerGroup?AudioGroup?SmartCardGroup?NetworkProvider?RemoteValidation?NetDDEGroup?Parallel arbitrator?Extended Base?PCI Configuration?MS Transactions?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Mdgd32@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Mdgd32@Start 0
Reg HKLM\SYSTEM\ControlSet003\Services\Mdgd32
Reg HKLM\SYSTEM\ControlSet003\Services\Mdgd32@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\Mdgd32@Tag 1
Reg HKLM\SYSTEM\ControlSet003\Services\Mdgd32@Group System Reserved?Boot Bus Extender?System Bus Extender?SCSI miniport?Port?Primary Disk?SCSI Class?SCSI CDROM Class?FSFilter Infrastructure?FSFilter System?FSFilter Bottom?FSFilter Copy Protection?FSFilter Security Enhancer?FSFilter Open File?FSFilter Physical Quota Management?FSFilter Encryption?FSFilter Compression?FSFilter HSM?FSFilter Cluster File System?FSFilter System Recovery?FSFilter Quota Management?FSFilter Content Screener?FSFilter Continuous Backup?FSFilter Replication?FSFilter Anti-Virus?FSFilter Undelete?FSFilter Activity Monitor?FSFilter Top?Filter?Boot File System?Base?Pointer Port?Keyboard Port?Pointer Class?Keyboard Class?Video Init?Video?Video Save?File System?Event Log?Streams Drivers?NDIS Wrapper?COM Infrastructure?UIGroup?LocalValidation?PlugPlay?PNP_TDI?NDIS?TDI?Symantec Services?NetBIOSGroup?ShellSvcGroup?SchedulerGroup?SpoolerGroup?AudioGroup?SmartCardGroup?NetworkProvider?RemoteValidation?NetDDEGroup?Parallel arbitrator?Extended Base?PCI Configuration?MS Transactions?
Reg HKLM\SYSTEM\ControlSet003\Services\Mdgd32@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet003\Services\Mdgd32@Start 0
---- Files - GMER 1.0.14 ----
File C:\WINDOWS\system32\drivers\Mdgd32.sys 126464 bytes executable
---- EOF - GMER 1.0.14 ----
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-07-13 12:53:25
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.14 ----
SSDT 89F1E3F0 ZwConnectPort
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB0EBDF20] <-- ROOTKIT !!!
Code Mdgd32.sys ZwEnumerateKey [0xB9D766AD]
Code Mdgd32.sys ZwOpenKey [0xB9D76419]
---- Kernel code sections - GMER 1.0.14 ----
PAGE ntkrnlpa.exe!ZwEnumerateKey 80622B12 7 Bytes JMP B9D766B1 Mdgd32.sys
PAGE ntkrnlpa.exe!ZwOpenKey 80623668 5 Bytes JMP B9D7641D Mdgd32.sys
PAGENDSM NDIS.sys!NdisMIndicateStatus B9DF9A5F 11 Bytes [ 58, 68, 10, 38, FF, 89, 50, ... ]
---- User code sections - GMER 1.0.14 ----
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[944] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Windows Live Messenger/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1092] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 42F0F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1092] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 430A1667 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1092] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 430A15E8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1092] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 430A162C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1092] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 430A1574 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1092] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 430A15AE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1092] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 430A16A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1092] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 42F316B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.14 ----
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2960] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
---- Devices - GMER 1.0.14 ----
Device \FileSystem\Ntfs \Ntfs Mdgd32.sys
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
---- Threads - GMER 1.0.14 ----
Thread 4:3280 B128E0D0
---- Services - GMER 1.0.14 ----
Service (*** hidden *** ) [BOOT] Mdgd32 <-- ROOTKIT !!!
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\Mdgd32
Reg HKLM\SYSTEM\CurrentControlSet\Services\Mdgd32@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Mdgd32@Tag 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Mdgd32@Group System Reserved?Boot Bus Extender?System Bus Extender?SCSI miniport?Port?Primary Disk?SCSI Class?SCSI CDROM Class?FSFilter Infrastructure?FSFilter System?FSFilter Bottom?FSFilter Copy Protection?FSFilter Security Enhancer?FSFilter Open File?FSFilter Physical Quota Management?FSFilter Encryption?FSFilter Compression?FSFilter HSM?FSFilter Cluster File System?FSFilter System Recovery?FSFilter Quota Management?FSFilter Content Screener?FSFilter Continuous Backup?FSFilter Replication?FSFilter Anti-Virus?FSFilter Undelete?FSFilter Activity Monitor?FSFilter Top?Filter?Boot File System?Base?Pointer Port?Keyboard Port?Pointer Class?Keyboard Class?Video Init?Video?Video Save?File System?Event Log?Streams Drivers?NDIS Wrapper?COM Infrastructure?UIGroup?LocalValidation?PlugPlay?PNP_TDI?NDIS?TDI?Symantec Services?NetBIOSGroup?ShellSvcGroup?SchedulerGroup?SpoolerGroup?AudioGroup?SmartCardGroup?NetworkProvider?RemoteValidation?NetDDEGroup?Parallel arbitrator?Extended Base?PCI Configuration?MS Transactions?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Mdgd32@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Mdgd32@Start 0
Reg HKLM\SYSTEM\ControlSet003\Services\Mdgd32
Reg HKLM\SYSTEM\ControlSet003\Services\Mdgd32@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\Mdgd32@Tag 1
Reg HKLM\SYSTEM\ControlSet003\Services\Mdgd32@Group System Reserved?Boot Bus Extender?System Bus Extender?SCSI miniport?Port?Primary Disk?SCSI Class?SCSI CDROM Class?FSFilter Infrastructure?FSFilter System?FSFilter Bottom?FSFilter Copy Protection?FSFilter Security Enhancer?FSFilter Open File?FSFilter Physical Quota Management?FSFilter Encryption?FSFilter Compression?FSFilter HSM?FSFilter Cluster File System?FSFilter System Recovery?FSFilter Quota Management?FSFilter Content Screener?FSFilter Continuous Backup?FSFilter Replication?FSFilter Anti-Virus?FSFilter Undelete?FSFilter Activity Monitor?FSFilter Top?Filter?Boot File System?Base?Pointer Port?Keyboard Port?Pointer Class?Keyboard Class?Video Init?Video?Video Save?File System?Event Log?Streams Drivers?NDIS Wrapper?COM Infrastructure?UIGroup?LocalValidation?PlugPlay?PNP_TDI?NDIS?TDI?Symantec Services?NetBIOSGroup?ShellSvcGroup?SchedulerGroup?SpoolerGroup?AudioGroup?SmartCardGroup?NetworkProvider?RemoteValidation?NetDDEGroup?Parallel arbitrator?Extended Base?PCI Configuration?MS Transactions?
Reg HKLM\SYSTEM\ControlSet003\Services\Mdgd32@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet003\Services\Mdgd32@Start 0
---- Files - GMER 1.0.14 ----
File C:\WINDOWS\system32\drivers\Mdgd32.sys 126464 bytes executable
---- EOF - GMER 1.0.14 ----
#13
Posted 13 July 2008 - 02:16 PM
Kellee
- Topic Starter
-
- Member
-
- 24 posts
Member
AND FINALLY....STEP #3
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:14:35 PM, on 7/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HotSync Manager.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: demr.opt.fimserve.com
O15 - Trusted Zone: http://api.msappspace.com
O15 - Trusted Zone: http://home.myspace.com
O15 - Trusted Zone: http://secure.myspace.com
O15 - Trusted Zone: http://www.myspace.com
O15 - Trusted Zone: *.myspace.com
O15 - Trusted Zone: http://webmail.sti.net
O15 - Trusted Zone: www.sti.net
O15 - Trusted Zone: http://www.webkinz.com
O15 - Trusted Zone: http://www.yosemitearea.com
O15 - Trusted Zone: http://www.yosemiteforums.com
O15 - Trusted Zone: www.youtube.com
O15 - Trusted Zone: http://www.youtube.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1152115822535
O16 - DPF: {85BA505F-FD01-4A91-836C-F7D502E89C9A} (Image Uploader Control) - http://www.evite.com...geUploader4.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 11762 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:14:35 PM, on 7/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HotSync Manager.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: demr.opt.fimserve.com
O15 - Trusted Zone: http://api.msappspace.com
O15 - Trusted Zone: http://home.myspace.com
O15 - Trusted Zone: http://secure.myspace.com
O15 - Trusted Zone: http://www.myspace.com
O15 - Trusted Zone: *.myspace.com
O15 - Trusted Zone: http://webmail.sti.net
O15 - Trusted Zone: www.sti.net
O15 - Trusted Zone: http://www.webkinz.com
O15 - Trusted Zone: http://www.yosemitearea.com
O15 - Trusted Zone: http://www.yosemiteforums.com
O15 - Trusted Zone: www.youtube.com
O15 - Trusted Zone: http://www.youtube.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1152115822535
O16 - DPF: {85BA505F-FD01-4A91-836C-F7D502E89C9A} (Image Uploader Control) - http://www.evite.com...geUploader4.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 11762 bytes
#14
Posted 13 July 2008 - 02:24 PM
Kellee
- Topic Starter
-
- Member
-
- 24 posts
Member
Hi AndrewUK,
Everything ran smoothly with all of the scans. My computer seems alot faster now! Do you think that I am safe now? I understand from what you said that any viruses that I had have been quarantened. Is that secure or do they have to be removed completely? From looking at what was there, do you have any idea of where the Trojan came from? I was thinking maybe from free program downloads or something like that. Is there another anti-virus program that you would recommend other than Norton? I have always used it and it has always worked well for me (at least I thought it did). Oh, on all of the malware programs, anti-spyware & Hijack this, should I keep them in my computer and run them from time to time?
Again, thank you so much for all of your help. I GREATLY appreciate all of your assistance. I am so glad that I found GTG, you guys are awesome!
Kellee
Everything ran smoothly with all of the scans. My computer seems alot faster now! Do you think that I am safe now? I understand from what you said that any viruses that I had have been quarantened. Is that secure or do they have to be removed completely? From looking at what was there, do you have any idea of where the Trojan came from? I was thinking maybe from free program downloads or something like that. Is there another anti-virus program that you would recommend other than Norton? I have always used it and it has always worked well for me (at least I thought it did). Oh, on all of the malware programs, anti-spyware & Hijack this, should I keep them in my computer and run them from time to time?
Again, thank you so much for all of your help. I GREATLY appreciate all of your assistance. I am so glad that I found GTG, you guys are awesome!
Kellee
#15
Posted 13 July 2008 - 03:39 PM
andrewuk
-
- Malware Removal
-
- 5,297 posts
Trusted Helper
the GMER scan came up with some issues to investigate which we will do now.
====STEP 1====
Jotti File Submission:
Please go to Jotti's malware scan
Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
C:\WINDOWS\system32\drivers\Mdgd32.sys
Click on the submit button
Please post the results of the scan in your next reply.
If Jotti is busy, try the same atVirustotal
====STEP 2====
Download SDFix and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
if you have already downloaded combofix then could you delete the current version of combofix you have and then follow these instructions:
Please visit this web page for instructions for downloading and running ComboFix
http://www.bleepingc...to-use-combofix
This includes installing the Windows XP Recovery Console in case you have not installed it yet. (All the instructions for installing the Recovery Console are in the above link, but for more information on the Windows XP Recovery Console read http://support.micro...com/kb/314058.)
Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.
Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
In your next reply could i see:
1. the Jotti log
2. the SDFix log
3. the combofix log
4. a new hijackthis log
The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.
andrewuk
====STEP 1====
Jotti File Submission:
Please go to Jotti's malware scan
Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
C:\WINDOWS\system32\drivers\Mdgd32.sys
Click on the submit button
Please post the results of the scan in your next reply.
If Jotti is busy, try the same atVirustotal
====STEP 2====
Download SDFix and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, the Advanced Options Menu should appear;
- Select the first option, to run Windows in Safe Mode, then press Enter.
- Choose your usual account.
- Open the extracted SDFix folder and double click RunThis.bat to start the script.
- Type Y to begin the cleanup process.
- It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
- Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum). - Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
if you have already downloaded combofix then could you delete the current version of combofix you have and then follow these instructions:
Please visit this web page for instructions for downloading and running ComboFix
http://www.bleepingc...to-use-combofix
This includes installing the Windows XP Recovery Console in case you have not installed it yet. (All the instructions for installing the Recovery Console are in the above link, but for more information on the Windows XP Recovery Console read http://support.micro...com/kb/314058.)
Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.
Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
In your next reply could i see:
1. the Jotti log
2. the SDFix log
3. the combofix log
4. a new hijackthis log
The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.
andrewuk
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
