Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan removal - HJT and AV logs attached


  • Please log in to reply

#1
jckazz

jckazz

    Member

  • Member
  • PipPip
  • 16 posts
Please help me clean out my system. I am getting dropped internet connections and my internet service is eaten up sometimes. I am attaching the following logs ...

1. HJT log - updated to the most recent version
2. HJT Uninstall list
3. Kapersky Lab - virus scan results x 2

Thank you so much for your help.

Marc

Logfile of HijackThis v1.99.1
Scan saved at 3:36:21 PM, on 8/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Commander Pro\UPServ.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\G-VGA.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Commander Pro\UPS.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\IMVITE\IMVITE.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\downloads\hijackthis\hijackthis\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://my.yahoo.com"); (C:\Documents and Settings\marc\Application Data\Mozilla\Profiles\default\vir632vz.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\marc\Application Data\Mozilla\Profiles\default\vir632vz.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VGAUtil] C:\WINDOWS\System32\G-VGA.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://wow.bezeq.co....te/iftwclix.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensave.../sinstaller.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: UPSmart - Unknown owner - C:\Program Files\Commander Pro\UPServ.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - c:\MEDIAE~1.0\x10nets.exe (file missing)

=====================================================

3ivx D4 4.0.4 (remove only)
Actual Search & Replace Version 2.6.2
Ad-Aware SE Personal
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Download Manager 1.2 (Remove Only)
Adobe PageMaker 7.0
Adobe Photoshop 7.0
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 6.0
AOL Instant Messenger
ATI Control Panel
ATI Display Driver
AVG Free Edition
CCleaner (remove only)
Coding Workshop Ringtone Converter
Commander Pro
Core FTP Lite 1.2d
CorelDRAW 10
CorelDRAW Graphics Suite 12
DivX ;-) Audio Compressor 4.02
DivX Codec
DivX Player
DVDXCopy Platinum 4.0.3
eMule
ExtractNow
FinePrint
Font Creator 5.0
Foxmail 5.0
FreeDrive
GIGABYTE V-Tuner
GlucoseOne
HijackThis 1.99.1
hp deskjet 3420 series
hp deskjet 3420 series (Remove only)
HP Photo and Imaging 2.1 - Scanjet 36X0 Series
HP USB Disk Storage Format Tool
ImageShack QuickLoad
ImageStation Easy Upload Tools
IMVITE Messenger
IsoBuster 1.6
iTunes
J2SE Runtime Environment 5.0 Update 2
Java 2 Runtime Environment, SE v1.4.1_02
Java 2 Runtime Environment, SE v1.4.1_04
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_05
Java 2 Runtime Environment, SE v1.4.2_06
Java 2 SDK, SE v1.4.2_04
Java Web Start
Kaspersky On-line Scanner
Kazaa Lite K++ v2.4.3
Macromedia Shockwave Player
Marlin Lite
MediaCar (remove only)
MediaEngine 2.1.5
Microsoft .NET Framework 1.1
Microsoft AntiSpyware
Microsoft Office XP Media Content
Microsoft Office XP Professional with FrontPage
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Visual Studio .NET Enterprise Architect 2003 - English
Mozilla Firefox (1.0.6)
Mozilla Thunderbird (1.0.2)
MSDN Library - April 2003
MSN Messenger 7.0
MyDVD
NetBeans IDE 4.0
Netscape (7.1)
Palm Desktop
Palm Desktop
Palm VersaMail™
PowerDVD
PPPOE Alive
QuickTime
RealPlayer
Realtek AC'97 Audio
Ringtone Converter
RTLSetup
ScanFont v3.00
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB903235)
Self-Extracting Archive Utility
ShowBiz
Skype 1.1
Spybot - Search & Destroy 1.3
SpywareBlaster v3.4
TortoiseCVS 1.8.17
TSW WebCoder 4 en
Tweak UI
Update for Windows XP (KB898461)
USB Storage Driver
VERITAS RecordNow DX
VERITAS RecordNow DX Update Manager
VERITAS Simple Backup
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2

======================================================

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, August 07, 2005 11:04:35
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 7/08/2005
Kaspersky Anti-Virus database records: 134145
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - Critical Areas:
C:\WINDOWS
C:\DOCUME~1\marc\LOCALS~1\Temp\

Scan Statistics:
Total number of scanned objects: 18356
Number of viruses found: 1
Number of infected objects: 1
Number of suspicious objects: 0
Duration of the scan process: 897 sec

Infected Object Name - Virus Name
C:\WINDOWS\system32\iegfxfrw.dll Infected: Trojan.Win32.StartPage.iv

Scan process completed.


======================================================

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, August 07, 2005 14:03:45
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 7/08/2005
Kaspersky Anti-Virus database records: 134145
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 156719
Number of viruses found: 9
Number of infected objects: 44
Number of suspicious objects: 0
Duration of the scan process: 10628 sec

Infected Object Name - Virus Name
C:\Documents and Settings\marc\Application Data\Thunderbird\Profiles\jifmej0y.default\Mail\Local Folders\junk/[From karinbr@bezeqint.net][Date Tue, 12 Apr 2005 08:35:20 +0200]/readme.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\marc\Application Data\Thunderbird\Profiles\jifmej0y.default\Mail\Local Folders\junk/[From karinbr@bezeqint.net][Date Tue, 12 Apr 2005 08:35:20 +0200]/readme.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\marc\Application Data\Thunderbird\Profiles\jifmej0y.default\Mail\Local Folders\junk Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\marc\Application Data\Thunderbird2\Profiles\jifmej0y.default\Mail\Local Folders\junk/[From karinbr@bezeqint.net][Date Tue, 12 Apr 2005 08:35:20 +0200]/readme.zip/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\marc\Application Data\Thunderbird2\Profiles\jifmej0y.default\Mail\Local Folders\junk/[From karinbr@bezeqint.net][Date Tue, 12 Apr 2005 08:35:20 +0200]/readme.zip Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\marc\Application Data\Thunderbird2\Profiles\jifmej0y.default\Mail\Local Folders\junk Infected: Email-Worm.Win32.NetSky.q
C:\Documents and Settings\marc\Local Settings\Temporary Internet Files\Content.IE5\INQVIT2R\stubinstaller5041[1].ex_ Infected: Trojan-Downloader.Win32.Small.asf
C:\Documents and Settings\marc\Local Settings\Temporary Internet Files\Content.IE5\O1KT2FW5\optimize[1].exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\Documents and Settings\srulik\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-34e2b6fd-6c76c2cc.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.e
C:\Documents and Settings\srulik\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-34e2b6fd-6c76c2cc.zip Infected: Trojan-Downloader.Java.OpenConnection.e
C:\Documents and Settings\srulik\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-6ccc0c4-709e78c0.zip/binny/binny.class Infected: Trojan-Dropper.Java.Beyond.d
C:\Documents and Settings\srulik\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-6ccc0c4-709e78c0.zip Infected: Trojan-Dropper.Java.Beyond.d
C:\Documents and Settings\srulik\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-797cd619-4a8819aa.zip/Beyond.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\srulik\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-797cd619-4a8819aa.zip Infected: Exploit.Java.Bytverify
C:\downloads\dvdxcopy_crack\dvdxcopyplatinumv321_TcIwLeOrQrLkExHv.zip/install_cheat_001.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.ki
C:\downloads\dvdxcopy_crack\dvdxcopyplatinumv321_TcIwLeOrQrLkExHv.zip/install_cheat_001.exe Infected: Trojan-Downloader.Win32.IstBar.ki
C:\downloads\dvdxcopy_crack\dvdxcopyplatinumv321_TcIwLeOrQrLkExHv.zip Infected: Trojan-Downloader.Win32.IstBar.ki
C:\downloads\dvdxcopy_crack\dvdxcopyxpress321_GjEmBsVxRjAbEuIw\install_cheat_001.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.ki
C:\downloads\dvdxcopy_crack\dvdxcopyxpress321_GjEmBsVxRjAbEuIw\install_cheat_001.exe Infected: Trojan-Downloader.Win32.IstBar.ki
C:\downloads\dvdxcopy_crack\dvdxcopyxpress321_GjEmBsVxRjAbEuIw.zip/install_cheat_001.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.ki
C:\downloads\dvdxcopy_crack\dvdxcopyxpress321_GjEmBsVxRjAbEuIw.zip/install_cheat_001.exe Infected: Trojan-Downloader.Win32.IstBar.ki
C:\downloads\dvdxcopy_crack\dvdxcopyxpress321_GjEmBsVxRjAbEuIw.zip Infected: Trojan-Downloader.Win32.IstBar.ki
C:\downloads\foxmail\Re_ Submit a Virus Sample.RB0/[From support@symantec.com][Date Wed, 30 Mar 2005 09:22:19 +0200]/datfiles.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q
C:\downloads\foxmail\Re_ Submit a Virus Sample.RB0/[From support@symantec.com][Date Wed, 30 Mar 2005 09:22:19 +0200]/datfiles.zip Infected: Email-Worm.Win32.NetSky.q
C:\downloads\foxmail\Re_ Submit a Virus Sample.RB0 Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Foxmail\mail\marc\in.BOX/[From "Network Solutions, Inc." <NetworkSolutions@info1.networksolutions.com>][Date Thu, 25 Sep 2003 11:07:03 -0400]/UNNAMED/[From jaime saso <sasoj@yahoo.com>][Date Thu, 25 Sep 2003 10:57:51 -0700 (PDT)]/UNNAMED/[From sales@zenowatchbasel.com][Date Sat, 27 Sep 2003 20:10:16 -0700]/text/[From "Pat Wingate" <pat@tic-tock.com>][Date Tue, 30 Sep 2003 16:45:24 -0500]/UNNAMED ... ... /[From [oi8-r?B?4sHbZd ... /document.txt .exe Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Foxmail\mail\marc\in.BOX/[From "Network Solutions, Inc." <NetworkSolutions@info1.networksolutions.com>][Date Thu, 25 Sep 2003 11:07:03 -0400]/UNNAMED/[From jaime saso <sasoj@yahoo.com>][Date Thu, 25 Sep 2003 10:57:51 -0700 (PDT)]/UNNAMED/[From sales@zenowatchbasel.com][Date Sat, 27 Sep 2003 20:10:16 -0700]/text/[From "Pat Wingate" <pat@tic-tock.com>][Date Tue, 30 Sep 2003 16:45:24 -0500]/UNNAMED ... ... /[From [oi8-r?B?4sHbZdcg8C5DLg<dawh@69.182.140.88.adsl.snet.net>][Date Tue, 29 Mar 2005 17:25:19 -0600]/UNNAMED Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Foxmail\mail\marc\in.BOX/[From "Network Solutions, Inc." <NetworkSolutions@info1.networksolutions.com>][Date Thu, 25 Sep 2003 11:07:03 -0400]/UNNAMED/[From jaime saso <sasoj@yahoo.com>][Date Thu, 25 Sep 2003 10:57:51 -0700 (PDT)]/UNNAMED/[From sales@zenowatchbasel.com][Date Sat, 27 Sep 2003 20:10:16 -0700]/text/[From "Pat Wingate" <pat@tic-tock.com>][Date Tue, 30 Sep 2003 16:45:24 -0500]/UNNAMED ... /[From "Outstanding Daily News" <OutstandingDail ... /[From carol@tic-tock.com][Date Mon Dec 1 18:06:11 2003]/text Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Foxmail\mail\marc\in.BOX/[From "Network Solutions, Inc." <NetworkSolutions@info1.networksolutions.com>][Date Thu, 25 Sep 2003 11:07:03 -0400]/UNNAMED/[From jaime saso <sasoj@yahoo.com>][Date Thu, 25 Sep 2003 10:57:51 -0700 (PDT)]/UNNAMED/[From sales@zenowatchbasel.com][Date Sat, 27 Sep 2003 20:10:16 -0700]/text/[From "Pat Wingate" <pat@tic-tock.com>][Date Tue, 30 Sep 2003 16:45:24 -0500]/UNNAMED ... /[From "Outstanding Daily News" <OutstandingDailyNews@ecstaticmagic.com>][Date Mon, 1 Dec 2003 09:38:11 +0200]/html Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Foxmail\mail\marc\in.BOX/[From "Network Solutions, Inc." <NetworkSolutions@info1.networksolutions.com>][Date Thu, 25 Sep 2003 11:07:03 -0400]/UNNAMED/[From jaime saso <sasoj@yahoo.com>][Date Thu, 25 Sep 2003 10:57:51 -0700 (PDT)]/UNNAMED/[From sales@zenowatchbasel.com][Date Sat, 27 Sep 2003 20:10:16 -0700]/text/[From "Pat Wingate" <pat@tic-tock.com>][Date Tue, 30 Sep 2003 16:45:24 -0500]/UNNAMED/[From shop ... /[From Israel Hasbara Committee <adminsec@infoisrael.net>][Date Thu, 27 Nov 2003 21:17:11 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Foxmail\mail\marc\in.BOX/[From "Network Solutions, Inc." <NetworkSolutions@info1.networksolutions.com>][Date Thu, 25 Sep 2003 11:07:03 -0400]/UNNAMED/[From jaime saso <sasoj@yahoo.com>][Date Thu, 25 Sep 2003 10:57:51 -0700 (PDT)]/UNNAMED/[From sales@zenowatchbasel.com][Date Sat, 27 Sep 2003 20:10:16 -0700]/text/[From "Pat Wingate" <pat@tic-tock.com>][Date Tue, 30 Sep 2003 16:45:24 -0500]/UNNAMED/[From shopper@uk.worl ... /[From "Stephanie Smith" <stephanie@tic-tock.com>][Date Wed, 26 Nov 2003 17:05:07 -0600]/text Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Foxmail\mail\marc\in.BOX/[From "Network Solutions, Inc." <NetworkSolutions@info1.networksolutions.com>][Date Thu, 25 Sep 2003 11:07:03 -0400]/UNNAMED/[From jaime saso <sasoj@yahoo.com>][Date Thu, 25 Sep 2003 10:57:51 -0700 (PDT)]/UNNAMED/[From sales@zenowatchbasel.com][Date Sat, 27 Sep 2003 20:10:16 -0700]/text/[From "Pat Wingate" <pat@tic-tock.com>][Date Tue, 30 Sep 2003 16:45:24 -0500]/UNNAMED/[From shopper@uk.worldpay.com][Date Wed, 01 Oct 2003 04:58:00 GMT]/UNNAMED Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Foxmail\mail\marc\in.BOX/[From "Network Solutions, Inc." <NetworkSolutions@info1.networksolutions.com>][Date Thu, 25 Sep 2003 11:07:03 -0400]/UNNAMED/[From jaime saso <sasoj@yahoo.com>][Date Thu, 25 Sep 2003 10:57:51 -0700 (PDT)]/UNNAMED/[From sales@zenowatchbasel.com][Date Sat, 27 Sep 2003 20:10:16 -0700]/text/[From "Pat Wingate" <pat@tic-tock.com>][Date Tue, 30 Sep 2003 16:45:24 -0500]/UNNAMED Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Foxmail\mail\marc\in.BOX/[From "Network Solutions, Inc." <NetworkSolutions@info1.networksolutions.com>][Date Thu, 25 Sep 2003 11:07:03 -0400]/UNNAMED/[From jaime saso <sasoj@yahoo.com>][Date Thu, 25 Sep 2003 10:57:51 -0700 (PDT)]/UNNAMED/[From sales@zenowatchbasel.com][Date Sat, 27 Sep 2003 20:10:16 -0700]/text Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Foxmail\mail\marc\in.BOX/[From "Network Solutions, Inc." <NetworkSolutions@info1.networksolutions.com>][Date Thu, 25 Sep 2003 11:07:03 -0400]/UNNAMED/[From jaime saso <sasoj@yahoo.com>][Date Thu, 25 Sep 2003 10:57:51 -0700 (PDT)]/UNNAMED Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Foxmail\mail\marc\in.BOX/[From "Network Solutions, Inc." <NetworkSolutions@info1.networksolutions.com>][Date Thu, 25 Sep 2003 11:07:03 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Foxmail\mail\marc\in.BOX Infected: Email-Worm.Win32.NetSky.q
C:\Program Files\Foxmail\mail\mfischma\in.BOX/[From from quoted-printable to 8bit by server1.watchparadise.com id LAA07140][Date Tue, 8 Jul 2003 08:27:00 -0700]/text/[From Microsoft Corporation Internet Security Center][Date Date header was inserted by SMTP.Prodigy.Net.mx]/UNNAMED Infected: Email-Worm.Win32.Swen
C:\Program Files\Foxmail\mail\mfischma\in.BOX/[From from quoted-printable to 8bit by server1.watchparadise.com id LAA07140][Date Tue, 8 Jul 2003 08:27:00 -0700]/text/[From Microsoft Inet Mail Storage Service <emailengine@rocketmail.com>][Date Date header was inserted by SMTP.Prodigy.Net.mx]/UNNAMED/UNNAMED Infected: Email-Worm.Win32.Swen
C:\Program Files\Foxmail\mail\mfischma\in.BOX/[From from quoted-printable to 8bit by server1.watchparadise.com id LAA07140][Date Tue, 8 Jul 2003 08:27:00 -0700]/text/[From Microsoft Inet Mail Storage Service <emailengine@rocketmail.com>][Date Date header was inserted by SMTP.Prodigy.Net.mx]/UNNAMED Infected: Email-Worm.Win32.Swen
C:\Program Files\Foxmail\mail\mfischma\in.BOX/[From from quoted-printable to 8bit by server1.watchparadise.com id LAA07140][Date Tue, 8 Jul 2003 08:27:00 -0700]/text Infected: Email-Worm.Win32.Swen
C:\Program Files\Foxmail\mail\mfischma\in.BOX Infected: Email-Worm.Win32.Swen
C:\Program Files\Microsoft AntiSpyware\Quarantine\B4286304-63FF-4816-A638-957D0B\1980BEF1-4C98-4F59-BEC2-AA23AD Infected: Trojan-Downloader.Win32.Small.asf
C:\WINDOWS\system32\iegfxfrw.dll Infected: Trojan.Win32.StartPage.iv

Scan process completed.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP