View Full Version : Malvare :( Virtumonde? Metajuan.Trojan?
Hey out there...
Hopefully i can find help over here. Anyway, I would like thank you in advance for any help.
I'm infected with some malware for two weeks now. I get strange popups in IE and Firefox. Advertising for AV-Software. The ads on some homepages get replaced by AV-ads.
Norton AV gives me alerts for Metajuan.trojan, and blocks connecting tempts.
Spybot finds Virtumonde.dll, but crashes when I try to remove the infection.
This is what I get from Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 16:14:40, on 17/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\M-Audio\Install\EvoInst.exe
C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\vsnp2uvc.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Steve\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [d0551a2b] rundll32.exe "C:\WINDOWS\system32\xhkujkcs.dll",b
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sail.lu
O17 - HKLM\Software\..\Telephony: DomainName = sail.lu
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB3000A0-66C7-4083-A44E-24889A77B018}: Domain = sail.lu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sail.lu
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: M-Audio Installer (EvoInstallerService) - Unknown owner - C:\Program Files\M-Audio\Install\EvoInst.exe
O23 - Service: M-Audio Fast Track Installer (FastTrackInstallerService) - Avid Technology, Inc. - C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
and here's the Kaspersky log as requested:
Sunday, February 17, 2008 5:52:59 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/02/2008
Kaspersky Anti-Virus database records: 570059
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~1\Steve\LOCALS~1\Temp\
Scan Statistics
Total number of scanned objects 16653
Number of viruses found 2
Number of infected objects 3
Number of suspicious objects 0
Duration of the scan process 00:12:17
Infected Object Name Virus Name Last Action
C:\WINDOWS\$_hpcst$.hpc Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{45DFB21F-2F1E-402D-86F4-AF680F4212DA}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\ckpNotify.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\ddcyvsp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\rpskslwb.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\vtstr.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.imh skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
pskelley
2008-02-19, 13:41
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
Please read the directions again, your HJT log is out of date and the Kaspersky scan:
Under "select a target to scan", select My Computer.
Do not run and post another Kaspersky scan now until I request it. You are infected, if you still need help, I suggest you keep this computer offline except when troubleshooting, the junk may download more.
Download Trend Micro Hijack This™
http://download.bleepingcomputer.com/hijackthis/HJTInstall.exe
Doubleclick the HJTInstall.exe to start it.
By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.
HijackThis will open after install. Press the Scan button below.
This will start the scan and open a log.
Copy and paste the contents of the log in your next reply.
I will respond as soon as possible after you post the correct HJT log.
Thanks
Thank you very much.
Here's the new log:
-------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:54:31, on 19/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\M-Audio\Install\EvoInst.exe
C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymSCUI.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\WINDOWS\vsnp2uvc.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [d0551a2b] rundll32.exe "C:\WINDOWS\system32\qbmjblnh.dll",b
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sail.lu
O17 - HKLM\Software\..\Telephony: DomainName = sail.lu
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB3000A0-66C7-4083-A44E-24889A77B018}: Domain = sail.lu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sail.lu
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: M-Audio Installer (EvoInstallerService) - Unknown owner - C:\Program Files\M-Audio\Install\EvoInst.exe
O23 - Service: M-Audio Fast Track Installer (FastTrackInstallerService) - Avid Technology, Inc. - C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 12089 bytes
pskelley
2008-02-19, 22:55
Thanks for returning your information, if you should have Vundofix onboard, delete it and download it new from the link I provided.
Thanks to Atribune and any others who helped with this fix.
http://vundofix.atribune.org/ <<< tutorial
"Download VundoFix" to your Desktop
http://www.atribune.org/ccount/click.php?id=4
Double-click VundoFix.exe to run it.
When VundoFix opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will attempt run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot. Vundofix.txt will be on the C:\
Post the Vundofix.txt and a new HJT log
Thanks
thank you very much for yor quick response.
here's the vundofix.txt:
--------------------------------------------------------
VundoFix V6.7.8
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Scan started at 00:26:22 20/02/2008
Listing files found while scanning....
C:\WINDOWS\system32\cqnoxcsh.dll
C:\WINDOWS\system32\cuoujbig.dll
C:\WINDOWS\system32\ddcyvsp.dll
C:\WINDOWS\system32\ddcyw.dll
C:\WINDOWS\system32\ehedbtej.dll
C:\WINDOWS\system32\hnlbjmbq.ini
C:\WINDOWS\system32\hscxonqc.ini
C:\WINDOWS\system32\qbmjblnh.dll
C:\WINDOWS\system32\vtstr.dll
C:\windows\system32\wycdd.ini
C:\windows\system32\wycdd.ini2
Beginning removal...
Attempting to delete C:\WINDOWS\system32\cqnoxcsh.dll
C:\WINDOWS\system32\cqnoxcsh.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\cuoujbig.dll
C:\WINDOWS\system32\cuoujbig.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddcyvsp.dll
C:\WINDOWS\system32\ddcyvsp.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\ddcyw.dll
C:\WINDOWS\system32\ddcyw.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ehedbtej.dll
C:\WINDOWS\system32\ehedbtej.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hnlbjmbq.ini
C:\WINDOWS\system32\hnlbjmbq.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\hscxonqc.ini
C:\WINDOWS\system32\hscxonqc.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\qbmjblnh.dll
C:\WINDOWS\system32\qbmjblnh.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\vtstr.dll
C:\WINDOWS\system32\vtstr.dll Has been deleted!
Attempting to delete C:\windows\system32\wycdd.ini
C:\windows\system32\wycdd.ini Has been deleted!
Attempting to delete C:\windows\system32\wycdd.ini2
C:\windows\system32\wycdd.ini2 Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\cqnoxcsh.dll
C:\WINDOWS\system32\cqnoxcsh.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddcyvsp.dll
C:\WINDOWS\system32\ddcyvsp.dll Could not be deleted.
Performing Repairs to the registry.
Done!
----------------------------------------------------------
and the hjt log:
-----------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:24:44, on 20/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\M-Audio\Install\EvoInst.exe
C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\vsnp2uvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymSCUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [d0551a2b] rundll32.exe "C:\WINDOWS\system32\ymfnbomx.dll",b
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sail.lu
O17 - HKLM\Software\..\Telephony: DomainName = sail.lu
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB3000A0-66C7-4083-A44E-24889A77B018}: Domain = sail.lu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sail.lu
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: M-Audio Installer (EvoInstallerService) - Unknown owner - C:\Program Files\M-Audio\Install\EvoInst.exe
O23 - Service: M-Audio Fast Track Installer (FastTrackInstallerService) - Avid Technology, Inc. - C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 12008 bytes
pskelley
2008-02-20, 01:47
Thanks for returning your information, I am showing this:
C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
Has something to do with a USB2.0 PC Camera driver
can you assure me you know that item.
C:\Program Files\CheckPoint\ <<< what services does this program provide you with?
1) How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm. Click OK.
You may reverse this for safety when we are finished.
2) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.
3) Open Vundofix by Doubleclicking on it, then point your mouse to the white box above the buttons and right click, then click on Add More Files. When the next window opens,
copy and paste the files into the boxes and click on Add File(s), then click on Close Window. Then click Remove Vundo.
(File to add)
C:\WINDOWS\system32\ymfnbomx.dll
4) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
O4 - HKLM\..\Run: [d0551a2b] rundll32.exe "C:\WINDOWS\system32\ymfnbomx.dll",b
Close all programs but HJT and all browser windows, then click on "Fix Checked"
5) Right click Start > Explore and navigate to these files/folders and delete them if there.
C:\WINDOWS\system32\ymfnbomx.dll <<< check to be sure that file is gone.
Run ATF Cleaner
6) Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
Restart and post a new HJT log. Let me know how the computer is running.
Thanks
Hi Pskelley,
thank you very much! Your help is most appreciated.
vsnp2uvc.exe belongs indeed to my webcam. I'm only surprised to see that is in the Windows folder and in the program files folder.
Checkpoint is a VPN I use for professional purpose.
Here the new HJT-Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:49:16, on 20/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\M-Audio\Install\EvoInst.exe
C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\vsnp2uvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sail.lu
O17 - HKLM\Software\..\Telephony: DomainName = sail.lu
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB3000A0-66C7-4083-A44E-24889A77B018}: Domain = sail.lu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sail.lu
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: M-Audio Installer (EvoInstallerService) - Unknown owner - C:\Program Files\M-Audio\Install\EvoInst.exe
O23 - Service: M-Audio Fast Track Installer (FastTrackInstallerService) - Avid Technology, Inc. - C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 11732 bytes
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
There are no more pop-ups right now! It seems like all the scum has gone! Thank you very much!!! Any further suggestions?
pskelley
2008-02-21, 01:09
Thanks for the feedback, sounds good. Let's have a look at a Kaspersky online scan using these settings.
* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make that the following are selected:
* Scan using the following Anti-Virus database:
* Standard
* Scan Options:
* Scan Archives
* Scan Mail Bases
* Click OK
* Now under select a target to scan:
* Select My Computer
* This will program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
* Now click on the Save as Text button:
* Save the file to your desktop.
Then post it here.
Thanks...Phil
Thank you Phil...
that Kaspersky report doesnt look as good as I expected... but I wonder if most of this dirt I have filed under thunderbird is not in my spam or trash folder. I'll empty those and run Kaspersky again.
__________________________________________________
Thursday, February 21, 2008 9:21:52 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/02/2008
Kaspersky Anti-Virus database records: 531277
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
G:\
Scan Statistics
Total number of scanned objects 80224
Number of viruses found 6
Number of infected objects 83
Number of suspicious objects 0
Duration of the scan process 01:14:37
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-02-21_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\abook.mab Object is locked skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\cert8.db Object is locked skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\key3.db Object is locked skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Inbox.msf Object is locked skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Junk/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNNAMED/[From "edging" ][Date Wed, 15 Mar 2006 12:40:40 -0800]/text/[From "Violet Munson" ][Date Thu, 16 Mar 2006 12:00:20 +0100]/UNNAMED ... /[From "VOLKSBANKEN RAIFFEISENBANKEN 2006" ][Date Thu, 16 Mar 2006 21:52:36 +0100]/html Infected: Trojan-Spy.HTML.Bankfraud.od skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Junk/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNNAMED/[From "edging" ][Date Wed, 15 Mar 2006 12:40:40 -0800]/text/[From "Violet Munson" ][Date Thu, 16 Mar 2006 12:00:20 +0100 ... /[From "VOLKSBANKEN RAIFFEISENBANKEN 2006" ][Date Thu, 16 Mar 2006 21:52:36 +0100]/advisable.gif Infected: Trojan-Spy.HTML.Bankfraud.ot skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Junk/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNNAMED/[From "edging" ][Date Wed, 15 Mar 2006 12:40:40 -0800]/text/[From "Violet Munson" ][Date Thu, 16 Mar 2006 12:00:20 +0100]/UNNAMED/[From "Micah Bowman" ][Date Fri, 17 Mar 2006 02:34:21 +0600]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ot skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Junk/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNNAMED/[From "edging" ][Date Wed, 15 Mar 2006 12:40:40 -0800]/text/[From "Violet Munson" ][Date Thu, 16 Mar 2006 12:00:20 +0100]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ot skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Junk/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNNAMED/[From "edging" ][Date Wed, 15 Mar 2006 12:40:40 -0800]/text Infected: Trojan-Spy.HTML.Bankfraud.ot skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Junk/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ot skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Junk/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ot skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Junk Mail Berkeley mbox: infected - 7 skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Sent.msf Object is locked skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500] ... /[From "VOLKSBANKEN RAIFFEISENBANKEN 2006" ][Date Thu, 16 Mar 2006 21:52:36 +0100]/html Infected: Trojan-Spy.HTML.Bankfraud.od skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04: ... /[From "VOLKSBANKEN RAIFFEISENBANKEN 2006" ][Date Thu, 16 Mar 2006 21:52:36 +0100]/advisable.gif Infected: Trojan-Spy.HTML.Bankfraud.ot skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Volksbanken Raiffeisenbanken AG" ][Date Fri, 17 Mar 2006 02:07:55 +010 ... /html Infected: Trojan-Spy.HTML.Bankfraud.od skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Volksbanken Raiffeisenbanken AG" ][Date Fri, 17 Mar 2006 02:07:5 ... /amount.gif Infected: Trojan-Spy.HTML.Bankfraud.ot skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... /[ ... /[From "POSTBANK" ][Date Wed, 22 Mar 2006 06:10:43 -0100]/html Infected: Trojan-Spy.HTML.Bankfraud.ok skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... ... /[From "DEUTSCHE POSTBANK" ][Date Thu, 20 Apr 2006 15:35:58 +0200]/html Infected: Trojan-Spy.HTML.Bankfraud.ok skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... /[Fro ... /[From "Postbank AG" ][Date Fri, 21 Apr 2006 06:15:16 +0200]/html Infected: Trojan-Spy.HTML.Bankfraud.ok skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... / ... /[From "Postbank 2006" ][Date Fri, 21 Apr 2006 08:16:02 +0200]/html Infected: Trojan-Spy.HTML.Bankfraud.ok skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... /[Fr . ... /[From Grady Ols ... /[From serv@megaman.com][Date Tue, 5 Dec 2006 13:02:57 +0100]/UNNAMED Infected: Email-Worm.Win32.Warezov.fb skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... /[Fr . ... /[From Grady Olson ][Date Tue, 05 Dec 2006 04:51:22 -0500]/UNNAMED Infected: Email-Worm.Win32.Warezov.fb skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... /[Fr ... / .. ... /[From " Remer" ][Date Tue, 5 Dec 2006 13:11:40 +0400]/html Infected: Email-Worm.Win32.Warezov.fb skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... /[Fr ... / ... /[From Tyson Foote ][Date Tue, 05 Dec 2006 05:29:25 -0400]/UNNAMED Infected: Email-Worm.Win32.Warezov.fb skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... /[Fr ... /[ ... /[F ... /[From "Ina" ][Date Tue, 05 Dec 2006 03:19:43 -0800]/text Infected: Email-Worm.Win32.Warezov.fb skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... /[Fr ... /[ ... /[From Chi Askew ][Date Tue, 5 Dec 2006 06:01:31 -0500]/UNNAMED Infected: Email-Worm.Win32.Warezov.fb skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... .. ... ... /[From Mercy S.Mcmillan ][Date Fri, 29 Dec 2006 12:21:13 +0800]/UNNAMED Infected: Email-Worm.Win32.Luder.a skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... .. ... /[From "Phillip Alford" ][Date Fri, 29 Dec 2006 00:57:31 -0200]/UNNAMED Infected: Email-Worm.Win32.Luder.a skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... ... / ... /[From "Dina" ][Date Fri, 29 Dec 2006 10:21:25 -0800]/text Infected: Email-Worm.Win32.Luder.a skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... ... /[From "Stacie Gabriel" ][Date Thu, 28 Dec 2006 20:35:49 -0100]/UNNAMED Infected: Email-Worm.Win32.Luder.a skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... /[ ... ... /[From "Dana Flynn" ][Date Fri, 29 Dec 2006 03:12:44 +0600]/UNNAMED Infected: Email-Worm.Win32.Luder.a skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... /[ ... /[From "Millard Vigil" ][Date Thu, 28 Dec 2006 16:13:12 -0300]/UNNAMED Infected: Email-Worm.Win32.Luder.a skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... /[Fr ... /[From "Claude Dougherty" ][Date Thu, 28 Dec 2006 13:03:50 -0500]/text Infected: Email-Worm.Win32.Luder.a skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... /[From "Ferd ... /[From Morton M.Jock ][Date Sat, 30 Dec 2006 03:11:32 -0800]/UNNAMED Infected: Email-Worm.Win32.Luder.a skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... /[From "Ferdinand Maxwell" ][Date Sat, 30 Dec 2006 09:02:24 -0200]/UNNAMED Infected: Email-Worm.Win32.Luder.a skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... ... ... ... /[From "Bert Blair" ][Date Sat, 30 Dec 2006 12:49:05 +0200]/UNNAMED Infected: Email-Worm.Win32.Luder.a skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... ... ... ... /[From Al Ferguson ][Date Sat, 30 Dec 2006 08:59:31 +0500]/UNNAMED Infected: Email-Worm.Win32.Luder.a skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... ... ... /[From "Kip Smart" ][Date Fri, 29 Dec 2006 22:36:56 -0500]/text Infected: Email-Worm.Win32.Luder.a skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... ... / ... . .. . ... /[From Eve ][Date Fri, 29 Dec 2006 21:27:14 -0600]/text Infected: Email-Worm.Win32.Luder.a skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... ... / ... . .. ... /[From "Nannie Hoyt" ][Date Fri, 29 Dec 2006 20:43:27 -0600]/UNNAMED Infected: Email-Worm.Win32.Luder.a skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... ... / ... . ... /[From "SELF ANTONINA" ][Date Fri, 29 Dec 2006 18:49:22 -0800]/UNNAMED Infected: Email-Worm.Win32.Luder.a skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... ... / ... ... /[From "Are you really" ][Date Sat, 30 Dec 2006 00:39:02 -0200]/text Infected: Email-Worm.Win32.Luder.a skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... ... / ... /[From "Morgan Jones" ][Date Fri, 29 Dec 2006 20:39:49 -0400]/UNNAMED Infected: Email-Worm.Win32.Luder.a skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... ... /[Fro ... /[From Helga Lowry ][Date Fri, 29 Dec 2006 21:30:58 -0200]/UNNAMED Infected: Email-Worm.Win32.Luder.a skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... ... /[From "Luann Rodrigues" ][Date Fri, 29 Dec 2006 21:17:30 -0100]/UNNAMED Infected: Email-Worm.Win32.Luder.a skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... .. ... /[From "Kimball Hannold" ][Date Fri, 29 Dec 2006 23:24:07 +0100]/UNNAMED Infected: Email-Worm.Win32.Luder.a skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... ... /[From "Glenda Blankenship" ][Date Fri, 29 Dec 2006 20:16:28 -0100]/UNNAMED Infected: Email-Worm.Win32.Luder.a skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... ... /[From indiscreet ][Date Sat, 30 Dec 2006 18:00:22 +0100]/UNNAMED Infected: Email-Worm.Win32.Luder.a skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... ... /[From "Robt Schwartz" ][Date Sat, 30 Dec 2006 12:00:52 -0400]/UNNAMED Infected: Email-Worm.Win32.Luder.a skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... ... ... /[From carelessness ][Date Sun, 31 Dec 2006 08:36:31 +0000]/UNNAMED Infected: Email-Worm.Win32.Luder.a skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... ... /[From "Lottie Shields" ][Date Sun, 31 Dec 2006 10:35:02 +0300]/UNNAMED Infected: Email-Worm.Win32.Luder.a skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... ... /[From ... /[From "Dusty@vvm.com" ][Date Sun, 07 Jan 2007 05:13:40 -0500]/UNNAMED Infected: Backdoor.Win32.Agent.akf skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... ... /[From "Georgette Spangler" ][Date Sun, 07 Jan 2007 07:16:13 -0200]/text Infected: Backdoor.Win32.Agent.akf skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... /[From " ... /[From after the ][Date Sun, 7 Jan 2007 12:22:06 +0300]/UNNAMED Infected: Backdoor.Win32.Agent.akf skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... /[From "Justin Brown" ][Date Sun, 07 Jan 2007 14:32:60 +0530]/UNNAMED Infected: Backdoor.Win32.Agent.akf skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... ... /[From "Cherry Blanchard" ][Date Sun, 07 Jan 2007 11:27:24 +0300]/UNNAMED Infected: Backdoor.Win32.Agent.akf skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... /[Fr ... /[From "Orgye ... /[From Valerie.Clerc.2@unil.ch][Date Fri, 09 Jun 2006 12:33:08 +0200]/text Infected: Backdoor.Win32.Agent.akf skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... /[Fr ... /[From "Orgyen Gli " ][Date Thu, 08 Jun 2006 20:38:52 -0500]/text Infected: Backdoor.Win32.Agent.akf skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... /[From "Electrobel.be Mailbot" ][Date Fri, 2 Jun 2006 01:47:38 +0200]/UNNAMED Infected: Backdoor.Win32.Agent.akf skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... /[From ... /[From "Lilian Byers" ][Date Fri, 12 May 2006 17:18:26 +0500]/UNNAMED Infected: Backdoor.Win32.Agent.akf skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... /[From .. ... /[From "WEB.DE informiert" ][Date Fri, 12 May 2006 12:13:55 +0200]/UNNAMED Infected: Backdoor.Win32.Agent.akf skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... /[From ... ... /[From "OLA HURT" ][Date Fri, 12 May 2006 05:33:55 -0600]/UNNAMED Infected: Backdoor.Win32.Agent.akf skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... /[From ... /[From "Othella Penn" ][Date Fri, 05 May 2006 05:34:13 -0800]/text Infected: Backdoor.Win32.Agent.akf skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... /[From .. ... /[From "Liliana " ][Date Fri, 28 Apr 2006 08:28:11 -0500]/UNNAMED Infected: Backdoor.Win32.Agent.akf skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... /[From ... /[F ... /[From durbuyrockfestival@binhost.com][Date Thu, 20 Apr 2006 10:21:52 EDT]/UNNAMED Infected: Backdoor.Win32.Agent.akf skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... /[From ... /[From "Audra Connelly" ][Date Fri, 21 Apr 2006 13:47:49 +0200]/text Infected: Backdoor.Win32.Agent.akf skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... ... /[From Dexter Downing ][Date Fri, 21 Apr 2006 05:16:47 -0600]/UNNAMED Infected: Backdoor.Win32.Agent.akf skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... /[From ... / ... /[From "Judd Stringer" ][Date Thu, 20 Apr 2006 22:46:05 -0800]/text Infected: Backdoor.Win32.Agent.akf skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... /[From ... /[From "Etta Cunningham" ][Date Thu, 20 Apr 2006 07:12:36 -0500]/UNNAMED Infected: Backdoor.Win32.Agent.akf skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... /[From ... ... /[From "Bi ... /[From postmaster@unine.ch][Date Fri, 28 Apr 2006 15:39:02 +0200]/UNNAMED Infected: Backdoor.Win32.Agent.akf skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... /[From ... ... /[From "Bibianita M." ][Date Fri, 31 Mar 2006 14:11:02 +0300]/text Infected: Backdoor.Win32.Agent.akf skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... /[From ... /[From "Brock Mcqueen" ][Date Fri, 24 Mar 2006 08:28:55 -0600]/UNNAMED Infected: Backdoor.Win32.Agent.akf skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... /[From "Mngr ... /[From Rachel Feldman ][Date Fri, 24 Mar 2006 05:11:44 -0200]/UNNAMED Infected: Backdoor.Win32.Agent.akf skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... /[From "Mngr ... / ... /[From "Lenz Felicia" ][Date Thu, 23 Mar 2006 20:09:24 -0800]/UNNAMED Infected: Backdoor.Win32.Agent.akf skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... /[From "Mngr ... /[From "Ott Debra " ][Date Tue, 21 Mar 2006 09:47:28 -0500]/UNNAMED Infected: Backdoor.Win32.Agent.akf skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... /[From "Mngr. ... /[From "WEB.DE informiert" ][Date Thu, 16 Mar 2006 11:46:59 +0100]/UNNAMED Infected: Backdoor.Win32.Agent.akf skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Vo ... /[From "Mngr. nertishekwan" ][Date Fri, 17 Mar 2006 04:21:21 +0100]/UNNAMED Infected: Backdoor.Win32.Agent.akf skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNN ... /[From "Volksbanken Raiffeisenbanken AG" ][Date Fri, 17 Mar 2006 02:07:55 +0100]/UNNAMED Infected: Backdoor.Win32.Agent.akf skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNNAMED/[From "edging" ][Date Thu, 16 Mar 2006 23:08:56 +0200]/UNNAMED Infected: Backdoor.Win32.Agent.akf skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNNAMED/[From "edging" ][Date Fri, 17 Mar 2006 02:34:21 +0600]/UNNAMED Infected: Backdoor.Win32.Agent.akf skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNNAMED/[From "edging" ][Date Thu, 16 Mar 2006 12:00:20 +0100]/UNNAMED Infected: Backdoor.Win32.Agent.akf skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNNAMED/[From "edging" ][Date Wed, 15 Mar 2006 12:40:40 -0800]/text Infected: Backdoor.Win32.Agent.akf skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED/[From "Phil Angles" ][Date Wed, 15 Mar 2006 22:04:34 -0500]/UNNAMED Infected: Backdoor.Win32.Agent.akf skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED/[From "Muriel Peck" ][Date Wed, 15 Mar 2006 21:53:12 -0700]/UNNAMED Infected: Backdoor.Win32.Agent.akf skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED/[From "Olivier | tilllate.com" ][Date Thu, 16 Mar 2006 19:57:08 +0100]/UNNAMED Infected: Backdoor.Win32.Agent.akf skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/[From "JOHNNA" ][Date Wed, 15 Mar 2006 05:33:42 -0600]/UNNAMED Infected: Backdoor.Win32.Agent.akf skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash Mail Berkeley mbox: infected - 74 skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash.msf Object is locked skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\pop3.web.de\Trash.msf Object is locked skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\panacea.dat Object is locked skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\parent.lock Object is locked skipped
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Steve\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Steve\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Steve\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Steve\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Steve\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Steve\Local Settings\Historique\History.IE5\MSHist012008022120080222\index.dat Object is locked skipped
C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Steve\ntuser.dat Object is locked skipped
C:\Documents and Settings\Steve\ntuser.dat.LOG Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\default-000000.log Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\default-000000.logaccount_ptr Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\default-000000.loginitial_ptr Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\default-000000.logLuuidDB Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\default-000000.logptr Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\SR_Service-000000.log Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\SR_Service-000000.logaccount_ptr Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\SR_Service-000000.loginitial_ptr Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\SR_Service-000000.logLuuidDB Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\log\SR_Service-000000.logptr Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\sr_gui_tde.log Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\sr_service_tde.log Object is locked skipped
C:\Program Files\CheckPoint\SecuRemote\sr_watchdog_tde.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0023NAV~.TMP Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0879NAV~.TMP Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{ECB3AD12-64E1-4857-9A37-361E4DEA76A5}\RP390\change.log Object is locked skipped
C:\WINDOWS\$_hpcst$.hpc Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\ckpNotify.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
pskelley
2008-02-21, 13:02
Yes, you have a lot of infected email, my scan is not picking it up since Kaspersky is skipping it. I suggest you clean that junk from your computer. I will manually attempt to show you some of it.
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Junk/ Infected: Trojan-Spy.HTML.Bankfraud.od
May be in those local folders also, you need to do some serious cleaning.
I am only showing you one item...
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/ Infected: Trojan-Spy.HTML.Bankfraud.od
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/ Infected: Email-Worm.Win32.Warezov.fb
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/ Infected: Email-Worm.Win32.Luder.a
C:\Documents and Settings\Steve\Application Data\Thunderbird\Profiles\j9jbeah2.default\Mail\Local Folders\Trash/ Infected: Backdoor.Win32.Agent.akf
I believe, once you cleaned the infected email, your next Kaspersky Online Scan will be clean and there is no need to post a clean scan.
Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx
Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
http://www.malwarecomplaints.info/
Thanks...Phil
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.