Jump to content


My new topic with my 3 logs

Started by siegs07, Jan 02 2007 02:46 AM

  • You cannot reply to this topic
8 replies to this topic

#1 OFFLINE   siegs07

    Member

  • Members
  • PipPip
  • 30 posts

Posted 02 January 2007 - 02:46 AM

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:44:40 AM 1/2/2007

+ Scan result:



C:\System Volume Information\_restore{9B63DB6C-09C2-4F05-879C-DEB19A86EF40}\RP1685\A0350095.dll -> Adware.Ipend : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9B63DB6C-09C2-4F05-879C-DEB19A86EF40}\RP1685\A0350096.dll -> Adware.Ipend : Cleaned with backup (quarantined).
HKLM\SOFTWARE\BTIEIN -> Adware.WebSearch : Error during cleaning.
HKLM\SOFTWARE\BTIEIN\BTIEIN -> Adware.WebSearch : Error during cleaning.
HKLM\SOFTWARE\BTIEIN\BTIEIN\taskcache -> Adware.WebSearch : Error during cleaning.
C:\System Volume Information\_restore{9B63DB6C-09C2-4F05-879C-DEB19A86EF40}\RP1685\A0350089.dll -> Dropper.Siboco.d : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Firefox\Profiles\gw4bp3nd.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.28:C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Firefox\Profiles\gw4bp3nd.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.24:C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Firefox\Profiles\gw4bp3nd.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.18:C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Firefox\Profiles\gw4bp3nd.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.19:C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Firefox\Profiles\gw4bp3nd.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.20:C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Firefox\Profiles\gw4bp3nd.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.21:C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Firefox\Profiles\gw4bp3nd.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.22:C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Firefox\Profiles\gw4bp3nd.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.31:C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Firefox\Profiles\gw4bp3nd.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.32:C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Firefox\Profiles\gw4bp3nd.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.34:C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Firefox\Profiles\gw4bp3nd.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.35:C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Firefox\Profiles\gw4bp3nd.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.36:C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Firefox\Profiles\gw4bp3nd.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.44:C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Firefox\Profiles\gw4bp3nd.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.


::Report end






Logfile of HijackThis v1.99.1
Scan saved at 1:53:50 AM, on 1/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CAPDPSRV.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Compaq A4000\CPQA4000.exe
C:\Program Files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\quickenw\bagent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Jeff Siegert\My Documents\Tyler's Stuff\spyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirect...c01&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.../winsearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape...nsearch200.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.../winsearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R3 - Default URLSearchHook is missing
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://my.yahoo.com/"); (C:\Program Files\Netscape\Users\jsiegert\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ZILLAbar BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\ZB2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\ZB2.dll
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [CAPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CAPDPSRV.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe -z
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe" /auto:TivoTransfer /registry /service
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /auto:TivoServer /registry /service
O4 - Startup: Quicken Scheduled Updates.lnk = C:\Program Files\quickenw\bagent.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq A4000 Settings Utility.lnk = C:\Program Files\Compaq A4000\CPQA4000.exe
O4 - Global Startup: Event Planner Reminder.lnk = C:\Program Files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Support - {C93923E0-B74B-4409-8DFA-62D8B9A45F36} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (file missing) (HKCU)
O12 - Plugin for .doc: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npcont.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093388724835
O16 - DPF: {9184D21C-9835-42C5-A883-EA8BE7FC048D} (Downloader Class) - http://www.shop.intuit.com/commerce/accoun...bles/ie/IDA.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe



#2 OFFLINE   siegs07

    Member

  • Members
  • PipPip
  • 30 posts

Posted 02 January 2007 - 03:38 AM

Bit Defender doesn't work. i did run a different online active scan, but i've run many programs since then and if that type of scan is necessary i will just start fresh with it


by the way, the only real problem i've run into is in spybot SD there is a certain bot called Huntbar that i can't get rid of. it tells me its in use at the moment and i need to run spybot on restart, so i've done so and it still doesn't work, it just says the same thing. i've also tried running spybot in safe mode and that doesn't get rid of it either. that's the only problem that im aware of so far

#3 OFFLINE   rridgely

    I hate computers

  • Moderators
  • 8,858 posts
  • Gender:Male

Posted 02 January 2007 - 08:57 PM

Hello. :)

Download Superantispyware
  • Load Superantispyware and click the check for updates button.
  • Once the update is finished click the scan your computer button.
  • Check Perform Complete Scan and then next.
  • Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
  • Make sure that they all have a check next to them and press next.
  • Click finish and you will be taken back to the main interface.
  • Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  • Copy and paste the log onto the forum.
-----------

Run Kaspersky WebScanner
  • Please go HERE and click Kaspersky Online Scanner
  • Read and Accept the Agreement
  • You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • If you see a Windows dialog asking if you want to install this software, click the Install button.
  • The program will launch and then begin downloading the latest definition files,
  • When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
  • Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
  • Under "Please select a target to scan:", click My Computer to start the scan.
  • When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
  • Paste kaspersky log onto forum.
Run both scans in that order and post their logs along with a new hijackthis log.

#4 OFFLINE   siegs07

    Member

  • Members
  • PipPip
  • 30 posts

Posted 03 January 2007 - 03:22 AM

SUPERAntiSpyware Scan Log
Generated 01/02/2007 at 03:47 PM

Application Version : 3.4.1000

Core Rules Database Version : 3158
Trace Rules Database Version: 1171

Scan type : Complete Scan
Total Scan Time : 00:40:55


Memory items scanned : 457
Memory threats detected : 0
Registry items scanned : 5368
Registry threats detected : 0
File items scanned : 35194
File threats detected : 0









-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, January 02, 2007 9:19:56 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 3/01/2007
Kaspersky Anti-Virus database records: 255671
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 63564
Number of viruses found: 6
Number of infected objects: 50 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:05:00

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\STOPzilla!\targets.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\STOPzilla!\userdata.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\STOPzilla!\zilla.data Object is locked skipped
C:\Documents and Settings\All Users\Application Data\STOPzilla!\zilla.log Object is locked skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Firefox\Profiles\gw4bp3nd.default\cert8.db Object is locked skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Firefox\Profiles\gw4bp3nd.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Firefox\Profiles\gw4bp3nd.default\history.dat Object is locked skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Firefox\Profiles\gw4bp3nd.default\key3.db Object is locked skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Firefox\Profiles\gw4bp3nd.default\parent.lock Object is locked skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox/[From Carlton Herring <hgaqxevtnkiff@mailblocks.com>][Date Sun, 12 Sep 2004 00:30:11 +0200]/UNNAMED/[From "Reba W. Hanna" <rhanna_mm@game-exe.ru>][Date Sun, 12 Sep 2004 04:59:16 +0000]/UNNAMED/[From "Alex Huerta" <alexhuertaeb@mik.ru>][Date Tue, 14 Sep 2004 18:06:22 +0000]/UNNAMED/[From "Noemi Bruno" <noemi.brunoir@ardasenov.ru>][Date Fri, 17 Sep 2004 14:04:27 +0000]/UNNAMED/[ ... /[From Cla ... /[From Ticketmaster <newsletter@reply.ticketmaster.com>][Date 23 Sep 2004 21:12:23 -0700]/html Infected: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox/[From Carlton Herring <hgaqxevtnkiff@mailblocks.com>][Date Sun, 12 Sep 2004 00:30:11 +0200]/UNNAMED/[From "Reba W. Hanna" <rhanna_mm@game-exe.ru>][Date Sun, 12 Sep 2004 04:59:16 +0000]/UNNAMED/[From "Alex Huerta" <alexhuertaeb@mik.ru>][Date Tue, 14 Sep 2004 18:06:22 +0000]/UNNAMED/[From "Noemi Bruno" <noemi.brunoir@ardasenov.ru>][Date Fri, 17 Sep 2004 14:04:27 +0000]/UNNAMED/[ ... /[From Classmates <ClassmatesConnections@classmates.com>][Date Thu, 23 Sep 2004 13:08:26 -0700 (PDT)]/UNNAMED Infected: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox/[From Carlton Herring <hgaqxevtnkiff@mailblocks.com>][Date Sun, 12 Sep 2004 00:30:11 +0200]/UNNAMED/[From "Reba W. Hanna" <rhanna_mm@game-exe.ru>][Date Sun, 12 Sep 2004 04:59:16 +0000]/UNNAMED/[From "Alex Huerta" <alexhuertaeb@mik.ru>][Date Tue, 14 Sep 2004 18:06:22 +0000]/UNNAMED/[From "Noemi Bruno" <noemi.brunoir@ardasenov.ru>][Date Fri, 17 Sep 2004 14:04:27 +0000]/UNNAMED/[From "Terrenc ... /[From "Kyle Mcmillan" <Katelyn.Singer@antar.com.mx>][Date Thu, 23 Sep 2004 13:41:54 +0400]/text Infected: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox/[From Carlton Herring <hgaqxevtnkiff@mailblocks.com>][Date Sun, 12 Sep 2004 00:30:11 +0200]/UNNAMED/[From "Reba W. Hanna" <rhanna_mm@game-exe.ru>][Date Sun, 12 Sep 2004 04:59:16 +0000]/UNNAMED/[From "Alex Huerta" <alexhuertaeb@mik.ru>][Date Tue, 14 Sep 2004 18:06:22 +0000]/UNNAMED/[From "Noemi Bruno" <noemi.brunoir@ardasenov.ru>][Date Fri, 17 Sep 2004 14:04:27 +0000]/UNNAMED/[From "Terrence N ... /[From "Jeani" <jeani@oakhills.omhcoxmail.com>][Date Wed, 22 Sep 2004 16:44:27 -0500]/UNNAMED Infected: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox/[From Carlton Herring <hgaqxevtnkiff@mailblocks.com>][Date Sun, 12 Sep 2004 00:30:11 +0200]/UNNAMED/[From "Reba W. Hanna" <rhanna_mm@game-exe.ru>][Date Sun, 12 Sep 2004 04:59:16 +0000]/UNNAMED/[From "Alex Huerta" <alexhuertaeb@mik.ru>][Date Tue, 14 Sep 2004 18:06:22 +0000]/UNNAMED/[From "Noemi Bruno" <noemi.brunoir@ardasenov.ru>][Date Fri, 17 Sep 2004 14:04:27 +0000]/UNNAMED/[From "Terrence Neff" <jshafer@ ... /[From auto-send@foretees.com][Date Tue, 21 Sep 2004 13:06:05 -0500 (CDT)]/text Infected: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox/[From Carlton Herring <hgaqxevtnkiff@mailblocks.com>][Date Sun, 12 Sep 2004 00:30:11 +0200]/UNNAMED/[From "Reba W. Hanna" <rhanna_mm@game-exe.ru>][Date Sun, 12 Sep 2004 04:59:16 +0000]/UNNAMED/[From "Alex Huerta" <alexhuertaeb@mik.ru>][Date Tue, 14 Sep 2004 18:06:22 +0000]/UNNAMED/[From "Noemi Bruno" <noemi.brunoir@ardasenov.ru>][Date Fri, 17 Sep 2004 14:04:27 +0000]/UNNAMED/[From "Terrence Neff" <jshafer@tconl.com>][Date Fri, 24 Sep 2004 09:40:18 -0200]/UNNAMED Infected: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox/[From Carlton Herring <hgaqxevtnkiff@mailblocks.com>][Date Sun, 12 Sep 2004 00:30:11 +0200]/UNNAMED/[From "Reba W. Hanna" <rhanna_mm@game-exe.ru>][Date Sun, 12 Sep 2004 04:59:16 +0000]/UNNAMED/[From "Alex Huerta" <alexhuertaeb@mik.ru>][Date Tue, 14 Sep 2004 18:06:22 +0000]/UNNAMED/[From "Noemi Bruno" <noemi.brunoir@ardasenov.ru>][Date Fri, 17 Sep 2004 14:04:27 +0000]/UNNAMED Infected: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox/[From Carlton Herring <hgaqxevtnkiff@mailblocks.com>][Date Sun, 12 Sep 2004 00:30:11 +0200]/UNNAMED/[From "Reba W. Hanna" <rhanna_mm@game-exe.ru>][Date Sun, 12 Sep 2004 04:59:16 +0000]/UNNAMED/[From "Alex Huerta" <alexhuertaeb@mik.ru>][Date Tue, 14 Sep 2004 18:06:22 +0000]/UNNAMED/[From "Velma Newman" <kgypf@hotmail.com>][Date Fri, 24 Sep 2004 21:19:21 +0200]/UNNAMED/[From "Janis Hall" <dcobk@kittymail.c ... /[From Ebay <ebay-verify@ebay.com>][Date Sun, 26 Sep 2004 18:27:00 -050 ... /html Infected: Trojan-Spy.HTML.Bayfraud.g skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox/[From Carlton Herring <hgaqxevtnkiff@mailblocks.com>][Date Sun, 12 Sep 2004 00:30:11 +0200]/UNNAMED/[From "Reba W. Hanna" <rhanna_mm@game-exe.ru>][Date Sun, 12 Sep 2004 04:59:16 +0000]/UNNAMED/[From "Alex Huerta" <alexhuertaeb@mik.ru>][Date Tue, 14 Sep 2004 18:06:22 +0000]/UNNAMED/[From "Velma Newman" <kgypf@hotmail.com>][Date Fri, 24 Sep 2004 21:19:21 +0200]/UNNA ... /[From " ... /[From ... /[F ... /[ ... /[From SunTrust <support@suntrust.com>][Date Sat, 20 Nov 2004 06:04:52 -0200]/html Infected: Trojan-Spy.HTML.Sunfraud.ai skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox/[From Carlton Herring <hgaqxevtnkiff@mailblocks.com>][Date Sun, 12 Sep 2004 00:30:11 +0200]/UNNAMED/[From "Reba W. Hanna" <rhanna_mm@game-exe.ru>][Date Sun, 12 Sep 2004 04:59:16 +0000]/UNNAMED/[From "Alex Huerta" <alexhuertaeb@mik.ru>][Date Tue, 14 Sep 2004 18:06:22 +0000]/UNNAMED/[From "Velma Newman" <kgypf@hotmail.com>][Date Fri, 24 Sep 2004 21:19:21 +0200]/UNNA ... /[From " ... /[From ... /[F ... /[From Clyde Chapman <tueoe@backwards.com>][Date Fri, 19 Nov 2004 10:48:29 +0300]/UNNAMED Infected: Trojan-Spy.HTML.Sunfraud.ai skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox/[From Carlton Herring <hgaqxevtnkiff@mailblocks.com>][Date Sun, 12 Sep 2004 00:30:11 +0200]/UNNAMED/[From "Reba W. Hanna" <rhanna_mm@game-exe.ru>][Date Sun, 12 Sep 2004 04:59:16 +0000]/UNNAMED/[From "Alex Huerta" <alexhuertaeb@mik.ru>][Date Tue, 14 Sep 2004 18:06:22 +0000]/UNNAMED/[From "Velma Newman" <kgypf@hotmail.com>][Date Fri, 24 Sep 2004 21:19:21 +0200]/UNNA ... /[From " ... /[From ... /[From "Joyce Richards" <joyce.richards_oz@swords.cc>][Date Thu, 18 Nov 2004 05:57:17 -0700]/text Infected: Trojan-Spy.HTML.Sunfraud.ai skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox/[From Carlton Herring <hgaqxevtnkiff@mailblocks.com>][Date Sun, 12 Sep 2004 00:30:11 +0200]/UNNAMED/[From "Reba W. Hanna" <rhanna_mm@game-exe.ru>][Date Sun, 12 Sep 2004 04:59:16 +0000]/UNNAMED/[From "Alex Huerta" <alexhuertaeb@mik.ru>][Date Tue, 14 Sep 2004 18:06:22 +0000]/UNNAMED/[From "Velma Newman" <kgypf@hotmail.com>][Date Fri, 24 Sep 2004 21:19:21 +0200]/UNNA ... /[From " ... /[From Cl ... /[From "Jeani" <jeani@oakhills.omhcoxmail.com>][Date Wed, 17 Nov 2004 16:23:36 -0600]/UNNAMED Infected: Trojan-Spy.HTML.Sunfraud.ai skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox/[From Carlton Herring <hgaqxevtnkiff@mailblocks.com>][Date Sun, 12 Sep 2004 00:30:11 +0200]/UNNAMED/[From "Reba W. Hanna" <rhanna_mm@game-exe.ru>][Date Sun, 12 Sep 2004 04:59:16 +0000]/UNNAMED/[From "Alex Huerta" <alexhuertaeb@mik.ru>][Date Tue, 14 Sep 2004 18:06:22 +0000]/UNNAMED/[From "Velma Newman" <kgypf@hotmail.com>][Date Fri, 24 Sep 2004 21:19:21 +0200]/UNNA ... /[From " ... /[From Cl . ... /[From "Kayla ... /[From gqkojruswick@tconl.com][Date Fri, 22 Oct 2004 12:22:31 -0500]/html Infected: Trojan-Spy.HTML.Sunfraud.ai skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox/[From Carlton Herring <hgaqxevtnkiff@mailblocks.com>][Date Sun, 12 Sep 2004 00:30:11 +0200]/UNNAMED/[From "Reba W. Hanna" <rhanna_mm@game-exe.ru>][Date Sun, 12 Sep 2004 04:59:16 +0000]/UNNAMED/[From "Alex Huerta" <alexhuertaeb@mik.ru>][Date Tue, 14 Sep 2004 18:06:22 +0000]/UNNAMED/[From "Velma Newman" <kgypf@hotmail.com>][Date Fri, 24 Sep 2004 21:19:21 +0200]/UNNA ... /[From " ... /[From Cl . ... /[From "Kayla S. Tran" <iooghjlgr@kaydidid.com>][Date Fri, 22 Oct 2004 05:39:08 -0600]/text Infected: Trojan-Spy.HTML.Sunfraud.ai skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox/[From Carlton Herring <hgaqxevtnkiff@mailblocks.com>][Date Sun, 12 Sep 2004 00:30:11 +0200]/UNNAMED/[From "Reba W. Hanna" <rhanna_mm@game-exe.ru>][Date Sun, 12 Sep 2004 04:59:16 +0000]/UNNAMED/[From "Alex Huerta" <alexhuertaeb@mik.ru>][Date Tue, 14 Sep 2004 18:06:22 +0000]/UNNAMED/[From "Velma Newman" <kgypf@hotmail.com>][Date Fri, 24 Sep 2004 21:19:21 +0200]/UNNA ... /[From " ... /[From Cl ... /[From "Rufus Cordero" <JesusmK@legendnet.net>][Date Wed, 20 Oct 2004 15:23:03 -0600]/UNNAMED Infected: Trojan-Spy.HTML.Sunfraud.ai skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox/[From Carlton Herring <hgaqxevtnkiff@mailblocks.com>][Date Sun, 12 Sep 2004 00:30:11 +0200]/UNNAMED/[From "Reba W. Hanna" <rhanna_mm@game-exe.ru>][Date Sun, 12 Sep 2004 04:59:16 +0000]/UNNAMED/[From "Alex Huerta" <alexhuertaeb@mik.ru>][Date Tue, 14 Sep 2004 18:06:22 +0000]/UNNAMED/[From "Velma Newman" <kgypf@hotmail.com>][Date Fri, 24 Sep 2004 21:19:21 +0200]/UNNA ... /[From " ... /[From Cl ... /[From "Gi ... /[From auto-send@foretees.com][Date Wed, 20 Oct 2004 08:40:41 -0500 (CDT)]/text Infected: Trojan-Spy.HTML.Sunfraud.ai skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox/[From Carlton Herring <hgaqxevtnkiff@mailblocks.com>][Date Sun, 12 Sep 2004 00:30:11 +0200]/UNNAMED/[From "Reba W. Hanna" <rhanna_mm@game-exe.ru>][Date Sun, 12 Sep 2004 04:59:16 +0000]/UNNAMED/[From "Alex Huerta" <alexhuertaeb@mik.ru>][Date Tue, 14 Sep 2004 18:06:22 +0000]/UNNAMED/[From "Velma Newman" <kgypf@hotmail.com>][Date Fri, 24 Sep 2004 21:19:21 +0200]/UNNA ... /[From " ... /[From Cl ... /[From "Gilberto " <qydqdmprutwypt@hotmail.com>][Date Tue, 19 Oct 2004 21:12:34 +0400]/UNNAMED Infected: Trojan-Spy.HTML.Sunfraud.ai skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox/[From Carlton Herring <hgaqxevtnkiff@mailblocks.com>][Date Sun, 12 Sep 2004 00:30:11 +0200]/UNNAMED/[From "Reba W. Hanna" <rhanna_mm@game-exe.ru>][Date Sun, 12 Sep 2004 04:59:16 +0000]/UNNAMED/[From "Alex Huerta" <alexhuertaeb@mik.ru>][Date Tue, 14 Sep 2004 18:06:22 +0000]/UNNAMED/[From "Velma Newman" <kgypf@hotmail.com>][Date Fri, 24 Sep 2004 21:19:21 +0200]/UNNA ... /[From " ... /[From Cl ... /[From "Josefa Arthur" <bkbrqzhqcudda@yahoo.com>][Date Sat, 16 Oct 2004 14:37:06 -0200]/UNNAMED Infected: Trojan-Spy.HTML.Sunfraud.ai skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox/[From Carlton Herring <hgaqxevtnkiff@mailblocks.com>][Date Sun, 12 Sep 2004 00:30:11 +0200]/UNNAMED/[From "Reba W. Hanna" <rhanna_mm@game-exe.ru>][Date Sun, 12 Sep 2004 04:59:16 +0000]/UNNAMED/[From "Alex Huerta" <alexhuertaeb@mik.ru>][Date Tue, 14 Sep 2004 18:06:22 +0000]/UNNAMED/[From "Velma Newman" <kgypf@hotmail.com>][Date Fri, 24 Sep 2004 21:19:21 +0200]/UNNA ... /[From " ... /[From Classm ... /[From "Ericka Givens" <WBKVDBMNK@yahoo.com>][Date Fri, 15 Oct 2004 12:32:08 -0700]/UNNAMED Infected: Trojan-Spy.HTML.Sunfraud.ai skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox/[From Carlton Herring <hgaqxevtnkiff@mailblocks.com>][Date Sun, 12 Sep 2004 00:30:11 +0200]/UNNAMED/[From "Reba W. Hanna" <rhanna_mm@game-exe.ru>][Date Sun, 12 Sep 2004 04:59:16 +0000]/UNNAMED/[From "Alex Huerta" <alexhuertaeb@mik.ru>][Date Tue, 14 Sep 2004 18:06:22 +0000]/UNNAMED/[From "Velma Newman" <kgypf@hotmail.com>][Date Fri, 24 Sep 2004 21:19:21 +0200]/UNNA ... /[From " ... /[From Classmates <ClassmatesConnections@classmates.com>][Date Thu, 14 Oct 2004 11:59:49 -0700 (PDT)]/UNNAMED Infected: Trojan-Spy.HTML.Sunfraud.ai skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox/[From Carlton Herring <hgaqxevtnkiff@mailblocks.com>][Date Sun, 12 Sep 2004 00:30:11 +0200]/UNNAMED/[From "Reba W. Hanna" <rhanna_mm@game-exe.ru>][Date Sun, 12 Sep 2004 04:59:16 +0000]/UNNAMED/[From "Alex Huerta" <alexhuertaeb@mik.ru>][Date Tue, 14 Sep 2004 18:06:22 +0000]/UNNAMED/[From "Velma Newman" <kgypf@hotmail.com>][Date Fri, 24 Sep 2004 21:19:21 +0200]/UNNA ... /[From " ... /[From ... / ... /[From dollygirl <benford@jackassmail.com>][Date Thu, 14 Oct 2004 03:27:38 -0700]/UNNAMED Infected: Trojan-Spy.HTML.Sunfraud.ai skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox/[From Carlton Herring <hgaqxevtnkiff@mailblocks.com>][Date Sun, 12 Sep 2004 00:30:11 +0200]/UNNAMED/[From "Reba W. Hanna" <rhanna_mm@game-exe.ru>][Date Sun, 12 Sep 2004 04:59:16 +0000]/UNNAMED/[From "Alex Huerta" <alexhuertaeb@mik.ru>][Date Tue, 14 Sep 2004 18:06:22 +0000]/UNNAMED/[From "Velma Newman" <kgypf@hotmail.com>][Date Fri, 24 Sep 2004 21:19:21 +0200]/UNNA ... /[From " ... /[From ... /[From Glen Newsome <IPJERMPPZFQ@mail2world.com>][Date Wed, 13 Oct 2004 04:31:58 +0300]/UNNAMED Infected: Trojan-Spy.HTML.Sunfraud.ai skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox/[From Carlton Herring <hgaqxevtnkiff@mailblocks.com>][Date Sun, 12 Sep 2004 00:30:11 +0200]/UNNAMED/[From "Reba W. Hanna" <rhanna_mm@game-exe.ru>][Date Sun, 12 Sep 2004 04:59:16 +0000]/UNNAMED/[From "Alex Huerta" <alexhuertaeb@mik.ru>][Date Tue, 14 Sep 2004 18:06:22 +0000]/UNNAMED/[From "Velma Newman" <kgypf@hotmail.com>][Date Fri, 24 Sep 2004 21:19:21 +0200]/UNNA ... /[From " ... /[From Unit ... /[From ... /[From auto-send@foretees.com][Date Tue, 12 Oct 2004 12:39:08 -0500 (CDT)]/text Infected: Trojan-Spy.HTML.Sunfraud.ai skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox/[From Carlton Herring <hgaqxevtnkiff@mailblocks.com>][Date Sun, 12 Sep 2004 00:30:11 +0200]/UNNAMED/[From "Reba W. Hanna" <rhanna_mm@game-exe.ru>][Date Sun, 12 Sep 2004 04:59:16 +0000]/UNNAMED/[From "Alex Huerta" <alexhuertaeb@mik.ru>][Date Tue, 14 Sep 2004 18:06:22 +0000]/UNNAMED/[From "Velma Newman" <kgypf@hotmail.com>][Date Fri, 24 Sep 2004 21:19:21 +0200]/UNNA ... /[From " ... /[From Unit ... /[From "Brant Moreno" <b_moreno_mt@leemark.com>][Date Tue, 12 Oct 2004 10:58:17 +0000]/html Infected: Trojan-Spy.HTML.Sunfraud.ai skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox/[From Carlton Herring <hgaqxevtnkiff@mailblocks.com>][Date Sun, 12 Sep 2004 00:30:11 +0200]/UNNAMED/[From "Reba W. Hanna" <rhanna_mm@game-exe.ru>][Date Sun, 12 Sep 2004 04:59:16 +0000]/UNNAMED/[From "Alex Huerta" <alexhuertaeb@mik.ru>][Date Tue, 14 Sep 2004 18:06:22 +0000]/UNNAMED/[From "Velma Newman" <kgypf@hotmail.com>][Date Fri, 24 Sep 2004 21:19:21 +0200]/UNNA ... /[From " ... /[From United ... /[From "Donna " <wmkpxwgl@einkaufzentrum.de>][Date Thu, 07 Oct 2004 06:34:23 -0400]/html Infected: Trojan-Spy.HTML.Sunfraud.ai skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox/[From Carlton Herring <hgaqxevtnkiff@mailblocks.com>][Date Sun, 12 Sep 2004 00:30:11 +0200]/UNNAMED/[From "Reba W. Hanna" <rhanna_mm@game-exe.ru>][Date Sun, 12 Sep 2004 04:59:16 +0000]/UNNAMED/[From "Alex Huerta" <alexhuertaeb@mik.ru>][Date Tue, 14 Sep 2004 18:06:22 +0000]/UNNAMED/[From "Velma Newman" <kgypf@hotmail.com>][Date Fri, 24 Sep 2004 21:19:21 +0200]/UNNA ... /[From " ... /[From United Mileage Plus <mpmail@ulsmlbx01.mail.united.com>][Date Wed, 6 Oct 2004 08:41:41 -0600]/UNNAMED Infected: Trojan-Spy.HTML.Sunfraud.ai skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox/[From Carlton Herring <hgaqxevtnkiff@mailblocks.com>][Date Sun, 12 Sep 2004 00:30:11 +0200]/UNNAMED/[From "Reba W. Hanna" <rhanna_mm@game-exe.ru>][Date Sun, 12 Sep 2004 04:59:16 +0000]/UNNAMED/[From "Alex Huerta" <alexhuertaeb@mik.ru>][Date Tue, 14 Sep 2004 18:06:22 +0000]/UNNAMED/[From "Velma Newman" <kgypf@hotmail.com>][Date Fri, 24 Sep 2004 21:19:21 +0200]/UNNA ... /[From " ... /[From . ... /[From "Sharon Quick" <s_quick_nr@rubvalves.it>][Date Wed, 06 Oct 2004 08:04:04 +0000]/UNNAMED Infected: Trojan-Spy.HTML.Sunfraud.ai skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox/[From Carlton Herring <hgaqxevtnkiff@mailblocks.com>][Date Sun, 12 Sep 2004 00:30:11 +0200]/UNNAMED/[From "Reba W. Hanna" <rhanna_mm@game-exe.ru>][Date Sun, 12 Sep 2004 04:59:16 +0000]/UNNAMED/[From "Alex Huerta" <alexhuertaeb@mik.ru>][Date Tue, 14 Sep 2004 18:06:22 +0000]/UNNAMED/[From "Velma Newman" <kgypf@hotmail.com>][Date Fri, 24 Sep 2004 21:19:21 +0200]/UNNA ... /[From " ... /[From ... /[From "Phot0 Bl0cker" <UXCCJVCDAJIS@dcemail.com>][Date Tue, 05 Oct 2004 22:04:47 -0100]/UNNAMED Infected: Trojan-Spy.HTML.Sunfraud.ai skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox/[From Carlton Herring <hgaqxevtnkiff@mailblocks.com>][Date Sun, 12 Sep 2004 00:30:11 +0200]/UNNAMED/[From "Reba W. Hanna" <rhanna_mm@game-exe.ru>][Date Sun, 12 Sep 2004 04:59:16 +0000]/UNNAMED/[From "Alex Huerta" <alexhuertaeb@mik.ru>][Date Tue, 14 Sep 2004 18:06:22 +0000]/UNNAMED/[From "Velma Newman" <kgypf@hotmail.com>][Date Fri, 24 Sep 2004 21:19:21 +0200]/UNNA ... /[From " ... /[From "orthonormal ... /[From "Dr. Gregorio" <CWJVK@hexi.de>][Date Tue, 05 Oct 2004 10:10:53 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Sunfraud.ai skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox/[From Carlton Herring <hgaqxevtnkiff@mailblocks.com>][Date Sun, 12 Sep 2004 00:30:11 +0200]/UNNAMED/[From "Reba W. Hanna" <rhanna_mm@game-exe.ru>][Date Sun, 12 Sep 2004 04:59:16 +0000]/UNNAMED/[From "Alex Huerta" <alexhuertaeb@mik.ru>][Date Tue, 14 Sep 2004 18:06:22 +0000]/UNNAMED/[From "Velma Newman" <kgypf@hotmail.com>][Date Fri, 24 Sep 2004 21:19:21 +0200]/UNNA ... /[From " ... /[From "orthonormal i Earl" <Dionne.Osborne@arthurcompanies.com>][Date Mon, 04 Oct 2004 03:39:18 -0500]/text Infected: Trojan-Spy.HTML.Sunfraud.ai skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox/[From Carlton Herring <hgaqxevtnkiff@mailblocks.com>][Date Sun, 12 Sep 2004 00:30:11 +0200]/UNNAMED/[From "Reba W. Hanna" <rhanna_mm@game-exe.ru>][Date Sun, 12 Sep 2004 04:59:16 +0000]/UNNAMED/[From "Alex Huerta" <alexhuertaeb@mik.ru>][Date Tue, 14 Sep 2004 18:06:22 +0000]/UNNAMED/[From "Velma Newman" <kgypf@hotmail.com>][Date Fri, 24 Sep 2004 21:19:21 +0200]/UNNA ... /[From " ... /[From Cla .. ... /[From "Alisa Winter" <zcyybuhlzh@yahoo.com>][Date Sun, 03 Oct 2004 12:18:18 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Sunfraud.ai skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox/[From Carlton Herring <hgaqxevtnkiff@mailblocks.com>][Date Sun, 12 Sep 2004 00:30:11 +0200]/UNNAMED/[From "Reba W. Hanna" <rhanna_mm@game-exe.ru>][Date Sun, 12 Sep 2004 04:59:16 +0000]/UNNAMED/[From "Alex Huerta" <alexhuertaeb@mik.ru>][Date Tue, 14 Sep 2004 18:06:22 +0000]/UNNAMED/[From "Velma Newman" <kgypf@hotmail.com>][Date Fri, 24 Sep 2004 21:19:21 +0200]/UNNA ... /[From " ... /[From Cla ... /[From "Janice Hand" <QTOMTAUDYN@mantramail.com>][Date Sat, 2 Oct 2004 15:04:43 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Sunfraud.ai skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox/[From Carlton Herring <hgaqxevtnkiff@mailblocks.com>][Date Sun, 12 Sep 2004 00:30:11 +0200]/UNNAMED/[From "Reba W. Hanna" <rhanna_mm@game-exe.ru>][Date Sun, 12 Sep 2004 04:59:16 +0000]/UNNAMED/[From "Alex Huerta" <alexhuertaeb@mik.ru>][Date Tue, 14 Sep 2004 18:06:22 +0000]/UNNAMED/[From "Velma Newman" <kgypf@hotmail.com>][Date Fri, 24 Sep 2004 21:19:21 +0200]/UNNA ... /[From " ... /[From Classm ... /[From "promenade Horn" <Mary.Morris@lyrea.com>][Date Fri, 01 Oct 2004 03:47:39 -0700]/text Infected: Trojan-Spy.HTML.Sunfraud.ai skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox/[From Carlton Herring <hgaqxevtnkiff@mailblocks.com>][Date Sun, 12 Sep 2004 00:30:11 +0200]/UNNAMED/[From "Reba W. Hanna" <rhanna_mm@game-exe.ru>][Date Sun, 12 Sep 2004 04:59:16 +0000]/UNNAMED/[From "Alex Huerta" <alexhuertaeb@mik.ru>][Date Tue, 14 Sep 2004 18:06:22 +0000]/UNNAMED/[From "Velma Newman" <kgypf@hotmail.com>][Date Fri, 24 Sep 2004 21:19:21 +0200]/UNNA ... /[From " ... /[From Classmates <ClassmatesConnections@classmates.com>][Date Thu, 30 Sep 2004 13:58:37 -0700 (PDT)]/UNNAMED Infected: Trojan-Spy.HTML.Sunfraud.ai skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox/[From Carlton Herring <hgaqxevtnkiff@mailblocks.com>][Date Sun, 12 Sep 2004 00:30:11 +0200]/UNNAMED/[From "Reba W. Hanna" <rhanna_mm@game-exe.ru>][Date Sun, 12 Sep 2004 04:59:16 +0000]/UNNAMED/[From "Alex Huerta" <alexhuertaeb@mik.ru>][Date Tue, 14 Sep 2004 18:06:22 +0000]/UNNAMED/[From "Velma Newman" <kgypf@hotmail.com>][Date Fri, 24 Sep 2004 21:19:21 +0200]/UNNA ... /[From "good-lookïng märrïêd and singlê womên" <shawanaherod@daretobetrue.com>][Date Mon, 27 Sep 2004 10:43:57 -0500]/text Infected: Trojan-Spy.HTML.Sunfraud.ai skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox/[From Carlton Herring <hgaqxevtnkiff@mailblocks.com>][Date Sun, 12 Sep 2004 00:30:11 +0200]/UNNAMED/[From "Reba W. Hanna" <rhanna_mm@game-exe.ru>][Date Sun, 12 Sep 2004 04:59:16 +0000]/UNNAMED/[From "Alex Huerta" <alexhuertaeb@mik.ru>][Date Tue, 14 Sep 2004 18:06:22 +0000]/UNNAMED/[From "Velma Newman" <kgypf@hotmail.com>][Date Fri, 24 Sep 2004 21:19:21 +0200]/UNNAMED/[From "Janis Hall" <dcob ... /[From "Andre Sheldon" <xafrhaiwdczjfu@dwp.net>][Date Mon, 27 Sep 2004 02:30:46 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Sunfraud.ai skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox/[From Carlton Herring <hgaqxevtnkiff@mailblocks.com>][Date Sun, 12 Sep 2004 00:30:11 +0200]/UNNAMED/[From "Reba W. Hanna" <rhanna_mm@game-exe.ru>][Date Sun, 12 Sep 2004 04:59:16 +0000]/UNNAMED/[From "Alex Huerta" <alexhuertaeb@mik.ru>][Date Tue, 14 Sep 2004 18:06:22 +0000]/UNNAMED/[From "Velma Newman" <kgypf@hotmail.com>][Date Fri, 24 Sep 2004 21:19:21 +0200]/UNNAMED/[From "Janis Hall" <dcobk@kittymail.c ... /[From Ebay <ebay-verify@ebay.com>][Date Sun, 26 Sep 2004 18:27:00 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Sunfraud.ai skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox/[From Carlton Herring <hgaqxevtnkiff@mailblocks.com>][Date Sun, 12 Sep 2004 00:30:11 +0200]/UNNAMED/[From "Reba W. Hanna" <rhanna_mm@game-exe.ru>][Date Sun, 12 Sep 2004 04:59:16 +0000]/UNNAMED/[From "Alex Huerta" <alexhuertaeb@mik.ru>][Date Tue, 14 Sep 2004 18:06:22 +0000]/UNNAMED/[From "Velma Newman" <kgypf@hotmail.com>][Date Fri, 24 Sep 2004 21:19:21 +0200]/UNNAMED/[From "Janis Hall" <dcobk@kittymail.com>][Date Sat, 25 Sep 2004 08:32:52 +0500]/UNNAMED Infected: Trojan-Spy.HTML.Sunfraud.ai skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox/[From Carlton Herring <hgaqxevtnkiff@mailblocks.com>][Date Sun, 12 Sep 2004 00:30:11 +0200]/UNNAMED/[From "Reba W. Hanna" <rhanna_mm@game-exe.ru>][Date Sun, 12 Sep 2004 04:59:16 +0000]/UNNAMED/[From "Alex Huerta" <alexhuertaeb@mik.ru>][Date Tue, 14 Sep 2004 18:06:22 +0000]/UNNAMED/[From "Velma Newman" <kgypf@hotmail.com>][Date Fri, 24 Sep 2004 21:19:21 +0200]/UNNAMED Infected: Trojan-Spy.HTML.Sunfraud.ai skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox/[From Carlton Herring <hgaqxevtnkiff@mailblocks.com>][Date Sun, 12 Sep 2004 00:30:11 +0200]/UNNAMED/[From "Reba W. Hanna" <rhanna_mm@game-exe.ru>][Date Sun, 12 Sep 2004 04:59:16 +0000]/UNNAMED/[From "Alex Huerta" <alexhuertaeb@mik.ru>][Date Tue, 14 Sep 2004 18:06:22 +0000]/UNNAMED Infected: Trojan-Spy.HTML.Sunfraud.ai skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox/[From Carlton Herring <hgaqxevtnkiff@mailblocks.com>][Date Sun, 12 Sep 2004 00:30:11 +0200]/UNNAMED/[From "Reba W. Hanna" <rhanna_mm@game-exe.ru>][Date Sun, 12 Sep 2004 04:59:16 +0000]/UNNAMED Infected: Trojan-Spy.HTML.Sunfraud.ai skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox/[From Carlton Herring <hgaqxevtnkiff@mailblocks.com>][Date Sun, 12 Sep 2004 00:30:11 +0200]/UNNAMED Infected: Trojan-Spy.HTML.Sunfraud.ai skipped
C:\Documents and Settings\Jeff Siegert\Application Data\Mozilla\Profiles\jsiegert\ecxkuos1.slt\Mail\mail\Inbox Mail Berkeley mbox: infected - 42 skipped
C:\Documents and Settings\Jeff Siegert\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jeff Siegert\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jeff Siegert\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jeff Siegert\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jeff Siegert\Local Settings\History\History.IE5\MSHist012007010220070103\index.dat Object is locked skipped
C:\Documents and Settings\Jeff Siegert\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jeff Siegert\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jeff Siegert\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Jeff Siegert\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{9B63DB6C-09C2-4F05-879C-DEB19A86EF40}\RP1684\A0350040.dll Infected: not-a-virus:AdWare.Win32.ClientMan skipped
C:\System Volume Information\_restore{9B63DB6C-09C2-4F05-879C-DEB19A86EF40}\RP1684\A0350042.dll Infected: not-a-virus:AdWare.Win32.ClientMan skipped
C:\System Volume Information\_restore{9B63DB6C-09C2-4F05-879C-DEB19A86EF40}\RP1687\A0351088.exe/Srng.exe Infected: not-a-virus:AdWare.Win32.ShopNav.b skipped
C:\System Volume Information\_restore{9B63DB6C-09C2-4F05-879C-DEB19A86EF40}\RP1687\A0351088.exe/wdskctl.exe Infected: not-a-virus:AdWare.Win32.ShopNav.e skipped
C:\System Volume Information\_restore{9B63DB6C-09C2-4F05-879C-DEB19A86EF40}\RP1687\A0351088.exe SetupFactory: infected - 2 skipped
C:\System Volume Information\_restore{9B63DB6C-09C2-4F05-879C-DEB19A86EF40}\RP1690\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{D3F419DC-A9AC-4D17-991A-3F5114420C2A}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\file.zip/packed Infected: not-a-virus:AdWare.Win32.ShopNav.b skipped
C:\WINDOWS\system32\file.zip GZIP: infected - 1 skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.









Logfile of HijackThis v1.99.1
Scan saved at 9:20:28 PM, on 1/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CAPDPSRV.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\Compaq A4000\CPQA4000.exe
C:\Program Files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\quickenw\bagent.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jeff Siegert\My Documents\Tyler's Stuff\spyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirect...c01&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.../winsearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape...nsearch200.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.../winsearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\ZB2.dll
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [CAPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CAPDPSRV.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe" /auto:TivoTransfer /registry /service
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /auto:TivoServer /registry /service
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Quicken Scheduled Updates.lnk = C:\Program Files\quickenw\bagent.exe
O4 - Global Startup: Compaq A4000 Settings Utility.lnk = C:\Program Files\Compaq A4000\CPQA4000.exe
O4 - Global Startup: Event Planner Reminder.lnk = C:\Program Files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Support - {C93923E0-B74B-4409-8DFA-62D8B9A45F36} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (file missing) (HKCU)
O12 - Plugin for .doc: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npcont.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093388724835
O16 - DPF: {9184D21C-9835-42C5-A883-EA8BE7FC048D} (Downloader Class) - http://www.shop.intuit.com/commerce/accoun...bles/ie/IDA.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe



#5 OFFLINE   rridgely

    I hate computers

  • Moderators
  • 8,858 posts
  • Gender:Male

Posted 03 January 2007 - 04:54 AM

Alright, this computer has a bunch of stuff that an AV is needed to remove.(I guess you could hunt down all those emails but just using an AV would be easier).

Get this free 1 year subscription to Etrust Antivirus here:
http://home3.ca.com/...gistration.aspx

Install, update, and scan with it.
Let me know if it finds all that stuff and also post a new hijackthis log.

#6 OFFLINE   siegs07

    Member

  • Members
  • PipPip
  • 30 posts

Posted 03 January 2007 - 11:06 PM

that AV didn't find anything for me. im going to download AVG antivirus and try again, i had my dad permanently delete some of his emails, maybe that will help a bit. if i find anything with a different AV ill post that log and a new HJT log. do you have any other suggestions for me?



#7 OFFLINE   rridgely

    I hate computers

  • Moderators
  • 8,858 posts
  • Gender:Male

Posted 03 January 2007 - 11:11 PM

No, once you get rid of those emails then you should be good. If you look closely in that Kaspersky log you can see the sender and title of the email. Sadly there isn't an easier way than just using an antivirus or deleting them by hand.

I doubt that if Etrust didn't find them that kaspersky will. I suggest you download either a trial of kaspersky or AOL's active virus shield.(which is a free less featured kaspersky.)

You can get AOL's version here:
http://www.activevir...reeav/index.adp?

Whatever you choose to do let me know if things seem back to normal when your done.(if not post a new log and we will do some more things)

#8 OFFLINE   siegs07

    Member

  • Members
  • PipPip
  • 30 posts

Posted 04 January 2007 - 02:10 AM

well none of those anti virus programs worked, so i eventually just ended up going in and deleting the Inbox file. i then checked my dad's email and it was working fine so hopefully that should take care of everything.

however, i still have a question about the entries that spybot calls "Huntbar" and "CDilla" that i cannot get rid of. that is my only problem and any help would be great. here is a picture of my screen after i run spybot:

http://img403.images.../sderrorkq2.png

is there any way i can delete these things with something like killbox or avenger? and if so would you be kind enough to walk me through that?



latest hijackthis in case anything has changed:
Logfile of HijackThis v1.99.1
Scan saved at 8:55:59 PM, on 1/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CAPDPSRV.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\quickenw\bagent.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jeff Siegert\My Documents\Tyler's Stuff\spyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirect...c01&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.../winsearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape...nsearch200.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.../winsearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [CAPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CAPDPSRV.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Quicken Scheduled Updates.lnk = C:\Program Files\quickenw\bagent.exe
O4 - Global Startup: Compaq A4000 Settings Utility.lnk = C:\Program Files\Compaq A4000\CPQA4000.exe
O4 - Global Startup: Event Planner Reminder.lnk = C:\Program Files\Creative Home\Hallmark Card Studio 2006\Planner\PLNRnote.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Support - {C93923E0-B74B-4409-8DFA-62D8B9A45F36} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093388724835
O16 - DPF: {9184D21C-9835-42C5-A883-EA8BE7FC048D} (Downloader Class) - http://www.shop.intuit.com/commerce/accoun...bles/ie/IDA.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: .NET Framework Service (.NET Connection Service) - - (no file)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - Unknown owner - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" /service (file missing)



#9 OFFLINE   rridgely

    I hate computers

  • Moderators
  • 8,858 posts
  • Gender:Male

Posted 05 January 2007 - 05:02 PM

Those entries are not currently running on your system, meaning it would be over kill to use killbox. Just find and delete them. :D

It might be a good idea to run this as well:
http://www.trendmicr...m/spyware-scan/

Its a pretty fast scan and it might be able to remove those entries for you.

If your system is back to normal then were are finished. :D I suggest you take a look at this guide:
http://forum.ccleane...?showtopic=7936
Back to Spyware Hell


  1. Piriform Community Forums
  2. Computer Help and Discussion
  3. Spyware Hell