Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91699 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Louisc HijackThis log file


  • This topic is locked This topic is locked
8 replies to this topic

#1 louisc

louisc

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 24 February 2007 - 04:17 AM

Logfile of HijackThis v1.99.1
Scan saved at 11:14:56 PM, on 02/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\IE New Window Maximizer\iemaximizer.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\unzipped\hijackthis(3)\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passpor...rf?lc=1033&id=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.Windowsupdate.microsoft.com;*Windowsupdate.com;Windowsupdate.microsoft.com;V4.Windowsupdate.microsoft.com;Download.Windowsupdate.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: TweakMASTER PRO Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\PROGRA~1\TWEAKM~1\TweakBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [IE New Window Maximizer] "C:\Program Files\IE New Window Maximizer\iemaximizer.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Add to &LinkFox - res://C:\PROGRA~1\TWEAKM~1\TweakBHO.dll/IESCRIPT
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - https://www-secure.s...trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - https://www-secure.s...trl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.co...ne_Inst_Win.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1119692924067
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

    Advertisements

Register to Remove


#2 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 24 February 2007 - 01:16 PM

Hello louisc and Welcome to TomCoyote,

There is not much wrong with your hijackthis log--just deleting a couple of do-nothing entries. Are you experiencing problems? Please let me know and we will do other scans.

Updating Java
  • Download the latest version of Java Runtime Environment (JRE) 6.0.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.

Scan with HijackThis. Place a check against each of the following:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

Close all windows or browsers except for Hijackthis. Click on Fix Checked when finished and exit HijackThis.

Post (reply) with a fresh HijackThis log and we will take another look.

Edited by Susan528, 24 February 2007 - 01:17 PM.

Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#3 louisc

louisc

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 25 February 2007 - 03:50 AM

susan528,

Thank you for your help. I am not experiencing any specific problems. I just ran HijackThis to screen for malware on my machine. After I did the things that you recommended, here is my new HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:35:03 PM, on 02/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\IE New Window Maximizer\iemaximizer.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\msiexec.exe
C:\unzipped\hijackthis(3)\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passpor...rf?lc=1033&id=2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.Windowsupdate.microsoft.com;*Windowsupdate.com;Windowsupdate.microsoft.com;V4.Windowsupdate.microsoft.com;Download.Windowsupdate.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: TweakMASTER PRO Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\PROGRA~1\TWEAKM~1\TweakBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [IE New Window Maximizer] "C:\Program Files\IE New Window Maximizer\iemaximizer.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Add to &LinkFox - res://C:\PROGRA~1\TWEAKM~1\TweakBHO.dll/IESCRIPT
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - https://www-secure.s...trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - https://www-secure.s...trl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.co...ne_Inst_Win.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1119692924067
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

#4 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 25 February 2007 - 07:50 AM

I see you are using Sunbelt CounterSpy which is an anti-spyware application but I do not see any anti-virus application installed.

It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. There are also anti-virus applications that are free for personal use.

See this link for a listing of some online & their stand-alone antivirus programs:
Virus, Spyware, and Malware Protection and Removal Resources

==========
Let's run a scan just to check to make sure everything is okay.

Now run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner

* Turn off the real time scanner of any existing antivirus program while performing the online scan
Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Standard
  • Scan Options:
  • Scan Archives
  • Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
  • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop.
Copy and paste that information from Kapersky in your next post.

**Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#5 louisc

louisc

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 26 February 2007 - 04:06 AM

susan528, I am running ZoneAlarm Security Suite which includes a firewall and anti-virus program. I do not have regularly scheduled anti-virus scans, but the anti-virus application is constantly running in the background and frequently (very frequently) automatically updates itself and its definitions. I did turn off the anti-virus program, and tried to launch the Kaspersky Online Scanner. It was very balky. It started to run after I set the zoom to 75% and then aborted. I tried to run it several times then I gave up. I think I will stick with my existing antivirus (Zone Labs). Thanks for all your help. I think I will go to sleep now and run a ZoneAlarm anti-virus scan now,. I hate to run it because it takes forever, but you have scared me into doing it. louisc

#6 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 26 February 2007 - 08:46 AM

On he basis of your hijackthis log, I cannot see any anti-virus product running.

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

vsmon.exe is a process associated with the ZoneAlarm firewall.
zlclient.exe is a part of the ZoneLabs Internet Security range of products, which acts as a firewall for your computer.
mantispm.exe-Spam Filter

This scan works with Internet Explorer.

======
Panda Active Scan
Please go to Panda ActiveScan.
Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on Local Disks to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report, along with a new HijackThis Log, by using Add Reply.
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#7 louisc

louisc

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 28 February 2007 - 02:31 AM

susan528,

I really appreciate the help you are giving me. I managed to get the Kaspersky Online Scanner, which was your first choice, to run. It found 4 viruses and more than 40 infected sites:

KASPERSKY ONLINE SCANNER REPORT
Tuesday, February 27, 2007 3:49:23 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 27/02/2007
Kaspersky Anti-Virus database records: 258709
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
H:\
I:\
J:\
K:\
Scan Statistics
Total number of scanned objects 110888
Number of viruses found 4
Number of infected objects 49 / 0
Number of suspicious objects 0
Duration of the scan process 03:48:34

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-10262006-003140.log Object is locked skipped
C:\Documents and Settings\default\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\default\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\default\Application Data\Mozilla\Profiles\loucopman\p3fmffzw.slt\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From CITIBANK ][Date Sat, 02 Oct 2004 07:17:13 -0400]/UNNAMED/html Infected: Trojan-Spy.HTML.Citifraud.ai skipped
C:\Documents and Settings\default\Application Data\Mozilla\Profiles\loucopman\p3fmffzw.slt\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From CITIBANK ][Date Sat, 02 Oct 2004 07:17:13 -0400]/UNNAMED/[From Smith Barney ][Date Sat, 02 Oct 2004 11:51:15 -0300]/UNNAMED/html Infected: Trojan-Spy.HTML.Smitfraud.c skipped
C:\Documents and Settings\default\Application Data\Mozilla\Profiles\loucopman\p3fmffzw.slt\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From CITIBANK ][Date Sat, 02 Oct 2004 07:17:13 -0400]/UNNAMED/[From Smith Barney ][Date Sat, 02 Oct 2004 11:51:15 -0300]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
C:\Documents and Settings\default\Application Data\Mozilla\Profiles\loucopman\p3fmffzw.slt\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From CITIBANK ][Date Sat, 02 Oct 2004 07:17:13 -0400]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
C:\Documents and Settings\default\Application Data\Mozilla\Profiles\loucopman\p3fmffzw.slt\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html Infected: Trojan-Spy.HTML.Smitfraud.c skipped
C:\Documents and Settings\default\Application Data\Mozilla\Profiles\loucopman\p3fmffzw.slt\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
C:\Documents and Settings\default\Application Data\Mozilla\Profiles\loucopman\p3fmffzw.slt\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
C:\Documents and Settings\default\Application Data\Mozilla\Profiles\loucopman\p3fmffzw.slt\Mail\pop.earthlink-3.net\Inbox Mail Berkeley mbox: infected - 7 skipped
C:\Documents and Settings\default\Application Data\Mozilla\Profiles\loucopman\p3fmffzw.slt\Mail\pop.earthlink-3.net\Trash/[From customerservice@ross-simons.com][Date Mon, 24 May 2004 04:51:38]/text/[From "MOAA" ][Date Tue, 06 Jul 2004 14:36:09 -0700]/UNNAMED/[From CITIBANK ][Date Sat, 02 Oct 2004 07:17:13 -0400]/UNNAMED/html Infected: Trojan-Spy.HTML.Citifraud.ai skipped
C:\Documents and Settings\default\Application Data\Mozilla\Profiles\loucopman\p3fmffzw.slt\Mail\pop.earthlink-3.net\Trash/[From customerservice@ross-simons.com][Date Mon, 24 May 2004 04:51:38]/text/[From "MOAA" ][Date Tue, 06 Jul 2004 14:36:09 -0700]/UNNAMED/[From CITIBANK ][Date Sat, 02 Oct 2004 07:17:13 -0400]/UNNAMED Infected: Trojan-Spy.HTML.Citifraud.ai skipped
C:\Documents and Settings\default\Application Data\Mozilla\Profiles\loucopman\p3fmffzw.slt\Mail\pop.earthlink-3.net\Trash/[From customerservice@ross-simons.com][Date Mon, 24 May 2004 04:51:38]/text/[From "MOAA" ][Date Tue, 06 Jul 2004 14:36:09 -0700]/UNNAMED Infected: Trojan-Spy.HTML.Citifraud.ai skipped
C:\Documents and Settings\default\Application Data\Mozilla\Profiles\loucopman\p3fmffzw.slt\Mail\pop.earthlink-3.net\Trash/[From customerservice@ross-simons.com][Date Mon, 24 May 2004 04:51:38]/text Infected: Trojan-Spy.HTML.Citifraud.ai skipped
C:\Documents and Settings\default\Application Data\Mozilla\Profiles\loucopman\p3fmffzw.slt\Mail\pop.earthlink-3.net\Trash Mail Berkeley mbox: infected - 4 skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From CITIBANK ][Date Sat, 02 Oct 2004 07:17:13 -0400]/UNNAMED/html Infected: Trojan-Spy.HTML.Citifraud.ai skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From CITIBANK ][Date Sat, 02 Oct 2004 07:17:13 -0400]/UNNAMED/[From Smith Barney ][Date Sat, 02 Oct 2004 11:51:15 -0300]/UNNAMED/html Infected: Trojan-Spy.HTML.Smitfraud.c skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From CITIBANK ][Date Sat, 02 Oct 2004 07:17:13 -0400]/UNNAMED/[From Smith Barney ][Date Sat, 02 Oct 2004 11:51:15 -0300]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From CITIBANK ][Date Sat, 02 Oct 2004 07:17:13 -0400]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 -1000]/t ... /[From Kim Komando Show Daily News ][Date Fri, 11 Feb 2005 09:45:00 -0700]/html Infected: Trojan-Spy.HTML.Smitfraud.c skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 -1000]/text/[From ][Date Fri, 11 Feb 2005 05:35:06 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 - ... /[From Kim Komando Show ... /[From "Kelly Jacob" ][Date Fri, 3 Jun 2005 00:31:51 ... /pics.scr Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 - ... /[From Kim Komando Show ... /[From "Kelly Jacob" ][Date Fri, 3 Jun 2005 00:31:51 +0300]/UNNAMED Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 - ... /[From Kim Komando Show Daily Cool Site ][Date Thu, 02 Jun 2005 00:30:00 -0600]/UNNAMED Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 - ... /[From Kim ... /[From "Whos Who Headquarters" ][Date Thu, 02 Jun 2005 03:48:35 -0400]/text Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 - ... /[From Kim Komando Sh ... /[From Slate Magazine ][Date Wed, 01 Jun 2005 14:56:17 EDT]/UNNAMED Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 - ... /[From Kim Komando Show ... /[From ... /[From "Susan Parks" ][Date Wed, 1 Jun 2005 14:56:37 -0400]/text Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 - ... /[From Kim Komando Show ... /[From ][Date Wed, 1 Jun 2005 08:50:04 -0700]/UNNAMED Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 - ... /[From Kim Komando Show Daily Cool Site ][Date Wed, 01 Jun 2005 00:30:00 -0600]/UNNAMED Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 - ... /[From ... /[From Kim Komando Show Daily Tip ][Date Tue, 31 May 2005 03:00:00 -0600]/UNNAMED Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 - ... /[From ... /[From MA ... /[From "Compass Rule Manager" ][Date Mon, 30 May 2005 19:10:40 -0700]/text Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 - ... /[From ... /[From MAILER-DAEMON@mx1.webhelp.com (Mail Delivery System)][Date Mon, 30 May 2005 10:10:59 -0400 (EDT)]/UNNAMED Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 - ... /[From Kim Komando Show Daily Cool Site ][Date Sun, 29 May 2005 08:26:42 -0600]/UNNAMED Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 -1000]/text/[From sales@gri ... /[From Slate Magazine ][Date Thu, 24 Mar 2005 10:13:11 EST]/UNNAMED Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 -1000]/text/[From sales@griotsgarage.com][Date Wed, 16 Feb 2005 02:57:41 -0600 (CST)]/text Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 -1000]/text Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Fri, 22 Jul 2005 22:49:24 - ... /[From "Ord-St ... /[ ... /[From ... /document.htm .exe Infected: Email-Worm.Win32.Doombot.b skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Fri, 22 Jul 2005 22:49:24 - ... /[From "Ord-St ... /[ ... /[From Slate ... /[From register@earthlink.net][Date Mon, 17 Oct 2005 07:11:36 -1000]/document.zip Infected: Email-Worm.Win32.Doombot.b skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Fri, 22 Jul 2005 22:49:24 - ... /[From "Ord-St ... /[ ... ... /account-report.htm .pif Infected: Email-Worm.Win32.Doombot.b skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Fri, 22 Jul 2005 22:49:24 - ... /[From "Ord-St ... /[ ... /[From Slate Magazine ... /[From mail@earthlink.net][Date Mon, 17 Oct 2005 ... /account-report.zip Infected: Email-Worm.Win32.Doombot.b skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Fri, 22 Jul 2005 22:49:24 - ... /[From "Ord-St ... /[ ... /[From Slate Magazine ... /[From mail@earthlink.net][Date Mon, 17 Oct 2005 08:00:43 -1000]/UNNAMED Infected: Email-Worm.Win32.Doombot.b skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Fri, 22 Jul 2005 22:49:24 - ... /[From "Ord-St ... /[ ... /[From Slate Magazine ][Date Mon, 17 Oct 2005 12:55:31 EDT]/UNNAMED Infected: Email-Worm.Win32.Doombot.b skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Fri, 22 Jul 2005 22:49:24 - ... /[From "Ord-St ... /[From "Akaka, senator (Akaka)" ][Date Mon, 17 Oct 2005 08:32:45 -0400]/UNNAMED Infected: Email-Worm.Win32.Doombot.b skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Fri, 22 Jul 2005 22:49:24 - ... /[From "Ord-Status Mail - Ord-Status Email." ][Date Mon, 17 Oct 2005 06:22:52 -0400 (EDT)]/text Infected: Email-Worm.Win32.Doombot.b skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Fri, 22 Jul 2005 22:49:24 - ... /[From Kim Komando Show Daily Cool Site ][Date Sun, 16 Oct 2005 00:30:00 -0600]/UNNAMED Infected: Email-Worm.Win32.Doombot.b skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Fri, 22 Jul 2005 22:49:24 - ... /[From Kim Komando Show Daily Cool Site ][Date Sat, 15 Oct 2005 00:30:00 -0600]/UNNAMED Infected: Email-Worm.Win32.Doombot.b skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Fri, 22 Jul 2005 22:49:24 -1000]/text Infected: Email-Worm.Win32.Doombot.b skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html Infected: Email-Worm.Win32.Doombot.b skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED Infected: Email-Worm.Win32.Doombot.b skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED Infected: Email-Worm.Win32.Doombot.b skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox Mail Berkeley mbox: infected - 35 skipped
C:\Documents and Settings\default\cookies\index.dat Object is locked skipped
C:\Documents and Settings\default\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\default\Local Settings\Temp\~DF371C.tmp Object is locked skipped
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\default\ntuser.dat Object is locked skipped
C:\Documents and Settings\default\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\MailBuddy.log Object is locked skipped
C:\System Volume Information\_restore{F046EE99-C0E7-4C12-A706-7CD79FA9390E}\RP1252\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\HOME.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{15759241-4CA4-4F7B-8BA8-28A4B70C2020}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\system.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\TMP0000003579B9763D5CC8559D Object is locked skipped
C:\WINDOWS\TEMP\ZLT055f4.TMP Object is locked skipped
C:\WINDOWS\TEMP\ZLT055fa.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

I then ran another HiJackThis scan:

Logfile of HijackThis v1.99.1
Scan saved at 10:21:21 PM, on 02/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\IE New Window Maximizer\iemaximizer.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Mozilla Thunderbird Beta 2\thunderbird.exe
C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
C:\unzipped\hijackthis(3)\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passpor...rf?lc=1033&id=2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.Windowsupdate.microsoft.com;*Windowsupdate.com;Windowsupdate.microsoft.com;V4.Windowsupdate.microsoft.com;Download.Windowsupdate.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: TweakMASTER PRO Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\PROGRA~1\TWEAKM~1\TweakBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [IE New Window Maximizer] "C:\Program Files\IE New Window Maximizer\iemaximizer.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Add to &LinkFox - res://C:\PROGRA~1\TWEAKM~1\TweakBHO.dll/IESCRIPT
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - https://www-secure.s...trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - https://www-secure.s...trl/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.co...ne_Inst_Win.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1119692924067
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Thanks again for your guidance.
louisc

#8 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 28 February 2007 - 08:49 AM

Basically everything looks good. However you have old infected emails remaining on your system. Try compacting the folders and deleting the emails.
http://kb.mozillazin...pacting_folders

I would then run Kapersky and make sure that you were able to be rid of them.
Please let me know if you have any problems.
Please reply when you have gotten rid of them and I will give the final recommendations.

C:\Documents and Settings\default\Application Data\Mozilla\Profiles\loucopman\p3fmffzw.slt\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From CITIBANK ][Date Sat, 02 Oct 2004 07:17:13 -0400]/UNNAMED/html Infected: Trojan-Spy.HTML.Citifraud.ai skipped
C:\Documents and Settings\default\Application Data\Mozilla\Profiles\loucopman\p3fmffzw.slt\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From CITIBANK ][Date Sat, 02 Oct 2004 07:17:13 -0400]/UNNAMED/[From Smith Barney ][Date Sat, 02 Oct 2004 11:51:15 -0300]/UNNAMED/html Infected: Trojan-Spy.HTML.Smitfraud.c skipped
C:\Documents and Settings\default\Application Data\Mozilla\Profiles\loucopman\p3fmffzw.slt\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From CITIBANK ][Date Sat, 02 Oct 2004 07:17:13 -0400]/UNNAMED/[From Smith Barney ][Date Sat, 02 Oct 2004 11:51:15 -0300]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
C:\Documents and Settings\default\Application Data\Mozilla\Profiles\loucopman\p3fmffzw.slt\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From CITIBANK ][Date Sat, 02 Oct 2004 07:17:13 -0400]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
C:\Documents and Settings\default\Application Data\Mozilla\Profiles\loucopman\p3fmffzw.slt\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html Infected: Trojan-Spy.HTML.Smitfraud.c skipped
C:\Documents and Settings\default\Application Data\Mozilla\Profiles\loucopman\p3fmffzw.slt\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
C:\Documents and Settings\default\Application Data\Mozilla\Profiles\loucopman\p3fmffzw.slt\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
C:\Documents and Settings\default\Application Data\Mozilla\Profiles\loucopman\p3fmffzw.slt\Mail\pop.earthlink-3.net\Inbox Mail Berkeley mbox: infected - 7 skipped
C:\Documents and Settings\default\Application Data\Mozilla\Profiles\loucopman\p3fmffzw.slt\Mail\pop.earthlink-3.net\Trash/[From customerservice@ross-simons.com][Date Mon, 24 May 2004 04:51:38]/text/[From "MOAA" ][Date Tue, 06 Jul 2004 14:36:09 -0700]/UNNAMED/[From CITIBANK ][Date Sat, 02 Oct 2004 07:17:13 -0400]/UNNAMED/html Infected: Trojan-Spy.HTML.Citifraud.ai skipped
C:\Documents and Settings\default\Application Data\Mozilla\Profiles\loucopman\p3fmffzw.slt\Mail\pop.earthlink-3.net\Trash/[From customerservice@ross-simons.com][Date Mon, 24 May 2004 04:51:38]/text/[From "MOAA" ][Date Tue, 06 Jul 2004 14:36:09 -0700]/UNNAMED/[From CITIBANK ][Date Sat, 02 Oct 2004 07:17:13 -0400]/UNNAMED Infected: Trojan-Spy.HTML.Citifraud.ai skipped
C:\Documents and Settings\default\Application Data\Mozilla\Profiles\loucopman\p3fmffzw.slt\Mail\pop.earthlink-3.net\Trash/[From customerservice@ross-simons.com][Date Mon, 24 May 2004 04:51:38]/text/[From "MOAA" ][Date Tue, 06 Jul 2004 14:36:09 -0700]/UNNAMED Infected: Trojan-Spy.HTML.Citifraud.ai skipped
C:\Documents and Settings\default\Application Data\Mozilla\Profiles\loucopman\p3fmffzw.slt\Mail\pop.earthlink-3.net\Trash/[From customerservice@ross-simons.com][Date Mon, 24 May 2004 04:51:38]/text Infected: Trojan-Spy.HTML.Citifraud.ai skipped
C:\Documents and Settings\default\Application Data\Mozilla\Profiles\loucopman\p3fmffzw.slt\Mail\pop.earthlink-3.net\Trash Mail Berkeley mbox: infected - 4 skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From CITIBANK ][Date Sat, 02 Oct 2004 07:17:13 -0400]/UNNAMED/html Infected: Trojan-Spy.HTML.Citifraud.ai skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From CITIBANK ][Date Sat, 02 Oct 2004 07:17:13 -0400]/UNNAMED/[From Smith Barney ][Date Sat, 02 Oct 2004 11:51:15 -0300]/UNNAMED/html Infected: Trojan-Spy.HTML.Smitfraud.c skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From CITIBANK ][Date Sat, 02 Oct 2004 07:17:13 -0400]/UNNAMED/[From Smith Barney ][Date Sat, 02 Oct 2004 11:51:15 -0300]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From CITIBANK ][Date Sat, 02 Oct 2004 07:17:13 -0400]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 -1000]/t ... /[From Kim Komando Show Daily News ][Date Fri, 11 Feb 2005 09:45:00 -0700]/html Infected: Trojan-Spy.HTML.Smitfraud.c skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 -1000]/text/[From ][Date Fri, 11 Feb 2005 05:35:06 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Smitfraud.c skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 - ... /[From Kim Komando Show ... /[From "Kelly Jacob" ][Date Fri, 3 Jun 2005 00:31:51 ... /pics.scr Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 - ... /[From Kim Komando Show ... /[From "Kelly Jacob" ][Date Fri, 3 Jun 2005 00:31:51 +0300]/UNNAMED Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 - ... /[From Kim Komando Show Daily Cool Site ][Date Thu, 02 Jun 2005 00:30:00 -0600]/UNNAMED Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 - ... /[From Kim ... /[From "Whos Who Headquarters" ][Date Thu, 02 Jun 2005 03:48:35 -0400]/text Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 - ... /[From Kim Komando Sh ... /[From Slate Magazine ][Date Wed, 01 Jun 2005 14:56:17 EDT]/UNNAMED Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 - ... /[From Kim Komando Show ... /[From ... /[From "Susan Parks" ][Date Wed, 1 Jun 2005 14:56:37 -0400]/text Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 - ... /[From Kim Komando Show ... /[From ][Date Wed, 1 Jun 2005 08:50:04 -0700]/UNNAMED Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 - ... /[From Kim Komando Show Daily Cool Site ][Date Wed, 01 Jun 2005 00:30:00 -0600]/UNNAMED Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 - ... /[From ... /[From Kim Komando Show Daily Tip ][Date Tue, 31 May 2005 03:00:00 -0600]/UNNAMED Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 - ... /[From ... /[From MA ... /[From "Compass Rule Manager" ][Date Mon, 30 May 2005 19:10:40 -0700]/text Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 - ... /[From ... /[From MAILER-DAEMON@mx1.webhelp.com (Mail Delivery System)][Date Mon, 30 May 2005 10:10:59 -0400 (EDT)]/UNNAMED Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 - ... /[From Kim Komando Show Daily Cool Site ][Date Sun, 29 May 2005 08:26:42 -0600]/UNNAMED Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 -1000]/text/[From sales@gri ... /[From Slate Magazine ][Date Thu, 24 Mar 2005 10:13:11 EST]/UNNAMED Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 -1000]/text/[From sales@griotsgarage.com][Date Wed, 16 Feb 2005 02:57:41 -0600 (CST)]/text Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Sat, 01 Jan 2005 00:00:04 -1000]/text Infected: Trojan-Downloader.Win32.Small.axr skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Fri, 22 Jul 2005 22:49:24 - ... /[From "Ord-St ... /[ ... /[From ... /document.htm .exe Infected: Email-Worm.Win32.Doombot.b skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Fri, 22 Jul 2005 22:49:24 - ... /[From "Ord-St ... /[ ... /[From Slate ... /[From register@earthlink.net][Date Mon, 17 Oct 2005 07:11:36 -1000]/document.zip Infected: Email-Worm.Win32.Doombot.b skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Fri, 22 Jul 2005 22:49:24 - ... /[From "Ord-St ... /[ ... ... /account-report.htm .pif Infected: Email-Worm.Win32.Doombot.b skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Fri, 22 Jul 2005 22:49:24 - ... /[From "Ord-St ... /[ ... /[From Slate Magazine ... /[From mail@earthlink.net][Date Mon, 17 Oct 2005 ... /account-report.zip Infected: Email-Worm.Win32.Doombot.b skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Fri, 22 Jul 2005 22:49:24 - ... /[From "Ord-St ... /[ ... /[From Slate Magazine ... /[From mail@earthlink.net][Date Mon, 17 Oct 2005 08:00:43 -1000]/UNNAMED Infected: Email-Worm.Win32.Doombot.b skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Fri, 22 Jul 2005 22:49:24 - ... /[From "Ord-St ... /[ ... /[From Slate Magazine ][Date Mon, 17 Oct 2005 12:55:31 EDT]/UNNAMED Infected: Email-Worm.Win32.Doombot.b skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Fri, 22 Jul 2005 22:49:24 - ... /[From "Ord-St ... /[From "Akaka, senator (Akaka)" ][Date Mon, 17 Oct 2005 08:32:45 -0400]/UNNAMED Infected: Email-Worm.Win32.Doombot.b skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Fri, 22 Jul 2005 22:49:24 - ... /[From "Ord-Status Mail - Ord-Status Email." ][Date Mon, 17 Oct 2005 06:22:52 -0400 (EDT)]/text Infected: Email-Worm.Win32.Doombot.b skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Fri, 22 Jul 2005 22:49:24 - ... /[From Kim Komando Show Daily Cool Site ][Date Sun, 16 Oct 2005 00:30:00 -0600]/UNNAMED Infected: Email-Worm.Win32.Doombot.b skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Fri, 22 Jul 2005 22:49:24 - ... /[From Kim Komando Show Daily Cool Site ][Date Sat, 15 Oct 2005 00:30:00 -0600]/UNNAMED Infected: Email-Worm.Win32.Doombot.b skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html/[From Louis Copman ][Date Fri, 22 Jul 2005 22:49:24 -1000]/text Infected: Email-Worm.Win32.Doombot.b skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED/[From "Slate Magazine" ][Date 5 Jul 2004 17:31:01 -0700]/html Infected: Email-Worm.Win32.Doombot.b skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED/[From ][Date Wed, 25 Dec 2002 01:06:27 -0600]/UNNAMED Infected: Email-Worm.Win32.Doombot.b skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox/[From Charles G. Betty -- EarthLink President & CEO ][Date Fri, 20 Dec 2002 03:06:10 PST]/UNNAMED Infected: Email-Worm.Win32.Doombot.b skipped
C:\Documents and Settings\default\Application Data\Thunderbird\Profiles\sjs837yq.default\Mail\pop.earthlink-3.net\Inbox Mail Berkeley mbox: infected - 35 skipped
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#9 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 19 March 2007 - 09:51 AM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users