Options
Java virus and many others
Greetings:
I'm assisting my father as he tries to get his PC back to operational status. His use of anti-virus has been spotty at best. While functional, the PC is extremely slow to boot, and has hundreds of strange icons on his desktop. If I delete them, they simply replicate themselves. One of the virus found was a Java virus, but it seems to have many friends.
I have followed the instructions on the Read This First page, and am attaching the HJT Log and the file saved from the Kaspersky scan.
Logfile of HijackThis v1.99.1
Scan saved at 3:22:11 PM, on 6/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\NORTON~1\NORTON~1\Navapw32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
C:\Program Files\eFax Messenger 4.0\J2GTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Qlock\qlock.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\INCRED~2\bin\IMApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\INCRED~2\bin\ImNotfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=msgr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=msgr
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\Navapw32.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpySweeper.exe" /0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [XSC SIP Client] "C:\Program Files\X-PRO Vonage\X-PRO-Vonage.exe"
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: qlock.lnk = C:\Program Files\Qlock\qlock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: eFax DllCmd 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120779469390
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mtinaevents.webex.com/client/v_mywebex-t20/event/ieatgpc.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{E808A106-92E7-448A-9265-CD98130F8817}: Domain = earthlink.net
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
___________________________
Kaspersky logfile
KASPERSKY ON-LINE SCANNER REPORT
Friday, June 16, 2006 3:19:24 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 16/06/2006
Kaspersky Anti-Virus database records: 189004
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 191077
Number of viruses found: 11
Number of infected objects: 57
Number of suspicious objects: 0
Duration of the scan process: 03:12:37
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\05D73D49.tmp Infected: Email-Worm.Win32.Tanatos.b skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0A6F6DA5.tmp Infected: Backdoor.Win32.SdBot.gen skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\108A793C.tmp Infected: Email-Worm.Win32.Sober.c skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\130E2933.tmp Infected: Email-Worm.Win32.Sobig.f skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\144433DB.tmp Infected: Email-Worm.Win32.Tanatos.b skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\162C5F7D.tmp Infected: Email-Worm.Win32.Mimail.j skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\167B4F27.tmp Infected: Email-Worm.Win32.Mimail.j skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\16AC44F1.tmp Infected: Email-Worm.Win32.Mimail.j skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\19160D24.tmp Infected: Email-Worm.Win32.Mimail.a skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2F072ED7.tmp Infected: Email-Worm.Win32.Tanatos.b.dam skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\351926E3.tmp Infected: Email-Worm.Win32.Mimail.j skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3A773104.tmp Infected: Trojan-Dropper.JS.Mimail.b skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\51F24FB3.tmp Infected: Email-Worm.Win32.Sobig.f skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\522A1976.tmp Infected: Email-Worm.Win32.Sobig.f skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\52543B48.tmp Infected: Email-Worm.Win32.Sobig.f skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\529C56F8.tmp Infected: Email-Worm.Win32.Sobig.f skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5A7970F1.tmp Infected: Email-Worm.Win32.Tanatos.b.dam skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5B5C51CB.tmp Infected: Email-Worm.Win32.Tanatos.b.dam skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\61F17C66.tmp Infected: Email-Worm.Win32.Mimail.j skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6208224D.tmp Infected: Email-Worm.Win32.Mimail.j skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\65726AFB.tmp Infected: Email-Worm.Win32.Tanatos.b.dam skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\66502B4B.tmp Infected: Email-Worm.Win32.Sobig.f skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6A977572.tmp Infected: Email-Worm.Win32.Sobig.f skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6FFF0220.tmp Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\734B28B9.tmp Infected: Email-Worm.Win32.Sobig.f skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\778069D3.tmp Infected: Email-Worm.Win32.Mimail.j skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7AC47BF9.tmp Infected: Email-Worm.Win32.Sobig.a skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\05D73D49.tmp Infected: Email-Worm.Win32.Tanatos.b skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0A6F6DA5.tmp Infected: Backdoor.Win32.SdBot.gen skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\108A793C.tmp Infected: Email-Worm.Win32.Sober.c skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\130E2933.tmp Infected: Email-Worm.Win32.Sobig.f skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\144433DB.tmp Infected: Email-Worm.Win32.Tanatos.b skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\162C5F7D.tmp Infected: Email-Worm.Win32.Mimail.j skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\167B4F27.tmp Infected: Email-Worm.Win32.Mimail.j skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\16AC44F1.tmp Infected: Email-Worm.Win32.Mimail.j skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\19160D24.tmp Infected: Email-Worm.Win32.Mimail.a skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2F072ED7.tmp Infected: Email-Worm.Win32.Tanatos.b.dam skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\351926E3.tmp Infected: Email-Worm.Win32.Mimail.j skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3A773104.tmp Infected: Trojan-Dropper.JS.Mimail.b skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\51F24FB3.tmp Infected: Email-Worm.Win32.Sobig.f skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\522A1976.tmp Infected: Email-Worm.Win32.Sobig.f skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\52543B48.tmp Infected: Email-Worm.Win32.Sobig.f skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\529C56F8.tmp Infected: Email-Worm.Win32.Sobig.f skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5A7970F1.tmp Infected: Email-Worm.Win32.Tanatos.b.dam skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5B5C51CB.tmp Infected: Email-Worm.Win32.Tanatos.b.dam skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\61F17C66.tmp Infected: Email-Worm.Win32.Mimail.j skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6208224D.tmp Infected: Email-Worm.Win32.Mimail.j skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\65726AFB.tmp Infected: Email-Worm.Win32.Tanatos.b.dam skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\66502B4B.tmp Infected: Email-Worm.Win32.Sobig.f skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6A977572.tmp Infected: Email-Worm.Win32.Sobig.f skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6FFF0220.tmp Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\734B28B9.tmp Infected: Email-Worm.Win32.Sobig.f skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\778069D3.tmp Infected: Email-Worm.Win32.Mimail.j skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7AC47BF9.tmp Infected: Email-Worm.Win32.Sobig.a skipped
C:\RECYCLER\NPROTECT\00257528.RCV/[From "G.otis" <g.otis@academiegsi.com>][Date Wed, 21 Sep 2005 00:32:24 +0100]/new__price.zip/price_20.exe Infected: Email-Worm.Win32.Bagle.df skipped
C:\RECYCLER\NPROTECT\00257528.RCV/[From "G.otis" <g.otis@academiegsi.com>][Date Wed, 21 Sep 2005 00:32:24 +0100]/new__price.zip Infected: Email-Worm.Win32.Bagle.df skipped
C:\RECYCLER\NPROTECT\00257528.RCV Mail: infected - 2 skipped
Thanks in advance for any assistance offered.
I'm assisting my father as he tries to get his PC back to operational status. His use of anti-virus has been spotty at best. While functional, the PC is extremely slow to boot, and has hundreds of strange icons on his desktop. If I delete them, they simply replicate themselves. One of the virus found was a Java virus, but it seems to have many friends.
I have followed the instructions on the Read This First page, and am attaching the HJT Log and the file saved from the Kaspersky scan.
Logfile of HijackThis v1.99.1
Scan saved at 3:22:11 PM, on 6/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\NORTON~1\NORTON~1\Navapw32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
C:\Program Files\eFax Messenger 4.0\J2GTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Qlock\qlock.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\INCRED~2\bin\IMApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\INCRED~2\bin\ImNotfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=msgr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=msgr
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\Navapw32.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpySweeper.exe" /0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [XSC SIP Client] "C:\Program Files\X-PRO Vonage\X-PRO-Vonage.exe"
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: qlock.lnk = C:\Program Files\Qlock\qlock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: eFax DllCmd 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120779469390
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mtinaevents.webex.com/client/v_mywebex-t20/event/ieatgpc.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{E808A106-92E7-448A-9265-CD98130F8817}: Domain = earthlink.net
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
___________________________
Kaspersky logfile
KASPERSKY ON-LINE SCANNER REPORT
Friday, June 16, 2006 3:19:24 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 16/06/2006
Kaspersky Anti-Virus database records: 189004
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 191077
Number of viruses found: 11
Number of infected objects: 57
Number of suspicious objects: 0
Duration of the scan process: 03:12:37
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\05D73D49.tmp Infected: Email-Worm.Win32.Tanatos.b skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0A6F6DA5.tmp Infected: Backdoor.Win32.SdBot.gen skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\108A793C.tmp Infected: Email-Worm.Win32.Sober.c skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\130E2933.tmp Infected: Email-Worm.Win32.Sobig.f skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\144433DB.tmp Infected: Email-Worm.Win32.Tanatos.b skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\162C5F7D.tmp Infected: Email-Worm.Win32.Mimail.j skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\167B4F27.tmp Infected: Email-Worm.Win32.Mimail.j skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\16AC44F1.tmp Infected: Email-Worm.Win32.Mimail.j skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\19160D24.tmp Infected: Email-Worm.Win32.Mimail.a skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2F072ED7.tmp Infected: Email-Worm.Win32.Tanatos.b.dam skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\351926E3.tmp Infected: Email-Worm.Win32.Mimail.j skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3A773104.tmp Infected: Trojan-Dropper.JS.Mimail.b skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\51F24FB3.tmp Infected: Email-Worm.Win32.Sobig.f skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\522A1976.tmp Infected: Email-Worm.Win32.Sobig.f skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\52543B48.tmp Infected: Email-Worm.Win32.Sobig.f skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\529C56F8.tmp Infected: Email-Worm.Win32.Sobig.f skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5A7970F1.tmp Infected: Email-Worm.Win32.Tanatos.b.dam skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5B5C51CB.tmp Infected: Email-Worm.Win32.Tanatos.b.dam skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\61F17C66.tmp Infected: Email-Worm.Win32.Mimail.j skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6208224D.tmp Infected: Email-Worm.Win32.Mimail.j skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\65726AFB.tmp Infected: Email-Worm.Win32.Tanatos.b.dam skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\66502B4B.tmp Infected: Email-Worm.Win32.Sobig.f skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6A977572.tmp Infected: Email-Worm.Win32.Sobig.f skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6FFF0220.tmp Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\734B28B9.tmp Infected: Email-Worm.Win32.Sobig.f skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\778069D3.tmp Infected: Email-Worm.Win32.Mimail.j skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\aug 22 2005\C\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7AC47BF9.tmp Infected: Email-Worm.Win32.Sobig.a skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\05D73D49.tmp Infected: Email-Worm.Win32.Tanatos.b skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0A6F6DA5.tmp Infected: Backdoor.Win32.SdBot.gen skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\108A793C.tmp Infected: Email-Worm.Win32.Sober.c skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\130E2933.tmp Infected: Email-Worm.Win32.Sobig.f skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\144433DB.tmp Infected: Email-Worm.Win32.Tanatos.b skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\162C5F7D.tmp Infected: Email-Worm.Win32.Mimail.j skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\167B4F27.tmp Infected: Email-Worm.Win32.Mimail.j skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\16AC44F1.tmp Infected: Email-Worm.Win32.Mimail.j skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\19160D24.tmp Infected: Email-Worm.Win32.Mimail.a skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2F072ED7.tmp Infected: Email-Worm.Win32.Tanatos.b.dam skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\351926E3.tmp Infected: Email-Worm.Win32.Mimail.j skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3A773104.tmp Infected: Trojan-Dropper.JS.Mimail.b skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\51F24FB3.tmp Infected: Email-Worm.Win32.Sobig.f skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\522A1976.tmp Infected: Email-Worm.Win32.Sobig.f skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\52543B48.tmp Infected: Email-Worm.Win32.Sobig.f skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\529C56F8.tmp Infected: Email-Worm.Win32.Sobig.f skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5A7970F1.tmp Infected: Email-Worm.Win32.Tanatos.b.dam skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5B5C51CB.tmp Infected: Email-Worm.Win32.Tanatos.b.dam skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\61F17C66.tmp Infected: Email-Worm.Win32.Mimail.j skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6208224D.tmp Infected: Email-Worm.Win32.Mimail.j skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\65726AFB.tmp Infected: Email-Worm.Win32.Tanatos.b.dam skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\66502B4B.tmp Infected: Email-Worm.Win32.Sobig.f skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6A977572.tmp Infected: Email-Worm.Win32.Sobig.f skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6FFF0220.tmp Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\734B28B9.tmp Infected: Email-Worm.Win32.Sobig.f skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\778069D3.tmp Infected: Email-Worm.Win32.Mimail.j skipped
C:\Documents and Settings\Owner\My Documents\Systweak Backup Manager Pro\May 25 2005\E\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7AC47BF9.tmp Infected: Email-Worm.Win32.Sobig.a skipped
C:\RECYCLER\NPROTECT\00257528.RCV/[From "G.otis" <g.otis@academiegsi.com>][Date Wed, 21 Sep 2005 00:32:24 +0100]/new__price.zip/price_20.exe Infected: Email-Worm.Win32.Bagle.df skipped
C:\RECYCLER\NPROTECT\00257528.RCV/[From "G.otis" <g.otis@academiegsi.com>][Date Wed, 21 Sep 2005 00:32:24 +0100]/new__price.zip Infected: Email-Worm.Win32.Bagle.df skipped
C:\RECYCLER\NPROTECT\00257528.RCV Mail: infected - 2 skipped
Thanks in advance for any assistance offered.
0