Solved: HJT Log attached

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

joe trinkley

Thread Starter
Joined
Jul 6, 2005
Messages
43
I've got wierd stuff going on...including a virus that Norton can't delete, quarentine or fix...

Could someone take a look?

Logfile of HijackThis v1.99.1
Scan saved at 7:45:57 PM, on 1/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\anti_troj.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\anti_troj.exe
C:\Program Files\SlipStream Web Accelerator\RCNaccel.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\Don't Touch\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\SlipStream Web Accelerator\PBHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [anti_troj] C:\WINDOWS\system32\anti_troj.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [anti_troj] C:\WINDOWS\system32\anti_troj.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: SlipStream Web Accelerator.lnk = C:\Program Files\SlipStream Web Accelerator\RCNaccel.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137070492218
O17 - HKLM\System\CCS\Services\Tcpip\..\{12FA47FC-1A67-4143-A517-BD60AB5DCD9F}: NameServer = 207.172.3.8 207.172.3.9
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
 
Joined
Jul 8, 2002
Messages
14,681
  • Run HijackThis and click Do a system scan only
  • Put a checkmark next to any of the following entries that appear, and click Fix Checked:

    O4 - HKLM\..\Run: [anti_troj] C:\WINDOWS\system32\anti_troj.exe
    O4 - HKCU\..\Run: [anti_troj] C:\WINDOWS\system32\anti_troj.exe
  • Exit HijackThis
  • Locate and delete any of the following files found on your computer:

    C:\WINDOWS\system32\anti_troj.exe
  • Restart your computer
  • Run HijackThis and click Do a system scan and save a log file
  • Your HijackThis log will open in Notepad. Post the contents of the log here
 

joe trinkley

Thread Starter
Joined
Jul 6, 2005
Messages
43
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, January 15, 2006 10:38:20
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 15/01/2006
Kaspersky Anti-Virus database records: 161195
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 25559
Number of viruses found: 4
Number of infected objects: 363
Number of suspicious objects: 0
Duration of the scan process: 1045 sec

Infected Object Name - Virus Name
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP166\A0016986.exe Infected: Email-Worm.Win32.Bagle.fb
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017119.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017120.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017121.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017122.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017123.exe Infected: SpamTool.Win32.Bagle.d
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017124.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017125.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017126.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017127.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017128.exe Infected: SpamTool.Win32.Bagle.d
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017129.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017130.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017131.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017132.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017133.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017134.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017135.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017136.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017137.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017138.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017139.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017140.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017141.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017142.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017143.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017144.exe Infected: SpamTool.Win32.Bagle.d
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017145.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017146.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017147.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017148.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017149.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017150.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017151.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017152.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017153.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017154.exe Infected: SpamTool.Win32.Bagle.d
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017155.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017156.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017157.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017158.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017159.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017160.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017161.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017162.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017163.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017164.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017165.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017166.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017167.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017168.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017169.exe Infected: Email-Worm.Win32.Bagle.fb
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017170.exe Infected: Email-Worm.Win32.Bagle.fb
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017171.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017172.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017173.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017174.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017175.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017176.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017177.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017178.exe Infected: SpamTool.Win32.Bagle.d
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017179.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017180.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017181.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017182.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017183.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017184.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017185.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017186.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017187.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017188.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017189.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017190.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017191.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017192.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017193.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017194.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017195.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017196.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017197.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017198.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017199.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017200.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017201.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017202.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017203.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017204.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017205.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017206.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017207.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017208.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017209.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017210.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017211.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017212.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017213.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017214.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017215.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017216.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017217.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017218.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017219.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017220.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017221.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017222.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017223.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017224.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017225.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017226.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017227.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017228.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017229.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017230.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017231.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017232.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017233.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017234.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017235.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017236.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017237.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017238.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017239.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017240.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017241.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017242.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017243.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017244.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017245.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017246.exe Infected: Email-Worm.Win32.Bagle.fb
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017247.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017248.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017249.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017250.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017251.exe Infected: SpamTool.Win32.Bagle.d
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017252.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017253.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017254.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017255.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017256.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017257.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017258.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017259.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017260.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017261.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017262.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017263.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017264.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017265.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017266.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017267.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017268.exe Infected: SpamTool.Win32.Bagle.d
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017269.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017270.exe Infected: SpamTool.Win32.Bagle.d
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017271.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017272.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017273.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017274.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017275.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017276.exe Infected: SpamTool.Win32.Bagle.d
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017277.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017278.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017279.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017280.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017281.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017282.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017283.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017284.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017285.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017286.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017287.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017288.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017289.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017290.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017291.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017292.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017293.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017294.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017295.exe Infected: Email-Worm.Win32.Bagle.fc
C:\System Volume Information\_restore{D3F516EC-34AD-4E01-9716-4A05B156D038}\RP167\A0017296.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\Deleted Items.dbx/[From eBay <[email protected]>][Date Sat, 14 Jan 2006 07:37:32 +0400]/UNNAMED/html Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\!Submit\Deleted Items.dbx/[From eBay <[email protected]>][Date Sat, 14 Jan 2006 07:37:32 +0400]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\!Submit\Deleted Items.dbx/[From eBay <[email protected]>][Date Sun, 08 Jan 2006 20:48:29 -0400]/UNNAMED/html Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\!Submit\Deleted Items.dbx/[From eBay <[email protected]>][Date Sun, 08 Jan 2006 20:48:29 -0400]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\!Submit\Deleted Items.dbx Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\!Submit\73074787.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\4E0754A4.exe Infected: Email-Worm.Win32.Bagle.fb
...continued on next post
 

joe trinkley

Thread Starter
Joined
Jul 6, 2005
Messages
43
C:\!Submit\4F1076AE.exe Infected: Email-Worm.Win32.Bagle.fb
C:\!Submit\59AB0F89.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\59B8377B.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\16E5734E.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\17C64456.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\5C8A15CE.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\5C8D3FCB.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\229C1268.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\22B3384F.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\693B7E60.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\37E941D0.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\695E4C38.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\696C742A.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\0E62060F.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\078F3A68.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\0EB075B9.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\0EB749B1.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\4C733CE6.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\4CA108B4.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\0A253225.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\0A295C22.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\36CB50B9.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\644A14B8.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\781A2FFF.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\786575AD.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\36942664.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\3A366463.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\0E667EE3.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\0F7F19AE.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\61080F61.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\3BD670A6.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\202C0D0B.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\21C1634D.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\5E4741D7.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\00134288.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\1C896E78.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\1D68348C.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\3A74781D.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\3B115770.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\743D1C89.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\7AA03EA3.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\5F530247.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\7B3D1DF7.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\74DC2226.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\3BD54E06.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\744845AD.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\3C780153.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\21B429A1.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\7D2C0DC5.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\227800C9.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\227F54C2.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\62492FB4.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\36D1534D.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\62F660F6.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\29424928.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\1D8827A5.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\7F9E1DF3.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\1E3802E3.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\37D771CE.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\5F354884.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\5FDC25CC.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\1162311C.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\17006DB0.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\172A0F82.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\17C344D9.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\17D416C7.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\6B781C29.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\6B9C6A01.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\6C22236E.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\6C394955.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\2A335A45.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\2ADD618A.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\2B282738.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\2BC83088.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\2EBA32B7.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\2ECE2EA1.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\2F845DD8.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\6FD47237.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\72384B2A.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\70854D75.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\7098495F.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\2FAB751B.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\5C8344DA.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\305F7A55.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\5A8476B4.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\709114D4.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\70A510BE.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\296B56D6.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\15A21CC5.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\2A4C27DE.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\2A4F51DB.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\678261A6.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\27CD48D2.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\683910DD.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\684638CF.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\3A686B91.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\3C625764.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\107A3C15.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\7DDF0278.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\7E4E15FE.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\7E8F5DB6.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\7EEA7552.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\660C1541.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\7EB570D5.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\66B61C86.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\246567C9.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\249D318C.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\25091B15.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\253D3ADC.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\62E20829.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\09EC02CC.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\637C3D80.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\211138E0.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\049040D5.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\21B71629.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\6B717AB2.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\22DC1F79.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\22DF4975.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\237C28C9.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\140B66BA.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\603C7B12.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\071C050F.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\60DC0462.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\60EA2C53.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\1F2504FC.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\0B5230F1.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\219B2C46.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\273B0E6C.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\5E764E73.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\5F1657C3.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\23DE1A9B.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\35757624.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\766163C1.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\36222765.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\36297B5E.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\5B7D01EB.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\73AA7AD4.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\7C955DC8.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\233D2078.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\2530737D.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\25133E73.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\65C9531B.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\293A5ABB.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\29981C52.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\29DA640B.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\2A357BA6.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\0D7C3AF8.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\0E26423D.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\0E9B29BC.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\0F5258F3.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\4AB51EBC.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\4B3F0225.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\0752232D.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\07806EFB.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\0A065E31.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\21E83750.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\0A130623.exe Infected: SpamTool.Win32.Bagle.d
C:\!Submit\39082F4D.exe Infected: SpamTool.Win32.Bagle.d
C:\!Submit\466544E6.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\46686EE3.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\467F14C9.exe Infected: SpamTool.Win32.Bagle.d
C:\!Submit\46833EC6.exe Infected: SpamTool.Win32.Bagle.d
C:\!Submit\1F992CBC.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\187B7CFB.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\1FA654AE.exe Infected: SpamTool.Win32.Bagle.d
C:\!Submit\2F9B74F8.exe Infected: SpamTool.Win32.Bagle.d
C:\!Submit\5C36312D.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\0BF21158.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\5C43591E.exe Infected: SpamTool.Win32.Bagle.d
C:\!Submit\0C4E17F6.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\5C4354BD.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\0C5B3FE8.exe Infected: SpamTool.Win32.Bagle.d
C:\!Submit\73644CBB.exe Infected: SpamTool.Win32.Bagle.d
C:\!Submit\0607064C.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\06282A28.exe Infected: Email-Worm.Win32.Bagle.fc
C:\!Submit\583165E1 Infected: Email-Worm.Win32.Bagle.fb
C:\!Submit\264F47EA.exe Infected: Email-Worm.Win32.Bagle.fb

Scan process completed.
 

joe trinkley

Thread Starter
Joined
Jul 6, 2005
Messages
43
Logfile of HijackThis v1.99.1
Scan saved at 10:16:41 AM, on 1/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\hphmon04.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\SlipStream Web Accelerator\RCNaccel.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\Don't Touch\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\SlipStream Web Accelerator\PBHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: SlipStream Web Accelerator.lnk = C:\Program Files\SlipStream Web Accelerator\RCNaccel.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\SlipStream Web Accelerator\RCNaccel.exe/250
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\SlipStream Web Accelerator\RCNaccel.exe/227
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137070492218
O17 - HKLM\System\CCS\Services\Tcpip\..\{12FA47FC-1A67-4143-A517-BD60AB5DCD9F}: NameServer = 207.172.3.8 207.172.3.9
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
 

joe trinkley

Thread Starter
Joined
Jul 6, 2005
Messages
43
Kaspersky log attached

Logfile of HijackThis v1.99.1
Scan saved at 10:16:41 AM, on 1/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\hphmon04.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\SlipStream Web Accelerator\RCNaccel.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\Don't Touch\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\SlipStream Web Accelerator\PBHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: SlipStream Web Accelerator.lnk = C:\Program Files\SlipStream Web Accelerator\RCNaccel.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\SlipStream Web Accelerator\RCNaccel.exe/250
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\SlipStream Web Accelerator\RCNaccel.exe/227
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137070492218
O17 - HKLM\System\CCS\Services\Tcpip\..\{12FA47FC-1A67-4143-A517-BD60AB5DCD9F}: NameServer = 207.172.3.8 207.172.3.9
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
 

Attachments

joe trinkley

Thread Starter
Joined
Jul 6, 2005
Messages
43
I assumed a shift change and I wouldn't get an answer until he came back online( then I marked as solved so he wouldn't waste his time later) . Sorry for the confusion, not trying to pester. But yes it's the same problem, it's my grandfather computer and I thought I had him set up to not have anymore problems, I was wrong....I need a replacement for Norton AV I guess.

Thanks and sorry
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
It's okay. It's just easier to keep all replies for the same problem in 1 thread. I'll merge these together.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top