1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Internet Connection Very Slow

Discussion in 'Malware and Virus Removal Archive' started by DukeDevils9192, 2005/01/10.

Thread Status:
Not open for further replies.
  1. 2005/01/10
    DukeDevils9192

    DukeDevils9192 Inactive Thread Starter

    Joined:
    2004/08/25
    Messages:
    25
    Likes Received:
    0
    I use Firefox 1.0 and I tried some of those tweaks to make the pages load faster, but nothing happened. Things got slower. So, I tried to undo them, but that didn't help. I checked IE and that was running slow too. Then, I was sending a file over AIM and the rates were pretty lousy, especially in comparison to what I'm used to (sending a 4MB file was taking about a minute...tonight, it took about 10), so I'm thinking there's a chance that something is bogging the computer down. I ran Adaware and got nothing. Spybot found a few things, but froze when I tried to remove them. Spysweeper found two things and I got those off. So, here's my HiJack log in hopes that maybe someone will find something:

    Logfile of HijackThis v1.99.0
    Scan saved at 10:32:05 PM, on 1/10/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\DVDRAMSV.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\RegSrvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\1XConfig.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\WINDOWS\System32\00THotkey.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\system32\TFNF5.exe
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\toshiba\ivp\ism\ivpsvmgr.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\BitTornado\btdownloadgui.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Drew\Local Settings\Temp\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://toshibadirect.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
    O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [AOL Instant Messenger] AlM.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\RunServices: [AOL Instant Messenger] AlM.EXE
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
    O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures02.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.7.cab
    O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Swupdtmr - Unknown - c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
    O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
    DukeDevils9192,
    #1
  2. 2005/01/10
    Newt

    Newt Inactive

    Joined:
    2002/01/07
    Messages:
    10,974
    Likes Received:
    2
    Make sure Ad-aware and Spybot are updated then boot to safe mode and run them. They should remove enough stuff from there that you can run them from normal mode so they can find stuff that didn't show up in safe mode.

    After the scans are done, move Hijackthis to a normal folder (it's in a temp folder now and that's no good nor is the desktop) and scan again then post the new log.
     
    Newt,
    #2


  3. to hide this advert.

  4. 2005/01/11
    Lonny Jones

    Lonny Jones Inactive Alumni

    Joined:
    2002/12/16
    Messages:
    2,252
    Likes Received:
    0
    Only after that

    Download and run Aimfix found here
    http://www.jayloden.com/aimfix.htm
    It make' a log and will prompt you to restart if needed, do so, and post its log.
    And another new hjackths log

    I suspect it becouse these two dont look right
    O4 - HKLM\..\Run: [AOL Instant Messenger] AlM.EXE
    O4 - HKLM\..\RunServices: [AOL Instant Messenger] AlM.EXE
     
    Lonny Jones,
    #3
  5. 2005/01/11
    DukeDevils9192

    DukeDevils9192 Inactive Thread Starter

    Joined:
    2004/08/25
    Messages:
    25
    Likes Received:
    0
    Okay, I ran AIMFix and here's the new HiJack log. However, when I ran AIMFix, I didn't get a log. Just a black screen comparable to a DOS prompt. It said it cleaned AIM.exe, but it's still in the HiJack log. Should I delete it?

    Logfile of HijackThis v1.99.0
    Scan saved at 8:40:22 PM, on 1/11/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\DVDRAMSV.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\RegSrvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\1XConfig.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\WINDOWS\System32\00THotkey.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\system32\TFNF5.exe
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\toshiba\ivp\ism\ivpsvmgr.exe
    C:\Program Files\Winamp\winamp.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Drew\My Documents\HijackThis.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://toshibadirect.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
    O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [AOL Instant Messenger] AlM.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\RunServices: [AOL Instant Messenger] AlM.EXE
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
    O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures02.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.7.cab
    O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Swupdtmr - Unknown - c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
    O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
    DukeDevils9192,
    #4
  6. 2005/01/11
    Lonny Jones

    Lonny Jones Inactive Alumni

    Joined:
    2002/12/16
    Messages:
    2,252
    Likes Received:
    0
    Have hjackthis fix just these items,
    O4 - HKLM\..\Run: [AOL Instant Messenger] AlM.EXE
    O4 - HKLM\..\RunServices: [AOL Instant Messenger] AlM.EXE
    O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - =http://69.56.176.78/webplugin.cab
    ===========================
    Now restart yur PC.
    Dont depend on any one antivirus program go get preferably two free onlines

    Trend Micro-Free online Scan: http://housecall.trendmicro.com/
    check all box's except [ ]auto clean !!, scan and if it cannot clean tell it to delete found files !!

    BitDefender AntiVirus Free Scan, check all box's except [ ]auto clean !!,
    then have it delete the file if it cannot clean/repair/cure it,
    turn off any PopupBlockers before accessing the site:
    http://www.bitdefender.com/scan/licence.php

    If there are any problems Copy there report's back here please.



    Are there any problems now ?
     
    Lonny Jones,
    #5
  7. 2005/01/12
    DukeDevils9192

    DukeDevils9192 Inactive Thread Starter

    Joined:
    2004/08/25
    Messages:
    25
    Likes Received:
    0
    I ran both virus scans and the BitDefender came back with a hefty report, but I don't see how to delete the viruses it found. I didn't check autoclean and now there's nothing to delete.
     
    DukeDevils9192,
    #6
  8. 2005/01/13
    markp62

    markp62 Geek Member Alumni

    Joined:
    2002/05/01
    Messages:
    4,012
    Likes Received:
    16
    From Lonny
     
    markp62,
    #7
  9. 2005/01/13
    DukeDevils9192

    DukeDevils9192 Inactive Thread Starter

    Joined:
    2004/08/25
    Messages:
    25
    Likes Received:
    0
    Oh, I apologize. I thought he meant, "If there are any problems, repost a log."

    This will have to be in parts because it's not letting me post otherwise.

    C:\Documents and Settings\Drew\My Documents\Adaware.exe=>wise0023=>arrow1.bmp: password protected
    C:\Documents and Settings\Drew\My Documents\Adaware.exe=>wise0023=>arrow2.bmp: password protected
    C:\Documents and Settings\Drew\My Documents\Adaware.exe=>wise0023=>bck1.bmp: password protected
    C:\Documents and Settings\Drew\My Documents\Adaware.exe=>wise0023=>bck2.bmp: password protected
    C:\Documents and Settings\Drew\My Documents\Adaware.exe=>wise0023=>bt11.bmp: password protected
    C:\Documents and Settings\Drew\My Documents\Adaware.exe=>wise0023=>bt12.bmp: password protected
    C:\Documents and Settings\Drew\My Documents\Adaware.exe=>wise0023=>bt13.bmp: password protected
    C:\Documents and Settings\Drew\My Documents\Adaware.exe=>wise0023=>bt21.bmp: password protected
    C:\Documents and Settings\Drew\My Documents\Adaware.exe=>wise0023=>bt22.bmp: password protected
    C:\Documents and Settings\Drew\My Documents\Adaware.exe=>wise0023=>bt23.bmp: password protected
    C:\Documents and Settings\Drew\My Documents\Adaware.exe=>wise0023=>bt31.bmp: password protected
    C:\Documents and Settings\Drew\My Documents\Adaware.exe=>wise0023=>bt32.bmp: password protected
    C:\Documents and Settings\Drew\My Documents\Adaware.exe=>wise0023=>bt33.bmp: password protected
    C:\Documents and Settings\Drew\My Documents\Adaware.exe=>wise0023=>bt41.bmp: password protected
    C:\Documents and Settings\Drew\My Documents\Adaware.exe=>wise0023=>bt42.bmp: password protected
    C:\Documents and Settings\Drew\My Documents\Adaware.exe=>wise0023=>bt43.bmp: password protected
    C:\Documents and Settings\Drew\My Documents\Adaware.exe=>wise0023=>bt51.bmp: password protected
    C:\Documents and Settings\Drew\My Documents\Adaware.exe=>wise0023=>bt52.bmp: password protected
    C:\Documents and Settings\Drew\My Documents\Adaware.exe=>wise0023=>bt53.bmp: password protected
    C:\Documents and Settings\Drew\My Documents\Adaware.exe=>wise0023=>bt61.bmp: password protected
    C:\Documents and Settings\Drew\My Documents\Adaware.exe=>wise0023=>bt62.bmp: password protected
    C:\Documents and Settings\Drew\My Documents\Adaware.exe=>wise0023=>checkbox1.bmp: password protected
    C:\Documents and Settings\Drew\My Documents\Adaware.exe=>wise0023=>checkbox2.bmp: password protected
    C:\Documents and Settings\Drew\My Documents\Adaware.exe=>wise0023=>checkbox3.bmp: password protected
    C:\Documents and Settings\Drew\My Documents\Adaware.exe=>wise0023=>checkbox4.bmp: password protected
    C:\Documents and Settings\Drew\My Documents\Adaware.exe=>wise0023=>default.skn: password protected
    C:\Documents and Settings\Drew\My Documents\Adaware.exe=>wise0023=>defbtn1.bmp: password protected
    C:\Documents and Settings\Drew\My Documents\Adaware.exe=>wise0023=>defbtn2.bmp: password protected
    C:\Documents and Settings\Drew\My Documents\Adaware.exe=>wise0023=>defbtn3.bmp: password protected
    C:\Documents and Settings\Drew\My Documents\Adaware.exe=>wise0023=>glyph1.bmp: password protected
    C:\Documents and Settings\Drew\My Documents\Adaware.exe=>wise0023=>glyph2.bmp: password protected
    C:\Documents and Settings\Drew\My Documents\Adaware.exe=>wise0023=>glyph3.bmp: password protected
    C:\Documents and Settings\Drew\My Documents\Adaware.exe=>wise0023=>glyph4.bmp: password protected
    C:\Documents and Settings\Drew\My Documents\Adaware.exe=>wise0023=>glyph5.bmp: password protected
    C:\Documents and Settings\Drew\My Documents\Adaware.exe=>wise0023=>glyph6.bmp: password protected
    C:\Documents and Settings\Drew\My Documents\Adaware.exe=>wise0023=>glyph7.bmp: password protected
    C:\Documents and Settings\Drew\My Documents\Adaware.exe=>wise0023=>main.bmp: password protected
    C:\Documents and Settings\Drew\My Documents\Adaware.exe=>wise0023=>preview.bmp: password protected
    C:\Documents and Settings\Drew\My Documents\Adaware.exe=>wise0023=>sprite1.bmp: password protected
    C:\Documents and Settings\Drew\My Documents\Adaware.exe=>wise0023=>tab1.bmp: password protected
    C:\Documents and Settings\Drew\My Documents\Adaware.exe=>wise0023=>tab2.bmp: password protected
    C:\Documents and Settings\Drew\My Documents\BT\Bryan_Adams_RoomService(www.torrent-stuff.dl.am)by_Bitface.rar=>bryan_adams_room_service_b.jpg: password protected
    C:\Documents and Settings\Drew\My Documents\BT\Bryan_Adams_RoomService(www.torrent-stuff.dl.am)by_Bitface.rar=>Bryan Adams - Room Service - 01 - East Side Story.mp3: password protected
    C:\Documents and Settings\Drew\My Documents\BT\Bryan_Adams_RoomService(www.torrent-stuff.dl.am)by_Bitface.rar=>Bryan Adams - Room Service - 02 - This Side Of Paradise.mp3: password protected
    C:\Documents and Settings\Drew\My Documents\BT\Bryan_Adams_RoomService(www.torrent-stuff.dl.am)by_Bitface.rar=>Bryan Adams - Room Service - 03 - Not Romeo Not Juliet.mp3: password protected
    C:\Documents and Settings\Drew\My Documents\BT\Bryan_Adams_RoomService(www.torrent-stuff.dl.am)by_Bitface.rar=>Bryan Adams - Room Service - 04 - Flying.mp3: password protected
    C:\Documents and Settings\Drew\My Documents\BT\Bryan_Adams_RoomService(www.torrent-stuff.dl.am)by_Bitface.rar=>Bryan Adams - Room Service - 05 - She's A Little Too Good Fo.mp3: password protected
    C:\Documents and Settings\Drew\My Documents\BT\Bryan_Adams_RoomService(www.torrent-stuff.dl.am)by_Bitface.rar=>Bryan Adams - Room Service - 06 - Open Road.mp3: password protected
    C:\Documents and Settings\Drew\My Documents\BT\Bryan_Adams_RoomService(www.torrent-stuff.dl.am)by_Bitface.rar=>Bryan Adams - Room Service - 07 - Room Service.mp3: password protected
    C:\Documents and Settings\Drew\My Documents\BT\Bryan_Adams_RoomService(www.torrent-stuff.dl.am)by_Bitface.rar=>Bryan Adams - Room Service - 08- I Was Only Dreamin.mp3: password protected
    C:\Documents and Settings\Drew\My Documents\BT\Bryan_Adams_RoomService(www.torrent-stuff.dl.am)by_Bitface.rar=>Bryan Adams - Room Service - 09 - Right Back Where I Started.mp3: password protected
    C:\Documents and Settings\Drew\My Documents\BT\Bryan_Adams_RoomService(www.torrent-stuff.dl.am)by_Bitface.rar=>Bryan Adams - Room Service - 10 - Nowhere Fast.mp3: password protected
    C:\Documents and Settings\Drew\My Documents\BT\Bryan_Adams_RoomService(www.torrent-stuff.dl.am)by_Bitface.rar=>Bryan Adams - Room Service - 11 - Why Do You Have To Be So H.mp3: password protected
    C:\Documents and Settings\Drew\My Documents\BT\Bryan_Adams_RoomService(www.torrent-stuff.dl.am)by_Bitface.rar=>bryan_adams_room_service_a.jpg: password protected
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 68)=>[Subject: Fwd: hey you][Date: Sun, 26 Mar 2000 13:21:14 EST]=>(MIME part)=>(message)=>[Subject: hey you][Date: Sun, 26 Mar 2000 13:19:28 EST]=>(MIME part)=>mi42.ZIP=>mine.exe: infected with Trojan.Win95.Cool
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 1132)=>[Subject: Fwd: hey you][Date: Tue, 12 Jun 2001 15:35:26 EDT]=>(MIME part)=>(message)=>[Subject: hey you][Date: Mon, 11 Jun 2001 22:56:57 EDT]=>(MIME part)=>mi70.ZIP=>mine.exe: infected with Trojan.Win95.Cool
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 1390)=>[Subject: CAN YOU BELIEVE THIS HEAT??????????][Date: Mon, 3 Sep 2001 14:09:06 EDT]=>(MIME part)=>heat.exe: infected with Joke.Schmilz
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 1514)=>[Subject: It was the technique of three-point.][Date: Mon, 05 Nov 2001 11:53:47 -0500 (EST)]=>(MIME part)=>mountain.pif: infected with Win32.Magistr.B@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 1972)=>[Subject: Returned mail: User unknown][Date: Sat, 15 Jun 2002 11:01:55 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: Re:look,my beautiful girl friend][Date: Sat, 15 Jun 2002 11:01:26 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 1972)=>[Subject: Returned mail: User unknown][Date: Sat, 15 Jun 2002 11:01:55 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: Re:look,my beautiful girl friend][Date: Sat, 15 Jun 2002 11:01:26 -0400]=>(MIME part)=>Kytm.exe: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 1984)=>[Subject: How are you][Date: Sat, 15 Jun 2002 21:18:03 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 1988)=>[Subject: Sos!][Date: Sun, 16 Jun 2002 21:21:54 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 1996)=>[Subject: Hi,look,my beautiful girl friend][Date: Mon, 17 Jun 2002 14:10:55 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2003)=>[Subject: Present,,][Date: Wed, 19 Jun 2002 01:57:48 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2013)=>[Subject: Returned mail: User unknown][Date: Wed, 19 Jun 2002 23:34:19 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: Darling][Date: Wed, 19 Jun 2002 23:31:24 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2023)=>[Subject: Returned mail: User unknown][Date: Thu, 20 Jun 2002 00:35:23 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: Your requests to][Date: Wed, 19 Jun 2002 23:59:23 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2031)=>[Subject: LANGUAGE][Date: Thu, 20 Jun 2002 12:56:18 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2042)=>[Subject: Your requests to][Date: Thu, 20 Jun 2002 22:19:38 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2046)=>[Subject: Returned mail: User unknown][Date: Sat, 22 Jun 2002 14:48:32 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: A IE 6.0 patch][Date: Sat, 22 Jun 2002 14:47:48 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
     
    DukeDevils9192,
    #8
  10. 2005/01/13
    DukeDevils9192

    DukeDevils9192 Inactive Thread Starter

    Joined:
    2004/08/25
    Messages:
    25
    Likes Received:
    0
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2049)=>[Subject: Fw:powerofthefist,japanese lass' sexy ][Date: Sat, 22 Jun 2002 15:06:50 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2055)=>[Subject: Returned mail: User unknown][Date: Sat, 22 Jun 2002 22:38:06 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: Visibility][Date: Sat, 22 Jun 2002 22:37:54 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2057)=>[Subject: Returned mail: User unknown][Date: Sat, 22 Jun 2002 22:45:39 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: SourceBigURL][Date: Sat, 22 Jun 2002 22:45:24 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2075)=>[Subject: Returned mail: see transcript for deta][Date: Mon, 24 Jun 2002 20:52:37 -0700]=>(MIME part)=>(message)=>[Subject: Away! If you do not receive it within ][Date: Mon, 24 Jun 2002 23:52:27 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2083)=>[Subject: Welcome to my hometown][Date: Tue, 25 Jun 2002 14:09:34 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2094)=>[Subject: ][Date: Wed, 26 Jun 2002 11:46:02 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2106)=>[Subject: Returned mail: User unknown][Date: Wed, 26 Jun 2002 15:56:14 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: Enterprises][Date: Wed, 26 Jun 2002 15:45:22 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2111)=>[Subject: Delivery Status Notification (Failure)][Date: Mon, 24 Jun 2002 19:03:04 -0700]=>(MIME part)=>(message)=>[Subject: Privacy Policy][Date: Mon, 24 Jun 2002 21:58:30 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2112)=>[Subject: Delivery Status Notification (Failure)][Date: Tue, 25 Jun 2002 11:21:33 -0700]=>(MIME part)=>(message)=>[Subject: Hello,littlecutie3,meeting notice][Date: Tue, 25 Jun 2002 14:20:43 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2114)=>[Subject: End hide ][Date: Thu, 27 Jun 2002 00:33:00 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2126)=>[Subject: END MAIN CONTENT HERE ][Date: Thu, 27 Jun 2002 19:59:05 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2128)=>[Subject: Returned mail: User unknown][Date: Thu, 27 Jun 2002 20:43:21 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: Galleryimg][Date: Thu, 27 Jun 2002 20:37:33 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2137)=>[Subject: Returned mail: User unknown][Date: Fri, 28 Jun 2002 08:09:35 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: Background][Date: Fri, 28 Jun 2002 08:04:18 -0400 (EDT)]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2138)=>[Subject: Returned mail: User unknown][Date: Fri, 28 Jun 2002 12:59:07 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: Trisha yearwood][Date: Fri, 28 Jun 2002 12:45:10 -0400 (EDT)]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2141)=>[Subject: Returned mail: User unknown][Date: Fri, 28 Jun 2002 15:57:03 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: Re:katie73092,honey][Date: Fri, 28 Jun 2002 15:51:49 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2144)=>[Subject: Returned mail: User unknown][Date: Fri, 28 Jun 2002 16:11:15 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: Sos!][Date: Fri, 28 Jun 2002 16:11:06 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2148)=>[Subject: Returned mail: User unknown][Date: Fri, 28 Jun 2002 16:26:15 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: 1001500013][Date: Fri, 28 Jun 2002 16:19:14 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2155)=>[Subject: Returned mail: User unknown][Date: Fri, 28 Jun 2002 18:08:59 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: Background][Date: Fri, 28 Jun 2002 17:40:59 -0400 (EDT)]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2156)=>[Subject: Returned mail: User unknown][Date: Fri, 28 Jun 2002 19:48:20 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: CHROME NONE ][Date: Fri, 28 Jun 2002 17:58:07 -0400 (EDT)]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2157)=>[Subject: Returned mail: User unknown][Date: Fri, 28 Jun 2002 19:58:20 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: 2004 hosts to be chosen in October ][Date: Fri, 28 Jun 2002 17:44:10 -0400 (EDT)]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2162)=>[Subject: Returned mail: User unknown][Date: Sat, 29 Jun 2002 07:18:20 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: Munich visit Eintracht Frankfurt][Date: Sat, 29 Jun 2002 06:26:34 -0400 (EDT)]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2162)=>[Subject: Returned mail: User unknown][Date: Sat, 29 Jun 2002 07:18:20 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: Munich visit Eintracht Frankfurt][Date: Sat, 29 Jun 2002 06:26:34 -0400 (EDT)]=>(MIME part)=>Utd: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2168)=>[Subject: Returned mail: User unknown][Date: Sun, 30 Jun 2002 15:17:02 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: Statement][Date: Sun, 30 Jun 2002 15:13:09 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2170)=>[Subject: Returned mail: User unknown][Date: Sun, 30 Jun 2002 15:20:27 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: Darling][Date: Sun, 30 Jun 2002 15:19:45 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2177)=>[Subject: A IE 6.0 patch][Date: Sun, 30 Jun 2002 19:54:30 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2182)=>[Subject: Returned mail: User unknown][Date: Tue, 2 Jul 2002 11:58:28 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: Hello,jaralexco,honey][Date: Tue, 02 Jul 2002 11:58:06 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2184)=>[Subject: Returned mail: User unknown][Date: Tue, 2 Jul 2002 11:59:41 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: A powful tool][Date: Tue, 02 Jul 2002 11:58:36 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2185)=>[Subject: Returned mail: User unknown][Date: Tue, 2 Jul 2002 12:00:54 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: Japanese lass' sexy pictures][Date: Tue, 02 Jul 2002 12:00:20 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2199)=>[Subject: Returned mail: Host unknown (Name serv][Date: Thu, 4 Jul 2002 03:00:20 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: 1997 by Microsoft Corporation. All rig][Date: Thu, 4 Jul 2002 02:28:52 -0400 (EDT)]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2208)=>[Subject: Returned mail: User unknown][Date: Fri, 5 Jul 2002 18:29:06 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: 2001. Active.com][Date: Fri, 5 Jul 2002 18:13:03 -0400 (EDT)]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2211)=>[Subject: Returned mail: User unknown][Date: Sat, 6 Jul 2002 10:42:54 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: Release Notes][Date: Sat, 6 Jul 2002 10:28:45 -0400 (EDT)]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2238)=>[Subject: Visual Studio 6.0][Date: Tue, 09 Jul 2002 12:34:57 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2253)=>[Subject: Returned mail: User unknown][Date: Wed, 10 Jul 2002 02:04:24 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: Japanese lass' sexy pictures][Date: Wed, 10 Jul 2002 02:03:07 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2254)=>[Subject: Spice girls' vocal concert][Date: Wed, 10 Jul 2002 02:22:56 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2259)=>[Subject: Returned mail: User unknown][Date: Wed, 10 Jul 2002 04:56:47 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: Overall performance when you visit our][Date: Wed, 10 Jul 2002 02:20:13 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2263)=>[Subject: Garfield (www.garfield.com][Date: Wed, 10 Jul 2002 21:48:54 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
     
    DukeDevils9192,
    #9
  11. 2005/01/13
    DukeDevils9192

    DukeDevils9192 Inactive Thread Starter

    Joined:
    2004/08/25
    Messages:
    25
    Likes Received:
    0
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2450)=>[Subject: Hotstat.com. All rights reserved. Cont][Date: Thu, 25 Jul 2002 11:05:49 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2450)=>[Subject: Hotstat.com. All rights reserved. Cont][Date: Thu, 25 Jul 2002 11:05:49 -0400]=>(MIME part)=>search[3].scr: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2451)=>[Subject: Returned mail: User unknown][Date: Thu, 25 Jul 2002 11:09:17 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: Hotstat.com. All rights reserved. Cont][Date: Thu, 25 Jul 2002 11:08:28 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2451)=>[Subject: Returned mail: User unknown][Date: Thu, 25 Jul 2002 11:09:17 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: Hotstat.com. All rights reserved. Cont][Date: Thu, 25 Jul 2002 11:08:28 -0400]=>(MIME part)=>search[5].exe: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2452)=>[Subject: Returned mail: User unknown][Date: Thu, 25 Jul 2002 11:21:08 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: Else if (browser ][Date: Thu, 25 Jul 2002 11:20:28 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2452)=>[Subject: Returned mail: User unknown][Date: Thu, 25 Jul 2002 11:21:08 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: Else if (browser ][Date: Thu, 25 Jul 2002 11:20:28 -0400]=>(MIME part)=>192.150.14[1].pif: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2453)=>[Subject: Returned mail: User unknown][Date: Thu, 25 Jul 2002 11:24:42 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: Hello,honey][Date: Thu, 25 Jul 2002 11:23:20 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2453)=>[Subject: Returned mail: User unknown][Date: Thu, 25 Jul 2002 11:24:42 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: Hello,honey][Date: Thu, 25 Jul 2002 11:23:20 -0400]=>(MIME part)=>END.pif: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2463)=>[Subject: Delivery Status Notification (Failure)][Date: Thu, 25 Jul 2002 21:30:09 -0700]=>(MIME part)=>(message)=>[Subject: ][Date: Fri, 26 Jul 2002 00:29:03 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2463)=>[Subject: Delivery Status Notification (Failure)][Date: Thu, 25 Jul 2002 21:30:09 -0700]=>(MIME part)=>(message)=>[Subject: ][Date: Fri, 26 Jul 2002 00:29:03 -0400]=>(MIME part)=>startup_result.bat: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2474)=>[Subject: Delivery Status Notification (Failure)][Date: Fri, 26 Jul 2002 11:43:05 -0700]=>(MIME part)=>(message)=>[Subject: Undeliverable mail-- "language"][Date: Fri, 26 Jul 2002 14:40:42 -0400]=>(MIME part)=>border.scr: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2476)=>[Subject: A new website][Date: Fri, 26 Jul 2002 15:16:29 -0400]=>(MIME part)=>gifts: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2478)=>[Subject: Returned mail: User unknown][Date: Fri, 26 Jul 2002 15:22:19 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: A nice game][Date: Fri, 26 Jul 2002 15:21:42 -0400]=>(MIME part)=>rock.exe: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2486)=>[Subject: Returned mail: User unknown][Date: Fri, 26 Jul 2002 23:59:05 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: A IE 6.0 patch][Date: Fri, 26 Jul 2002 23:58:31 -0400]=>(MIME part)=>offerb[1].scr: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2487)=>[Subject: Returned mail: User unknown][Date: Sat, 27 Jul 2002 00:00:25 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: A special humour game][Date: Fri, 26 Jul 2002 23:59:44 -0400]=>(MIME part)=>install.exe: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2489)=>[Subject: Returned mail: User unknown][Date: Sat, 27 Jul 2002 00:04:17 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: Visibility][Date: Sat, 27 Jul 2002 00:03:37 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2489)=>[Subject: Returned mail: User unknown][Date: Sat, 27 Jul 2002 00:04:17 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: Visibility][Date: Sat, 27 Jul 2002 00:03:37 -0400]=>(MIME part)=>N.exe: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2493)=>[Subject: Returned mail: User unknown][Date: Sat, 27 Jul 2002 00:22:16 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: ][Date: Sat, 27 Jul 2002 00:21:11 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2493)=>[Subject: Returned mail: User unknown][Date: Sat, 27 Jul 2002 00:22:16 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: ][Date: Sat, 27 Jul 2002 00:21:11 -0400]=>(MIME part)=>Hoqty.bat: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2511)=>[Subject: Delivery Status Notification (Failure)][Date: Sat, 27 Jul 2002 23:03:11 -0700]=>(MIME part)=>(message)=>[Subject: Returned mail-- "My computer stops resp][Date: Sun, 28 Jul 2002 02:03:21 -0400]=>(MIME part)=>NAME.pif: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2518)=>[Subject: Returned mail: User unknown][Date: Sun, 28 Jul 2002 11:22:52 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: Codebase][Date: Sun, 28 Jul 2002 11:21:42 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2518)=>[Subject: Returned mail: User unknown][Date: Sun, 28 Jul 2002 11:22:52 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: Codebase][Date: Sun, 28 Jul 2002 11:21:42 -0400]=>(MIME part)=>WIDTH.pif: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2524)=>[Subject: Returned mail: User unknown][Date: Sun, 28 Jul 2002 11:42:20 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: Hi,ritzy254,some questions][Date: Sun, 28 Jul 2002 11:42:07 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2524)=>[Subject: Returned mail: User unknown][Date: Sun, 28 Jul 2002 11:42:20 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: Hi,ritzy254,some questions][Date: Sun, 28 Jul 2002 11:42:07 -0400]=>(MIME part)=>on: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2526)=>[Subject: Returned mail: User unknown][Date: Sun, 28 Jul 2002 11:48:00 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: A very good tool][Date: Sun, 28 Jul 2002 11:46:58 -0400]=>(MIME part)=>a: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2540)=>[Subject: Returned mail: Host unknown (Name serv][Date: Sun, 28 Jul 2002 14:09:19 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: Bomb blasts ][Date: Sun, 28 Jul 2002 14:06:24 -0400 (EDT)]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2540)=>[Subject: Returned mail: Host unknown (Name serv][Date: Sun, 28 Jul 2002 14:09:19 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: Bomb blasts ][Date: Sun, 28 Jul 2002 14:06:24 -0400 (EDT)]=>(MIME part)=>Utd: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2542)=>[Subject: Returned mail: User unknown][Date: Sun, 28 Jul 2002 14:15:48 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: A special funny game][Date: Sun, 28 Jul 2002 14:13:46 -0400 (EDT)]=>(MIME part)=>snoopy.exe: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2546)=>[Subject: You can find the fat cat on the Web at][Date: Mon, 29 Jul 2002 15:59:44 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2546)=>[Subject: You can find the fat cat on the Web at][Date: Mon, 29 Jul 2002 15:59:44 -0400]=>(MIME part)=>You: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2559)=>[Subject: Returned mail: Service unavailable][Date: Tue, 30 Jul 2002 13:29:21 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: To Z Subject List][Date: Tue, 30 Jul 2002 13:25:11 -0400 (EDT)]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2559)=>[Subject: Returned mail: Service unavailable][Date: Tue, 30 Jul 2002 13:29:21 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: To Z Subject List][Date: Tue, 30 Jul 2002 13:25:11 -0400 (EDT)]=>(MIME part)=>news.pif: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2560)=>[Subject: Returned mail: User unknown][Date: Tue, 30 Jul 2002 14:40:05 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: A very humour game][Date: Tue, 30 Jul 2002 14:36:06 -0400 (EDT)]=>(MIME part)=>setup.exe: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2561)=>[Subject: Returned mail: see transcript for deta][Date: Tue, 30 Jul 2002 15:45:43 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: Ismap border][Date: Tue, 30 Jul 2002 15:38:41 -0400 (EDT)]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2561)=>[Subject: Returned mail: see transcript for deta][Date: Tue, 30 Jul 2002 15:45:43 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: Ismap border][Date: Tue, 30 Jul 2002 15:38:41 -0400 (EDT)]=>(MIME part)=>target.bat: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2562)=>[Subject: Fw:powerofthefist,meeting notice][Date: Tue, 30 Jul 2002 18:02:31 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2562)=>[Subject: Fw:powerofthefist,meeting notice][Date: Tue, 30 Jul 2002 18:02:31 -0400]=>(MIME part)=>HGH: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2567)=>[Subject: Returned mail: User unknown][Date: Tue, 30 Jul 2002 19:17:26 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: A very funny website][Date: Tue, 30 Jul 2002 19:17:12 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2567)=>[Subject: Returned mail: User unknown][Date: Tue, 30 Jul 2002 19:17:26 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: A very funny website][Date: Tue, 30 Jul 2002 19:17:12 -0400]=>(MIME part)=>push[6].exe: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2577)=>[Subject: Delivery Status Notification (Failure)][Date: Wed, 31 Jul 2002 06:28:42 -0700]=>(MIME part)=>(message)=>[Subject: From Brian Oliver and John Granville.][Date: Wed, 31 Jul 2002 09:22:27 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2577)=>[Subject: Delivery Status Notification (Failure)][Date: Wed, 31 Jul 2002 06:28:42 -0700]=>(MIME part)=>(message)=>[Subject: From Brian Oliver and John Granville.][Date: Wed, 31 Jul 2002 09:22:27 -0400]=>(MIME part)=>All.pif: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2578)=>[Subject: Returned mail: User unknown][Date: Wed, 31 Jul 2002 09:41:14 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: OLD SEARCH ENGINE ON HOLD FOR NOW ][Date: Wed, 31 Jul 2002 09:40:39 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2578)=>[Subject: Returned mail: User unknown][Date: Wed, 31 Jul 2002 09:41:14 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: OLD SEARCH ENGINE ON HOLD FOR NOW ][Date: Wed, 31 Jul 2002 09:40:39 -0400]=>(MIME part)=>topbar[1].pif: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2582)=>[Subject: A humour game][Date: Wed, 31 Jul 2002 15:05:54 -0400]=>(MIME part)=>snoopy.exe: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2587)=>[Subject: W32.Elkern removal tools][Date: Wed, 31 Jul 2002 21:53:03 -0400]=>(MIME part)=>setup.exe: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2592)=>[Subject: Tongue()][Date: Thu, 01 Aug 2002 17:12:54 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2592)=>[Subject: Tongue()][Date: Thu, 01 Aug 2002 17:12:54 -0400]=>(MIME part)=>align.pif: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2593)=>[Subject: Returned mail: User unknown][Date: Thu, 1 Aug 2002 17:14:48 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: ][Date: Thu, 01 Aug 2002 17:13:52 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2593)=>[Subject: Returned mail: User unknown][Date: Thu, 1 Aug 2002 17:14:48 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: ][Date: Thu, 01 Aug 2002 17:13:52 -0400]=>(MIME part)=>doc.exe: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2594)=>[Subject: Returned mail: User unknown][Date: Thu, 1 Aug 2002 17:23:04 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: A special new website][Date: Thu, 01 Aug 2002 17:22:00 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2594)=>[Subject: Returned mail: User unknown][Date: Thu, 1 Aug 2002 17:23:04 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: A special new website][Date: Thu, 01 Aug 2002 17:22:00 -0400]=>(MIME part)=>on: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2608)=>[Subject: Returned mail: User unknown][Date: Sat, 3 Aug 2002 00:05:41 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: ActualVersion ][Date: Sat, 03 Aug 2002 00:05:59 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2608)=>[Subject: Returned mail: User unknown][Date: Sat, 3 Aug 2002 00:05:41 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: ActualVersion ][Date: Sat, 03 Aug 2002 00:05:59 -0400]=>(MIME part)=>HTTP.exe: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2611)=>[Subject: Undeliverable mail-- "your requests to"][Date: Sat, 03 Aug 2002 00:23:37 -0400]=>(MIME part)=>CONTACTS.scr: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2612)=>[Subject: Returned mail: User unknown][Date: Sat, 3 Aug 2002 00:26:39 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: 992017434][Date: Sat, 03 Aug 2002 00:26:04 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2612)=>[Subject: Returned mail: User unknown][Date: Sat, 3 Aug 2002 00:26:39 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: 992017434][Date: Sat, 03 Aug 2002 00:26:04 -0400]=>(MIME part)=>OffersData[1].exe: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2624)=>[Subject: Re:powerofthefist,japanese lass' sexy ][Date: Sat, 03 Aug 2002 13:51:33 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2624)=>[Subject: Re:powerofthefist,japanese lass' sexy ][Date: Sat, 03 Aug 2002 13:51:33 -0400]=>(MIME part)=>height.bat: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2626)=>[Subject: Visibility][Date: Sat, 03 Aug 2002 18:39:42 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2626)=>[Subject: Visibility][Date: Sat, 03 Aug 2002 18:39:42 -0400]=>(MIME part)=>BORDER.bat: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2627)=>[Subject: Returned mail: User unknown][Date: Sun, 4 Aug 2002 00:24:43 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: ][Date: Sun, 04 Aug 2002 00:24:16 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2627)=>[Subject: Returned mail: User unknown][Date: Sun, 4 Aug 2002 00:24:43 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: ][Date: Sun, 04 Aug 2002 00:24:16 -0400]=>(MIME part)=>Here.bat: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2628)=>[Subject: Returned mail: User unknown][Date: Sun, 4 Aug 2002 00:31:30 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: The Garden of Eden][Date: Sun, 04 Aug 2002 00:30:53 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2628)=>[Subject: Returned mail: User unknown][Date: Sun, 4 Aug 2002 00:31:30 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: The Garden of Eden][Date: Sun, 04 Aug 2002 00:30:53 -0400]=>(MIME part)=>name.exe: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2632)=>[Subject: Honey][Date: Sun, 04 Aug 2002 13:23:11 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2632)=>[Subject: Honey][Date: Sun, 04 Aug 2002 13:23:11 -0400]=>(MIME part)=>Zkmp.scr: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2636)=>[Subject: Returned mail: User unknown][Date: Mon, 5 Aug 2002 00:24:33 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: A WinXP patch][Date: Mon, 05 Aug 2002 00:21:04 -0400]=>(MIME part)=>offerb[1].exe: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2637)=>[Subject: Returned mail: User unknown][Date: Mon, 5 Aug 2002 00:30:30 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: Technologies][Date: Mon, 05 Aug 2002 00:30:16 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2637)=>[Subject: Returned mail: User unknown][Date: Mon, 5 Aug 2002 00:30:30 -0400 (EDT)]=>(MIME part)=>(message)=>[Subject: Technologies][Date: Mon, 05 Aug 2002 00:30:16 -0400]=>(MIME part)=>ID: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2641)=>[Subject: OnMouseOver][Date: Sun, 4 Aug 2002 23:42:29 -0500]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2641)=>[Subject: OnMouseOver][Date: Sun, 4 Aug 2002 23:42:29 -0500]=>(MIME part)=>border.bat: infected with Win32.Klez.H@mm
    C:\Documents and Settings\Drew\My Documents\Inbox=>(message 2646)=>[Subject: Honey][Date: Mon, 05 Aug 2002 13:39:49 -0400]=>(MIME part)=>(message body): suspect Exploit.Iframe.Vulnerability
     
    DukeDevils9192,
    #10
  12. 2005/01/13
    DukeDevils9192

    DukeDevils9192 Inactive Thread Starter

    Joined:
    2004/08/25
    Messages:
    25
    Likes Received:
    0
    Okay, I'm going to stop there because it's a mess to read and post. Suffice to say, the Klez and Exploit.Iframe are the only two things that come up (just various times).

    Sorry for bogging down this thread with those enormous posts.
     
    DukeDevils9192,
    #11
  13. 2005/01/13
    Lonny Jones

    Lonny Jones Inactive Alumni

    Joined:
    2002/12/16
    Messages:
    2,252
    Likes Received:
    0
    Thats fine. I assume you know to delete all old emails.
     
    Lonny Jones,
    #12
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...