After a few hours on the net I studied my event log and I found this suspect Event log. 04/25/02 5:43 454k.anmys.ca W3SVC1 WWW-2K WWW-2K.mycomputer.com 80 GET /SCRIPTS../../../WINNT.SYSTEM32/CMD.EXE / c+dir+c:\ 200 730 484 2 1+www.mysite.com MOZILLA/4.0+(compadible;+ MSIE+5.0; =win=NT) What Is that and is it dangerous it seems to me that someone probed my C dirve.

Hmmm, It could be Nimda/Code Red... Or just a vulnerability scanner

I might have been able to understand that, but I think I need it formatted to do so. Sorry.

This line suggests to me a download for JavaScript on a web page:
WWW-2K.mycomputer.com 80 GET /SCRIPTS../../../WINNT.SYSTEM32/CMD.EXE
(I believe port 80 is http and the GET /SCRIPTS../../.. .. is the command issued to get the scripts from the site)

Yeah port 80 is for HTTP...and the MOZILLA 4.0+5.0 is the IE version that you are running believe it or not it is a compatible version for what the page was designed for but as far as what the hell for I would have to lean with 1 or AcidSpectrums' ideas and vote for a virus just because the ...W3SVC1 WWW-2K WWW-2K.mycomputer.com looks like a signature that has to be ran and someone was trying to do it with the CMD, here is a question do you have NT based system...that is when I would wonder what was wrong. dir+c:\ 200 730 484 2 1+www.mysite.com MOZILLA/4.0+(compadible;+ MSIE+5.0; =win=NT

The port 80 reference seems to be a negation of suspicion...probably just internet noise....probably just a cookie interaction...where have you been lately?:)

Ouroboros