Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus/spyware Error Message Keeps Popping Up


  • Please log in to reply
3 replies to this topic

#1 gelson

gelson

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 14 March 2008 - 01:50 PM

Iíve acquired the Braviax.exe virus on my PC by visiting a website. It automatically turned off my computer. I use Windows XP Home Edition Version 2002 SP2.

This is the message that keeps popping up:

Red X & message:
Your computer is infected!
Windows had detected spyware infection!

It is recommended to use special antispyware tools to prevent data loss.
Windows will now download and install the most up-to-date antispyware for you.
Click here to protect your computer from spyware!

Please give me some step-by-step instructions to help me remove this spyware/virus.

Thanks much.

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:24 PM

Posted 14 March 2008 - 04:40 PM

Please follow the instructions here:
http://www.bleepingcomputer.com/forums/t/17258/how-to-remove-the-smitfraud-generic-zlob-quicknavigate-virtual-maid/

Please do an online scan with Kaspersky WebScanner.
  • Hold down your "Shift" key and click on this link: Kaspersky WebScanner, to open the Kaspersky WebScanner in a new window.
  • Click on "Kaspersky Online Scanner".
    • You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files.
  • Once the files have been downloaded click on "NEXT".
  • Now click on "Scan Settings".
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  • Click OK.
  • Under select a target to scan, select "My Computer".
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Upon completion, click on the "Save as Text" button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 gelson

gelson
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 14 March 2008 - 07:43 PM

Billy3,

Thanx for the instructions. The instructions found at this link (http://www.bleepingcomputer.com/forums/topic17258.html) did not work, or the virus/spyware is still on my computer with the same popup message.

What's next? Ran the Kaspersky scan. Below are the results:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, March 14, 2008 5:04:04 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/03/2008
Kaspersky Anti-Virus database records: 630343
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 99817
Number of viruses found: 7
Number of infected objects: 55
Number of suspicious objects: 0
Duration of the scan process: 01:36:48

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Documents\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\MUSIC.ASX Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\MUSIC.BMP Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\MUSIC.WMA Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg Object is locked skipped
C:\Documents and Settings\Geraldlene Nelson\Application Data\Mozilla\Firefox\Profiles\4yxj02hz.default\cert8.db Object is locked skipped
C:\Documents and Settings\Geraldlene Nelson\Application Data\Mozilla\Firefox\Profiles\4yxj02hz.default\flashgot.log Object is locked skipped
C:\Documents and Settings\Geraldlene Nelson\Application Data\Mozilla\Firefox\Profiles\4yxj02hz.default\history.dat Object is locked skipped
C:\Documents and Settings\Geraldlene Nelson\Application Data\Mozilla\Firefox\Profiles\4yxj02hz.default\key3.db Object is locked skipped
C:\Documents and Settings\Geraldlene Nelson\Application Data\Mozilla\Firefox\Profiles\4yxj02hz.default\parent.lock Object is locked skipped
C:\Documents and Settings\Geraldlene Nelson\Application Data\Mozilla\Firefox\Profiles\4yxj02hz.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Geraldlene Nelson\Application Data\Thunderbird\Profiles\7tc7e0ua.default\Mail\Local Folders\Inbox/[From EarthLink <benefits@earthlink.net>][Date Tue, 5 Jul 2005 17:50:16 -0400 (EDT)]/UNNAMED/[From "Louisa Macdonald" <AllenNALXKRANUGICXW@cox-internet.com>][Date Thu, 02 Jun 2005 08:46:52 -0500]/UNNAMED/[From "Esmeralda Kessler" <RubioMRRSR@cox.net>][Date Fri, 03 Jun 2005 00:02:41 -0500]/UNNAMED/[From "Gregg Chappell" <BoothNEQSFXRXBZ@microsoft.com>][Date Fri, 03 Jun 2005 21:15:10 ... . . ... ... / ... /[From "PayPal" <billing@paypal.com>][Date Thu, 23 Jun 2005 06:41:47 +010 ... /html Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\Geraldlene Nelson\Application Data\Thunderbird\Profiles\7tc7e0ua.default\Mail\Local Folders\Inbox/[From EarthLink <benefits@earthlink.net>][Date Tue, 5 Jul 2005 17:50:16 -0400 (EDT)]/UNNAMED/[From "Louisa Macdonald" <AllenNALXKRANUGICXW@cox-internet.com>][Date Thu, 02 Jun 2005 08:46:52 -0500]/UNNAMED/[From "Esmeralda Kessler" <RubioMRRSR@cox.net>][Date Fri, 03 Jun 2005 00:02:41 -0500]/UNNAMED/[From "Gregg Chappell" <BoothNEQSFXRXBZ@microsoft.com>][Date Fri, 03 Jun 2005 21:15:10 ... . . ... ... / ... /[From "PayPal" <billing@paypal.com>][Date Thu, 23 Jun 2005 06:41:47 +0100]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\Geraldlene Nelson\Application Data\Thunderbird\Profiles\7tc7e0ua.default\Mail\Local Folders\Inbox/[From EarthLink <benefits@earthlink.net>][Date Tue, 5 Jul 2005 17:50:16 -0400 (EDT)]/UNNAMED/[From "Louisa Macdonald" <AllenNALXKRANUGICXW@cox-internet.com>][Date Thu, 02 Jun 2005 08:46:52 -0500]/UNNAMED/[From "Esmeralda Kessler" <RubioMRRSR@cox.net>][Date Fri, 03 Jun 2005 00:02:41 -0500]/UNNAMED/[From "Gregg Chappell" <BoothNEQSFXRXBZ@microsoft.com>][Date Fri, 03 Jun 2005 21:15:10 ... . . ... ... /[From "Pierre Duffy" <zdaawggpg@yahoo.ca>][Date Wed, 22 Jun 2005 06:35:53 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\Geraldlene Nelson\Application Data\Thunderbird\Profiles\7tc7e0ua.default\Mail\Local Folders\Inbox/[From EarthLink <benefits@earthlink.net>][Date Tue, 5 Jul 2005 17:50:16 -0400 (EDT)]/UNNAMED/[From "Louisa Macdonald" <AllenNALXKRANUGICXW@cox-internet.com>][Date Thu, 02 Jun 2005 08:46:52 -0500]/UNNAMED/[From "Esmeralda Kessler" <RubioMRRSR@cox.net>][Date Fri, 03 Jun 2005 00:02:41 -0500]/UNNAMED/[From "Gregg Chappell" <BoothNEQSFXRXBZ@microsoft.com>][Date Fri, 03 Jun 2005 21:15:10 ... . . ... /[From "Helena Cartwright" <dabcdcryd@cox.net>][Date Tue, 21 Jun 2005 13:20:03 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\Geraldlene Nelson\Application Data\Thunderbird\Profiles\7tc7e0ua.default\Mail\Local Folders\Inbox/[From EarthLink <benefits@earthlink.net>][Date Tue, 5 Jul 2005 17:50:16 -0400 (EDT)]/UNNAMED/[From "Louisa Macdonald" <AllenNALXKRANUGICXW@cox-internet.com>][Date Thu, 02 Jun 2005 08:46:52 -0500]/UNNAMED/[From "Esmeralda Kessler" <RubioMRRSR@cox.net>][Date Fri, 03 Jun 2005 00:02:41 -0500]/UNNAMED/[From "Gregg Chappell" <BoothNEQSFXRXBZ@microsoft.com>][Date Fri, 03 Jun 2005 21:15:10 ... . . ... /[From "Luella Sexton" <zyizpaufrz@alltel.net>][Date Tue, 21 Jun 2005 04:44:06 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\Geraldlene Nelson\Application Data\Thunderbird\Profiles\7tc7e0ua.default\Mail\Local Folders\Inbox/[From EarthLink <benefits@earthlink.net>][Date Tue, 5 Jul 2005 17:50:16 -0400 (EDT)]/UNNAMED/[From "Louisa Macdonald" <AllenNALXKRANUGICXW@cox-internet.com>][Date Thu, 02 Jun 2005 08:46:52 -0500]/UNNAMED/[From "Esmeralda Kessler" <RubioMRRSR@cox.net>][Date Fri, 03 Jun 2005 00:02:41 -0500]/UNNAMED/[From "Gregg Chappell" <BoothNEQSFXRXBZ@microsoft.com>][Date Fri, 03 Jun 2005 21:15:10 ... . . ... /[From "Gerald Moran" <vwqwfnbbx@microsoft.com>][Date Mon, 20 Jun 2005 01:55:38 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\Geraldlene Nelson\Application Data\Thunderbird\Profiles\7tc7e0ua.default\Mail\Local Folders\Inbox/[From EarthLink <benefits@earthlink.net>][Date Tue, 5 Jul 2005 17:50:16 -0400 (EDT)]/UNNAMED/[From "Louisa Macdonald" <AllenNALXKRANUGICXW@cox-internet.com>][Date Thu, 02 Jun 2005 08:46:52 -0500]/UNNAMED/[From "Esmeralda Kessler" <RubioMRRSR@cox.net>][Date Fri, 03 Jun 2005 00:02:41 -0500]/UNNAMED/[From "Gregg Chappell" <BoothNEQSFXRXBZ@microsoft.com>][Date Fri, 03 Jun 2005 21:15:10 ... . . ... . ... /[From "Kerri Vela" <csofabfqrpc@3web.net>][Date Sun, 19 Jun 2005 21:59:08 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\Geraldlene Nelson\Application Data\Thunderbird\Profiles\7tc7e0ua.default\Mail\Local Folders\Inbox/[From EarthLink <benefits@earthlink.net>][Date Tue, 5 Jul 2005 17:50:16 -0400 (EDT)]/UNNAMED/[From "Louisa Macdonald" <AllenNALXKRANUGICXW@cox-internet.com>][Date Thu, 02 Jun 2005 08:46:52 -0500]/UNNAMED/[From "Esmeralda Kessler" <RubioMRRSR@cox.net>][Date Fri, 03 Jun 2005 00:02:41 -0500]/UNNAMED/[From "Gregg Chappell" <BoothNEQSFXRXBZ@microsoft.com>][Date Fri, 03 Jun 2005 21:15:10 ... . . ... ... /[From "Lucio Lester" <nmwkxb@microsoft.com>][Date Sun, 19 Jun 2005 15:05:29 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\Geraldlene Nelson\Application Data\Thunderbird\Profiles\7tc7e0ua.default\Mail\Local Folders\Inbox/[From EarthLink <benefits@earthlink.net>][Date Tue, 5 Jul 2005 17:50:16 -0400 (EDT)]/UNNAMED/[From "Louisa Macdonald" <AllenNALXKRANUGICXW@cox-internet.com>][Date Thu, 02 Jun 2005 08:46:52 -0500]/UNNAMED/[From "Esmeralda Kessler" <RubioMRRSR@cox.net>][Date Fri, 03 Jun 2005 00:02:41 -0500]/UNNAMED/[From "Gregg Chappell" <BoothNEQSFXRXBZ@microsoft.com>][Date Fri, 03 Jun 2005 21:15:10 ... . . ... /[From "Kayla Espinosa" <rtlvvnza@optonline.net>][Date Sun, 19 Jun 2005 04:35:33 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\Geraldlene Nelson\Application Data\Thunderbird\Profiles\7tc7e0ua.default\Mail\Local Folders\Inbox/[From EarthLink <benefits@earthlink.net>][Date Tue, 5 Jul 2005 17:50:16 -0400 (EDT)]/UNNAMED/[From "Louisa Macdonald" <AllenNALXKRANUGICXW@cox-internet.com>][Date Thu, 02 Jun 2005 08:46:52 -0500]/UNNAMED/[From "Esmeralda Kessler" <RubioMRRSR@cox.net>][Date Fri, 03 Jun 2005 00:02:41 -0500]/UNNAMED/[From "Gregg Chappell" <BoothNEQSFXRXBZ@microsoft.com>][Date Fri, 03 Jun 2005 21:15:10 ... . ... / ... /[From "Kent Richter" <byimviyqrxpi@att.net>][Date Fri, 17 Jun 2005 09:52:45 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\Geraldlene Nelson\Application Data\Thunderbird\Profiles\7tc7e0ua.default\Mail\Local Folders\Inbox/[From EarthLink <benefits@earthlink.net>][Date Tue, 5 Jul 2005 17:50:16 -0400 (EDT)]/UNNAMED/[From "Louisa Macdonald" <AllenNALXKRANUGICXW@cox-internet.com>][Date Thu, 02 Jun 2005 08:46:52 -0500]/UNNAMED/[From "Esmeralda Kessler" <RubioMRRSR@cox.net>][Date Fri, 03 Jun 2005 00:02:41 -0500]/UNNAMED/[From "Gregg Chappell" <BoothNEQSFXRXBZ@microsoft.com>][Date Fri, 03 Jun 2005 21:15:10 ... . ... /[ ... /[From "Mark Cantrell" <plmjfqbgb@yahoo.ca>][Date Fri, 17 Jun 2005 05:14:44 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\Geraldlene Nelson\Application Data\Thunderbird\Profiles\7tc7e0ua.default\Mail\Local Folders\Inbox/[From EarthLink <benefits@earthlink.net>][Date Tue, 5 Jul 2005 17:50:16 -0400 (EDT)]/UNNAMED/[From "Louisa Macdonald" <AllenNALXKRANUGICXW@cox-internet.com>][Date Thu, 02 Jun 2005 08:46:52 -0500]/UNNAMED/[From "Esmeralda Kessler" <RubioMRRSR@cox.net>][Date Fri, 03 Jun 2005 00:02:41 -0500]/UNNAMED/[From "Gregg Chappell" <BoothNEQSFXRXBZ@microsoft.com>][Date Fri, 03 Jun 2005 21:15:10 ... . ... /[From ... /[From "Debora Gibson" <zmjhej@cox.net>][Date Fri, 17 Jun 2005 00:43:03 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\Geraldlene Nelson\Application Data\Thunderbird\Profiles\7tc7e0ua.default\Mail\Local Folders\Inbox/[From EarthLink <benefits@earthlink.net>][Date Tue, 5 Jul 2005 17:50:16 -0400 (EDT)]/UNNAMED/[From "Louisa Macdonald" <AllenNALXKRANUGICXW@cox-internet.com>][Date Thu, 02 Jun 2005 08:46:52 -0500]/UNNAMED/[From "Esmeralda Kessler" <RubioMRRSR@cox.net>][Date Fri, 03 Jun 2005 00:02:41 -0500]/UNNAMED/[From "Gregg Chappell" <BoothNEQSFXRXBZ@microsoft.com>][Date Fri, 03 Jun 2005 21:15:10 ... . ... /[From "Terence Weiss" <mhzhqunuhx@rediffmail.com>][Date Thu, 16 Jun 2005 09:59:52 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\Geraldlene Nelson\Application Data\Thunderbird\Profiles\7tc7e0ua.default\Mail\Local Folders\Inbox/[From EarthLink <benefits@earthlink.net>][Date Tue, 5 Jul 2005 17:50:16 -0400 (EDT)]/UNNAMED/[From "Louisa Macdonald" <AllenNALXKRANUGICXW@cox-internet.com>][Date Thu, 02 Jun 2005 08:46:52 -0500]/UNNAMED/[From "Esmeralda Kessler" <RubioMRRSR@cox.net>][Date Fri, 03 Jun 2005 00:02:41 -0500]/UNNAMED/[From "Gregg Chappell" <BoothNEQSFXRXBZ@microsoft.com>][Date Fri, 03 Jun 2005 21:15:10 ... ... /[F ... /[From "Russel Orr" <apzpxhog@microsoft.com>][Date Wed, 15 Jun 2005 02:58:23 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\Geraldlene Nelson\Application Data\Thunderbird\Profiles\7tc7e0ua.default\Mail\Local Folders\Inbox/[From EarthLink <benefits@earthlink.net>][Date Tue, 5 Jul 2005 17:50:16 -0400 (EDT)]/UNNAMED/[From "Louisa Macdonald" <AllenNALXKRANUGICXW@cox-internet.com>][Date Thu, 02 Jun 2005 08:46:52 -0500]/UNNAMED/[From "Esmeralda Kessler" <RubioMRRSR@cox.net>][Date Fri, 03 Jun 2005 00:02:41 -0500]/UNNAMED/[From "Gregg Chappell" <BoothNEQSFXRXBZ@microsoft.com>][Date Fri, 03 Jun 2005 21:15:10 ... ... /[From "Heather Forrest" <Floydkkgxfqmofxsx@cox.net>][Date Tue, 14 Jun 2005 02:46:47 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\Geraldlene Nelson\Application Data\Thunderbird\Profiles\7tc7e0ua.default\Mail\Local Folders\Inbox/[From EarthLink <benefits@earthlink.net>][Date Tue, 5 Jul 2005 17:50:16 -0400 (EDT)]/UNNAMED/[From "Louisa Macdonald" <AllenNALXKRANUGICXW@cox-internet.com>][Date Thu, 02 Jun 2005 08:46:52 -0500]/UNNAMED/[From "Esmeralda Kessler" <RubioMRRSR@cox.net>][Date Fri, 03 Jun 2005 00:02:41 -0500]/UNNAMED/[From "Gregg Chappell" <BoothNEQSFXRXBZ@microsoft.com>][Date Fri, 03 Jun 2005 21:15:10 ... ... /[From "Stacy Henley" <Monroeyouttplozhjkz@yahoo.ca>][Date Sun, 12 Jun 2005 22:52:23 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\Geraldlene Nelson\Application Data\Thunderbird\Profiles\7tc7e0ua.default\Mail\Local Folders\Inbox/[From EarthLink <benefits@earthlink.net>][Date Tue, 5 Jul 2005 17:50:16 -0400 (EDT)]/UNNAMED/[From "Louisa Macdonald" <AllenNALXKRANUGICXW@cox-internet.com>][Date Thu, 02 Jun 2005 08:46:52 -0500]/UNNAMED/[From "Esmeralda Kessler" <RubioMRRSR@cox.net>][Date Fri, 03 Jun 2005 00:02:41 -0500]/UNNAMED/[From "Gregg Chappell" <BoothNEQSFXRXBZ@microsoft.com>][Date Fri, 03 Jun 2005 21:15:10 ... . ... /[From "Thomas Rock" <RodgersGNVLDEMOVSFM@beer.com>][Date Sun, 12 Jun 2005 21:55:38 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\Geraldlene Nelson\Application Data\Thunderbird\Profiles\7tc7e0ua.default\Mail\Local Folders\Inbox/[From EarthLink <benefits@earthlink.net>][Date Tue, 5 Jul 2005 17:50:16 -0400 (EDT)]/UNNAMED/[From "Louisa Macdonald" <AllenNALXKRANUGICXW@cox-internet.com>][Date Thu, 02 Jun 2005 08:46:52 -0500]/UNNAMED/[From "Esmeralda Kessler" <RubioMRRSR@cox.net>][Date Fri, 03 Jun 2005 00:02:41 -0500]/UNNAMED/[From "Gregg Chappell" <BoothNEQSFXRXBZ@microsoft.com>][Date Fri, 03 Jun 2005 21:15:10 ... ... /[Fr ... /[From "Guy Wilkerson" <Donnafmmuo@3web.com>][Date Fri, 10 Jun 2005 21:29:36 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\Geraldlene Nelson\Application Data\Thunderbird\Profiles\7tc7e0ua.default\Mail\Local Folders\Inbox/[From EarthLink <benefits@earthlink.net>][Date Tue, 5 Jul 2005 17:50:16 -0400 (EDT)]/UNNAMED/[From "Louisa Macdonald" <AllenNALXKRANUGICXW@cox-internet.com>][Date Thu, 02 Jun 2005 08:46:52 -0500]/UNNAMED/[From "Esmeralda Kessler" <RubioMRRSR@cox.net>][Date Fri, 03 Jun 2005 00:02:41 -0500]/UNNAMED/[From "Gregg Chappell" <BoothNEQSFXRXBZ@microsoft.com>][Date Fri, 03 Jun 2005 21:15:10 ... ... /[From "Stanley Esposito" <RussoTGMSIEYNNZE@dido.com>][Date Fri, 10 Jun 2005 07:46:01 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\Geraldlene Nelson\Application Data\Thunderbird\Profiles\7tc7e0ua.default\Mail\Local Folders\Inbox/[From EarthLink <benefits@earthlink.net>][Date Tue, 5 Jul 2005 17:50:16 -0400 (EDT)]/UNNAMED/[From "Louisa Macdonald" <AllenNALXKRANUGICXW@cox-internet.com>][Date Thu, 02 Jun 2005 08:46:52 -0500]/UNNAMED/[From "Esmeralda Kessler" <RubioMRRSR@cox.net>][Date Fri, 03 Jun 2005 00:02:41 -0500]/UNNAMED/[From "Gregg Chappell" <BoothNEQSFXRXBZ@microsoft.com>][Date Fri, 03 Jun 2005 21:15:10 ... ... ... /[From "Lacy Nava" <McqueenXTTJBR@nauticom.net>][Date Fri, 10 Jun 2005 02:50:49 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\Geraldlene Nelson\Application Data\Thunderbird\Profiles\7tc7e0ua.default\Mail\Local Folders\Inbox/[From EarthLink <benefits@earthlink.net>][Date Tue, 5 Jul 2005 17:50:16 -0400 (EDT)]/UNNAMED/[From "Louisa Macdonald" <AllenNALXKRANUGICXW@cox-internet.com>][Date Thu, 02 Jun 2005 08:46:52 -0500]/UNNAMED/[From "Esmeralda Kessler" <RubioMRRSR@cox.net>][Date Fri, 03 Jun 2005 00:02:41 -0500]/UNNAMED/[From "Gregg Chappell" <BoothNEQSFXRXBZ@microsoft.com>][Date Fri, 03 Jun 2005 21:15:10 ... ... /[From "Seth Fernandez" <RomoBFPXMPLQ@attglobal.net>][Date Tue, 07 Jun 2005 17:22:18 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\Geraldlene Nelson\Application Data\Thunderbird\Profiles\7tc7e0ua.default\Mail\Local Folders\Inbox/[From EarthLink <benefits@earthlink.net>][Date Tue, 5 Jul 2005 17:50:16 -0400 (EDT)]/UNNAMED/[From "Louisa Macdonald" <AllenNALXKRANUGICXW@cox-internet.com>][Date Thu, 02 Jun 2005 08:46:52 -0500]/UNNAMED/[From "Esmeralda Kessler" <RubioMRRSR@cox.net>][Date Fri, 03 Jun 2005 00:02:41 -0500]/UNNAMED/[From "Gregg Chappell" <BoothNEQSFXRXBZ@microsoft.com>][Date Fri, 03 Jun 2005 21:15:10 ... /[From "Marcel Kline" <Jerrodzpxjxtmjvmey@btinternet.com>][Date Mon, 06 Jun 2005 21:27:06 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\Geraldlene Nelson\Application Data\Thunderbird\Profiles\7tc7e0ua.default\Mail\Local Folders\Inbox/[From EarthLink <benefits@earthlink.net>][Date Tue, 5 Jul 2005 17:50:16 -0400 (EDT)]/UNNAMED/[From "Louisa Macdonald" <AllenNALXKRANUGICXW@cox-internet.com>][Date Thu, 02 Jun 2005 08:46:52 -0500]/UNNAMED/[From "Esmeralda Kessler" <RubioMRRSR@cox.net>][Date Fri, 03 Jun 2005 00:02:41 -0500]/UNNAMED/[From "Gregg Chappell" <BoothNEQSFXRXBZ@microsoft.com>][Date Fri, 03 Jun 2005 21:15:10 -0 . ... /[From "Billy Reagan" <MontgomeryZZTDGEQPTX@att.net>][Date Mon, 06 Jun 2005 04:02:34 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\Geraldlene Nelson\Application Data\Thunderbird\Profiles\7tc7e0ua.default\Mail\Local Folders\Inbox/[From EarthLink <benefits@earthlink.net>][Date Tue, 5 Jul 2005 17:50:16 -0400 (EDT)]/UNNAMED/[From "Louisa Macdonald" <AllenNALXKRANUGICXW@cox-internet.com>][Date Thu, 02 Jun 2005 08:46:52 -0500]/UNNAMED/[From "Esmeralda Kessler" <RubioMRRSR@cox.net>][Date Fri, 03 Jun 2005 00:02:41 -0500]/UNNAMED/[From "Gregg Chappell" <BoothNEQSFXRXBZ@microsoft.com>][Date Fri, 03 Jun 2005 21:15:10 -0 ... /[From "Dick Grayson" <Imogenenwrpxtk@tranquility.net>][Date Sun, 05 Jun 2005 03:17:58 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\Geraldlene Nelson\Application Data\Thunderbird\Profiles\7tc7e0ua.default\Mail\Local Folders\Inbox/[From EarthLink <benefits@earthlink.net>][Date Tue, 5 Jul 2005 17:50:16 -0400 (EDT)]/UNNAMED/[From "Louisa Macdonald" <AllenNALXKRANUGICXW@cox-internet.com>][Date Thu, 02 Jun 2005 08:46:52 -0500]/UNNAMED/[From "Esmeralda Kessler" <RubioMRRSR@cox.net>][Date Fri, 03 Jun 2005 00:02:41 -0500]/UNNAMED/[From "Gregg Chappell" <BoothNEQSFXRXBZ@microsoft.com>][Date Fri, 03 Jun 2005 21:15:10 -0500]/UNNAMED/[From "Colin Quinn" <Scottiehtxhqglrxvu@att.net>][Date Sat, 04 Jun 2005 22:42:35 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\Geraldlene Nelson\Application Data\Thunderbird\Profiles\7tc7e0ua.default\Mail\Local Folders\Inbox/[From EarthLink <benefits@earthlink.net>][Date Tue, 5 Jul 2005 17:50:16 -0400 (EDT)]/UNNAMED/[From "Louisa Macdonald" <AllenNALXKRANUGICXW@cox-internet.com>][Date Thu, 02 Jun 2005 08:46:52 -0500]/UNNAMED/[From "Esmeralda Kessler" <RubioMRRSR@cox.net>][Date Fri, 03 Jun 2005 00:02:41 -0500]/UNNAMED/[From "Gregg Chappell" <BoothNEQSFXRXBZ@microsoft.com>][Date Fri, 03 Jun 2005 21:15:10 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\Geraldlene Nelson\Application Data\Thunderbird\Profiles\7tc7e0ua.default\Mail\Local Folders\Inbox/[From EarthLink <benefits@earthlink.net>][Date Tue, 5 Jul 2005 17:50:16 -0400 (EDT)]/UNNAMED/[From "Louisa Macdonald" <AllenNALXKRANUGICXW@cox-internet.com>][Date Thu, 02 Jun 2005 08:46:52 -0500]/UNNAMED/[From "Esmeralda Kessler" <RubioMRRSR@cox.net>][Date Fri, 03 Jun 2005 00:02:41 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\Geraldlene Nelson\Application Data\Thunderbird\Profiles\7tc7e0ua.default\Mail\Local Folders\Inbox/[From EarthLink <benefits@earthlink.net>][Date Tue, 5 Jul 2005 17:50:16 -0400 (EDT)]/UNNAMED/[From "Louisa Macdonald" <AllenNALXKRANUGICXW@cox-internet.com>][Date Thu, 02 Jun 2005 08:46:52 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\Geraldlene Nelson\Application Data\Thunderbird\Profiles\7tc7e0ua.default\Mail\Local Folders\Inbox/[From EarthLink <benefits@earthlink.net>][Date Tue, 5 Jul 2005 17:50:16 -0400 (EDT)]/UNNAMED Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\Geraldlene Nelson\Application Data\Thunderbird\Profiles\7tc7e0ua.default\Mail\Local Folders\Inbox Mail Berkeley mbox: infected - 29 skipped
C:\Documents and Settings\Geraldlene Nelson\Application Data\Webroot\Spy Sweeper\Logs\080314105839.ses Object is locked skipped
C:\Documents and Settings\Geraldlene Nelson\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Geraldlene Nelson\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\Geraldlene Nelson\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Geraldlene Nelson\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Geraldlene Nelson\Local Settings\Application Data\Mozilla\Firefox\Profiles\4yxj02hz.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Geraldlene Nelson\Local Settings\Application Data\Mozilla\Firefox\Profiles\4yxj02hz.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Geraldlene Nelson\Local Settings\Application Data\Mozilla\Firefox\Profiles\4yxj02hz.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Geraldlene Nelson\Local Settings\Application Data\Mozilla\Firefox\Profiles\4yxj02hz.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Geraldlene Nelson\Local Settings\Application Data\Musicmatch\Jukebox\mmjbaltlog.txt Object is locked skipped
C:\Documents and Settings\Geraldlene Nelson\Local Settings\Application Data\Musicmatch\Jukebox\mmjblog.txt Object is locked skipped
C:\Documents and Settings\Geraldlene Nelson\Local Settings\Application Data\Musicmatch\Jukebox\Portables.log Object is locked skipped
C:\Documents and Settings\Geraldlene Nelson\Local Settings\Application Data\Musicmatch\MIM\Database\Default.ldb Object is locked skipped
C:\Documents and Settings\Geraldlene Nelson\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skipped
C:\Documents and Settings\Geraldlene Nelson\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Geraldlene Nelson\Local Settings\Temp\JETB47B.tmp Object is locked skipped
C:\Documents and Settings\Geraldlene Nelson\Local Settings\Temp\Perflib_Perfdata_9a8.dat Object is locked skipped
C:\Documents and Settings\Geraldlene Nelson\Local Settings\Temp\Perflib_Perfdata_9d0.dat Object is locked skipped
C:\Documents and Settings\Geraldlene Nelson\Local Settings\Temp\Perflib_Perfdata_ca4.dat Object is locked skipped
C:\Documents and Settings\Geraldlene Nelson\Local Settings\Temp\~ROMFN_00000EC8 Object is locked skipped
C:\Documents and Settings\Geraldlene Nelson\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Geraldlene Nelson\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Geraldlene Nelson\Local Settings\Temporary Internet Files\Content.IE5\LDY4BKJJ\Installer2[1].exe Infected: not-a-virus:FraudTool.Win32.Reanimator.a skipped
C:\Documents and Settings\Geraldlene Nelson\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Geraldlene Nelson\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS05565AF1-F156-428A-9A50-00E5DD1A1049.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS094D5F49-D7AC-47AB-B27E-1F6EF226798B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0B71FF27-2A41-402D-A4EA-22F613CABA05.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0CE98634-8C3C-42C1-B53B-3A08E033942E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS145F4279-2AB1-41CA-9B07-8E76785133D9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1467EB99-7E8F-4007-AE33-7819E571639A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS15CFC6FE-9F4B-4F4A-A628-EE40E83EDF67.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS24C1F16E-C4A3-426F-8C4C-57D8681003DD.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS25549479-8E20-4B6F-98CB-DAFA0B33DEED.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS27D5AF8F-9611-4828-9765-4785EB7EB2C3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2E885CC2-D43F-452A-B937-D4DF2587EF3D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS31075D79-71BC-46D2-B632-6604BD53CA45.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3388C61A-8829-4AF6-9B16-41D5AB14ED36.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS33FFA625-6F43-4E01-9CBD-A16041B983CD.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3486337C-B68F-4C4D-8ACD-B0A2E001F101.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS36B0E543-0AF1-4F43-8400-D7F39B6C97D7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3CCDC9E0-F16F-417B-BCD7-7415C6233A52.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3DE82004-DE75-4B76-818E-96F715879E0A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS40C28D8E-9563-4072-91D3-133CCC8D825B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS40D722B7-CC39-40E6-8BDD-896FB4B032D6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS42338415-8473-4DFC-93F4-B124EF8834A1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS432A9487-C597-4A03-BF75-6ECAB3252254.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS43C9ED37-0972-42B8-85B6-10D948C40739.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS46340CFA-BD11-4D20-8BBE-41A6E8670E02.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS46F81476-E5AE-4288-BFE5-70E1720B6ED6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4E8714F9-7B13-4984-921D-32F3B2F3EDC7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS58C857BD-6DF6-468F-AF6A-A05172F6ABDF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5953C4F4-555E-4BA5-A638-28342BD6D13D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS59BCD1D2-53C6-42F0-B536-45DDC5BDD9E4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS66DF248E-5F35-4517-A754-03F9D2360A24.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS67680FEB-A485-42AA-BB82-8A952B2A84CF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6AAC5D88-3A53-4C64-8E8F-DF9CE8150040.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6F99CF7D-C59C-4A5B-91DA-AB517100ABB1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS756748BD-7F03-4A57-8329-DA0DF4C81216.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS85ABFFEE-1050-42BC-A17A-7E12D4143E67.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS864165A3-C071-4B97-9178-4288A86D1A89.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS877F1EE0-2376-4E21-AFB6-2EE6E9F4C4BC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS87DEEE6C-181E-4AF2-9033-FA44751A26E8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS890A439D-BFC0-4916-9355-D919867C8D9D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8D3C18BF-9577-46C9-8259-588E6FE090AE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8D81ADA4-0A6C-4008-A6D5-BD2D30E8C707.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8EAD5F94-36A0-43B9-B112-F675356BF26A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS902F3B6A-7365-4AA8-967B-1B2EA95C8602.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS99635A30-7D45-4C85-8A21-BF71F1316C3F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9A745823-6AAC-4FA0-90F2-EBDF77536D87.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9C9A4186-ED64-47E8-BF15-B68DFF96D6D1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9FCE4AE1-31A0-492D-8C09-A0A914838F21.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA77518BB-2B75-479D-9B7F-5FE90CC5120D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA806A19C-A814-42D0-BCEA-09F194A7902C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAA0CB655-4949-4395-BB3A-43DC271201B5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSABC2C7FC-2EDD-4075-B1E0-F85D4FA42235.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAFAFAF93-17BF-475F-82A1-0B90F700B33B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB21A32A4-ABEE-49C3-B78C-98168E3E8680.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB32EBF94-C298-4470-A2BE-827C23663ECC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB5BD27E7-BDD7-40D5-8753-6BA8A43FBCA3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB6DB1408-E524-4BFF-BD24-E0158743683A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB87B90F6-E3AF-49BF-B972-093945DAED3A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBB841F70-715B-42E3-8381-F55B5980392D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBCCB3310-8423-4D86-A43B-BCE3D5E594C9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBFAAF474-78DD-437C-A4A6-43BF681B6E83.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC025A527-6AD0-4AD2-B8AD-63BD4289060E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC110E067-21C7-4339-B87B-317A2A953339.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC17FEB63-7FFF-4AF4-A1A6-4B9AEF0D9671.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC1DF15BA-7635-49B5-8730-98342E9174B0.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC2B5B6E3-6048-4BF3-B396-EBB3486A6DB9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC4A4D8C5-DDB5-4B0B-B93A-15CD07847946.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC536268E-6282-4B58-A352-8416622BF884.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC72671D1-7521-472F-9E4D-1DCD211AF334.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC8DDD591-9771-46E8-B136-D69C1A0B961E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCA504D55-3A0A-4613-8177-F24A16C1E086.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCC957AE2-0299-48C2-AF95-8A9548830BA9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCCF85201-BFFD-45BF-AC33-7201CE0CC46E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCCFCABBA-BDD4-4FD6-9D01-1813551E8F29.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCD72ED66-7DC8-4B37-93B8-F5E94EBC7009.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCEE610E9-FD5E-4686-A7A8-C7FA6B289703.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCFDE0C63-42E5-4145-B5BC-E74DFA43477C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD439DFB5-E64F-49C6-BF12-D6CAD6F3EAD6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDBC38F52-7572-456C-9DE9-B708E3F2F95B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE23E24AF-E399-4BEC-86AF-8B06340D675C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE3EACFD0-4781-47CF-899B-DEBB6F5B2C6B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE4061242-DE06-4EA1-BB14-5299E50A8B49.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEAC239F8-78FC-475A-B92A-5901646FBDB8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEE239B95-96FA-4131-BF8A-72932A763C78.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF1FB1F1C-9D0A-4FEC-B716-5490892C741F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF609BB50-9BC6-4276-9B5D-677DE05EB6A1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF8DB504F-1957-49DB-9C41-B71F0F802598.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF9E5BC48-BAEB-4EE7-B9C7-E9295ED7CA28.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFB5ED9A2-6A18-490D-91FE-069CACD98A0A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFDA76A39-0B65-4F28-9517-4606F8547EFA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\itouch_crash_info.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Geraldlene Nelson\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Geraldlene Nelson\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Geraldlene Nelson\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Geraldlene Nelson\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Geraldlene Nelson\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Geraldlene Nelson\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Geraldlene Nelson\Data\L0000003.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Geraldlene Nelson\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Geraldlene Nelson\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Geraldlene Nelson\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Geraldlene Nelson\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Geraldlene Nelson\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Geraldlene Nelson\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Geraldlene Nelson\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Geraldlene Nelson\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Geraldlene Nelson\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Geraldlene Nelson\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Geraldlene Nelson\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Geraldlene Nelson\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Geraldlene Nelson\Data\storydb.idx Object is locked skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\036215E9.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3F660A6B.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3F6D5E64.htm Infected: Exploit.HTML.Mht skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1146\A0150299.sys Infected: not-a-virus:FraudTool.Win32.UltimateDefender.cm skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1151\A0151626.exe Infected: not-a-virus:FraudTool.Win32.Reanimator.a skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1151\A0151628.exe Infected: not-virus:Hoax.Win32.Renos.bav skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1151\A0151715.exe Infected: not-a-virus:FraudTool.Win32.Reanimator.a skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1151\A0151726.exe Infected: not-virus:Hoax.Win32.Renos.bav skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1151\A0151727.exe Infected: not-virus:Hoax.Win32.Renos.bav skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1151\A0151728.exe Infected: not-virus:Hoax.Win32.Renos.bav skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1151\A0151729.exe Infected: not-virus:Hoax.Win32.Renos.bav skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1151\A0151732.exe Infected: not-virus:Hoax.Win32.Renos.bav skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1151\A0151733.exe Infected: not-virus:Hoax.Win32.Renos.bav skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1151\A0152732.exe Infected: not-virus:Hoax.Win32.Renos.bav skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1151\A0152733.exe Infected: not-virus:Hoax.Win32.Renos.bav skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1151\A0152744.exe Infected: not-a-virus:FraudTool.Win32.Reanimator.a skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1151\change.log Object is locked skipped
C:\WINDOWS\braviax.exe Infected: not-virus:Hoax.Win32.Renos.bav skipped
C:\WINDOWS\cru629.dat Infected: Backdoor.Win32.Small.dbq skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\braviax.exe Infected: not-virus:Hoax.Win32.Renos.bav skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\ACEEvent.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\cru629.dat Infected: Backdoor.Win32.Small.dbq skipped
C:\WINDOWS\SYSTEM32\DLLCACHE\beep.sys Infected: not-a-virus:FraudTool.Win32.UltimateDefender.cm skipped
C:\WINDOWS\SYSTEM32\DRIVERS\BEEP.SYS Infected: not-a-virus:FraudTool.Win32.UltimateDefender.cm skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\SYSTEM32\users32.dat Infected: not-a-virus:AdWare.Win32.Agent.zo skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\winivstr.exe Infected: not-a-virus:FraudTool.Win32.Reanimator.a skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Please advise. Thanx.

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:24 PM

Posted 14 March 2008 - 08:25 PM

Please follow the instructions for using SDFix here:

http://www.bleepingcomputer.com/forums/t/131299/how-to-use-sdfix/

When you are done, please post the log, it should look something like this:
Posted Image

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users