Again, many, many thanks. Lots of infection it seems.
New Combofix with CFScript
ComboFix 08-05-09.1 - Owner 2008-05-12 16:47:32.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.195 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\system32\deauyeoh.dll
C:\WINDOWS\system32\dhmscclq.dll
C:\WINDOWS\system32\efcDVmKB.dll
C:\WINDOWS\system32\glvqcgoy.exe
C:\WINDOWS\system32\kjcvbqwp.exe
C:\WINDOWS\system32\lvudkpiv.dll
C:\WINDOWS\system32\lyrrqmjp.dll
C:\WINDOWS\system32\mqjejuac.err
C:\WINDOWS\system32\safkcuth.dll
C:\WINDOWS\system32\sxxsxlqg.dll
C:\WINDOWS\system32\tgpppvxv.dll
C:\WINDOWS\system32\tmsguigo.dll
C:\WINDOWS\system32\vtUnligg.dll
C:\WINDOWS\system32\ymntjieu.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\deauyeoh.dll
C:\WINDOWS\system32\dhmscclq.dll
C:\WINDOWS\system32\glvqcgoy.exe
C:\WINDOWS\system32\kjcvbqwp.exe
C:\WINDOWS\system32\lvudkpiv.dll
C:\WINDOWS\system32\lyrrqmjp.dll
C:\WINDOWS\system32\mqjejuac.err
C:\WINDOWS\system32\nrnvpu.exe
C:\WINDOWS\system32\ocobmdr.exe
C:\WINDOWS\system32\safkcuth.dll
C:\WINDOWS\system32\sockins32.dll
C:\WINDOWS\system32\sxxsxlqg.dll
C:\WINDOWS\system32\tgpppvxv.dll
C:\WINDOWS\system32\tmsguigo.dll
C:\WINDOWS\system32\vtUnligg.dll
C:\WINDOWS\system32\ymntjieu.exe
.
((((((((((((((((((((((((( Files Created from 2008-04-12 to 2008-05-12 )))))))))))))))))))))))))))))))
.
2008-05-12 14:02 . 2008-05-12 14:02 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-12 14:02 . 2008-05-12 14:02 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-05-12 14:02 . 2008-05-12 14:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-12 14:02 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-12 14:02 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-11 20:22 . 2008-05-12 14:23 <DIR> d-------- C:\HJTV2
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-11 16:13 --------- d-----w C:\Program Files\Google
2008-04-23 04:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
.
((((((((((((((((((((((((((((( snapshot@2008-05-11_14.47.57.30 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-11 18:33:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-12 20:52:51 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-11 18:34:39 15,600 ----a-w C:\WINDOWS\system32\wacom.dat
+ 2008-05-12 20:53:51 15,600 ----a-w C:\WINDOWS\system32\wacom.dat
+ 2008-05-12 20:58:40 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_580.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KBD"="C:\HP\KBD\KBD.EXE" [2001-07-07 00:56 61440]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-05-15 06:20 114688]
"CoolSwitch"="C:\WINDOWS\System32\taskswitch.exe" [2002-03-19 18:30 45632]
"checktime"="c:\program files\HPSelect\Frontend\ct.exe" [2002-01-26 16:05 45056]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-06-18 02:11 69632]
"USSShReg"="C:\PROGRA~1\ULEADS~1\ULEADP~1\SSaver\Ussshreg.exe" [1997-11-23 04:16 20992]
"iamapp"="C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE" [2003-05-21 05:13 373976]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-05-21 02:21 90112]
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator.NEWMAN^Start Menu^Programs^Startup^AutoPlay.exe]
path=C:\Documents and Settings\Administrator.NEWMAN\Start Menu\Programs\Startup\AutoPlay.exe
backup=C:\WINDOWS\pss\AutoPlay.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp center.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp center.lnk
backup=C:\WINDOWS\pss\hp center.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ipix.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ipix.exe
backup=C:\WINDOWS\pss\ipix.exeCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=C:\WINDOWS\pss\Microsoft Find Fast.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
backup=C:\WINDOWS\pss\Office Startup.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk.disabled]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk.disabled
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Scanner Detector.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Scanner Detector.lnk
backup=C:\WINDOWS\pss\Scanner Detector.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartUI.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SmartUI.lnk
backup=C:\WINDOWS\pss\SmartUI.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Webshots.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Webshots.lnk
backup=C:\WINDOWS\pss\Webshots.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2004-09-07 14:47 57344 C:\WINDOWS\ALCXMNTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
--a--c--- 2002-09-10 22:26 368706 C:\Program Files\BroadJump\Client Foundation\CFD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDCActiveMenu]
--a------ 2002-06-08 04:20 86016 C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDCM]
--a------ 2002-06-08 04:18 122880 C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2002-07-16 11:03 106549 C:\WINDOWS\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hcsystray]
--a--c--- 2006-11-01 21:46 30928 C:\Program Files\GAMES\Kuma Games\hcsystray\hc_tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2002-05-15 06:29 155648 C:\WINDOWS\System32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2002-06-10 17:06 36864 C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
E:\CDSETUP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2003-07-28 15:19 4841472 C:\WINDOWS\System32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
--a------ 2003-07-28 15:19 852038 C:\WINDOWS\system32\nview.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2003-07-28 15:19 323584 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2002-06-10 16:37 45108 C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
--a------ 2002-06-14 19:39 81920 C:\WINDOWS\system32\ps2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-20 18:20 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2001-12-19 02:39 212992 C:\WINDOWS\SMINST\RECGUARD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Cleaner]
C:\PROGRA~1\REGIST~1\regclean.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
--a------ 2002-05-09 11:01 155648 C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-09-13 14:26 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]
--a------ 2002-02-28 15:57 20480 C:\WINDOWS\wt\updater\wcmdmgrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 19:20 866584 C:\Program Files\Windows Defender\MSASCui.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Quake III Arena\\quake3.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\hp center\\137903\\Program\\BackWeb-137903.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Kiplingers Home and Business Attorney\\jre\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
R2 mrtRate;mrtRate;C:\WINDOWS\system32\drivers\mrtRate.sys [2001-02-28 10:42]
R2 NISSERV;Symantec Client Firewall Service;C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE [2003-05-21 05:18]
R2 ONSIO;ONSIO;C:\WINDOWS\SYSTEM32\DRIVERS\ONSIO.SYS [1998-04-17 13:23]
S0 SMPLSCSI;SMPLSCSI;C:\WINDOWS\system32\drivers\SMPLSCSI.SYS [1998-08-01 12:00]
S3 brfilt;Brother MFC Filter Driver;C:\WINDOWS\system32\Drivers\Brfilt.sys [2001-08-17 13:12]
S3 brparimg;Brother Multi Function Parallel Image driver;C:\WINDOWS\system32\DRIVERS\BrParImg.sys [2001-08-17 13:12]
S3 BrParWdm;Brother WDM Parallel Driver;C:\WINDOWS\system32\Drivers\BrParwdm.sys [2001-08-17 13:12]
S3 BrSerWDM;Brother Serial driver;C:\WINDOWS\system32\Drivers\BrSerWdm.sys [2001-08-17 13:12]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\WINDOWS\system32\Drivers\BrUsbMdm.sys [2001-08-17 13:12]
S3 BrUsbScn;Brother MFC USB Scanner driver;C:\WINDOWS\system32\Drivers\BrUsbScn.sys [2001-08-17 13:12]
S3 PCDRDRV;Pcdr Helper Driver;C:\WINDOWS\system32\drivers\PCDRDRV.sys []
S3 scsiscan;SCSI Scanner Driver;C:\WINDOWS\system32\DRIVERS\scsiscan.sys [2001-08-17 14:53]
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 02:04]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\769f71f7-ca67-420e-a918-817a5baad1ea]
C:\WINDOWS\system32\ocobmdr.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-05-12 20:58:42 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-05-12 16:53:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\System32\NavLogon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\LexBceS.exe
C:\WINDOWS\system32\Lexpps.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\snmp.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-05-12 17:04:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-12 21:04:34
ComboFix2.txt 2008-05-12 17:51:33
ComboFix3.txt 2008-05-11 18:49:12
Pre-Run: 82,108,727,296 bytes free
Post-Run: 82,121,109,504 bytes free
249 --- E O F --- 2008-05-09 13:47:16
I then ran cleanmgr as directed and went online and ran Kaspersky Scanner
Kaspersky Report
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, May 12, 2008 8:14:28 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 12/05/2008
Kaspersky Anti-Virus database records: 765113
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
Scan Statistics:
Total number of scanned objects: 154900
Number of viruses found: 22
Number of infected objects: 125
Number of suspicious objects: 0
Duration of the scan process: 02:08:45
Infected Object Name / Virus Name / Last Action
C:\cat personal folder.pst/cat folder/EBAY/13 Mar 2004 10:14 to annie429@bellsouth.net; aowen@bellsouth.net/eBay Account Investigation.htm Infected: Trojan-Spy.HTML.Bayfraud.g skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/RevelationV2.zip/SetupRevelationV2.exe/WISE0012.BIN Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/RevelationV2.zip/SetupRevelationV2.exe/WISE0013.BIN Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/RevelationV2.zip/SetupRevelationV2.exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/RevelationV2.zip Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/revelanch.zip/Revelanch.exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.11 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/revelanch.zip Infected: not-a-virus:PSWTool.Win32.SnadBoy.11 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/RevelationV2.zip/SetupRevelationV2.exe/WISE0012.BIN Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/RevelationV2.zip/SetupRevelationV2.exe/WISE0013.BIN Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/RevelationV2.zip/SetupRevelationV2.exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/RevelationV2.zip Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/revelanch.zip/Revelanch.exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.11 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/revelanch.zip Infected: not-a-virus:PSWTool.Win32.SnadBoy.11 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/RevelationV2.zip/SetupRevelationV2.exe/WISE0012.BIN Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/RevelationV2.zip/SetupRevelationV2.exe/WISE0013.BIN Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/RevelationV2.zip/SetupRevelationV2.exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/RevelationV2.zip Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/revelanch.zip/Revelanch.exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.11 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/revelanch.zip Infected: not-a-virus:PSWTool.Win32.SnadBoy.11 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/RevelationV2.zip/SetupRevelationV2.exe/WISE0012.BIN Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/RevelationV2.zip/SetupRevelationV2.exe/WISE0013.BIN Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/RevelationV2.zip/SetupRevelationV2.exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/RevelationV2.zip Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/revelanch.zip/Revelanch.exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.11 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/revelanch.zip Infected: not-a-virus:PSWTool.Win32.SnadBoy.11 skipped
C:\cat personal folder.pst/cat folder/read/15 May 2005 19:56 from eBay Member: cmroer:Question about paymen.eml Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\cat personal folder.pst/cat folder/read/15 Oct 2003 13:34 from Roer, Catherine Ms (ESA DIGICON CONTR)/RevelationHelper.dll Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\cat personal folder.pst/cat folder/read/15 Oct 2003 13:34 from Roer, Catherine Ms (ESA DIGICON CONTR)/Revelation.exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/RevelationV2.zip/SetupRevelationV2.exe/WISE0012.BIN Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/RevelationV2.zip/SetupRevelationV2.exe/WISE0013.BIN Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/RevelationV2.zip/SetupRevelationV2.exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/RevelationV2.zip Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/revelanch.zip/Revelanch.exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.11 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/revelanch.zip Infected: not-a-virus:PSWTool.Win32.SnadBoy.11 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/RevelationV2.zip/SetupRevelationV2.exe/WISE0012.BIN Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/RevelationV2.zip/SetupRevelationV2.exe/WISE0013.BIN Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/RevelationV2.zip/SetupRevelationV2.exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/RevelationV2.zip Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/revelanch.zip/Revelanch.exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.11 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/revelanch.zip Infected: not-a-virus:PSWTool.Win32.SnadBoy.11 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/RevelationV2.zip/SetupRevelationV2.exe/WISE0012.BIN Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/RevelationV2.zip/SetupRevelationV2.exe/WISE0013.BIN Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/RevelationV2.zip/SetupRevelationV2.exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/RevelationV2.zip Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/revelanch.zip/Revelanch.exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.11 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/revelanch.zip Infected: not-a-virus:PSWTool.Win32.SnadBoy.11 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/RevelationV2.zip/SetupRevelationV2.exe/WISE0012.BIN Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/RevelationV2.zip/SetupRevelationV2.exe/WISE0013.BIN Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/RevelationV2.zip/SetupRevelationV2.exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/RevelationV2.zip Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/revelanch.zip/Revelanch.exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.11 skipped
C:\cat personal folder.pst/cat folder/read/07 Aug 2003 14:24 from Roer, Catherine Ms (ESA DIGICON CONTR):Re/revelanch.zip Infected: not-a-virus:PSWTool.Win32.SnadBoy.11 skipped
C:\cat personal folder.pst MailMSMaill: infected - 52 skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-06212007-174525.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04E00000.VBN Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04E40000.VBN Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05200000.VBN Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC40000.VBN Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D3C0000.VBN Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D400000.VBN Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E980000.VBN Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E980001.VBN Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E980002.VBN Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E980003.VBN Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E980004.VBN Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0ECC0000.VBN Infected: Trojan-Downloader.Win32.Homles.bm skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0EE40000.VBN Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0EE40001.VBN Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0EE80000.VBN Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0EE80001.VBN Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0EE80002.VBN Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0EE80003.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.hk skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0EE80004.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.hl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0EEC0000.VBN Infected: not-a-virus:AdWare.Win32.BHO.awz skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0EEC0001.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0EEC0002.VBN Infected: Trojan-Downloader.Win32.Homles.bm skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0EF00000.VBN Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0F100000.VBN Infected: Trojan-Downloader.Win32.Qoologic.be skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0F100001.VBN Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{11F17683-2D54-4057-A34F-08FE2F7F9834}\Microsoft\Outlook Express\Inbox.dbx/[From "eBay Member: cmroer" <member@ebay.com>][Date Sun, 15 May 2005 12:56:50 -0700]/UNNAMED/text Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{11F17683-2D54-4057-A34F-08FE2F7F9834}\Microsoft\Outlook Express\Inbox.dbx/[From "eBay Member: cmroer" <member@ebay.com>][Date Sun, 15 May 2005 12:56:50 -0700]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{11F17683-2D54-4057-A34F-08FE2F7F9834}\Microsoft\Outlook Express\Inbox.dbx MailMSOutlook5: infected - 2 skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E006D5D9-0388-4C63-8AB2-368AD966CBD9}\Microsoft\Outlook Express\EBAY.dbx/[From <support@eBay.com>][Date Sat, 13 Mar 2004 05:15:31 -0600]/eBay Infected: Trojan-Spy.HTML.Bayfraud.g skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E006D5D9-0388-4C63-8AB2-368AD966CBD9}\Microsoft\Outlook Express\EBAY.dbx MailMSOutlook5: infected - 1 skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E006D5D9-0388-4C63-8AB2-368AD966CBD9}\Microsoft\Outlook Express\read.dbx/[From "Roer, Catherine Ms (ESA DIGICON CONTR)"][Date Thu, 7 Aug 2003 10:17:46 -0400 ]/UNNAMED/RevelationV2.zip/SetupRevelationV2.exe/WISE0012.BIN Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E006D5D9-0388-4C63-8AB2-368AD966CBD9}\Microsoft\Outlook Express\read.dbx/[From "Roer, Catherine Ms (ESA DIGICON CONTR)"][Date Thu, 7 Aug 2003 10:17:46 -0400 ]/UNNAMED/RevelationV2.zip/SetupRevelationV2.exe/WISE0013.BIN Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E006D5D9-0388-4C63-8AB2-368AD966CBD9}\Microsoft\Outlook Express\read.dbx/[From "Roer, Catherine Ms (ESA DIGICON CONTR)"][Date Thu, 7 Aug 2003 10:17:46 -0400 ]/UNNAMED/RevelationV2.zip/SetupRevelationV2.exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E006D5D9-0388-4C63-8AB2-368AD966CBD9}\Microsoft\Outlook Express\read.dbx/[From "Roer, Catherine Ms (ESA DIGICON CONTR)"][Date Thu, 7 Aug 2003 10:17:46 -0400 ]/UNNAMED/RevelationV2.zip Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E006D5D9-0388-4C63-8AB2-368AD966CBD9}\Microsoft\Outlook Express\read.dbx/[From "Roer, Catherine Ms (ESA DIGICON CONTR)"][Date Thu, 7 Aug 2003 10:17:46 -0400 ]/UNNAMED/revelanch.zip/Revelanch.exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.11 skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E006D5D9-0388-4C63-8AB2-368AD966CBD9}\Microsoft\Outlook Express\read.dbx/[From "Roer, Catherine Ms (ESA DIGICON CONTR)"][Date Thu, 7 Aug 2003 10:17:46 -0400 ]/UNNAMED/revelanch.zip Infected: not-a-virus:PSWTool.Win32.SnadBoy.11 skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E006D5D9-0388-4C63-8AB2-368AD966CBD9}\Microsoft\Outlook Express\read.dbx/[From "Roer, Catherine Ms (ESA DIGICON CONTR)"][Date Thu, 7 Aug 2003 10:17:46 -0400 ]/UNNAMED Infected: not-a-virus:PSWTool.Win32.SnadBoy.11 skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{E006D5D9-0388-4C63-8AB2-368AD966CBD9}\Microsoft\Outlook Express\read.dbx MailMSOutlook5: infected - 7 skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\My Documents\pwdump.exe Infected: not-a-virus:PSWTool.Win32.PWDump.b skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\iamadblk.rel Object is locked skipped
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\iamalert.rel Object is locked skipped
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\iamfw.rel Object is locked skipped
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\iamids.rel Object is locked skipped
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\iampriv.rel Object is locked skipped
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\iamsys.rel Object is locked skipped
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\iamtcp.rel Object is locked skipped
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\iamtdi.rel Object is locked skipped
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\iamwebh.rel Object is locked skipped
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\nisum.dat Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1552OinAdmin.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.gb skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1552OinUninstaller.exe.vir/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1552OinUninstaller.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\Program Files\QdrModule\QdrModule15.exe.vir Infected: not-a-virus:AdWare.Win32.AdBand.y skipped
C:\QooBox\Quarantine\C\Program Files\SMBOLS~1\ati2evxx.exe.vir Infected: Trojan-Downloader.Win32.Agent.kwg skipped
C:\QooBox\Quarantine\C\WINDOWS\b2new.exe.vir Infected: Trojan-Downloader.Win32.Agent.otg skipped
C:\QooBox\Quarantine\C\WINDOWS\default.htm.vir Infected: not-virus:Hoax.HTML.Secureinvites.b skipped
C:\QooBox\Quarantine\C\WINDOWS\lfn.exe.vir Infected: not-virus:Hoax.Win32.Renos.cda skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\000060.exe.vir/stream/data0004 Infected: not-a-virus:AdWare.Win32.AdBand.y skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\000060.exe.vir/stream Infected: not-a-virus:AdWare.Win32.AdBand.y skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\000060.exe.vir NSIS: infected - 2 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\000080.exe.vir/data0002 Infected: Trojan-Downloader.Win32.PurityScan.gb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\000080.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wmsdkns.exe.vir Infected: not-virus:Hoax.Win32.Renos.cda skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP150\A0094821.exe Infected: Trojan-Downloader.Win32.PurityScan.gb skipped
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP152\A0095965.exe Infected: not-a-virus:AdWare.Win32.AdBand.y skipped
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP152\A0095967.exe Infected: Trojan-Downloader.Win32.Agent.kwg skipped
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP152\A0096001.exe Infected: not-virus:Hoax.Win32.Renos.cda skipped
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP152\A0096002.exe Infected: not-virus:Hoax.Win32.Renos.cda skipped
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP152\A0096003.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.AdBand.y skipped
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP152\A0096003.exe/stream Infected: not-a-virus:AdWare.Win32.AdBand.y skipped
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP152\A0096003.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP152\A0096004.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.gb skipped
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP152\A0096004.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP155\A0096149.exe Infected: Trojan-Downloader.Win32.PurityScan.gb skipped
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP155\A0096150.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP155\A0096150.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP155\A0096151.exe Infected: Trojan-Downloader.Win32.Agent.otg skipped
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP156\change.log Object is locked skipped
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP28\A0030553.exe/data0002 Infected: Trojan-Downloader.Win32.Agent.i skipped
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP28\A0030553.exe NSIS: infected - 1 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\SahHtml_.exe Infected: not-a-virus:AdWare.Win32.Sahat.j skipped
C:\WINDOWS\Downloaded Program Files\SAHUninstall_.exe Infected: not-a-virus:AdWare.Win32.Sahat.j skipped
C:\WINDOWS\Downloaded Program Files\WEBInstaller.dll Infected: not-a-virus:AdWare.Win32.Sahat.c skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_580.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP156\change.log Object is locked skipped
Scan process completed.
Finally ran HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:16:45 PM, on 5/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJTV2\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://srch-us6.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://forums.whatth...emoval_f27.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
http://home.bellsouth.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 169.254.244.127:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [USSShReg] C:\PROGRA~1\ULEADS~1\ULEADP~1\SSaver\Ussshreg.exe /r
O4 - HKLM\..\Run: [iamapp] C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) -
http://help.bellsout...oad/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) -
http://h20270.www2.h...ctDetection.cab
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec Client Firewall Service (NISSERV) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
O23 - Service: Symantec Client Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Client Firewall Proxy Service (SymPxSvc) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
--
End of file - 5386 bytes
Thank you Gary for all your time and effort. Best Regards, Catherine