[Resolved] Trojan/Virus Adware Serious problem

living life · 16th July 2008

I opened what I thought was an E card from Hallmark only to find that my computer was taken over by something called software referral dot com. It took over my home page and would continuously change my cookie settings and download pages. It took over as my administrator and prevented me from doing most things. I read other posts and downloaded the tools from another computer to a jump drive and added them to mine as it blocked all the web sites.
there are still some viruses on my pc but the VIRUS ALERT display is gone and I can now use the websites to download. the following is the reports.

I ran ComboFix three times and then ATF Cleaner and then did the Kapersky with the Resident Shield of on my AVG.
Thank you for your help, reading the other posts makes me very grateful and hopeful for what you do.

I have to make three entries as my text is too long for the window

ComboFix 08-07-14.2 - andrew 2008-07-15 23:09:29.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.137 [GMT -4:00]
Running from: C:\Documents and Settings\andrew\Desktop\ComboFix2.exe.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\andrew\Application Data\macromedia\Flash Player\#SharedObjects\NGVM2NU3\Broadcaster.com | Home | Viral Video Clips, Live Community, News, Software, Movies, Music, Games, Mobile Media & More
C:\Documents and Settings\andrew\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#Broadcaster.com | Home | Viral Video Clips, Live Community, News, Software, Movies, Music, Games, Mobile Media & More
C:\Documents and Settings\andrew\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\andrew\g2mdlhlpx.exe
C:\Documents and Settings\Grant\Application Data\ShoppingReport
C:\Documents and Settings\Grant\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Grant\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Grant\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Grant\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Grant\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Grant\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Grant\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\Guest\Application Data\ShoppingReport
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\Morgan\Application Data\ShoppingReport
C:\Documents and Settings\Morgan\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Morgan\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Morgan\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Morgan\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Morgan\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Morgan\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Morgan\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\Morgan\Application Data\WeatherDPA
C:\Documents and Settings\Morgan\Application Data\WeatherDPA\Weather\WeatherStartup.xml
C:\Documents and Settings\Morgan\Start Menu\Programs\PlayMP3z
C:\Documents and Settings\Morgan\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver\Images\003927C6.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images\05B6B2CE.urr
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\PCHealthCenter
C:\Program Files\PCHealthCenter\0.exe
C:\Program Files\PCHealthCenter\0.gif
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\2.exe
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\PCHealthCenter\sex1.ico
C:\Program Files\PCHealthCenter\sex2.ico
C:\Program Files\VAV
C:\Program Files\VAV\vav.ooo
C:\Program Files\VAV\vav0.dat
C:\Program Files\VAV\vav1.dat
C:\WINDOWS\cookies.ini
C:\WINDOWS\erem.exe
C:\WINDOWS\gpefaowr.exe
C:\WINDOWS\system32\_000003_.tmp.dll
C:\WINDOWS\system32\_000004_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000013_.tmp.dll
C:\WINDOWS\system32\avhieg.dll
C:\WINDOWS\system32\ayjruo.dll
C:\WINDOWS\system32\clbdll.dll
C:\WINDOWS\system32\clbdll.old
C:\WINDOWS\system32\clbinit.dll
C:\WINDOWS\system32\CRIEVX.DLL
C:\WINDOWS\system32\ddem.dll
C:\WINDOWS\system32\drivers\clbdriver.sys
C:\WINDOWS\system32\faqzkn.dll
C:\WINDOWS\system32\ijgdcuna.ini
C:\WINDOWS\system32\isenubmb.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nXIjQXbc.ini
C:\WINDOWS\system32\nXIjQXbc.ini2
C:\WINDOWS\system32\pgutoydj.dll
C:\WINDOWS\system32\phvuolai.ini
C:\WINDOWS\system32\qwinqyrt.dll
C:\WINDOWS\system32\qxpqgveu.dll
C:\WINDOWS\system32\rilmiu.dll
C:\WINDOWS\system32\sex1.ico
C:\WINDOWS\system32\sex2.ico
C:\WINDOWS\system32\tryqniwq.ini
C:\WINDOWS\system32\uabxikrd.dll
C:\WINDOWS\system32\uevgqpxq.ini
C:\WINDOWS\system32\umxiqirn.dll
C:\WINDOWS\system32\xggixlid.dll
C:\WINDOWS\system32\xnqjymjm.dll
C:\WINDOWS\system32\ypoqww.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLBDRIVER

((((((((((((((((((((((((( Files Created from 2008-06-16 to 2008-07-16 )))))))))))))))))))))))))))))))
.

2008-07-15 23:21 . 2008-07-15 23:21 322,304 --a------ C:\WINDOWS\system32\ddcyyWMG.dll
2008-07-15 23:21 . 2008-07-15 23:21 347 --ahs---- C:\WINDOWS\system32\GMWyycdd.ini2
2008-07-15 23:21 . 2008-07-15 23:21 347 --ahs---- C:\WINDOWS\system32\GMWyycdd.ini
2008-07-15 14:01 . 2008-07-15 14:09 4,286 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-15 13:59 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-15 13:59 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-15 13:59 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-15 13:59 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-15 13:59 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-15 13:59 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-15 13:59 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-15 13:59 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-15 13:59 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-15 12:52 . 2008-07-15 12:52 <DIR> d--hs---- C:\FOUND.032
2008-07-15 11:33 . 2008-07-15 11:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-15 11:32 . 2008-07-15 11:32 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-07-14 23:20 . 2008-07-14 23:20 2 --a------ C:\WINDOWS\msoffice.ini
2008-07-14 18:09 . 2003-01-10 17:13 33,588 -ra------ C:\WINDOWS\system32\drivers\wanatw4.sys
2008-07-14 16:15 . 2008-07-14 16:15 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-07-14 16:10 . 2008-07-14 16:10 <DIR> d-------- C:\Documents and Settings\andrew\Application Data\AOL
2008-07-14 16:07 . 2008-07-14 16:07 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2008-07-14 16:05 . 2008-07-14 16:05 <DIR> d-------- C:\Program Files\Viewpoint
2008-07-14 16:05 . 2008-07-14 16:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-14 14:24 . 2008-07-14 14:24 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-07-14 14:24 . 2008-07-14 14:24 335 --a------ C:\WINDOWS\nsreg.dat
2008-07-14 14:23 . 2008-07-14 14:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-07-14 14:23 . 2008-07-14 14:23 29 --a------ C:\WINDOWS\atid.ini
2008-07-14 13:22 . 2008-07-14 13:22 <DIR> d--hs---- C:\FOUND.031
2008-07-14 13:05 . 2008-07-14 13:24 354 ---hs---- C:\WINDOWS\system32\aetktdwv.ini
2008-07-11 20:09 . 2008-07-11 20:09 <DIR> d--hs---- C:\FOUND.030
2008-07-11 19:46 . 2008-07-11 19:46 <DIR> d-------- C:\Documents and Settings\andrew\Application Data\MSNInstaller
2008-07-11 18:51 . 2008-07-11 18:51 <DIR> d-------- C:\Documents and Settings\Morgan\Application Data\TmpRecentIcons
2008-07-11 18:51 . 2008-07-11 18:51 <DIR> d-------- C:\Documents and Settings\Grant\Application Data\TmpRecentIcons
2008-07-11 11:55 . 2008-07-11 11:55 <DIR> d--hs---- C:\FOUND.029
2008-07-10 20:14 . 2008-07-10 20:14 <DIR> d--hs---- C:\FOUND.028
2008-07-10 03:04 . 2008-07-10 03:04 318,208 --a------ C:\WINDOWS\system32\cbXQjIXn.dll
2008-07-10 02:58 . 2008-07-10 02:58 29,568 --a------ C:\WINDOWS\system32\yaywuvTL.dll
2008-07-10 02:58 . 2008-07-10 02:58 29,568 --a------ C:\WINDOWS\system32\jkkKaayW.dll
2008-07-10 02:58 . 2004-08-04 05:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d-------- C:\Program Files\Realtek Sound Manager
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d-------- C:\Program Files\Common Files\PocketSoft
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d-------- C:\Program Files\AvRack
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d-------- C:\Program Files\Atari
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d--hs---- C:\FOUND.009
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d--hs---- C:\FOUND.008
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d--hs---- C:\FOUND.007
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d--hs---- C:\FOUND.006
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d--hs---- C:\FOUND.005
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d--hs---- C:\FOUND.004
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d--hs---- C:\FOUND.003
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d--hs---- C:\FOUND.002
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d--hs---- C:\FOUND.001
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d--hs---- C:\FOUND.000
2008-07-05 20:44 . 2008-07-09 09:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-05 20:44 . 2008-07-05 20:45 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-05 20:42 . 2008-07-05 20:42 <DIR> d-------- C:\Program Files\QuickTime(2)
2008-06-21 19:54 . 2008-06-21 19:54 <DIR> d-------- C:\Documents and Settings\Morgan\Application Data\ooVoo Details
2008-06-17 19:23 . 2008-06-17 19:23 <DIR> d-------- C:\Documents and Settings\Morgan\Application Data\FrostWire
2008-06-17 19:19 . 2008-06-17 19:19 <DIR> d-------- C:\Program Files\FrostWire
2008-06-17 19:19 . 2008-06-17 19:19 <DIR> d-------- C:\Program Files\AskSBar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:45 360,320 ------w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-20 09:52 225,920 ------w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 20:06 --------- d-----w C:\Documents and Settings\Grant\Application Data\LimeWire
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-12 20:25 --------- d-----w C:\Documents and Settings\Grant\Application Data\uTorrent
2008-06-11 16:09 --------- d-----w C:\Program Files\FBrowserAdvisor
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-24 02:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2004-08-04 09:00 94,784 --sh--w C:\WINDOWS\twain.dll
2004-08-04 09:00 50,688 --sh--w C:\WINDOWS\twain_32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5DF5DA73-C225-415E-87CF-DBB698F8B2B4}]
2008-07-15 23:21 322304 --a------ C:\WINDOWS\system32\ddcyyWMG.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{684BFE7F-F5B2-4AB3-A95E-EB5036A2D286}]
2008-07-10 02:58 29568 --a------ C:\WINDOWS\system32\jkkKaayW.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8532d95a-7ada-453b-be6a-e838c364099b}]
2008-07-15 23:25 116864 --a------ C:\WINDOWS\system32\slvfjr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E6DC6E97-E2D6-4654-9179-DBF79A0DB30F}]
2008-07-10 03:04 318208 --a------ C:\WINDOWS\system32\cbXQjIXn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherEye"="C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye" [X]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 23:44 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 23:43 688218]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2005-03-04 13:13 32768]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:00 455168]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 16:54 385024]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-04-19 19:41 579584]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 00:55 176128]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 00:55 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2005-07-08 00:55 491520]
"eFax 4.2"="C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" [2006-07-14 16:36 107008]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 09:11 57344]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 02:08 483328]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 18:13 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-07 19:50 88363 C:\WINDOWS\AGRSMMSG.exe]
"SiSPower"="SiSPower.dll" [2005-02-25 19:35 49152 C:\WINDOWS\system32\SiSPower.dll]

C:\Documents and Settings\andrew\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 13:49:52 64864]
DING!.lnk - C:\Program Files\Southwest Airlines\Ding\Ding.exe [2006-06-22 14:15:48 462848]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2005-01-04 16:52:52 331776]
eFax 4.2.lnk - C:\Program Files\eFax Messenger 4.2\J2GTray.exe [2006-10-02 21:00:05 612352]
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 13:49:52 64864]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-04-06 15:54:09 25214]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{684BFE7F-F5B2-4AB3-A95E-EB5036A2D286}"= "C:\WINDOWS\system32\jkkKaayW.dll" [2008-07-10 02:58 29568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkKaayW]
2008-07-10 02:58 29568 C:\WINDOWS\system32\jkkKaayW.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\ddcyyWMG

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer Inc\\Acer GridVista\\GridVistaU.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\AVGCC.EXE"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgw.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgvv.exe"=
"C:\\Program Files\\eFax Messenger 4.2\\J2GPBook.exe"=
"C:\\Program Files\\Hewlett-Packard\\Precisionscan Pro 3.1\\hpipcopy.exe"=
"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\HSH\\HBCS\\unins000.exe"=
"C:\\Program Files\\TheWeatherNetwork\\WeatherEye\\WeatherEye.exe"=
"C:\\Program Files\\AvRack\\rtlrack.exe"=

R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 01:43]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]

.
Contents of the 'Scheduled Tasks' folder
"2008-07-15 17:10:08 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe
"2007-03-22 21:59:02 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe%Scan -RestrictPrivileges -ScanType 1
"2008-07-15 14:49:28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Sys2.exe - C:\Windows\Sys2.exe
HKLM-Run-320d18a1 - C:\WINDOWS\system32\qxpqgveu.dll
SSODL-fsrpknov-{D1D36229-9FD5-42F3-88C0-6E2BE7F25961} - C:\WINDOWS\fsrpknov.dll
SSODL-fdxbameg-{B1F57EFF-BB03-42A4-A286-3D3427766604} - C:\WINDOWS\fdxbameg.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-15 23:22:06
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\jkkKaayW.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\ddcyyWMG.dll
.
------------------------ Other Running Processes ------------------------
.
C:\ACER\EMANAGER\ANBMSERV.EXE
C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGUPSVC.EXE
C:\WINDOWS\SYSTEM32\HPZIPM12.EXE
C:\WINDOWS\SYSTEM32\FXSSVC.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-07-15 23:27:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-16 03:27:26

Pre-Run: 5,781,749,760 bytes free
Post-Run: 9,527,492,608 bytes free

319 --- E O F --- 2008-07-10 07:03:50

living life · 16th July 2008

This is the second part of the Combo Fix log, I could only post half of it on the first page

ComboFix 08-07-14.2 - andrew 2008-07-15 23:42:00.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.124 [GMT -4:00]
Running from: C:\Documents and Settings\andrew\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\GMWyycdd.ini
C:\WINDOWS\system32\GMWyycdd.ini2
C:\WINDOWS\system32\prnrwqmf.dll
C:\WINDOWS\system32\slvfjr.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-16 to 2008-07-16 )))))))))))))))))))))))))))))))
.

2008-07-15 23:21 . 2008-07-15 23:21 322,304 --a------ C:\WINDOWS\system32\ddcyyWMG.dll
2008-07-15 14:01 . 2008-07-15 14:09 4,286 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-15 13:59 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-15 13:59 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-15 13:59 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-15 13:59 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-15 13:59 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-15 13:59 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-15 13:59 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-15 13:59 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-15 13:59 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-15 12:52 . 2008-07-15 12:52 <DIR> d--hs---- C:\FOUND.032
2008-07-15 11:33 . 2008-07-15 11:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-15 11:32 . 2008-07-15 11:32 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-07-14 23:20 . 2008-07-14 23:20 2 --a------ C:\WINDOWS\msoffice.ini
2008-07-14 18:09 . 2003-01-10 17:13 33,588 -ra------ C:\WINDOWS\system32\drivers\wanatw4.sys
2008-07-14 16:15 . 2008-07-14 16:15 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-07-14 16:10 . 2008-07-14 16:10 <DIR> d-------- C:\Documents and Settings\andrew\Application Data\AOL
2008-07-14 16:07 . 2008-07-14 16:07 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2008-07-14 16:05 . 2008-07-14 16:05 <DIR> d-------- C:\Program Files\Viewpoint
2008-07-14 16:05 . 2008-07-14 16:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-14 14:24 . 2008-07-14 14:24 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-07-14 14:24 . 2008-07-14 14:24 335 --a------ C:\WINDOWS\nsreg.dat
2008-07-14 14:23 . 2008-07-14 14:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-07-14 14:23 . 2008-07-14 14:23 29 --a------ C:\WINDOWS\atid.ini
2008-07-14 13:22 . 2008-07-14 13:22 <DIR> d--hs---- C:\FOUND.031
2008-07-14 13:05 . 2008-07-14 13:24 354 ---hs---- C:\WINDOWS\system32\aetktdwv.ini
2008-07-11 20:09 . 2008-07-11 20:09 <DIR> d--hs---- C:\FOUND.030
2008-07-11 19:46 . 2008-07-11 19:46 <DIR> d-------- C:\Documents and Settings\andrew\Application Data\MSNInstaller
2008-07-11 18:51 . 2008-07-11 18:51 <DIR> d-------- C:\Documents and Settings\Morgan\Application Data\TmpRecentIcons
2008-07-11 18:51 . 2008-07-11 18:51 <DIR> d-------- C:\Documents and Settings\Grant\Application Data\TmpRecentIcons
2008-07-11 11:55 . 2008-07-11 11:55 <DIR> d--hs---- C:\FOUND.029
2008-07-10 20:14 . 2008-07-10 20:14 <DIR> d--hs---- C:\FOUND.028
2008-07-10 03:04 . 2008-07-10 03:04 318,208 --a------ C:\WINDOWS\system32\cbXQjIXn.dll
2008-07-10 02:58 . 2008-07-10 02:58 29,568 --a------ C:\WINDOWS\system32\yaywuvTL.dll
2008-07-10 02:58 . 2008-07-10 02:58 29,568 --a------ C:\WINDOWS\system32\jkkKaayW.dll
2008-07-10 02:58 . 2004-08-04 05:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d-------- C:\Program Files\Realtek Sound Manager
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d-------- C:\Program Files\Common Files\PocketSoft
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d-------- C:\Program Files\AvRack
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d-------- C:\Program Files\Atari
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d--hs---- C:\FOUND.009
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d--hs---- C:\FOUND.008
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d--hs---- C:\FOUND.007
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d--hs---- C:\FOUND.006
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d--hs---- C:\FOUND.005
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d--hs---- C:\FOUND.004
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d--hs---- C:\FOUND.003
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d--hs---- C:\FOUND.002
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d--hs---- C:\FOUND.001
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d--hs---- C:\FOUND.000
2008-07-05 20:44 . 2008-07-09 09:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-05 20:44 . 2008-07-05 20:45 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-05 20:42 . 2008-07-05 20:42 <DIR> d-------- C:\Program Files\QuickTime(2)
2008-06-21 19:54 . 2008-06-21 19:54 <DIR> d-------- C:\Documents and Settings\Morgan\Application Data\ooVoo Details
2008-06-17 19:23 . 2008-06-17 19:23 <DIR> d-------- C:\Documents and Settings\Morgan\Application Data\FrostWire
2008-06-17 19:19 . 2008-06-17 19:19 <DIR> d-------- C:\Program Files\FrostWire
2008-06-17 19:19 . 2008-06-17 19:19 <DIR> d-------- C:\Program Files\AskSBar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:45 360,320 ------w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-20 09:52 225,920 ------w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 20:06 --------- d-----w C:\Documents and Settings\Grant\Application Data\LimeWire
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-12 20:25 --------- d-----w C:\Documents and Settings\Grant\Application Data\uTorrent
2008-06-11 16:09 --------- d-----w C:\Program Files\FBrowserAdvisor
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-24 02:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2004-08-04 09:00 94,784 --sh--w C:\WINDOWS\twain.dll
2004-08-04 09:00 50,688 --sh--w C:\WINDOWS\twain_32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5DF5DA73-C225-415E-87CF-DBB698F8B2B4}]
2008-07-15 23:21 322304 --a------ C:\WINDOWS\system32\ddcyyWMG.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{684BFE7F-F5B2-4AB3-A95E-EB5036A2D286}]
2008-07-10 02:58 29568 --a------ C:\WINDOWS\system32\jkkKaayW.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E6DC6E97-E2D6-4654-9179-DBF79A0DB30F}]
2008-07-10 03:04 318208 --a------ C:\WINDOWS\system32\cbXQjIXn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherEye"="C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye" [X]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 23:44 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 23:43 688218]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2005-03-04 13:13 32768]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:00 455168]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 16:54 385024]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-04-19 19:41 579584]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 00:55 176128]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 00:55 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2005-07-08 00:55 491520]
"eFax 4.2"="C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" [2006-07-14 16:36 107008]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 09:11 57344]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 02:08 483328]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 18:13 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-07 19:50 88363 C:\WINDOWS\AGRSMMSG.exe]
"SiSPower"="SiSPower.dll" [2005-02-25 19:35 49152 C:\WINDOWS\system32\SiSPower.dll]

C:\Documents and Settings\andrew\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 13:49:52 64864]
DING!.lnk - C:\Program Files\Southwest Airlines\Ding\Ding.exe [2006-06-22 14:15:48 462848]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2005-01-04 16:52:52 331776]
eFax 4.2.lnk - C:\Program Files\eFax Messenger 4.2\J2GTray.exe [2006-10-02 21:00:05 612352]
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 13:49:52 64864]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-04-06 15:54:09 25214]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{684BFE7F-F5B2-4AB3-A95E-EB5036A2D286}"= "C:\WINDOWS\system32\jkkKaayW.dll" [2008-07-10 02:58 29568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkKaayW]
2008-07-10 02:58 29568 C:\WINDOWS\system32\jkkKaayW.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer Inc\\Acer GridVista\\GridVistaU.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\AVGCC.EXE"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgw.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgvv.exe"=
"C:\\Program Files\\eFax Messenger 4.2\\J2GPBook.exe"=
"C:\\Program Files\\Hewlett-Packard\\Precisionscan Pro 3.1\\hpipcopy.exe"=
"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\HSH\\HBCS\\unins000.exe"=
"C:\\Program Files\\TheWeatherNetwork\\WeatherEye\\WeatherEye.exe"=
"C:\\Program Files\\AvRack\\rtlrack.exe"=

R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 01:43]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]

.
Contents of the 'Scheduled Tasks' folder
"2008-07-15 17:10:08 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe
"2007-03-22 21:59:02 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe%Scan -RestrictPrivileges -ScanType 1
"2008-07-15 14:49:28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-15 23:49:12
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\jkkKaayW.dll
.
------------------------ Other Running Processes ------------------------
.
C:\ACER\EMANAGER\ANBMSERV.EXE
C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGUPSVC.EXE
C:\WINDOWS\SYSTEM32\HPZIPM12.EXE
C:\WINDOWS\SYSTEM32\FXSSVC.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\PROGRAM FILES\THEWEATHERNETWORK\WEATHEREYE\WEATHEREYE.EXE
C:\PROGRAM FILES\IPOD\BIN\IPODSERVICE.EXE
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-07-15 23:55:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-16 03:55:06
ComboFix2.txt 2008-07-16 03:27:44

Pre-Run: 9,516,580,864 bytes free
Post-Run: 9,519,333,376 bytes free

212 --- E O F --- 2008-07-10 07:03:50

ComboFix 08-07-14.2 - andrew 2008-07-16 0:12:34.3 - FAT32x86
Running from: C:\Documents and Settings\andrew\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-06-16 to 2008-07-16 )))))))))))))))))))))))))))))))
.

2008-07-16 00:18 . 2008-07-16 00:18 322,304 --a------ C:\WINDOWS\system32\iifebbaX.dll
2008-07-16 00:18 . 2008-07-16 00:18 347 --ahs---- C:\WINDOWS\system32\Xabbefii.ini2
2008-07-16 00:18 . 2008-07-16 00:18 347 --ahs---- C:\WINDOWS\system32\Xabbefii.ini
2008-07-15 23:21 . 2008-07-15 23:21 322,304 --a------ C:\WINDOWS\system32\ddcyyWMG.dll
2008-07-15 14:01 . 2008-07-15 14:09 4,286 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-15 13:59 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-15 13:59 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-15 13:59 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-15 13:59 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-15 13:59 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-15 13:59 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-15 13:59 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-15 13:59 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-15 13:59 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-15 12:52 . 2008-07-15 12:52 <DIR> d--hs---- C:\FOUND.032
2008-07-15 11:33 . 2008-07-15 11:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-15 11:32 . 2008-07-15 11:32 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-07-14 23:20 . 2008-07-14 23:20 2 --a------ C:\WINDOWS\msoffice.ini
2008-07-14 18:09 . 2003-01-10 17:13 33,588 -ra------ C:\WINDOWS\system32\drivers\wanatw4.sys
2008-07-14 16:15 . 2008-07-14 16:15 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-07-14 16:10 . 2008-07-14 16:10 <DIR> d-------- C:\Documents and Settings\andrew\Application Data\AOL
2008-07-14 16:07 . 2008-07-14 16:07 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2008-07-14 16:05 . 2008-07-14 16:05 <DIR> d-------- C:\Program Files\Viewpoint
2008-07-14 16:05 . 2008-07-14 16:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-14 14:24 . 2008-07-14 14:24 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-07-14 14:24 . 2008-07-14 14:24 335 --a------ C:\WINDOWS\nsreg.dat
2008-07-14 14:23 . 2008-07-14 14:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-07-14 14:23 . 2008-07-14 14:23 29 --a------ C:\WINDOWS\atid.ini
2008-07-14 13:22 . 2008-07-14 13:22 <DIR> d--hs---- C:\FOUND.031
2008-07-14 13:05 . 2008-07-14 13:24 354 ---hs---- C:\WINDOWS\system32\aetktdwv.ini
2008-07-11 20:09 . 2008-07-11 20:09 <DIR> d--hs---- C:\FOUND.030
2008-07-11 19:46 . 2008-07-11 19:46 <DIR> d-------- C:\Documents and Settings\andrew\Application Data\MSNInstaller
2008-07-11 18:51 . 2008-07-11 18:51 <DIR> d-------- C:\Documents and Settings\Morgan\Application Data\TmpRecentIcons
2008-07-11 18:51 . 2008-07-11 18:51 <DIR> d-------- C:\Documents and Settings\Grant\Application Data\TmpRecentIcons
2008-07-11 11:55 . 2008-07-11 11:55 <DIR> d--hs---- C:\FOUND.029
2008-07-10 20:14 . 2008-07-10 20:14 <DIR> d--hs---- C:\FOUND.028
2008-07-10 03:04 . 2008-07-10 03:04 318,208 --a------ C:\WINDOWS\system32\cbXQjIXn.dll
2008-07-10 02:58 . 2008-07-10 02:58 29,568 --a------ C:\WINDOWS\system32\yaywuvTL.dll
2008-07-10 02:58 . 2008-07-10 02:58 29,568 --a------ C:\WINDOWS\system32\jkkKaayW.dll
2008-07-10 02:58 . 2004-08-04 05:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d-------- C:\Program Files\Realtek Sound Manager
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d-------- C:\Program Files\Common Files\PocketSoft
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d-------- C:\Program Files\AvRack
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d-------- C:\Program Files\Atari
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d--hs---- C:\FOUND.009
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d--hs---- C:\FOUND.008
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d--hs---- C:\FOUND.007
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d--hs---- C:\FOUND.006
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d--hs---- C:\FOUND.005
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d--hs---- C:\FOUND.004
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d--hs---- C:\FOUND.003
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d--hs---- C:\FOUND.002
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d--hs---- C:\FOUND.001
2008-07-10 01:30 . 2008-07-10 01:30 <DIR> d--hs---- C:\FOUND.000
2008-07-05 20:44 . 2008-07-09 09:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-05 20:44 . 2008-07-05 20:45 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-05 20:42 . 2008-07-05 20:42 <DIR> d-------- C:\Program Files\QuickTime(2)
2008-06-21 19:54 . 2008-06-21 19:54 <DIR> d-------- C:\Documents and Settings\Morgan\Application Data\ooVoo Details
2008-06-17 19:23 . 2008-06-17 19:23 <DIR> d-------- C:\Documents and Settings\Morgan\Application Data\FrostWire
2008-06-17 19:19 . 2008-06-17 19:19 <DIR> d-------- C:\Program Files\FrostWire
2008-06-17 19:19 . 2008-06-17 19:19 <DIR> d-------- C:\Program Files\AskSBar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:45 360,320 ------w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-20 09:52 225,920 ------w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 20:06 --------- d-----w C:\Documents and Settings\Grant\Application Data\LimeWire
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-12 20:25 --------- d-----w C:\Documents and Settings\Grant\Application Data\uTorrent
2008-06-11 16:09 --------- d-----w C:\Program Files\FBrowserAdvisor
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-24 02:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2004-08-04 09:00 94,784 --sh--w C:\WINDOWS\twain.dll
2004-08-04 09:00 50,688 --sh--w C:\WINDOWS\twain_32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5DF5DA73-C225-415E-87CF-DBB698F8B2B4}]
2008-07-15 23:21 322304 --a------ C:\WINDOWS\system32\ddcyyWMG.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{684BFE7F-F5B2-4AB3-A95E-EB5036A2D286}]
2008-07-10 02:58 29568 --a------ C:\WINDOWS\system32\jkkKaayW.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9931248B-7B58-4797-B786-262DACBD6D95}]
2008-07-16 00:18 322304 --a------ C:\WINDOWS\system32\iifebbaX.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E6DC6E97-E2D6-4654-9179-DBF79A0DB30F}]
2008-07-10 03:04 318208 --a------ C:\WINDOWS\system32\cbXQjIXn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherEye"="C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye" [X]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 23:44 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 23:43 688218]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2005-03-04 13:13 32768]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:00 455168]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 16:54 385024]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-04-19 19:41 579584]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 00:55 176128]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 00:55 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2005-07-08 00:55 491520]
"eFax 4.2"="C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" [2006-07-14 16:36 107008]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 09:11 57344]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 02:08 483328]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 18:13 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-07 19:50 88363 C:\WINDOWS\AGRSMMSG.exe]
"SiSPower"="SiSPower.dll" [2005-02-25 19:35 49152 C:\WINDOWS\system32\SiSPower.dll]

C:\Documents and Settings\andrew\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 13:49:52 64864]
DING!.lnk - C:\Program Files\Southwest Airlines\Ding\Ding.exe [2006-06-22 14:15:48 462848]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2005-01-04 16:52:52 331776]
eFax 4.2.lnk - C:\Program Files\eFax Messenger 4.2\J2GTray.exe [2006-10-02 21:00:05 612352]
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 13:49:52 64864]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-04-06 15:54:09 25214]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{684BFE7F-F5B2-4AB3-A95E-EB5036A2D286}"= "C:\WINDOWS\system32\jkkKaayW.dll" [2008-07-10 02:58 29568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkKaayW]
2008-07-10 02:58 29568 C:\WINDOWS\system32\jkkKaayW.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\iifebbaX

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer Inc\\Acer GridVista\\GridVistaU.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\AVGCC.EXE"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgw.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgvv.exe"=
"C:\\Program Files\\eFax Messenger 4.2\\J2GPBook.exe"=
"C:\\Program Files\\Hewlett-Packard\\Precisionscan Pro 3.1\\hpipcopy.exe"=
"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\HSH\\HBCS\\unins000.exe"=
"C:\\Program Files\\TheWeatherNetwork\\WeatherEye\\WeatherEye.exe"=
"C:\\Program Files\\AvRack\\rtlrack.exe"=

R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 01:43]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-07-15 17:10:08 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe
"2007-03-22 21:59:02 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe%Scan -RestrictPrivileges -ScanType 1
"2008-07-15 14:49:28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-16 00:18:41
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

C:\WINDOWS\EXPLORER.EXE [3684] 0x8404CDA0

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

living life · 16th July 2008

I apologize, but the report is very long, this is the remainder.

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\jkkKaayW.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\iifebbaX.dll
.
Completion time: 2008-07-16 0:23:16
ComboFix-quarantined-files.txt 2008-07-16 04:22:58
ComboFix3.txt 2008-07-16 03:27:44
ComboFix2.txt 2008-07-16 03:55:46

Pre-Run: 9,526,542,336 bytes free
Post-Run: 9,514,483,712 bytes free

201 --- E O F --- 2008-07-10 07:03:50

------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, July 16, 2008 3:55:18 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/07/2008
Kaspersky Anti-Virus database records: 958233
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 77047
Number of viruses found: 34
Number of infected objects: 131
Number of suspicious objects: 0
Duration of the scan process: 01:24:12

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\ddcyyWMG.dll Infected: Trojan.Win32.Monderb.gen skipped
C:\WINDOWS\system32\iifebbaX.dll Infected: Trojan.Win32.Monderb.gen skipped
C:\WINDOWS\system32\jkkKaayW.dll Infected: Trojan.Win32.Monderb.gen skipped
C:\WINDOWS\system32\yaywuvTL.dll Infected: Trojan.Win32.Monderb.gen skipped
C:\WINDOWS\system32\cbXQjIXn.dll Infected: Trojan.Win32.Monderb.gen skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus

ownloader.Win32.PopCap.b skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\andrew\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\andrew\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\andrew\Local Settings\History\History.IE5\MSHist012008071620080717\index.dat Object is locked skipped
C:\Documents and Settings\andrew\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\andrew\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\andrew\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\andrew\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\andrew\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\andrew\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\andrew\Desktop\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\andrew\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\andrew\ntuser.dat Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\MSN Messenger\riched20.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\MSN Messenger\msimg32.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP279\A0036240.exe Infected: not-a-virus:AdWare.Win32.HotBar.ck skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP279\A0036243.dll Infected: not-a-virus:AdWare.Win32.HotBar.ck skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP279\A0036245.dll Infected: not-a-virus:AdWare.Win32.HotBar.ck skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP279\A0036251.dll Infected: not-a-virus:AdWare.Win32.HotBar.ck skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP279\A0036253.dll Infected: not-a-virus:AdWare.Win32.HotBar.ck skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP279\A0036264.dll Infected: not-a-virus:AdWare.Win32.HotBar.ck skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP279\A0036267.dll Infected: not-a-virus:AdWare.Win32.HotBar.ck skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP283\A0036625.dll Infected: not-a-virus:AdWare.Win32.Shopper.v skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP291\A0038226.dll Infected: not-a-virus:AdWare.Win32.Agent.atx skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP291\A0038227.dll Infected: not-a-virus:AdWare.Win32.Mirar.w skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP296\A0038812.dll Infected: not-a-virus:AdWare.Win32.Agent.atx skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP296\A0038815.exe Infected: not-a-virus:AdWare.Win32.Agent.jb skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP297\A0039940.dll Infected: not-a-virus:AdWare.Win32.Agent.atx skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP297\A0039943.exe Infected: not-a-virus:AdWare.Win32.Agent.jb skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP298\A0041039.dll Infected: not-a-virus:AdWare.Win32.Agent.atx skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP298\A0041042.exe Infected: not-a-virus:AdWare.Win32.Agent.jb skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP308\A0042628.dll Infected: not-a-virus:AdWare.Win32.Agent.atx skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP318\A0043992.exe Infected: not-a-virus:AdWare.Win32.Agent.jb skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP327\A0045857.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP327\A0045858.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP327\A0045859.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP327\A0045861.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP327\A0045862.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP327\A0045863.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP327\A0045864.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP327\A0045865.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP327\A0045866.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP327\A0045867.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP327\A0045868.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP327\A0045869.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP327\A0045870.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP327\A0045871.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP327\A0045872.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP327\A0045874.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP327\A0045875.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP327\A0045877.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP327\A0045879.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP327\A0045880.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP327\A0045881.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP327\A0045883.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP327\A0045884.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP327\A0045885.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP327\A0045886.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP328\A0045919.exe Infected: not-a-virus:AdWare.Win32.Agent.jb skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP328\A0045931.dll Infected: not-a-virus:AdWare.Win32.Agent.atx skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP328\A0045933.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP328\A0045934.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP328\A0045935.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP328\A0045936.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP328\A0045945.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP335\A0046554.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP335\A0046555.exe Infected: not-a-virus:FraudTool.Win32.Agent.u skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP335\A0046556.exe Infected: not-a-virus:FraudTool.Win32.Agent.u skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP335\A0046557.exe Infected: Trojan.Win32.Agent.tws skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP335\A0046558.exe Infected: not-a-virus:****-Downloader.Win32.Agent.v skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP335\A0047554.exe Infected: Trojan.Win32.Agent.tws skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP335\A0047555.exe Infected: not-a-virus:****-Downloader.Win32.Agent.v skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP335\A0047556.exe Infected: not-a-virus:FraudTool.Win32.Agent.u skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP335\A0047557.exe Infected: not-a-virus:FraudTool.Win32.Agent.u skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP335\A0048554.exe Infected: not-a-virus:FraudTool.Win32.Agent.u skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP336\A0048573.exe Infected: not-a-virus:FraudTool.Win32.Agent.u skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP336\A0048584.dll Infected: Trojan.Win32.Monderb.gen skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP336\A0048585.dll Infected: Trojan.Win32.Monderb.gen skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP338\A0049592.exe Infected: not-a-virus:FraudTool.Win32.Agent.u skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP338\A0049601.exe Infected: not-a-virus:FraudTool.Win32.Agent.u skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP338\A0049617.exe Infected: not-a-virus:FraudTool.Win32.Agent.u skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP339\A0049655.exe Infected: not-a-virus:FraudTool.Win32.Agent.u skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP339\A0049665.DLL Infected: Trojan.Win32.Monder.alx skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP339\A0049666.DLL Infected: Trojan.Win32.Monderb.gen skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP339\A0049667.dll Infected: Trojan.Win32.Monderb.gen skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP339\A0049687.exe Infected: not-a-virus:FraudTool.Win32.Agent.u skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP339\A0051703.dll Infected: Trojan.Win32.Monder.alx skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP339\A0057314.dll Infected: Rootkit.Win32.Podnuha.il skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP339\A0058315.dll Infected: Trojan.Win32.Vapsup.ico skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP339\A0058316.dll Infected: Trojan.Win32.Vapsup.idq skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP339\A0058317.dll Infected: Trojan.Win32.Vapsup.idp skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP339\A0058318.dll Infected: Trojan.Win32.Vapsup.ido skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP339\A0061314.dll Infected: Trojan.Win32.Monderb.gen skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP340\A0061336.exe Infected: not-a-virus:FraudTool.Win32.Agent.u skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP340\A0061337.exe Infected: not-a-virus:FraudTool.Win32.Agent.u skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP340\A0061338.exe Infected: Trojan.Win32.Agent.tws skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP340\A0061339.exe Infected: not-a-virus:****-Downloader.Win32.Agent.v skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP340\A0061343.exe Infected: Trojan.Win32.Vapsup.icu skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP340\A0061354.dll Infected: Trojan.Win32.Monderb.gen skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP340\A0061355.dll Infected: Trojan.Win32.Monderb.gen skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP340\A0061356.DLL Infected: Trojan.Win32.Monderb.gen skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP340\A0061357.dll Infected: Trojan.Win32.Monderb.gen skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP340\A0061358.dll Infected: Trojan.Win32.Monderb.gen skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP340\A0061359.dll Infected: Trojan.Win32.Monderb.gen skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP340\A0061361.dll Infected: Trojan.Win32.Monderb.gen skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP340\A0061362.dll Infected: Trojan.Win32.Monderb.gen skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP340\A0061363.dll Infected: Trojan.Win32.Monderb.gen skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP340\A0061364.dll Infected: Trojan.Win32.Monderb.gen skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP340\A0061365.dll Infected: Trojan.Win32.Monderb.gen skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP340\A0061366.dll Infected: Trojan.Win32.Monderb.gen skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP340\A0061367.dll Infected: Trojan.Win32.Monderb.gen skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP340\A0061372.exe Infected: Trojan.Win32.Vapsup.idn skipped
C:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP342\change.log Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\1.exe.vir Infected: not-a-virus:FraudTool.Win32.Agent.u skipped
C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\2.exe.vir Infected: not-a-virus:FraudTool.Win32.Agent.u skipped
C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\3.exe.vir Infected: Trojan.Win32.Agent.tws skipped
C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\4.exe.vir Infected: not-a-virus:****-Downloader.Win32.Agent.v skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\avhieg.dll.vir Infected: Trojan.Win32.Monderb.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ayjruo.dll.vir Infected: Trojan.Win32.Monderb.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\CRIEVX.DLL.vir Infected: Trojan.Win32.Monderb.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\faqzkn.dll.vir Infected: Trojan.Win32.Monderb.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\isenubmb.dll.vir Infected: Trojan.Win32.Monderb.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pgutoydj.dll.vir Infected: Trojan.Win32.Monderb.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qxpqgveu.dll.vir Infected: Trojan.Win32.Monderb.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rilmiu.dll.vir Infected: Trojan.Win32.Monderb.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uabxikrd.dll.vir Infected: Trojan.Win32.Monderb.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\umxiqirn.dll.vir Infected: Trojan.Win32.Monderb.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xggixlid.dll.vir Infected: Trojan.Win32.Monderb.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xnqjymjm.dll.vir Infected: Trojan.Win32.Monderb.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ypoqww.dll.vir Infected: Trojan.Win32.Monderb.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\prnrwqmf.dll.vir Infected: Trojan.Win32.Monderb.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\slvfjr.dll.vir Infected: Trojan.Win32.Monderb.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\gpefaowr.exe.vir Infected: Trojan.Win32.Vapsup.icu skipped
C:\QooBox\Quarantine\C\WINDOWS\erem.exe.vir Infected: Trojan.Win32.Vapsup.idn skipped
C:\QooBox\Quarantine\catchme2008-07-15_231741.87.zip/clbdll.dll Infected: Rootkit.Win32.Clbd.ey skipped
C:\QooBox\Quarantine\catchme2008-07-15_231741.87.zip ZIP: infected - 1 skipped
D:\System Volume Information\_restore{B6387AD4-48E1-4511-AA40-A245D4C401AE}\RP342\change.log Object is locked skipped

Scan process completed.

living life · 16th July 2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:42, on 16/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\SOUNDMAN