I would be grateful for advice on how to rid my computer of the virtumonde trojan. Below is the report from Kapersky and HJT report on the next posting as apparently too long.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, January 21, 2008 10:48:04 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 21/01/2008
Kaspersky Anti-Virus database records: 525479
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 129551
Number of viruses found: 3
Number of infected objects: 11
Number of suspicious objects: 0
Duration of the scan process: 01:27:33

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0747DB7E-4570-4F3C-A6FA-7546F47B3213.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0A242983-F994-4F19-8583-C8E0BC192C46.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS17902502-2F79-4AE8-90E5-529A95104937.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1945D67B-1A03-4AFE-B9FF-794A234F833C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1A40DB48-E5C7-482F-8329-6BD500FC471D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1A8E3A69-8777-4F8B-A982-FA7FEC185D94.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1F86D7DE-ECDB-4453-8E07-D7DF3BB2C570.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS251449E5-F88D-4484-BE4F-07D4B1999D3D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS27A14C66-D1F9-4CF1-8824-4679FE0727C7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS29904C5A-36DD-4E23-9C5D-73D07580D179.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2AD4D0CC-ABD1-4C94-9F47-3738640B75CE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2B9C5DFF-87F4-452A-9B31-6BD66209BD80.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2DBBA0DA-328E-46F5-9391-0B39EE7CC495.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2EF4758F-1DAC-490B-BE41-362057D626C2.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2F6B6F11-E61C-4A92-8C5E-3C6806FDB55E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3BD06F4C-F573-4445-A1E8-1BD8303E6F74.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3D54B21C-0FA8-465B-A4F3-CDF63F9BCCCD.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS42F88979-F699-43F6-B69F-4E4887579A71.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS47B124F9-2561-4DED-8B17-6B4FA16CA139.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4973F183-9F6F-48C0-A814-FAAF0E25685C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4AFC1F8A-431D-40E4-94E2-53D318FDE97E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4B1FAEAC-1E37-40FD-B7B5-8B74B00F4525.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS517FF028-04ED-447B-8AC9-D511DA2C8581.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS52246559-5FB0-4D2F-B7CB-D00196E41556.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5453A78A-AE87-4D41-AB2E-94CBF671C3A7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS54CF6A15-A221-4BBA-8D6E-A7C4434BA8B7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS58920E2E-0625-42DF-A057-62B87F17681E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5C6047B4-0883-47C6-B5A9-4412FAB1B54A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS61DDBC54-789D-43A8-AB82-A60FD263FD5E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS63653D8D-6C46-4EB9-B923-C2C73B30439B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6435C42F-C3A9-4F99-85FC-E2385354AB68.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6731A233-30C5-4135-82E7-412A25550032.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS68964600-1ADB-41C0-9151-ACCA2652FF9A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS699C4E76-3A66-4FF0-9B21-0DD57EC34FA1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6D6EA93E-6114-4719-A1DF-25785E4EE40F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6EC7C976-AA65-44F5-9B0C-C898042B109E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6F1A1159-8913-48D4-A871-AB4A5B8CFD66.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6FC0C862-391C-4002-9216-0F1DB670B9E3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6FD0F4C8-A204-4309-8A2E-038531B98EB2.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS74FCEA08-7685-45E6-AC64-88087A1E7ACC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7B8FF7E4-A574-4024-9ACB-8B689F812BC7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7C92CD7A-72F4-4714-BE60-DE73445641C2.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7DC3CA1A-3B18-423B-B9AC-26197A5862AB.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS855E3A22-5575-419B-B971-E230CDCC68A8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS85FB52CF-391C-4277-9030-F4DB7D72FC30.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS886F5496-31E6-469D-861A-6AB115B7555F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8F49050C-3781-465E-B5AD-8A391ED2D2DB.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS912647C8-FE55-4831-96DA-D6A7DFD9DDD9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS93A6321F-1D05-49B6-BBD1-694BA5A1B8C7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9519C697-5214-4F62-AAEC-A8D68B239982.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9A3189BB-7B2C-4270-A3E9-3843FE04D242.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9A63D7C4-2E87-4C4B-B96A-5A20EE1EA616.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9B5486C4-F8BC-46BE-B5EA-63CD8AC0252E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9E8DA3C5-BB6E-411F-B39D-09F162B4F749.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9EFFD4F8-2F4C-4B74-A4CF-F4BE45A31204.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA1F0FF96-95B8-4CEC-8E0B-2FA78D8E9784.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA63ECA30-471A-4FD1-B7AB-FB87EE05C662.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA8C2AA85-C7C8-4010-A6A0-2828509017E6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA9F6EDE6-B743-4D0B-AECE-FCF984ACA2D8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAE889F65-A641-4413-AF31-1FE6E542A325.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBAA46144-063D-4D8C-AC0C-ECD47447B17C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBD157726-976A-47F0-B137-647682A51076.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBDB297A1-8A5D-4B0E-BF94-C93BD0713359.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBEB0E3A6-A4A4-4D70-B189-B50006A4673C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC152D49B-D005-4D75-9C9D-597E5ACBB06B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC37DFFF4-BF23-4558-A990-215A937FAA99.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCC7EC592-DE85-4126-8F84-797098788D3F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCCCF8BD5-FF75-48A3-A574-BF87BDBE905B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD28C344A-09E2-43ED-9B8B-E911E87CF2C5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD2AC1674-50A2-478E-A819-4C25C1D48D80.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD36026EA-BA66-4269-B427-B2392BD5FBF2.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDC988548-98E3-4EF8-88E7-4AB7A9BB6685.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDFC0DA93-E353-445B-907A-FF5B3FB7314D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDFC167DB-B8C2-4F8D-B40E-90FA9D62B64C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE0C56217-646D-4B04-8965-E612DE626B0A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE1ACD4F3-C3CE-4C7A-BC85-4215511ED8EA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE2B58051-BA1B-4799-BF67-13C602A4920D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE3856249-BB88-41BE-8667-746EB24B1317.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE9CB294B-A9B2-4A7B-8976-3AD2E60D310B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEB0216B3-820F-4E50-BF51-AF663A0A84BF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEB88C89B-99C8-4FD1-B50A-D1C933D3D237.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEBD466C6-E684-4BE9-BAFB-0D129E631300.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEC63F845-EF95-473B-953A-703351A59940.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSED32788F-22A7-4EFE-9DD9-8DCF0D6F8527.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF07689B5-1ADC-4892-A60B-DB54F7582118.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF43BE835-647C-422B-A176-01F035DB2F2B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF874B180-B1C9-433F-8079-544DA2F7D919.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFC8941AE-F063-4248-881A-ADF2B8B38BA8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFD071A2F-532B-40EB-846B-FD5C88D0AE8C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Matt Gummer\Application Data\Webroot\Spy Sweeper\Logs\080121072134.ses Object is locked skipped
C:\Documents and Settings\Matt Gummer\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Matt Gummer\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Matt Gummer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Matt Gummer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Matt Gummer\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Matt Gummer\Local Settings\Temp\~DF2945.tmp Object is locked skipped
C:\Documents and Settings\Matt Gummer\Local Settings\Temp\~DF9F2F.tmp Object is locked skipped
C:\Documents and Settings\Matt Gummer\Local Settings\Temp\~DFEA66.tmp Object is locked skipped
C:\Documents and Settings\Matt Gummer\Local Settings\Temp\~DFEB80.tmp Object is locked skipped
C:\Documents and Settings\Matt Gummer\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Matt Gummer\Local Settings\Temporary Internet Files\Content.IE5\1YHU0CPA\Adobe_Premiere_Pro_7.0[1].rar/keygen.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.dpa skipped
C:\Documents and Settings\Matt Gummer\Local Settings\Temporary Internet Files\Content.IE5\1YHU0CPA\Adobe_Premiere_Pro_7.0[1].rar/crack.exe Infected: Trojan.Win32.Dialer.yz skipped
C:\Documents and Settings\Matt Gummer\Local Settings\Temporary Internet Files\Content.IE5\1YHU0CPA\Adobe_Premiere_Pro_7.0[1].rar RAR: infected - 2 skipped
C:\Documents and Settings\Matt Gummer\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Matt Gummer\Local Settings\Temporary Internet Files\Content.IE5\IXZZ23ZN\Adobe_Premiere_Pro_7.0[1].rar/keygen.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.dpa skipped
C:\Documents and Settings\Matt Gummer\Local Settings\Temporary Internet Files\Content.IE5\IXZZ23ZN\Adobe_Premiere_Pro_7.0[1].rar/crack.exe Infected: Trojan.Win32.Dialer.yz skipped
C:\Documents and Settings\Matt Gummer\Local Settings\Temporary Internet Files\Content.IE5\IXZZ23ZN\Adobe_Premiere_Pro_7.0[1].rar RAR: infected - 2 skipped
C:\Documents and Settings\Matt Gummer\ntuser.dat Object is locked skipped
C:\Documents and Settings\Matt Gummer\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\AOL 9.0\download\keygen.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.dpa skipped
C:\Program .

Files\Cricinfo\install_cricinfo_toolbar_newothers.exe/stream/data0024 Infected: not-a-virus:AdWare.Win32.Mostofate.ab skipped
C:\Program Files\Cricinfo\install_cricinfo_toolbar_newothers.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.ab skipped
C:\Program Files\Cricinfo\install_cricinfo_toolbar_newothers.exe NSIS: infected - 2 skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{74E573B6-5EBF-4061-A700-6D0FB0AD3E37}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\winrzf32.dll Infected: Trojan.Win32.Dialer.yz skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:02:07, on 21/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\AOL\1189792296\ee\AOLSoftware.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Juice\Juice.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.adobe.com/acrobat/
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1189792296\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [SBCSTray] "C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [kdx] "C:\WINDOWS\kdx\KHost.exe" -all
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - Startup: Juice.lnk = C:\Program Files\Juice\Juice.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: winrzf32 - C:\WINDOWS\SYSTEM32\winrzf32.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 8922 bytes

hi Matt Gummer,

sorry for the delay,. no shortage of posters. do this first:

download and run vundofix.exe:

http://www.atribune.org/ccount/click.php?id=4

* Double-click VundoFix.exe to run it.
* Click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click OK.
* Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

if after running vundofix you dont see this file in the vundofix.txt;

C:\WINDOWS\SYSTEM32\winrzf32.dll

do this;
start vundofix again and right click in the main window a menu will pop up: "add more files?"
copy paste this into the first line:
C:\WINDOWS\SYSTEM32\winrzf32.dll

then click on "add files" then "close vundo'
back on the main vundo window click "remove vundo"
it may reboot your computer.
after the reboot post the vundofix txt and a new hjt log.

shelf life

thanks for taking the time to reply, I realise its a busy forum

have downloaded VundoFix, which tells me there are no infections

while waiting i downloaded trial version of Kaspersky which seemed to do trick, however, i'm not sure if i was missing something or whether something was hidden. After Kaspersky, Spybot told me i was clear of infection

computer still running slowly when opening programs

spybot keeps warning me about a ctfmon.exe file, can't tell whether this is safe to allow or if it will do harm

below VundoFix followed by HJT log:

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.11

Scan started at 20:04:00 04/02/2008

Listing files found while scanning....

No infected files were found.

HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:46:55, on 04/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\AOL\1189792296\ee\AOLSoftware.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Matt Gummer\Desktop\VundoFix.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.adobe.com/acrobat/
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1189792296\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [kdx] "C:\WINDOWS\kdx\KHost.exe" -all
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - Startup: Juice.lnk = C:\Program Files\Juice\Juice.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: winrzf32 - C:\WINDOWS\
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe

--
End of file - 7809 bytes

hi,

ok thanks for the info. lets see what combofix can dig up.
one more download:

Download combofix from one of these links and save it to Desktop:

http://subs.geekstogo.com/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

as a precaution, before using combofix:
Close any open windows
Close/disable anti virus and any antimalware programs that might have real time protection running.Usually this can be done by clicking on the icons by the clock and selecting exit etc. This is done to prevent any possible interference while Combofix is running. After combofix is done you can restart them.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Hi
Thanks for the help, ran ComboFix, unable to retreive first log report as desktop cleared and appeared to be frozen so rebooted. CF did tell me it was deleting certain files/folders, 2 were mentioned but only able to record this one - "C:\WINDOWS\system32\MarbryObj.dll"

second ComboFix log below:

ComboFix 08-02.05.3 - Matt Gummer 2008-02-05 21:08:25.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.155 [GMT 0:00]
Running from: C:\Documents and Settings\Matt Gummer\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-05 to 2008-02-05 )))))))))))))))))))))))))))))))
.

2008-02-05 18:00 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-05 18:00 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-04 20:04 . 2008-02-04 20:04 <DIR> d-------- C:\VundoFix Backups
2008-02-03 09:11 . 2008-02-03 09:11 <DIR> d-------- C:\Documents and Settings\TEMP\Application Data\AOL
2008-01-31 20:20 . 2008-01-31 20:20 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-31 20:20 . 2008-02-05 21:18 4,112,672 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-31 20:20 . 2008-01-31 20:28 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-01-31 20:20 . 2008-01-31 20:20 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-01-31 20:20 . 2008-02-04 21:27 55,832 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-31 20:20 . 2008-02-05 20:54 37,920 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-31 20:20 . 2008-02-04 21:27 4,076 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-31 20:16 . 2008-01-31 20:16 <DIR> d-------- C:\Program Files\Kaspersky Anti-Virus 7.0
2008-01-29 06:38 . 2008-01-31 23:04 <DIR> d-------- C:\Program Files\Transcender
2008-01-28 17:40 . 2008-01-28 17:40 <DIR> d-------- C:\Documents and Settings\Charlie Gummer\Application Data\Sunbelt Software
2008-01-21 23:00 . 2008-01-21 23:00 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-21 16:53 . 2008-01-21 16:53 <DIR> d-------- C:\Documents and Settings\Anne-Marie Brennan\Application Data\Sunbelt Software
2008-01-20 23:12 . 2008-01-20 23:12 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-20 23:12 . 2008-02-05 20:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-20 17:40 . 2008-01-20 17:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\logs
2008-01-20 14:56 . 2008-01-20 14:56 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-01-20 14:56 . 2008-01-20 14:56 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-01-20 14:34 . 2008-01-20 14:34 <DIR> d-------- C:\Documents and Settings\Matt Gummer\Application Data\Sunbelt Software
2008-01-20 14:20 . 2008-01-20 14:20 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-01-19 22:58 . 2008-01-19 23:59 <DIR> d-------- C:\Program Files\eMusic Download Manager
2008-01-18 19:45 . 2008-01-19 23:12 164 --a------ C:\install.dat
2008-01-17 12:15 . 2008-01-17 12:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\espionServerData
2008-01-17 12:04 . 2008-01-17 12:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-17 11:55 . 2008-01-17 11:55 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-17 11:21 . 2008-01-17 11:38 <DIR> d-------- C:\Program Files\PowerISO
2008-01-17 11:21 . 2008-01-17 11:21 1,043,036 --a------ C:\Program Files\PowerISO38.exe
2008-01-10 09:13 . 2003-08-11 10:13 344,064 -ra------ C:\WINDOWS\system32\msvcr70.dll
2008-01-10 09:13 . 2003-08-11 10:07 14,604 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2008-01-09 12:29 . 2008-01-09 12:40 <DIR> d-------- C:\Program Files\COWON
2008-01-08 11:07 . 2007-10-10 23:55 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-01-08 11:07 . 2007-07-01 03:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-08 11:07 . 2007-07-01 03:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-08 11:07 . 2007-10-10 23:55 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-01-08 11:07 . 2007-10-10 23:55 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-01-08 11:07 . 2007-10-10 23:55 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-01-08 11:07 . 2007-10-10 23:55 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-08 11:07 . 2007-10-10 23:55 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-01-08 11:07 . 2007-10-10 10:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-01-08 10:51 . 2008-01-08 10:51 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-01-08 10:41 . 2008-01-08 10:45 <DIR> d-------- C:\Documents and Settings\Matt Gummer\Application Data\OfficeUpdate12
2008-01-05 13:46 . 2008-01-06 10:44 <DIR> d-------- C:\Documents and Settings\Matt Gummer\Application Data\iPodder
2008-01-05 13:45 . 2008-01-07 16:13 <DIR> d-------- C:\Program Files\Juice

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-31 22:43 --------- d-----w C:\Program Files\Cricinfo
2008-01-21 22:51 --------- d-----w C:\Program Files\Google
2008-01-19 22:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-17 23:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-17 20:31 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-17 11:55 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-17 11:51 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-01-17 11:51 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-01-17 11:51 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-01-17 11:51 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-01-17 11:51 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-01-17 11:51 116,472 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-01-11 14:02 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-09 21:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-09 21:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-01-03 16:02 --------- d-----w C:\Program Files\Vodafone PC Assistant
2007-12-30 00:08 --------- d-----w C:\Program Files\BitLord
2007-12-29 23:45 1,362,977 ----a-w C:\Program Files\BitLord_1.01.exe
2007-12-21 11:12 --------- d-----w C:\Documents and Settings\Anne-Marie Brennan\Application Data\CyberLink
2007-12-18 00:44 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
2007-12-18 00:43 23,396 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2007-12-17 16:41 --------- d-----w C:\Documents and Settings\Charlie Gummer\Application Data\InstallShield Installation Information
2007-12-17 16:41 --------- d-----w C:\Documents and Settings\Charlie Gummer\Application Data\InstallShield
2007-12-13 19:37 --------- d-----w C:\Program Files\Ciel - Sky Map
2007-12-13 13:28 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
2007-11-18 14:46 60,816,768 ----a-w C:\Program Files\setpoint400.exe
2007-11-15 19:11 659,456 ----a-w C:\WINDOWS\system32\KUserService.dll
2007-11-15 19:11 57,344 ----a-w C:\WINDOWS\system32\KWebFarm.dll
2007-11-15 19:11 495,616 ----a-w C:\WINDOWS\system32\KDataService.dll
2007-11-15 19:11 45,056 ----a-w C:\WINDOWS\system32\KCommon.dll
2007-11-15 19:11 32,768 ----a-w C:\WINDOWS\system32\webCryption.dll
2007-11-15 19:11 24,576 ----a-w C:\WINDOWS\system32\msxml3a.dll
2007-11-15 19:11 24,576 ----a-w C:\WINDOWS\system32\IKUserInterface.dll
2007-11-15 19:11 24,576 ----a-w C:\WINDOWS\system32\IKDataInterface.dll
2007-11-15 19:11 20,480 ----a-w C:\WINDOWS\system32\IKLiveInterface.dll
2007-11-15 19:11 20,480 ----a-w C:\WINDOWS\system32\IKCryptionInterface.dll
2007-11-15 19:11 20,480 ----a-w C:\WINDOWS\system32\IKBusinessInterface.dll
2007-11-15 19:11 193,784 ----a-w C:\WINDOWS\system32\HttpX.dll
2007-11-15 19:11 172,032 ----a-w C:\WINDOWS\system32\KBusinessService.dll
2007-11-10 21:43 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-04-23 13:21 269,824 ----a-w C:\WINDOWS\inf\WG111v3\Vista64\wg111v3.sys
2007-04-23 13:11 224,896 ----a-w C:\WINDOWS\inf\WG111v3\wg111v3.sys
2006-12-15 10:30 98,304 ----a-w C:\WINDOWS\inf\WG111v3\UScanM.exe
2006-12-15 10:30 66,048 ----a-w C:\WINDOWS\inf\WG111v3\EAPPkt.sys
2006-12-15 10:30 315,392 ----a-w C:\WINDOWS\inf\WG111v3\InstallDriver.exe
2006-12-15 10:30 28,672 ----a-w C:\WINDOWS\inf\WG111v3\SetDrv.exe
2006-12-15 10:30 212,992 ----a-w C:\WINDOWS\inf\WG111v3\CopyWHQLDriver.exe
2006-12-15 10:30 20,480 ----a-w C:\WINDOWS\inf\WG111v3\RTWUPath.exe
2006-12-15 10:30 19,968 ----a-w C:\WINDOWS\inf\WG111v3\RTWREFU.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"="C:\WINDOWS\kdx\KHost.exe" [2006-08-07 13:39 2236416]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24 1694208]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 07:34 57344 C:\WINDOWS\SOUNDMAN.EXE]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-01-10 11:06 71216]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-03-09 08:02 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-09 08:02 98304]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-09-15 14:21 675840]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"HostManager"="C:\Program Files\Common Files\AOL\1189792296\ee\AOLSoftware.exe" [2006-11-17 13:21 50736]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 00:05 200704]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 00:43 67488]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-12-18 00:43 227856]

C:\Documents and Settings\Matt Gummer\Start Menu\Programs\Startup\
Juice.lnk - C:\Program Files\Juice\Juice.exe [2005-11-11 07:14:57 45056]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2007-09-14 16:40:51 156784]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-11-18 14:48:15 692224]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]
NETGEAR WG111v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe [2006-05-29 19:24:42 1527808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrzf32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 00:45]
R2 ETDrv;ETDrv;C:\WINDOWS\system32\drivers\ETDrv.sys [2003-08-07 17:39]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-04-23 13:11]
S3 huadio;huadio;c:\huadio.tmp [2007-03-08 23:58]
S3 MarkFun_NT;MarkFun_NT;C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\markfun.w32 []
S3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS []
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2007-01-20 11:31]
S3 WMIBIOS;%WMIBIOS.ServiceName%;C:\WINDOWS\system32\Drivers\wmibios.sys [2002-10-15 21:33]
S3 WMIINFO;WMIINFO Driver;C:\WINDOWS\system32\Drivers\wmiinfo.sys [2002-05-13 20:16]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-17 19:18:09 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-05 21:18:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-05 21:21:55
ComboFix-quarantined-files.txt 2008-02-05 21:20:29
ComboFix2.txt 2008-02-05 20:52:17
.
2008-01-09 11:07:37 --- E O F ---

hi,

combofix log looks ok. going back to the online scan:
clean out your temps:


Empty your Temp folders. Go to Start > Run and type:cleanmgr. Windows will scan. When done check these 3 and press *ok* to remove:

Temporary Files
Temporary Internet Files
Recycle Bin

repeat the Kaspersky online scan please and post that log.

KASPERSKY ONLINE SCANNER REPORT
Wednesday, February 06, 2008 10:08:18 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/02/2008
Kaspersky Anti-Virus database records: 552453


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 88398
Number of viruses found 1
Number of infected objects 1
Number of suspicious objects 0
Duration of the scan process 00:54:37

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\0129_File_Monitoring_eventlog.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\012b_Web_Monitoring_eventlog.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\detected.idx Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\detected.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\eventlog.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\report.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\Charlie Gummer\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Charlie Gummer\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped

C:\Documents and Settings\Charlie Gummer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Charlie Gummer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Charlie Gummer\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Charlie Gummer\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Charlie Gummer\ntuser.dat Object is locked skipped

C:\Documents and Settings\Charlie Gummer\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Matt Gummer\Application Data\iPodder\history\history.db Object is locked skipped

C:\Documents and Settings\Matt Gummer\Application Data\iPodder\ipodder.cfg.lock Object is locked skipped

C:\Documents and Settings\Matt Gummer\Application Data\iPodder\iPodder.db Object is locked skipped

C:\Documents and Settings\Matt Gummer\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped

C:\Documents and Settings\Matt Gummer\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Matt Gummer\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped

C:\Documents and Settings\Matt Gummer\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\Matt Gummer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Matt Gummer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Matt Gummer\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Matt Gummer\Local Settings\History\History.IE5\MSHist012008020620080207\index.dat Object is locked skipped

C:\Documents and Settings\Matt Gummer\Local Settings\Temp\~DF3364.tmp Object is locked skipped

C:\Documents and Settings\Matt Gummer\Local Settings\Temp\~DF44B7.tmp Object is locked skipped

C:\Documents and Settings\Matt Gummer\Local Settings\Temp\~DF6084.tmp Object is locked skipped

C:\Documents and Settings\Matt Gummer\Local Settings\Temp\~DF6097.tmp Object is locked skipped

C:\Documents and Settings\Matt Gummer\Local Settings\Temp\~WRD0000.doc Object is locked skipped

C:\Documents and Settings\Matt Gummer\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Matt Gummer\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Matt Gummer\My Documents\Matt's file keep out!\Anti-virus-spyware Information\shelf life060208.doc Object is locked skipped

C:\Documents and Settings\Matt Gummer\ntuser.dat Object is locked skipped

C:\Documents and Settings\Matt Gummer\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{74E573B6-5EBF-4061-A700-6D0FB0AD3E37}\RP16\change.log Object is locked skipped

C:\System Volume Information\_restore{74E573B6-5EBF-4061-A700-6D0FB0AD3E37}\RP5\A0001389.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.dpa skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
hi there, disk clean up done, here's the Kaspersky Online report:

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

hi,

ok good. online scan looks much better now.

this shown in the scan:

Infected: not-a-virus:AdWare.Win32.Virtumonde

is in your system restore archive, which we can clean out as a last step. hows it looking on your end now??


spybot keeps warning me about a ctfmon.exe file,

its part of MS office, two links:
http://support.microsoft.com/kb/282599
http://www.bleepingcomputer.com/startups/ctfmon.exe-1121.htm

Thanks very much for you help, but I can't be sure if my computer is now safe until I can finally get rid of any reference to virtumonde.
Can you help me remove the last reference, as indicated in the last correspondence?

hi,

your welcome. yes the last step would be to make a new restore point. the why and the how:

One of the features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is agood idea after malware is removed. Only do this once, not on a regular basis.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(winXP)

1. Turn off System Restore. (deletes old possibly infected restore point)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.(new restore points on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot

happy safe surfing out there!