I can't get rid of virtumonde and zeno search assistant. I have tried for two days to no avail. Would appreciate any help or suggestions. Here is HJT log, thanks:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:52:46 PM, on 4/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Wintab32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\digtizer.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\timberline office\shared\sage.servicehost.host.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Fujitsu\Utils\FjDspMon.exe
C:\Program Files\Fujitsu\Utils\fjevents.exe
C:\Program Files\Fujitsu\Utils\FjMnuIco.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ccwtup32.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ocntnkdn.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Pvsw\Bin\w3dbsmgr.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Tom.CTCHARLOTTE\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [FjDspMon] "c:\Program Files\Fujitsu\Utils\FjDspMon.exe"
O4 - HKLM\..\Run: [FjEvents] "c:\Program Files\Fujitsu\Utils\fjevents.exe"
O4 - HKLM\..\Run: [Fujitsu Menu] "c:\Program Files\Fujitsu\Utils\FjMnuIco.exe"
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [IndicatorUtility] "C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe"
O4 - HKLM\..\Run: [LoadBtnHnd] "C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [FJUPDNV_Chitose] "C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe"
O4 - HKLM\..\Run: [OmniPass] "C:\Program Files\Softex\OmniPass\scureapp.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CalCompUtil] ccwtup32.exe
O4 - HKLM\..\Run: [GTCO.wtxpload] "C:\WINDOWS\GTCO\wtxpload.exe" GTCO
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [spa_start] "C:\WINDOWS\System32\Rundll32.exe" "C:\WINDOWS\system32\{bd243371-9bd7-702a-0dd9-9fd7dd5a9a1d}.dll" DllInit
O4 - HKLM\..\Run: [e83de07a] "rundll32.exe" "C:\WINDOWS\system32\wdxyggrv.dll",b
O4 - HKLM\..\Run: [ExploreUpdSched] "C:\WINDOWS\system32\ocntnkdn.exe" DWram
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\ocntnkdn.exe
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jmwnw64l.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\Pvsw\Bin\w3dbsmgr.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {6EB2AA45-3F30-40e1-9864-45EB153C6EDC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Send to OneNote Settings - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://us.fujitsu.com/computers
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mwmus.webex.com/client/v_mywebex-mwm/mywebex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CTCHARLOTTE.COM
O17 - HKLM\Software\..\Telephony: DomainName = CTCHARLOTTE.COM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CTCHARLOTTE.COM
O23 - Service: Digitizer Service (Digitizer) - WACOM - C:\WINDOWS\System32\digtizer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe (file missing)
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sage Service Host v1.0 (Sage.ServiceHost.Host.1.0) - Sage Software, Inc. - c:\program files\timberline office\shared\sage.servicehost.host.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\system32\Wintab32.exe

--
End of file - 12168 bytes

Here is the Kaspersky report:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, April 27, 2008 7:31:01 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 27/04/2008
Kaspersky Anti-Virus database records: 727826
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
H:\

Scan Statistics:
Total number of scanned objects: 73157
Number of viruses found: 33
Number of infected objects: 138
Number of suspicious objects: 8
Duration of the scan process: 01:25:09

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\backup\DOCUME~1\TOM~1.CTC\LOCALS~1\Temp\3657.tmp Infected: Trojan-Downloader.Win32.Cntr.q skipped
C:\Deckard\System Scanner\backup\DOCUME~1\TOM~1.CTC\LOCALS~1\Temp\3996.tmp Infected: Trojan-Downloader.Win32.Mutant.nl skipped
C:\Deckard\System Scanner\backup\DOCUME~1\TOM~1.CTC\LOCALS~1\Temp\5ACB.tmp Infected: Trojan-Downloader.Win32.Small.ixu skipped
C:\Deckard\System Scanner\backup\DOCUME~1\TOM~1.CTC\LOCALS~1\Temp\BNC.tmp Infected: Trojan-Dropper.Win32.Agent.qsb skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\BNC.tmp Infected: Trojan-Dropper.Win32.Agent.qsb skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_R6602503.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_R6602503.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Search3.zip/mssvr.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Search3.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip/bokja.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt.zip/retadpu11.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt3.zip/retadpu11.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt3.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0075579F-F3A0-414F-B491-A7953A542353.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0AC0E4B0-179E-44DC-9B7E-75F30A013C70.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1008FA46-E37C-4818-9676-460E15856313.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1AF820B4-6DF3-4FE6-9693-50483DF1BA57.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS229AD21D-ABF4-460B-893A-09E9D96DA222.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS24458CCF-1873-42A7-96B5-48B73B3FB3E5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS26B48ABA-EF79-404B-9F33-7117F24A68CF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2C241934-E055-4F84-83B3-5A52BEAEC65F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2C5F4D41-3369-4019-B2B4-9170884720C9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2CA6134A-47AC-463F-B14A-169D47AE1699.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2E4AA697-8391-4E0A-9C98-A2BFDF2973FA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2FAD8D5F-1373-44CD-A2C2-A63CAD94C617.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS323404BD-3377-4F1C-94FC-85C803217ED7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS32F1B5E7-7CCA-4ED7-AF3F-862A80379FC0.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS39B10CD3-A92A-4EB3-8278-162FF6F5F7A1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3A2139AA-BED7-40B4-B3E6-0EE3A267C3A1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3A4E0758-CD51-4C51-9E7F-A608A3B962B3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4C0D3AA4-8611-4887-9070-41A1EEC1F406.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS50B23FBB-CC66-4298-A366-4CA98156E2F4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS53753199-C80C-4C6C-B227-EA7E00588B5E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS562F1A77-E4D2-461F-9E69-2825AA733B95.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS56496670-F366-4211-ADFA-FD1CF4EF3F5A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS59C007B6-827C-4E66-91F4-45AC1878400D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5A986250-C9E7-4F08-A905-A9852D64DD42.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5B11A0CC-12AC-4682-B998-423206D55139.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5BC0BD75-01AD-4AA1-AD4B-56B62E3D261A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS610C66D8-192C-4BFA-BCA9-D4AB28A3206A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6390D0D4-92B0-4568-AC21-BAE8FC37796A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS63B19AC8-6B87-4E92-B715-CDF639E6B126.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS652EF786-09A6-49D8-B8EA-2DE7D2F3E95D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS679C8B51-036C-470C-952D-AC4CCBF906CD.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS68CB4AD0-101D-4659-887A-6B6EFE9567E9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS697811C1-A716-4A40-B12D-382EC92E33D0.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6F75F7B7-1A13-4A47-AE10-AB3AD7D81998.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS707DC334-D326-428C-A9B9-8E895D4DA076.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7213D447-EAAE-47BE-B791-AC4847CF2824.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7B6472AF-6662-4B1E-BC86-5E451FA2C3E7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7D0DAD98-98A4-4F4C-8B94-05B8D91FC71C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8172AC3B-09E1-41BE-92AC-A6689B38CC1E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS81E52D42-2E67-4B4F-9EB4-377B60CB01A2.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS839ADDDA-4AAE-41BA-B0F4-38774CD095DD.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8512F124-55FF-402B-9081-486EDD50761A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS864D4261-A0B0-464E-ABB3-CC927DC67EB6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS86B5D04C-89EB-4E79-BAB6-EDF1BF5AEE85.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS881A0EF7-B8AB-4C49-99CB-43952CDE5DA5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8A0E1BDD-56BC-4302-96D9-D77FBECB5ECE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8A13BD99-F56C-4038-8444-62E6E5A43369.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8C7BDFF5-6F8B-4095-AA9F-2D713CD1F606.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8DE30305-45A0-43DC-8C50-C4B9B707B99A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8F98FAE4-8A9D-46C9-8D6B-38A54774261B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9023E863-EE29-413E-9C84-275EA28D437F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS979482D4-F436-421A-A80D-06C6A63F1E6D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9AA980D3-A1D4-45CD-A9B1-C31737DCAA3A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9D2D784C-8C4D-4D04-839F-10C35D58AC76.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA0B3E839-5927-497E-923B-A9A3EF0D808E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA0D1E506-13C5-4DC7-A10A-AEA8EC5C058E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA155D4F4-57F7-4154-8A59-88BFD9D11F7A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA38CDA29-16A7-422D-8253-9884083BFDA8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA43800D2-F011-433B-9752-10BAA7634FCD.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA609DCE9-18B4-4981-B7AF-8619147B23BE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAB73AA79-A8E4-4863-8608-19907033C4FB.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAE325CD9-4EF8-48D8-A769-C579424D767C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB244566E-28D3-4205-BAFD-0D645A5C3B88.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB87D9279-1754-4B9E-AFB0-3C8D29F8F32F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBF9D260E-D202-4FA7-AE37-22D348676BFC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC0F95298-31E6-47ED-BEE5-A96DCE41A32C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC0FAC68F-9E2B-42EE-AA25-22FC0E6C8045.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC1849320-287D-4B08-8F7A-6D4B275F178C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC99E844B-D103-40AD-87CE-214381A5369C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCDF5B376-5252-4176-93CC-D5E43E20F4F3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCF86F6C4-7B05-4EAE-9018-D4597F996920.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD1126340-B9D1-402E-B43A-4004441ED1ED.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD176090A-8A8B-435F-B806-DEA22463C002.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD3421727-A65A-470C-92D5-5467C84B7D0E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD73392C3-AF4B-4E63-BD04-6A1CBB13A21A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD8E7E2C2-4C7A-4D25-86A3-4D33B4406B3E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDB993750-9B56-4683-993E-11456B5947F3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDBDE51E8-3251-4A43-A5B9-D8D7181D18AB.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDC04E9B4-6A68-4EED-8F8E-0E4A34F9E55F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDD4C30AA-A018-4789-933B-D93C2D3664AC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDDD1C1B4-412A-420C-B03F-DD920CA446D3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDFA2DB96-5181-478B-BE6B-B70AFEACC9FC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE6754F0D-E0CF-4627-9ABF-18AE8F053B87.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE6CDA13B-A11C-4090-A84F-439FA375AF96.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE767A7DA-BBE0-43D2-80F5-DC538713B721.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE873181E-A1D6-4052-85E5-B63ADE60D8F4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF21D9C61-76C5-4495-9627-2C79508EFF17.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF39ADF1D-F915-4AF7-BF72-3110808CD06A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF9635F70-0379-48F8-A765-F53A29378E47.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\Tom\Desktop\catchme.zip/spools.exe Infected: Worm.Win32.Socks.ff skipped
C:\Documents and Settings\Tom\Desktop\catchme.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Tom.CTCHARLOTTE\Application Data\Webroot\Spy Sweeper\Logs\080427173545.ses Object is locked skipped
C:\Documents and Settings\Tom.CTCHARLOTTE\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Tom.CTCHARLOTTE\Local Settings\Application Data\ApplicationHistory\TCServer.exe.7c11743d.ini.inuse Object is locked skipped
C:\Documents and Settings\Tom.CTCHARLOTTE\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Tom.CTCHARLOTTE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Tom.CTCHARLOTTE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Tom.CTCHARLOTTE\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Tom.CTCHARLOTTE\Local Settings\History\History.IE5\MSHist012008042720080428\index.dat Object is locked skipped
C:\Documents and Settings\Tom.CTCHARLOTTE\Local Settings\Temp\fla56B.tmp Object is locked skipped
C:\Documents and Settings\Tom.CTCHARLOTTE\Local Settings\Temp\IMG67.tmp Object is locked skipped
C:\Documents and Settings\Tom.CTCHARLOTTE\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Tom.CTCHARLOTTE\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Tom.CTCHARLOTTE\NTUser.dat Object is locked skipped
C:\Documents and Settings\Tom.CTCHARLOTTE\NTUSER.DAT.LOG Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Softex\OmniPass\btype0.dat Object is locked skipped
C:\Program Files\Softex\OmniPass\btype1.dat Object is locked skipped
C:\Program Files\Softex\OmniPass\btype2.dat Object is locked skipped
C:\Program Files\Softex\OmniPass\btype256.dat Object is locked skipped
C:\Program Files\Softex\OmniPass\btype259.dat Object is locked skipped
C:\Program Files\Softex\OmniPass\btype3.dat Object is locked skipped
C:\Program Files\Softex\OmniPass\btype4.dat Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\SDFix\backups_old\backups.zip/backups/spools.exe Infected: Worm.Win32.Socks.ff skipped
C:\SDFix\backups_old\backups.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP484\A0035946.exe Infected: Trojan-Downloader.Win32.Small.uuw skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP484\A0035947.exe Infected: Trojan-Downloader.Win32.Homles.bj skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP484\A0035948.exe Infected: Trojan-Downloader.Win32.Homles.bj skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP484\A0035950.exe Infected: Trojan-Downloader.Win32.Small.uuw skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP484\A0035952.exe Infected: Trojan-Downloader.Win32.Small.uww skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP484\A0035962.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP484\A0035971.exe Infected: Trojan-Downloader.Win32.Homles.bj skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP485\A0036057.dll Infected: Trojan-Downloader.Win32.Small.uvt skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP485\A0036062.dll Infected: Trojan-Downloader.Win32.Small.uvt skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP485\A0036074.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP485\A0036082.dll Infected: Trojan-Downloader.Win32.Small.uvt skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP485\A0036094.dll Infected: not-a-virus:AdWare.Win32.BHO.aqo skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP485\A0036096.dll Infected: Trojan-Downloader.Win32.Small.uvt skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP485\A0036107.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP485\A0036307.dll Infected: Trojan-Downloader.Win32.Small.uvt skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP485\A0036324.dll Infected: Trojan-Downloader.Win32.Small.uvt skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP485\A0036329.dll Infected: Trojan-Downloader.Win32.Small.uvt skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP485\A0036342.dll Infected: Trojan-Downloader.Win32.Small.uvt skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP485\A0036353.dll Infected: Trojan-Downloader.Win32.Small.uvt skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP485\A0036370.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP485\A0036371.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP485\A0036372.exe Infected: Email-Worm.Win32.Zhelatin.xv skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP485\A0036373.exe Infected: Trojan-Downloader.Win32.Homles.bj skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP485\A0036380.dll Infected: Trojan-Downloader.Win32.Small.uvt skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP485\A0036413.exe Infected: Trojan-Downloader.Win32.Homles.bj skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP485\A0036437.exe Infected: not-a-virus:AdWare.Win32.WebHancer.423 skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP485\A0036582.dll Infected: Trojan-Downloader.Win32.Small.uvt skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP485\A0036797.dll Infected: Trojan-Downloader.Win32.Small.uvt skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP485\A0036809.dll Infected: Trojan-Downloader.Win32.Small.uvt skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP485\A0036822.dll Infected: Trojan-Downloader.Win32.Small.uvt skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP485\A0036835.dll Infected: Trojan-Downloader.Win32.Small.uvt skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP485\A0037835.dll Infected: Trojan-Downloader.Win32.Small.uvt skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP485\A0037847.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP486\A0037895.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.ax skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP486\A0037974.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP486\A0037989.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP486\A0038015.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP486\A0038044.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP486\A0038044.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP486\A0038044.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP486\A0038063.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP486\A0038064.dll Infected: not-a-virus:AdWare.Win32.BHO.aqo skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP486\A0038066.exe Infected: Email-Worm.Win32.Zhelatin.xv skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP486\A0038069.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP486\A0038070.dll Infected: not-a-virus:AdWare.Win32.BHO.aqo skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP486\A0038109.sys Infected: Rootkit.Win32.Agent.aii skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP486\A0038118.dll Infected: Trojan-Downloader.Win32.Small.uvt skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP486\A0038128.dll Infected: Trojan-Downloader.Win32.Small.ixt skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP487\A0038153.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP487\A0038178.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP487\A0038179.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP487\A0038180.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP487\A0038181.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.am skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP487\A0038182.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP487\A0038184.exe Infected: not-a-virus:AdWare.Win32.WebHancer.423 skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP487\A0038185.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP487\A0038186.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP487\A0038187.exe/stream/data0002 Infected: Trojan-Downloader.Win32.TSUpdate.o skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP487\A0038187.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP487\A0038187.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP487\A0038187.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP487\A0038188.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP487\A0038188.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP487\A0038188.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP487\A0038188.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP487\A0038189.exe/stream/data0002 Infected: Trojan-Dropper.Win32.Agent.bfr skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP487\A0038189.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP487\A0038189.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP487\A0038189.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP487\A0038190.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP487\A0038190.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP487\A0038190.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP487\A0038191.vbs Object is locked skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP487\A0038193.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP487\A0038194.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP487\A0038195.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.am skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP487\A0038196.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.am skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP487\A0038197.vbs Object is locked skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP488\A0038217.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP488\A0038218.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP488\A0038236.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP488\A0039254.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP488\A0039255.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP488\A0039256.exe Infected: Trojan-Downloader.Win32.Homles.bj skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP489\A0039315.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP489\A0039329.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP489\A0039364.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrj skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP489\A0039368.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qri skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP489\A0039370.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP489\A0039477.exe/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.423 skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP489\A0039477.exe/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP489\A0039477.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP489\A0039477.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP489\A0039477.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP489\A0039477.exe RarSFX: infected - 5 skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP489\A0039491.exe/data0006 Infected: Trojan-Downloader.Win32.VB.ebf skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP489\A0039491.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP489\A0039492.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP489\A0039493.exe/data0000 Infected: Trojan.Win32.DNSChanger.cjd skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP489\A0039493.exe EmbeddedEXE: infected - 1 skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP489\A0039493.exe UPX: infected - 1 skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP489\A0039493.exe PE_Patch.UPX: infected - 1 skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP489\A0039521.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP489\A0039535.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP489\A0039575.exe Infected: Trojan-Downloader.Win32.Homles.bj skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP489\A0039576.exe Infected: Trojan-Downloader.Win32.Homles.bj skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP489\A0039590.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP490\A0039606.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP490\A0039607.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP490\A0039608.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP490\A0039609.exe Infected: Trojan-Downloader.Win32.Small.uuw skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP490\A0039610.exe Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP490\A0039653.exe Infected: not-virus:Hoax.Win32.Renos.bvd skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP490\A0039657.exe Infected: Trojan.Win32.DNSChanger.cjd skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP490\A0039668.exe Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP490\A0039686.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP490\A0039701.exe Infected: Trojan-Downloader.Win32.Small.uuw skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP490\A0039716.exe Infected: Trojan.Win32.DNSChanger.cjd skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP490\A0039717.exe Infected: not-virus:Hoax.Win32.Renos.bvd skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP490\A0039773.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP492\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\Netlogon.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\lfn.exe Infected: not-virus:Hoax.Win32.Renos.bvd skipped
C:\WINDOWS\Prefetch\Layout.ini Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\awtuvUNg.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\BIT60.tmp Infected: Trojan-Downloader.Win32.Small.uuw skipped
C:\WINDOWS\system32\byXRjjHa.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qqw skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Sage.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\jkkihEXP.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\nnNHxuvW.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\ocntnkdn.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.ax skipped
C:\WINDOWS\system32\pnVes06\pnVes061083.exe Infected: Trojan-Downloader.Win32.VB.ebf skipped
C:\WINDOWS\system32\qoMDsPhi.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\rQhiihii.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wdxyggrv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrj skipped
C:\WINDOWS\temp\Perflib_Perfdata_338.dat Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

You are infected, I suggest you keep this computer offline except when troubleshooting, the junk may download more. If you have any tool I use, delete it and download it new from the link I provide. Read and follow the directions carefully, the tools will not work unless you do.

This one: C:\WINDOWS\winself.exe and you have other junk as well. Because of my concern for your security I believe you should have this information:
http://www.google.com/search?hl=en&q=winself.exe+&btnG=Search
One or more of the identified infections is a backdoor trojan.
This allows hackers to remotely control your computer, steal critical system information and Download and Execute files
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall
http://www.dslreports.com/faq/10063

Let me know how you wish to proceed.

Thanks

Thanks, for the reply pskelley. I have read the information that you directed me to read. This looks like a nasty. I would like to get rid of this rather than reformat if you can help me. Fortunately I do not believe there is any personal information (cc numbers, banking information, etc.) on this computer as it is a laptop I use for when I work remotely. Because of that it has some specialty work programs (none with confidential information) that were a real pain to get running properly. Since they are now running properly I would hate to reformat.

I await your instructions.

Thanks for returning your feedback, let's start like this.

1) C:\Deckard\ <<< delete that folder and contents

2) C:\SDFix\ <<< delee that folder and contents

3) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ <<< delete the contents of the folder in red
http://ict.cas.psu.edu/training/howto/util/removespybot.htm#1

4) You have a lot of infected System Restore files, util we clean them later, DO NOT use System Restore for any reason.

5) C:\Program Files\Webroot\Spy Sweeper\ <<< is this a trial or do you own it.

6) Remove any old copies of combofix before you proceed.

Thanks to sUBs and anyone else who helped with this fix.

It is important that it is saved directly to your Desktop

Download ComboFix from Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Post the combofix log and a new HJT log.

Tutorial if needed:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Thanks

Good morning PSkelley; I appreciate your help and advice. I followed your instructions. The SpySweeper is my copy, not a trial. You did not say whether to delete or leave, so I left. I can delete if needed and re-load later. Here are my ComboFix and Hijack This logs:

ComboFix 08-04-29.3 - tom 2008-04-30 7:34:45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.403 [GMT -4:00]
Running from: C:\Documents and Settings\Tom.CTCHARLOTTE\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Tom.CTCHARLOTTE\Application Data\ICROSO~1.NET
C:\Documents and Settings\Tom.CTCHARLOTTE\Application Data\WNSXS~1
C:\Documents and Settings\Tom.CTCHARLOTTE\My Documents\RACLE~1
C:\Documents and Settings\Tom.CTCHARLOTTE\My Documents\SSTEM3~1
C:\Documents and Settings\Tom.CTCHARLOTTE\My Documents\YMBOLS~1
C:\Program Files\Common Files\ystem~1
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\MyWebEx
C:\WINDOWS\Downloaded Program Files\MyWebEx\419\atarm.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\419\atas32.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\419\atasanot.exe
C:\WINDOWS\Downloaded Program Files\MyWebEx\419\atasctrl.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\419\atasnt40.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\419\atcarmcl.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\419\atdl2006.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\419\atjpeg60.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\419\atkbctl.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\419\atlchat.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\419\atmemmgr.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\419\atnetext.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\419\atpack.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\419\atres.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\419\attp.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\419\atwbxui6.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\419\h264dec.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\419\h264enc.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\419\ieatgpc.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\419\mmssl32.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\419\msess.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\419\mticket.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\419\mutiltpd.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\419\mvc.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\419\mwm.ini
C:\WINDOWS\Downloaded Program Files\MyWebEx\419\mwmcliun.exe
C:\WINDOWS\Downloaded Program Files\MyWebEx\419\mwmproxy.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\419\mwmres.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\419\mwmtrace.txt
C:\WINDOWS\Downloaded Program Files\MyWebEx\419\mwmupd.exe
C:\WINDOWS\Downloaded Program Files\MyWebEx\419\ratrace.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\419\raurl.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\419\uilibres.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\419\wbxcrypt.dll
C:\WINDOWS\Downloaded Program Files\MyWebEx\419\webexmgr.dll
C:\WINDOWS\IA
C:\WINDOWS\lfn.exe
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\muotr.so
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aHjjRXyb.ini
C:\WINDOWS\system32\aHjjRXyb.ini2
C:\WINDOWS\system32\awtuvUNg.dll
C:\WINDOWS\system32\b1
C:\WINDOWS\system32\byXRjjHa.dll
C:\WINDOWS\system32\dhbhmntw.ini
C:\WINDOWS\system32\dkhmslbg.dll
C:\WINDOWS\system32\dxrfvbqq.dll
C:\WINDOWS\system32\fqblnbok.ini
C:\WINDOWS\system32\jkkihEXP.dll
C:\WINDOWS\system32\kbbivpyu.dll
C:\WINDOWS\system32\lltokpsv.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\n3
C:\WINDOWS\system32\ncyewcwr.dll
C:\WINDOWS\system32\nnNHxuvW.dll
C:\WINDOWS\system32\qoMDsPhi.dll
C:\WINDOWS\system32\rQhiihii.dll
C:\WINDOWS\system32\vrggyxdw.ini
C:\WINDOWS\system32\wtnmhbhd.dll
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\winhelp.ini
C:\WINDOWS\wintst32.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSSECURITY1.209.4
-------\Service_MsSecurity1.209.4


((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-30 )))))))))))))))))))))))))))))))
.

2008-04-27 16:44 . 2008-04-27 16:44 <DIR> d-------- C:\Documents and Settings\Tom\Application Data\Webroot
2008-04-27 14:56 . 2008-04-27 14:56 1,483,706 ---hs---- C:\WINDOWS\system32\vrggyxdw.tmp
2008-04-27 13:34 . 2008-04-27 13:34 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-04-27 12:35 . 2008-04-27 12:35 <DIR> d-------- C:\Program Files\Webroot
2008-04-27 12:35 . 2008-04-27 12:35 <DIR> d-------- C:\Documents and Settings\Tom.CTCHARLOTTE\Application Data\Webroot
2008-04-27 12:35 . 2008-04-27 12:35 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-04-27 12:35 . 2008-04-27 12:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-04-27 12:35 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-04-27 12:35 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-04-27 12:35 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-04-27 12:35 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-04-27 12:35 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-04-27 07:26 . 2008-04-29 12:51 109,787 --a------ C:\WINDOWS\BMeb0ed3e6.xml
2008-04-26 20:10 . 2008-04-26 20:10 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-26 20:10 . 2008-04-26 20:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-26 17:51 . 2008-04-26 17:51 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-26 17:11 . 2008-04-26 17:11 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-26 16:20 . 2008-04-26 17:51 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-04-26 15:18 . 2008-04-26 17:51 <DIR> d-------- C:\Program Files\smitRem
2008-04-26 13:34 . 2008-04-27 14:04 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-04-26 12:26 . 2008-04-26 13:06 57,546 --a------ C:\WINDOWS\promogif3.gif
2008-04-26 12:26 . 2008-04-26 13:06 24,351 --a------ C:\WINDOWS\promogif1.gif
2008-04-26 12:26 . 2008-04-26 13:06 24,066 --a------ C:\WINDOWS\promogif2.gif
2008-04-26 12:25 . 2008-04-26 13:44 1,680 --a------ C:\WINDOWS\system32\clbcfg.dat
2008-04-26 12:25 . 2008-04-26 13:02 578 --a------ C:\WINDOWS\index.html
2008-04-26 11:07 . 2008-04-26 11:07 401,616 --a------ C:\WINDOWS\system32\g78.exe
2008-04-26 11:07 . 2008-04-26 11:07 63,893 --a------ C:\WINDOWS\system32\{bd243371-9bd7-702a-0dd9-9fd7dd5a9a1d}.dll-uninst.exe
2008-04-26 11:06 . 2008-04-26 11:06 89,070 --a------ C:\WINDOWS\system32\myss_sb_uninstall.exe
2008-04-26 11:03 . 2008-04-29 10:58 863 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-04-26 10:57 . 2008-04-26 10:57 200,768 --a------ C:\WINDOWS\system32\ocntnkdn.exe
2008-04-26 10:57 . 2008-04-26 10:57 88,961 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-04-26 10:56 . 2008-04-26 20:09 <DIR> d-------- C:\WINDOWS\system32\wTMP
2008-04-26 10:56 . 2008-04-26 10:56 <DIR> d-------- C:\WINDOWS\system32\pnVes06
2008-04-26 10:56 . 2008-04-26 10:56 <DIR> d-------- C:\Temp\zvebs14
2008-04-26 10:56 . 2008-04-26 10:56 <DIR> d-------- C:\Temp\kvebs14
2008-04-26 10:56 . 2008-04-27 13:53 <DIR> d-------- C:\Temp
2008-04-26 10:56 . 2008-04-26 10:57 298,311 --a------ C:\WINDOWS\system32\gside.exe
2008-04-26 00:52 . 2008-04-26 00:52 8,780 --ah----- C:\WINDOWS\system32\BIT60.tmp
2008-04-11 11:46 . 2008-04-11 11:46 334,848 --a------ C:\WINDOWS\system32\myss_sb.dll
2008-04-07 12:27 . 2008-04-07 12:27 330,240 --a------ C:\WINDOWS\system32\{bd243371-9bd7-702a-0dd9-9fd7dd5a9a1d}.dll
2008-03-27 12:36 . 2008-04-26 09:50 <DIR> d-------- C:\Program Files\PokerStars.NET
2008-03-26 11:11 . 2008-03-26 11:11 77,383 --a------ C:\WINDOWS\system32\atasnt40.dll
2008-03-25 09:25 . 2008-04-26 19:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-25 09:25 . 2008-03-25 09:25 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-05 11:57 . 2008-03-05 11:57 <DIR> d-------- C:\WINDOWS\system32\ffdshow
2008-03-05 11:57 . 2008-03-05 11:57 <DIR> d-------- C:\Program Files\SourceTec
2008-03-05 11:57 . 2006-03-11 05:56 438,272 --a------ C:\WINDOWS\system32\Mpeg2DecFilter.ax
2008-03-05 11:57 . 2006-03-11 05:48 434,176 --a------ C:\WINDOWS\system32\MatroskaSplitter.ax
2008-03-05 11:57 . 2007-03-28 12:27 364,544 --a------ C:\WINDOWS\system32\RealMediaSplitter.ax
2008-03-05 11:57 . 2005-07-10 03:12 241,664 --a------ C:\WINDOWS\system32\CoreVorbis.ax
2008-03-05 11:57 . 2004-08-18 01:04 217,088 --a------ C:\WINDOWS\system32\CoreFLACDecoder.ax
2008-03-05 11:57 . 2007-03-28 17:08 122,880 --a------ C:\WINDOWS\system32\stQTSource.ax
2008-03-02 18:18 . 1997-09-28 14:22 721,168 --a------ C:\WINDOWS\system32\VB40032.DLL
2008-03-02 18:18 . 1997-09-28 14:22 60,416 --a------ C:\WINDOWS\ST4UNST.EXE
2008-03-02 18:18 . 1997-09-28 14:22 37,376 --a------ C:\WINDOWS\system32\VbVfw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-26 21:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-23 20:13 --------- d-----w C:\Program Files\SureTrak
2008-04-23 20:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995
2008-04-17 15:46 --------- d-----w C:\Program Files\On-Screen Takeoff 3
2007-01-25 05:17 2,412,897 ---h--w C:\Documents and Settings\Tom.CTCHARLOTTE\IDR_DLOADIMAGE.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6156A32A-C512-4e23-AA9A-2315F4265681}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{aa013f87-c8bc-b176-3c31-3882ba989c91}]
2008-04-07 12:27 330240 --a------ C:\WINDOWS\system32\{bd243371-9bd7-702a-0dd9-9fd7dd5a9a1d}.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 07:46 68856]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 05:40 218032]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"="C:\WINDOWS\help\SplshWrp.exe" [2004-08-04 08:00 16384]
"TabletTip"="C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" [2005-04-25 23:10 271872]
"AGRSMMSG"="AGRSMMSG.exe" [2005-06-10 16:00 88203 C:\WINDOWS\AGRSMMSG.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-07-02 07:48 163840]
"FjDspMon"="c:\Program Files\Fujitsu\Utils\FjDspMon.exe" [2004-10-14 18:56 20480]
"FjEvents"="c:\Program Files\Fujitsu\Utils\fjevents.exe" [2004-12-16 19:08 20480]
"Fujitsu Menu"="c:\Program Files\Fujitsu\Utils\FjMnuIco.exe" [2004-12-16 19:10 32768]
"ATSwpNav"="C:\Program Files\Fingerprint Sensor\ATSwpNav -run" [ ]
"IndicatorUtility"="C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2005-02-28 13:20 81920]
"LoadBtnHnd"="C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" [2003-08-20 21:24 61440]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-02-18 10:10 385024]
"FJUPDNV_Chitose"="C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe" [2005-02-11 20:10 249856]
"OmniPass"="C:\Program Files\Softex\OmniPass\scureapp.exe" [2005-07-13 21:24 1843200]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2003-09-29 10:10 81990]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-04-07 06:12 135224]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-03 15:22 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-03 15:26 118784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-25 13:46 155648]
"CalCompUtil"="ccwtup32.exe" [2001-10-18 02:09 61440 C:\WINDOWS\system32\ccwtup32.exe]
"GTCO.wtxpload"="C:\WINDOWS\GTCO\wtxpload.exe" [2001-10-18 02:09 45056]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-03-26 08:07 228088]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]
"spa_start"="C:\WINDOWS\system32\{bd243371-9bd7-702a-0dd9-9fd7dd5a9a1d}.dll" [2008-04-07 12:27 330240]
"ExploreUpdSched"="C:\WINDOWS\system32\ocntnkdn.exe" [2008-04-26 10:57 200768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"="%windir%\help\wizard.hta" [ ]

C:\Documents and Settings\Tom\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 17:06:14 59080]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2004-07-20 06:15:20 380928]
Pervasive.SQL Workgroup Engine.lnk - C:\Pvsw\Bin\w3dbsmgr.exe [2007-07-03 10:45:18 102450]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 17:23:32 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2005-02-18 10:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll 2004-08-04 08:00 47104 C:\Program Files\Common Files\Microsoft Shared\Ink\LoginKey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnomMGv]
opnomMGv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2005-07-13 20:02 49152 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
TabBtnWL.dll 2002-08-29 06:41 11776 C:\WINDOWS\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
tpgwlnot.dll 2004-08-04 08:00 30208 C:\WINDOWS\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Pvsw\\Bin\\W3DBSMGR.EXE"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

R0 FJGPNV;FJGPNV;C:\WINDOWS\system32\drivers\FJGPNV.SYS [2005-06-17 19:33]
R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2005-03-16 09:47]
R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys [2005-03-16 09:47]
R2 FlashDrv;FlashDrv;C:\PROGRA~1\Fujitsu\FlashAid\FlashDrv.sys [2005-02-25 13:12]
R2 Sage.ServiceHost.Host.1.0;Sage Service Host v1.0;c:\program files\timberline office\shared\sage.servicehost.host.exe [2007-03-12 17:28]
R3 DX02;DX02;C:\WINDOWS\system32\drivers\dx02.sys [2004-07-29 16:27]
R3 Fjbtndrv;Fujitsu LIFEBOOK T3000 Button Driver;C:\WINDOWS\system32\DRIVERS\Fjbtndrv.sys [2003-06-20 17:30]
R3 FUJ02E1;%FUJ02E1.DeviceDesc%;C:\WINDOWS\system32\Drivers\FUJ02E1.sys [2004-10-18 03:08]
R3 hidpen;Wacom Serial Pen HID MiniDriver;C:\WINDOWS\system32\DRIVERS\hidpen.sys [2004-08-02 21:35]
R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2006-01-06 12:16]
R3 W2gtco;W2gtco;C:\WINDOWS\system32\DRIVERS\W2gtco.sys [2001-10-18 02:09]
R3 Wtcls2k;Wtcls2k;C:\WINDOWS\system32\DRIVERS\Wtcls2k.sys [2001-10-18 02:09]
S1 rdpdrr;rdpdrr;C:\WINDOWS\system32\drivers\rdpdrr.sys []
S3 ADVNTDRV;ADVNTDRV;C:\WINDOWS\system32\drivers\ADVNTDRV.SYS [1999-11-18 21:20]
S3 bioschk;FPC BIOS Check Driver;C:\WINDOWS\system32\Drivers\bioschk.sys [2004-02-28 04:49]
S3 FjGenIo;FPC Generic I/O Driver;C:\WINDOWS\system32\Drivers\FjGenIo.sys [2004-08-23 19:12]
S3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2004-10-11 03:34]
S3 WacomPen;Wacom Serial Pen HID Driver;C:\WINDOWS\system32\DRIVERS\wacompen.sys [2004-08-03 19:04]

.
**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Softex\OmniPass\opxpgina.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Softex\OmniPass\SCUREDLL.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\wintab32.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\scardsvr.exe
C:\WINDOWS\system32\digtizer.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Softex\OmniPass\OmniServ.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\WINDOWS\system32\wisptis.exe
C:\WINDOWS\system32\tabbtnu.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\tcserver.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\Hidfind.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\ssu.exe
.
**************************************************************************
.
Completion time: 2008-04-30 7:53:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-30 11:53:38

Pre-Run: 30,786,449,408 bytes free
Post-Run: 31,019,151,360 bytes free

294 --- E O F --- 2008-04-10 07:02:57

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:57, on 2008-04-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Wintab32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\digtizer.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\timberline office\shared\sage.servicehost.host.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fujitsu\Utils\FjDspMon.exe
C:\Program Files\Fujitsu\Utils\fjevents.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Fujitsu\Utils\FjMnuIco.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ccwtup32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Pvsw\Bin\w3dbsmgr.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\ocntnkdn.exe
C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Tom.CTCHARLOTTE\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6156A32A-C512-4e23-AA9A-2315F4265681} - (no file)
O2 - BHO: gooochi browser optimizer - {aa013f87-c8bc-b176-3c31-3882ba989c91} - C:\WINDOWS\system32\{bd243371-9bd7-702a-0dd9-9fd7dd5a9a1d}.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [FjDspMon] "c:\Program Files\Fujitsu\Utils\FjDspMon.exe"
O4 - HKLM\..\Run: [FjEvents] "c:\Program Files\Fujitsu\Utils\fjevents.exe"
O4 - HKLM\..\Run: [Fujitsu Menu] "c:\Program Files\Fujitsu\Utils\FjMnuIco.exe"
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [IndicatorUtility] "C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe"
O4 - HKLM\..\Run: [LoadBtnHnd] "C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [FJUPDNV_Chitose] "C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe"
O4 - HKLM\..\Run: [OmniPass] "C:\Program Files\Softex\OmniPass\scureapp.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CalCompUtil] ccwtup32.exe
O4 - HKLM\..\Run: [GTCO.wtxpload] "C:\WINDOWS\GTCO\wtxpload.exe" GTCO
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\ocntnkdn.exe
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jmwnw64l.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\Pvsw\Bin\w3dbsmgr.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {6EB2AA45-3F30-40e1-9864-45EB153C6EDC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Send to OneNote Settings - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://us.fujitsu.com/computers
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mwmus.webex.com/client/v_mywebex-mwm/mywebex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CTCHARLOTTE.COM
O17 - HKLM\Software\..\Telephony: DomainName = CTCHARLOTTE.COM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CTCHARLOTTE.COM
O20 - Winlogon Notify: opnomMGv - opnomMGv.dll (file missing)
O23 - Service: Digitizer Service (Digitizer) - WACOM - C:\WINDOWS\System32\digtizer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sage Service Host v1.0 (Sage.ServiceHost.Host.1.0) - Sage Software, Inc. - c:\program files\timberline office\shared\sage.servicehost.host.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\system32\Wintab32.exe

--
End of file - 12462 bytes

Thanks for returning your information, no problem with SpySweeper, I will ask you to deactivate it during the next step.

1) How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm. Click OK.
You may reverse this for safety when we are finished.

2) Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. We will use this later.

3) Disable SpySweeper, make sure you enable it as soon as you finish.

4) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O2 - BHO: (no name) - {6156A32A-C512-4e23-AA9A-2315F4265681} - (no file)
O2 - BHO: gooochi browser optimizer - {aa013f87-c8bc-b176-3c31-3882ba989c91} - C:\WINDOWS\system32\{bd243371-9bd7-702a-0dd9-9fd7dd5a9a1d}.dll
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\ocntnkdn.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jmwnw64l.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O20 - Winlogon Notify: opnomMGv - opnomMGv.dll (file missing)

Close all programs but HJT and all browser windows, then click on "Fix Checked"

5) Right click Start > Explore and navigate to these files/folders and delete them if there.

C:\WINDOWS\system32\ocntnkdn.exe <<< delete that file

C:\WINDOWS\system32\vrggyxdw.tmp <<< delete that file

C:\WINDOWS\system32\jmwnw64l.exe <<< delete that file

C:\Program Files\PokerStars.NET\ <<< delete that folder

C:\Program Files\smitRem <<< delete that folder

6) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Restart and post a new HJT log, tell me how the computer is running.

Thanks

Once that is posted, if all is runing well, this is next.
I am sure you saw this:
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Review that information to understand Recovery Console. Installation is optional but if you do not have the CD's needed, as is explained, it can be installed before we remove combofix.
If you do not wish to install RC, let me know so I can continue with the cleanup.
If you install RC, post the C:\*CF-RC.txt*.

Since we do not need to scan with combofix, click NO

http://img.photobucket.com/albums/v666/sUBs/RC_whatnext.gif

http://img.photobucket.com/albums/v666/sUBs/RC_AllDone.gif

Thanks again for your continued assistance. I followed your last steps and everything appears to be working properly. Google looks normal and no pop-ups or redirects so far. I noticed during the last set of steps a folder appeared on my desktop called "backups". It has 10 files in it with names like "backup-20080430-092505-193" and "backup-20080430-092505-193-Deewoo". Do I need to delete this?

I reviewed the recovery console information and have no problem installing if you think that is the way to go. I will await for your direction, meanwhile here is the HJT log you requested:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:42, on 2008-04-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Wintab32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\digtizer.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\timberline office\shared\sage.servicehost.host.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Fujitsu\Utils\FjDspMon.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Fujitsu\Utils\fjevents.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Fujitsu\Utils\FjMnuIco.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ccwtup32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Pvsw\Bin\w3dbsmgr.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Documents and Settings\Tom.CTCHARLOTTE\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [FjDspMon] "c:\Program Files\Fujitsu\Utils\FjDspMon.exe"
O4 - HKLM\..\Run: [FjEvents] "c:\Program Files\Fujitsu\Utils\fjevents.exe"
O4 - HKLM\..\Run: [Fujitsu Menu] "c:\Program Files\Fujitsu\Utils\FjMnuIco.exe"
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [IndicatorUtility] "C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe"
O4 - HKLM\..\Run: [LoadBtnHnd] "C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [FJUPDNV_Chitose] "C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe"
O4 - HKLM\..\Run: [OmniPass] "C:\Program Files\Softex\OmniPass\scureapp.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CalCompUtil] ccwtup32.exe
O4 - HKLM\..\Run: [GTCO.wtxpload] "C:\WINDOWS\GTCO\wtxpload.exe" GTCO
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user')
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\Pvsw\Bin\w3dbsmgr.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {6EB2AA45-3F30-40e1-9864-45EB153C6EDC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Send to OneNote Settings - {F37F00B3-19B2-4a69-B923-7A24AF07EE68} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://us.fujitsu.com/computers
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mwmus.webex.com/client/v_mywebex-mwm/mywebex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CTCHARLOTTE.COM
O17 - HKLM\Software\..\Telephony: DomainName = CTCHARLOTTE.COM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CTCHARLOTTE.COM
O23 - Service: Digitizer Service (Digitizer) - WACOM - C:\WINDOWS\System32\digtizer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sage Service Host v1.0 (Sage.ServiceHost.Host.1.0) - Sage Software, Inc. - c:\program files\timberline office\shared\sage.servicehost.host.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\system32\Wintab32.exe

--
End of file - 11575 bytes

What happened is that you created no folder when you installed HJT. HJT creates backups of anything removed in the event of an error. Leave that folder for just a while longer. What I would like you to do is delete this copy of HJT:
C:\Documents and Settings\Tom.CTCHARLOTTE\Desktop\HiJackThis.exe

and follow these directions to install a safe new copy:
Download Trend Micro Hijack This™
http://download.bleepingcomputer.com/hijackthis/HJTInstall.exe
Doubleclick the HJTInstall.exe to start it.
By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.
HijackThis will open after install. Press the Scan button below.
This will start the scan and open a log.
Just close that log and it will store in the HJT folder.

As far as I can see, you are clean of malware. We will have KOS check as soon as we resolve the Recovery Console issue.

Recovery Console: Why Microsoft does not install it by default, I really do not know. In the event of an emergency, it may save the day.
http://support.microsoft.com/kb/314058
http://support.microsoft.com/kb/307654

If you have Windows XP CD you can install it when you wish, but if you do not, the installation using combofix is quick and easy, just read the instructions so you know what to do.
Starts here:
If you use Windows XP and do not have the Windows CD, ComboFix includes a method of installing the Windows Recovery console by downloading a file from Microsoft. To install the Windows Recovery Console when you do not have the Windows XP CD, please follow these instructions
through the installation.

Thanks

O.K., Hijack This deleted and new one installed per your instructions. Recovery Console has been installed using Combofix. Everything still seems to be functioning normally. Please let me know what the next step is.

Thanks

I was re-reading your earlier instructions and remember that you requested this after install of Recovery Console:

"If you install RC, post the C:\*CF-RC.txt*."

The only file like that I have in the C:\ directory is "comboFix.txt"

I may have made a mistake, I forgot that you said I did not need CombFix to scan again when I installed Recovery Console and said "yes" instead of "no" to a scan. Here is the "combofix.txt" in case you need this:

ComboFix 08-04-29.3 - tom 2008-04-30 11:27:11.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.449 [GMT -4:00]
Running from: C:\Documents and Settings\Tom.CTCHARLOTTE\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Tom.CTCHARLOTTE\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\zxdnt3d.cfg

.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-30 )))))))))))))))))))))))))))))))
.

2008-04-30 11:14 . 2008-04-30 11:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-27 16:44 . 2008-04-27 16:44 <DIR> d-------- C:\Documents and Settings\Tom\Application Data\Webroot
2008-04-27 13:34 . 2008-04-27 13:34 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-04-27 12:35 . 2008-04-27 12:35 <DIR> d-------- C:\Program Files\Webroot
2008-04-27 12:35 . 2008-04-27 12:35 <DIR> d-------- C:\Documents and Settings\Tom.CTCHARLOTTE\Application Data\Webroot
2008-04-27 12:35 . 2008-04-27 12:35 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-04-27 12:35 . 2008-04-27 12:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-04-27 12:35 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-04-27 12:35 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-04-27 12:35 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-04-27 12:35 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-04-27 12:35 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-04-27 07:26 . 2008-04-29 12:51 109,787 --a------ C:\WINDOWS\BMeb0ed3e6.xml
2008-04-26 20:10 . 2008-04-26 20:10 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-26 20:10 . 2008-04-26 20:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-26 17:51 . 2008-04-26 17:51 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-26 17:11 . 2008-04-26 17:11 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-26 16:20 . 2008-04-26 17:51 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-04-26 13:34 . 2008-04-27 14:04 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-04-26 12:26 . 2008-04-26 13:06 57,546 --a------ C:\WINDOWS\promogif3.gif
2008-04-26 12:26 . 2008-04-26 13:06 24,351 --a------ C:\WINDOWS\promogif1.gif
2008-04-26 12:26 . 2008-04-26 13:06 24,066 --a------ C:\WINDOWS\promogif2.gif
2008-04-26 12:25 . 2008-04-26 13:44 1,680 --a------ C:\WINDOWS\system32\clbcfg.dat
2008-04-26 12:25 . 2008-04-26 13:02 578 --a------ C:\WINDOWS\index.html
2008-04-26 11:07 . 2008-04-26 11:07 401,616 --a------ C:\WINDOWS\system32\g78.exe
2008-04-26 11:07 . 2008-04-26 11:07 63,893 --a------ C:\WINDOWS\system32\{bd243371-9bd7-702a-0dd9-9fd7dd5a9a1d}.dll-uninst.exe
2008-04-26 11:06 . 2008-04-26 11:06 89,070 --a------ C:\WINDOWS\system32\myss_sb_uninstall.exe
2008-04-26 11:03 . 2008-04-29 10:58 863 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-04-26 10:57 . 2008-04-26 10:57 88,961 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-04-26 10:56 . 2008-04-26 20:09 <DIR> d-------- C:\WINDOWS\system32\wTMP
2008-04-26 10:56 . 2008-04-26 10:56 <DIR> d-------- C:\WINDOWS\system32\pnVes06
2008-04-26 10:56 . 2008-04-26 10:56 <DIR> d-------- C:\Temp\zvebs14
2008-04-26 10:56 . 2008-04-26 10:56 <DIR> d-------- C:\Temp\kvebs14
2008-04-26 10:56 . 2008-04-27 13:53 <DIR> d-------- C:\Temp
2008-04-26 10:56 . 2008-04-26 10:57 298,311 --a------ C:\WINDOWS\system32\gside.exe
2008-04-26 00:52 . 2008-04-26 00:52 8,780 --ah----- C:\WINDOWS\system32\BIT60.tmp
2008-04-11 11:46 . 2008-04-11 11:46 334,848 --a------ C:\WINDOWS\system32\myss_sb.dll
2008-04-07 12:27 . 2008-04-07 12:27 330,240 --a------ C:\WINDOWS\system32\{bd243371-9bd7-702a-0dd9-9fd7dd5a9a1d}.dll
2008-03-26 11:11 . 2008-03-26 11:11 77,383 --a------ C:\WINDOWS\system32\atasnt40.dll
2008-03-25 09:25 . 2008-04-26 19:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-25 09:25 . 2008-03-25 09:25 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-05 11:57 . 2008-03-05 11:57 <DIR> d-------- C:\WINDOWS\system32\ffdshow
2008-03-05 11:57 . 2008-03-05 11:57 <DIR> d-------- C:\Program Files\SourceTec
2008-03-05 11:57 . 2006-03-11 05:56 438,272 --a------ C:\WINDOWS\system32\Mpeg2DecFilter.ax
2008-03-05 11:57 . 2006-03-11 05:48 434,176 --a------ C:\WINDOWS\system32\MatroskaSplitter.ax
2008-03-05 11:57 . 2007-03-28 12:27 364,544 --a------ C:\WINDOWS\system32\RealMediaSplitter.ax
2008-03-05 11:57 . 2005-07-10 03:12 241,664 --a------ C:\WINDOWS\system32\CoreVorbis.ax
2008-03-05 11:57 . 2004-08-18 01:04 217,088 --a------ C:\WINDOWS\system32\CoreFLACDecoder.ax
2008-03-05 11:57 . 2007-03-28 17:08 122,880 --a------ C:\WINDOWS\system32\stQTSource.ax
2008-03-02 18:18 . 1997-09-28 14:22 721,168 --a------ C:\WINDOWS\system32\VB40032.DLL
2008-03-02 18:18 . 1997-09-28 14:22 60,416 --a------ C:\WINDOWS\ST4UNST.EXE
2008-03-02 18:18 . 1997-09-28 14:22 37,376 --a------ C:\WINDOWS\system32\VbVfw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-26 21:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-23 20:13 --------- d-----w C:\Program Files\SureTrak
2008-04-23 20:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995
2008-04-17 15:46 --------- d-----w C:\Program Files\On-Screen Takeoff 3
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-27 15:00 630,784 ----a-w C:\WINDOWS\java\GoToAssist_chat2way__317_en.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2007-01-25 05:17 2,412,897 ---h--w C:\Documents and Settings\Tom.CTCHARLOTTE\IDR_DLOADIMAGE.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 07:46 68856]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 05:40 218032]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"="C:\WINDOWS\help\SplshWrp.exe" [2004-08-04 08:00 16384]
"TabletTip"="C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" [2005-04-25 23:10 271872]
"AGRSMMSG"="AGRSMMSG.exe" [2005-06-10 16:00 88203 C:\WINDOWS\AGRSMMSG.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-07-02 07:48 163840]
"FjDspMon"="c:\Program Files\Fujitsu\Utils\FjDspMon.exe" [2004-10-14 18:56 20480]
"FjEvents"="c:\Program Files\Fujitsu\Utils\fjevents.exe" [2004-12-16 19:08 20480]
"Fujitsu Menu"="c:\Program Files\Fujitsu\Utils\FjMnuIco.exe" [2004-12-16 19:10 32768]
"ATSwpNav"="C:\Program Files\Fingerprint Sensor\ATSwpNav -run" [ ]
"IndicatorUtility"="C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2005-02-28 13:20 81920]
"LoadBtnHnd"="C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" [2003-08-20 21:24 61440]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-02-18 10:10 385024]
"FJUPDNV_Chitose"="C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe" [2005-02-11 20:10 249856]
"OmniPass"="C:\Program Files\Softex\OmniPass\scureapp.exe" [2005-07-13 21:24 1843200]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2003-09-29 10:10 81990]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-04-07 06:12 135224]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-03 15:22 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-03 15:26 118784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-25 13:46 155648]
"CalCompUtil"="ccwtup32.exe" [2001-10-18 02:09 61440 C:\WINDOWS\system32\ccwtup32.exe]
"GTCO.wtxpload"="C:\WINDOWS\GTCO\wtxpload.exe" [2001-10-18 02:09 45056]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-03-26 08:07 228088]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"="%windir%\help\wizard.hta" [ ]

C:\Documents and Settings\Tom\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 17:06:14 59080]

C:\Documents and Settings\Tom.CTCHARLOTTE\Start Menu\Programs\Startup\
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe [2007-03-28 12:32:56 1283608]
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 17:06:14 59080]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2004-07-20 06:15:20 380928]
Pervasive.SQL Workgroup Engine.lnk - C:\Pvsw\Bin\w3dbsmgr.exe [2007-07-03 10:45:18 102450]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 17:23:32 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2005-02-18 10:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll 2004-08-04 08:00 47104 C:\Program Files\Common Files\Microsoft Shared\Ink\LoginKey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2005-07-13 20:02 49152 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
TabBtnWL.dll 2002-08-29 06:41 11776 C:\WINDOWS\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
tpgwlnot.dll 2004-08-04 08:00 30208 C:\WINDOWS\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Pvsw\\Bin\\W3DBSMGR.EXE"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

R0 FJGPNV;FJGPNV;C:\WINDOWS\system32\drivers\FJGPNV.SYS [2005-06-17 19:33]
R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2005-03-16 09:47]
R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys [2005-03-16 09:47]
R2 FlashDrv;FlashDrv;C:\PROGRA~1\Fujitsu\FlashAid\FlashDrv.sys [2005-02-25 13:12]
R2 Sage.ServiceHost.Host.1.0;Sage Service Host v1.0;c:\program files\timberline office\shared\sage.servicehost.host.exe [2007-03-12 17:28]
R3 DX02;DX02;C:\WINDOWS\system32\drivers\dx02.sys [2004-07-29 16:27]
R3 Fjbtndrv;Fujitsu LIFEBOOK T3000 Button Driver;C:\WINDOWS\system32\DRIVERS\Fjbtndrv.sys [2003-06-20 17:30]
R3 FUJ02E1;%FUJ02E1.DeviceDesc%;C:\WINDOWS\system32\Drivers\FUJ02E1.sys [2004-10-18 03:08]
R3 hidpen;Wacom Serial Pen HID MiniDriver;C:\WINDOWS\system32\DRIVERS\hidpen.sys [2004-08-02 21:35]
R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2006-01-06 12:16]
R3 W2gtco;W2gtco;C:\WINDOWS\system32\DRIVERS\W2gtco.sys [2001-10-18 02:09]
R3 Wtcls2k;Wtcls2k;C:\WINDOWS\system32\DRIVERS\Wtcls2k.sys [2001-10-18 02:09]
S1 rdpdrr;rdpdrr;C:\WINDOWS\system32\drivers\rdpdrr.sys []
S3 ADVNTDRV;ADVNTDRV;C:\WINDOWS\system32\drivers\ADVNTDRV.SYS [1999-11-18 21:20]
S3 bioschk;FPC BIOS Check Driver;C:\WINDOWS\system32\Drivers\bioschk.sys [2004-02-28 04:49]
S3 FjGenIo;FPC Generic I/O Driver;C:\WINDOWS\system32\Drivers\FjGenIo.sys [2004-08-23 19:12]
S3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2004-10-11 03:34]
S3 WacomPen;Wacom Serial Pen HID Driver;C:\WINDOWS\system32\DRIVERS\wacompen.sys [2004-08-03 19:04]

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-30 11:29:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Softex\OmniPass\opxpgina.dll
.
Completion time: 2008-04-30 11:30:07
ComboFix-quarantined-files.txt 2008-04-30 15:30:01
ComboFix2.txt 2008-04-30 11:53:52

Pre-Run: 32,265,875,456 bytes free
Post-Run: 32,239,038,464 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

186 --- E O F --- 2008-04-10 07:02:57

Remove combofix and the C:\Qoobox\Quarantine\ folder and run a new Kaspersky Online Scan for a last check using these settings.

* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make that the following are selected:
* Scan using the following Anti-Virus database:
* Standard
* Scan Options:
* Scan Archives
* Scan Mail Bases
* Click OK
* Now under select a target to scan:
* Select My Computer
* This will program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
* Now click on the Save as Text button:
* Save the file to your desktop.

Then post it here.

Thanks

Ran Kaspersky. Still showing a lot of items. Here is the report:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2008-04-30 13:09
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 30/04/2008
Kaspersky Anti-Virus database records: 655556
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
H:\

Scan Statistics:
Total number of scanned objects: 65921
Number of viruses found: 11
Number of infected objects: 82
Number of suspicious objects: 0
Duration of the scan process: 01:05:58

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_R6602503.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_R6602503.log Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\Tom.CTCHARLOTTE\Application Data\Microsoft\Outlook\Outlook.NK2 Object is locked skipped
C:\Documents and Settings\Tom.CTCHARLOTTE\Application Data\Microsoft\Outlook\Outlook.srs Object is locked skipped
C:\Documents and Settings\Tom.CTCHARLOTTE\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\Tom.CTCHARLOTTE\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Tom.CTCHARLOTTE\Local Settings\Application Data\ApplicationHistory\TCServer.exe.7c11743d.ini.inuse Object is locked skipped
C:\Documents and Settings\Tom.CTCHARLOTTE\Local Settings\Application Data\Microsoft\Outlook\archive.pst Object is locked skipped
C:\Documents and Settings\Tom.CTCHARLOTTE\Local Settings\Application Data\Microsoft\Outlook\outlook.ost Object is locked skipped
C:\Documents and Settings\Tom.CTCHARLOTTE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Tom.CTCHARLOTTE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Tom.CTCHARLOTTE\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Tom.CTCHARLOTTE\Local Settings\Temp\ExchangePerflog_8484fa31305f9590cfcccd43.dat Object is locked skipped
C:\Documents and Settings\Tom.CTCHARLOTTE\Local Settings\Temp\IMGBE.tmp Object is locked skipped
C:\Documents and Settings\Tom.CTCHARLOTTE\Local Settings\Temp\~DFBC84.tmp Object is locked skipped
C:\Documents and Settings\Tom.CTCHARLOTTE\Local Settings\Temp\~DFC0DF.tmp Object is locked skipped
C:\Documents and Settings\Tom.CTCHARLOTTE\Local Settings\Temp\~DFC4C2.tmp Object is locked skipped
C:\Documents and Settings\Tom.CTCHARLOTTE\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Tom.CTCHARLOTTE\NTUser.dat Object is locked skipped
C:\Documents and Settings\Tom.CTCHARLOTTE\NTUSER.DAT.LOG Object is locked skipped
C:\Program Files\Microsoft Office\OFFICE11\STARTUP\AIAWordToolbars.dot Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Softex\OmniPass\btype0.dat Object is locked skipped
C:\Program Files\Softex\OmniPass\btype1.dat Object is locked skipped
C:\Program Files\Softex\OmniPass\btype2.dat Object is locked skipped
C:\Program Files\Softex\OmniPass\btype256.dat Object is locked skipped
C:\Program Files\Softex\OmniPass\btype259.dat Object is locked skipped
C:\Program Files\Softex\OmniPass\btype3.dat Object is locked skipped
C:\Program Files\Softex\OmniPass\btype4.dat Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\RECYCLER\S-1-5-21-420314915-1823663660-170360327-1119\Dc2\C\WINDOWS\lfn.exe.vir Infected: not-virus:Hoax.Win32.Renos.bvd skipped
C:\RECYCLER\S-1-5-21-420314915-1823663660-170360327-1119\Dc2\C\WINDOWS\system32\awtuvUNg.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\RECYCLER\S-1-5-21-420314915-1823663660-170360327-1119\Dc2\C\WINDOWS\system32\dkhmslbg.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\RECYCLER\S-1-5-21-420314915-1823663660-170360327-1119\Dc2\C\WINDOWS\system32\dxrfvbqq.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\RECYCLER\S-1-5-21-420314915-1823663660-170360327-1119\Dc2\C\WINDOWS\system32\jkkihEXP.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\RECYCLER\S-1-5-21-420314915-1823663660-170360327-1119\Dc2\C\WINDOWS\system32\kbbivpyu.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\RECYCLER\S-1-5-21-420314915-1823663660-170360327-1119\Dc2\C\WINDOWS\system32\lltokpsv.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\RECYCLER\S-1-5-21-420314915-1823663660-170360327-1119\Dc2\C\WINDOWS\system32\ncyewcwr.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\RECYCLER\S-1-5-21-420314915-1823663660-170360327-1119\Dc2\C\WINDOWS\system32\nnNHxuvW.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\RECYCLER\S-1-5-21-420314915-1823663660-170360327-1119\Dc2\C\WINDOWS\system32\qoMDsPhi.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\RECYCLER\S-1-5-21-420314915-1823663660-170360327-1119\Dc2\C\WINDOWS\system32\rQhiihii.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\RECYCLER\S-1-5-21-420314915-1823663660-170360327-1119\Dc2\C\WINDOWS\system32\wtnmhbhd.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\RECYCLER\S-1-5-21-420314915-1823663660-170360327-1119\Dc2\catchme2008-04-30_ 73917.80.zip/byXRjjHa.dll Infected: Packed.Win32.Monder.gen skipped
C:\RECYCLER\S-1-5-21-420314915-1823663660-170360327-1119\Dc2\catchme2008-04-30_ 73917.80.zip ZIP: infected - 1 skipped
C:\RECYCLER\S-1-5-21-420314915-1823663660-170360327-1119\Dc2\catchme2008-04-30_ 75010.69.zip/Documents and Settings/Tom/Desktop/catchme.zip/spools.exe Infected: Worm.Win32.Socks.ff skipped
C:\RECYCLER\S-1-5-21-420314915-1823663660-170360327-1119\Dc2\catchme2008-04-30_ 75010.69.zip/Documents and Settings/Tom/Desktop/catchme.zip Infected: Worm.Win32.Socks.ff skipped
C:\RECYCLER\S-1-5-21-420314915-1823663660-170360327-1119\Dc2\catchme2008-04-30_ 75010.69.zip ZIP: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP484\A0035946.exe Infected: Trojan-Downloader.Win32.Small.uuw skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP484\A0035950.exe Infected: Trojan-Downloader.Win32.Small.uuw skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP484\A0035952.exe Infected: Trojan-Downloader.Win32.Small.uww skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP484\A0035962.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP485\A0036074.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP485\A0036107.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP485\A0036370.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP485\A0036371.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP485\A0036372.exe Infected: Email-Worm.Win32.Zhelatin.xv skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP485\A0037847.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP486\A0037974.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP486\A0037989.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP486\A0038063.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP486\A0038066.exe Infected: Email-Worm.Win32.Zhelatin.xv skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP486\A0038069.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP486\A0038109.sys Infected: Rootkit.Win32.Agent.aii skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP486\A0038128.dll Infected: Trojan-Downloader.Win32.Small.ixt skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP487\A0038153.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP488\A0038217.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP488\A0038218.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP488\A0038236.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP488\A0039254.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP488\A0039255.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP489\A0039315.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP489\A0039329.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP489\A0039363.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP489\A0039364.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP489\A0039368.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP489\A0039370.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP489\A0039491.exe/data0006 Infected: Trojan-Downloader.Win32.VB.ebf skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP489\A0039491.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP489\A0039492.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP489\A0039493.exe Infected: Trojan.Win32.DNSChanger.ckn skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP489\A0039521.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP489\A0039535.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP489\A0039590.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP490\A0039606.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP490\A0039607.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP490\A0039608.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP490\A0039609.exe Infected: Trojan-Downloader.Win32.Small.uuw skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP490\A0039610.exe Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP490\A0039653.exe Infected: not-virus:Hoax.Win32.Renos.bvd skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP490\A0039657.exe Infected: Trojan.Win32.DNSChanger.cjd skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP490\A0039668.exe Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP490\A0039686.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP490\A0039701.exe Infected: Trojan-Downloader.Win32.Small.uuw skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP490\A0039716.exe Infected: Trojan.Win32.DNSChanger.cjd skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP490\A0039717.exe Infected: not-virus:Hoax.Win32.Renos.bvd skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP490\A0039773.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP493\A0039966.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP494\A0040006.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP495\A0040107.exe Infected: not-virus:Hoax.Win32.Renos.bvd skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP495\A0040109.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP495\A0040110.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP495\A0040111.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP495\A0040112.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP495\A0040113.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP495\A0040114.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP495\A0040115.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP495\A0040116.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP495\A0040117.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP495\A0040118.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP495\A0040119.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{8E5A7E47-8731-42AB-9066-1D66C6F23A59}\RP496\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\Netlogon.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{5008A5A1-2D8E-4C55-BCEC-4D4C3CE743F2}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\BIT60.tmp Infected: Trojan-Downloader.Win32.Small.uuw skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Sage.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\pnVes06\pnVes061083.exe Infected: Trojan-Downloader.Win32.VB.ebf skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\temp\Perflib_Perfdata_728.dat Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Thanks for retruning your KOS results:

1) The first two are still active, navigate to and delete the files/folders in red
C:\WINDOWS\system32\BIT60.tmp ------> Trojan-Downloader.Win32.Small.uuw
C:\WINDOWS\system32\pnVes06\pnVes061083.exe ------> Trojan-Downloader.Win32.VB.ebf

2) Delete the contents of the Recycle Bin

3) Restart the computer

4) Follow these directions to clean infected System Restore files:

Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot

Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

If the directions are follow the next KOX will be clean...I do not need to see it.

Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

http://www.malwarecomplaints.info/

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

Next KOX was clean as you said it would be. Thank you so very much for your help and guidance.