Can't get rid of jkkjk.dll jkkjk.exe

[c_anthony_bailey]

Combo fix log from above CFScript.txt file

ComboFix 08-01-11.1 - Tony Bailey 2008-01-13 16:02:02.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.645 [GMT -5:00]
Running from: C:\hjt\ComboFix.exe
Command switches used :: C:\hjt\CFScript.txt C:\hjt\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\SYSTEM32\gdlsaufa.dll
C:\WINDOWS\SYSTEM32\jhrkhoyt.ini
C:\WINDOWS\SYSTEM32\tsilpikp.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SYSTEM32\gdlsaufa.dll
C:\WINDOWS\SYSTEM32\jhrkhoyt.ini
C:\WINDOWS\SYSTEM32\tsilpikp.ini

.
((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))
.

2008-01-12 12:28 . 2008-01-12 12:28 102,800 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2008-01-11 18:08 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-06 09:01 . 2008-01-06 09:01 75,840 --a------ C:\WINDOWS\SYSTEM32\gcvlwivg.dll
2008-01-05 00:03 . 2008-01-05 00:03 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-04 23:58 . 2008-01-04 23:58 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2008-01-04 23:58 . 2008-01-04 23:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-04 01:34 . 2008-01-04 01:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DivX
2008-01-04 00:50 . 2008-01-04 00:50 <DIR> d--h----- C:\WINDOWS\PIF
2008-01-03 23:26 . 2008-01-12 12:01 6,500 --a------ C:\WINDOWS\SYSTEM32\Config.MPF
2008-01-03 23:25 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\SYSTEM32\dunzip32.dll
2008-01-03 23:24 . 2007-06-25 10:57 171,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2008-01-03 23:24 . 2007-03-02 14:16 109,608 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2008-01-03 23:24 . 2007-06-25 14:54 71,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2008-01-03 23:24 . 2007-06-25 10:57 37,480 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2008-01-03 23:24 . 2007-06-25 10:57 34,184 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2008-01-03 23:24 . 2007-06-25 10:57 32,008 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2008-01-03 23:23 . 2008-01-03 23:23 <DIR> d-------- C:\Program Files\McAfee.com
2008-01-03 23:23 . 2008-01-04 00:56 <DIR> d-------- C:\Program Files\McAfee
2008-01-03 23:23 . 2008-01-03 23:25 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-01-03 23:08 . 2008-01-03 23:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-03 22:13 . 2008-01-03 22:14 <DIR> d-------- C:\pebuilder3110a
2008-01-03 21:58 . 2008-01-03 21:58 <DIR> d-------- C:\Program Files\Compaq
2007-12-31 22:49 . 2007-12-31 22:49 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-30 15:34 . 2008-01-04 20:30 <DIR> d-------- C:\Program Files\Sony
2007-12-30 08:51 . 2008-01-02 18:54 778,318 --a------ C:\WINDOWS\SYSTEM32\wltray.exe
2007-12-30 02:07 . 2007-12-30 02:07 <DIR> d-------- C:\Documents and Settings\Tony Bailey\Application Data\MySpace

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-11 23:13 --------- d-----w C:\Program Files\QuickTime
2008-01-11 22:52 --------- d-----w C:\Documents and Settings\Tony Bailey\Application Data\Juniper Networks
2008-01-10 01:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Juniper Networks
2008-01-05 04:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-04 07:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-04 05:08 --------- d-----w C:\Program Files\eGames
2008-01-04 04:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-01-03 02:38 --------- d-----w C:\Program Files\Real
2008-01-03 02:38 --------- d-----w C:\Program Files\Logitech
2008-01-03 02:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-01-03 02:24 --------- d-----w C:\Program Files\Dell
2007-12-29 05:31 --------- d-----w C:\Documents and Settings\Tony Bailey\Application Data\BitTorrent
2007-12-20 02:20 --------- d-----w C:\Program Files\MSN Messenger
2007-12-11 01:07 --------- d-----w C:\Program Files\UltimateBuddy
2007-12-07 19:53 --------- d-----w C:\Program Files\Neoteris
2007-12-04 03:01 --------- d-----w C:\Program Files\UltimateBet
2007-12-01 00:03 --------- d-----w C:\Program Files\Microsoft Money 2005
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\SYSTEM32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-10-30 16:53 360,832 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\SYSTEM32\wmasf.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-11_18.15.40.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-11 23:08:58 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-13 21:01:58 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-11 23:08:58 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-13 21:01:58 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-11 23:08:58 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
+ 2008-01-13 21:01:58 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
- 2008-01-11 23:08:58 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-13 21:01:58 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-11 23:08:58 5,722,112 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-13 21:01:58 5,726,208 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-11 23:08:58 364,544 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-13 21:01:58 364,544 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-03 02:33:50 122,939 ----a-w C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
- 2008-01-11 22:54:24 41,624 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
+ 2008-01-12 17:04:43 41,624 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
- 2008-01-11 22:54:24 316,158 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
+ 2008-01-12 17:04:43 316,158 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-11 17:50 1460560]
"Cache Cleaner"="C:\Documents and Settings\Tony Bailey\Application Data\Juniper Networks\Cache Cleaner 5.5.0\dsCacheCleaner.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 14:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 14:29 7561216]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2008-01-02 19:21 45056]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2008-01-02 19:21 57344]
"nwiz"="nwiz.exe" [2006-03-09 14:29 1519616 C:\WINDOWS\SYSTEM32\nwiz.exe]
"wltray.exe"="C:\WINDOWS\system32\wltray.exe" [2008-01-02 18:54 778318]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2005-12-29 20:08:38]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-06-29 23:53]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 16:10]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-01-04 04:23:59 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-01-04 04:23:58 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-13 16:03:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-13 16:03:56
ComboFix-quarantined-files.txt 2008-01-13 21:03:41
ComboFix2.txt 2008-01-13 20:13:49
ComboFix3.txt 2008-01-11 23:16:06
.
2008-01-09 13:07:16 --- E O F ---

[c_anthony_bailey]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:10:10 PM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Cache Cleaner] C:\Documents and Settings\Tony Bailey\Application Data\Juniper Networks\Cache Cleaner 5.5.0\dsCacheCleaner.exe -action delete
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games – Hearts) - http://zone.msn.com/bingame/zpagames...z.cab67031.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames...e.cab60231.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://cam3.kfbserv.com:1738/plugin/h263ctrl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://myvpn.ford.com/dana-cached/s...erSetupSP1.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Filter: AutorunsDisabled - (no CLSID) - (no file)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 6537 bytes

[little eagle]

Run this online scan from ESET

You will need to use Internet explorer for this scan!

• First, accept the Terms of Use
• Click: Start
• When asked, allow the ActiveX control to install
• Click: Start
• Make sure the options:
  Remove found threats, and Scan unwanted applications
  are both checked!
• Click: Scan

When the scan finishes, use Notepad to open the ESET report.
It will be located here C:\Program Files\EsetOnlineScanner\log.txt

[c_anthony_bailey]

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2788 (20080113)
# vers_arch_module=1.061 (20080110)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=ef3065292516aa4f965f46b85fcf4121
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-01-13 10:36:10
# local_time=2008-01-13 05:36:10 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=447657
# found=5
# scan_time=4416
C:\QooBox\Quarantine\C\Program Files\Intel\Intel Application Accelerator\iaanotif .exe.vir Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\Spybot - Search & Destroy\TeaTimer.exe.vir Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\fimffrtl.dll.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lkfllwdk.dll.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\scviwovm.dll.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000

[little eagle]

Download the OTMoveIt.

• Save it to your desktop.
• Please double-click OTMoveIt.exe to run it.

Press cleanup & it will search for and delete/uninstall all the tools we have used
to fix your problems and all their backup folders and then delete itself when you next reboot.

--------------------------------------

Download and run - ATF Cleaner instructions here.

-------------------------------------

One of the best features of Windows XP is the System Restore option, however if a virus or spyware infection.
There can be backups made in the System Restore folder.
Therefore, clearing the restore points is necessary after a virus or spyware removal.

To reset your restore points, please note that you will need to log into your computer with an account
which has full administrator access. You will know if the account has administrator access because
you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

[c_anthony_bailey]

Ran OTMoveit and rebooted
Ran ATF-Cleaner
Turned off System restore, rebooted
Turned system restore back on.

Looks to be clean? Do you need any additional logs?

[little eagle]

Looks to be clean how is the PC running?

[c_anthony_bailey]

Looks good, no symptoms at all currently.

Thanks ever so much!