WinAntiSpyware Alert

S

Scott5150

New member
Hi,

First of all, all of the helpers here have been great to me. I have posted a couple of times over the past few years and both times the folks here have fixed the problem. Thank you for all your help. I really appreciate it.

The current problem I have is that a box is popping up at the bottom right of my computer indicating WinAntiSpyware Alert!. In the box, it asks if I want to Allow. It then says "To remove the security Threats found please register WinAnit Spyware 2007." I cant seem top get rid of the box.

Also, when I run Windows Defender it indcates Severe Alert. If I click to Remove All, I get a message that Windows Defender encountered an error and that the Group or Resource is not the correct state to perform the requested action. I notice that my computer is running a bit slow as well.

Here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 9:11:26 PM, on 7/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\tmrsrv32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\WinAntiSpyware 2007\was7.exe
C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe
C:\WINDOWS\amwnmdoA.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\CROSOF~1.NET\rundll.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Scott\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=1.0&bm=ho_home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"
O4 - HKLM\..\Run: [WinAntiSpyware 2007 Free] "C:\Program Files\WinAntiSpyware 2007\was7.exe" /min
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"
O4 - HKLM\..\Run: [amwnmdoA] C:\WINDOWS\amwnmdoA.exe
O4 - HKLM\..\Run: [{5D-D6-66-68-ZN}] c:\windows\system32\modsregn.exe SKY009
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uaol] "C:\WINDOWS\CROSOF~1.NET\rundll.exe" -vt yazb
O4 - Startup: TA_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsregt.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Verizon Central - {5B3FB261-CF72-4c66-B314-8E6FF9980307} - www.verizon.net (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://locator1.cdn.imagesrvr.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://verizon.exent.com/vzunlimited/classes/ExentCtl.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe


Thank you,
Scott
 
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information. "BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

1) Looks like a Vundo infection to me, please see this information:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
C:\Program Files\Java\j2re1.4.2_03\ <<< Java is BADLY out dated. Download the newest version and uninstall all old versions in Add Remove Programs.

2) Move HJT from the Desktop for safety. I prefer C:\HJT\HijackThis.exe, if you need additional instructions use these: http://russelltexas.com/malware/createhjtfolder.htm
Once you get it moved, rename HJT.exe, Scott.exe will do.

3) They are all bad but this one is real nasty: C:\WINDOWS\system32\tmrsrv32.exe
http://spywarefiles.prevx.com/RREHCD38818560/TMRSRV32.EXE.html
We need to check your Hosts files after we kill this one:
Installs programs.
Invokes dll components.
Creates Run Keys.
Modifies the hostsfile.
Runs other programs.
Communicates with web sites using httpout protocols.
Modifies Browser Search Settings.
Hijacks running processes.
Creates known malware.
Creates copies of itself.

4) Thanks to sUBs and anyone else who helped with this fix.

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Thanks
 
Thanks PSKelley. Here is the Combofix log. I will post in multiple replies.

"Scott" - 2007-07-16 23:19:54 - ComboFix 07-07-14.6 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\cghvjarg.dll
C:\WINDOWS\system32\nfsbfepa.dll
C:\WINDOWS\system32\wndlpanv.dll
C:\WINDOWS\system32\xxyyywt.dll
C:\WINDOWS\system32\reohhvcm.exe
C:\WINDOWS\system32\rmuymrjg.exe
C:\WINDOWS\system32\sxqgppcy.dll
C:\WINDOWS\system32\tcdaeifa.dll
C:\WINDOWS\system32\xxyyywt.dll
C:\WINDOWS\SYSTEM32\nmllm.bak1
C:\WINDOWS\SYSTEM32\nmllm.bak2
C:\WINDOWS\SYSTEM32\nmllm.ini
C:\WINDOWS\SYSTEM32\apefbsfn.ini
C:\WINDOWS\SYSTEM32\vnapldnw.ini
C:\WINDOWS\system32\mllmn.dll
C:\WINDOWS\system32\urqrsrp.dll
C:\WINDOWS\system32\urqrsrp.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
C:\DOCUME~1\Scott\APPLIC~1.\curity~1
C:\DOCUME~1\Scott\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\Scott\APPLIC~1.\winantispyware 2007\Logs\update.log
C:\DOCUME~1\Scott\MYDOCU~1.\mbols~1
C:\Program Files\Common Files\fnts~1
C:\Program Files\Common Files\mcroso~1
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\Common Files\winantispyware 2007\WAS7Mon.exe
C:\Program Files\ComPlus Applications\mewody83122.dll
C:\Program Files\Movie Maker\qujawine.dll
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\poolsv
C:\Program Files\poolsv\k11u72.exe
C:\Program Files\poolsv\WinAntiSpyware2007FreeInstall.exe
C:\Program Files\poolsv\YazzleBundle-1549.exe
C:\Program Files\svhost
C:\Program Files\winantispyware 2007
C:\Program Files\winantispyware 2007\Activate.dat
C:\Program Files\winantispyware 2007\appupdate.dat
C:\Program Files\winantispyware 2007\AsAgents.dll
C:\Program Files\winantispyware 2007\AsAgents.xml
C:\Program Files\winantispyware 2007\atl71.dll
C:\Program Files\winantispyware 2007\AutoProcess.dat
C:\Program Files\winantispyware 2007\bnlink.dat
C:\Program Files\winantispyware 2007\database\enemies.dat
C:\Program Files\winantispyware 2007\database\knownfiles.dat
C:\Program Files\winantispyware 2007\database\TEBase.dat
C:\Program Files\winantispyware 2007\database\vbpv.dat
C:\Program Files\winantispyware 2007\dbupdate.dat
C:\Program Files\winantispyware 2007\fopnl.dll
C:\Program Files\winantispyware 2007\InstHelp.exe
C:\Program Files\winantispyware 2007\InstUp.exe
C:\Program Files\winantispyware 2007\lapv.dat
C:\Program Files\winantispyware 2007\license.rtf
C:\Program Files\winantispyware 2007\manual.pdf
C:\Program Files\winantispyware 2007\manual.url
C:\Program Files\winantispyware 2007\mfc71.dll
C:\Program Files\winantispyware 2007\monstate.dat
C:\Program Files\winantispyware 2007\msvcp71.dll
C:\Program Files\winantispyware 2007\msvcr71.dll
C:\Program Files\winantispyware 2007\ps.dat
C:\Program Files\winantispyware 2007\pv.dat
C:\Program Files\winantispyware 2007\quaratine.dat\#post_quarantine
C:\Program Files\winantispyware 2007\readme.rtf
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\0d05b79f84d54729fd27c6a2\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\0d05b79f84d54729fd27c6a2\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\0d05b79f84d54729fd27c6a2\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\0d2610769c9046afe41ecf83\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\0d2610769c9046afe41ecf83\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\0d2610769c9046afe41ecf83\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\0d2610769c9046afe41ecf83\Scott
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\10335a5a026342c47cd865a5\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\10335a5a026342c47cd865a5\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\10335a5a026342c47cd865a5\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\103bc1dc8fba41d500b252b8\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\103bc1dc8fba41d500b252b8\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\103bc1dc8fba41d500b252b8\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\103bc1dc8fba41d500b252b8\Scott
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\14c6dc208ac5410db563ce9c\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\14c6dc208ac5410db563ce9c\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\14c6dc208ac5410db563ce9c\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\1a4da281e41e4708e55cbdba\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\1a4da281e41e4708e55cbdba\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\1a4da281e41e4708e55cbdba\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\2941d85e11da4f50fa0965a6\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\2941d85e11da4f50fa0965a6\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\2941d85e11da4f50fa0965a6\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\403a29f7f7214ce5c8967891\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\403a29f7f7214ce5c8967891\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\403a29f7f7214ce5c8967891\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\403a29f7f7214ce5c8967891\Scott
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\4532233b52c94455b5bd0b98\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\4532233b52c94455b5bd0b98\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\4532233b52c94455b5bd0b98\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\4532233b52c94455b5bd0b98\Scott
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\471b4d846d5645362296deb5\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\471b4d846d5645362296deb5\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\471b4d846d5645362296deb5\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\4aef88ff3a294d4d4e80a698\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\4aef88ff3a294d4d4e80a698\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\4aef88ff3a294d4d4e80a698\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\4aef88ff3a294d4d4e80a698\Scott
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\4b0a961b0d6648e84d474fb5\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\4b0a961b0d6648e84d474fb5\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\4b0a961b0d6648e84d474fb5\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\4b0a961b0d6648e84d474fb5\Scott
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\60c35cde4b194075922df9a3\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\60c35cde4b194075922df9a3\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\60c35cde4b194075922df9a3\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\6b0453a9f8c04f05e5b9b9b3\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\6b0453a9f8c04f05e5b9b9b3\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\6b0453a9f8c04f05e5b9b9b3\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\6c84076dadf34b003df03eb7\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\6c84076dadf34b003df03eb7\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\6c84076dadf34b003df03eb7\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\7d73615b83a943834abe4194\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\7d73615b83a943834abe4194\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\7d73615b83a943834abe4194\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\85025466fe40413ed97b79b7\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\85025466fe40413ed97b79b7\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\85025466fe40413ed97b79b7\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\858722e4c44a426e9cb2829d\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\858722e4c44a426e9cb2829d\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\858722e4c44a426e9cb2829d\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\8f73a24c8a1e43aa7a8ec197\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\8f73a24c8a1e43aa7a8ec197\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\8f73a24c8a1e43aa7a8ec197\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\8f73a24c8a1e43aa7a8ec197\Scott
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\9826fc60f8354475b88e488a\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\9826fc60f8354475b88e488a\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\9826fc60f8354475b88e488a\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\aa307dbbf28b4c9ecba70bb3\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\aa307dbbf28b4c9ecba70bb3\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\aa307dbbf28b4c9ecba70bb3\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\ba602ba5da044e3596c3f6bb\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\ba602ba5da044e3596c3f6bb\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\ba602ba5da044e3596c3f6bb\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\bca6fd4549c64750b243f3a3\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\bca6fd4549c64750b243f3a3\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\bca6fd4549c64750b243f3a3\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\bca6fd4549c64750b243f3a3\Scott
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\c9f14b789d83410d982234bb\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\c9f14b789d83410d982234bb\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\c9f14b789d83410d982234bb\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\d1d6e3988a4c4120d901f387\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\d1d6e3988a4c4120d901f387\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\d1d6e3988a4c4120d901f387\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\dc28f4455af04b55a3e3cd86\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\dc28f4455af04b55a3e3cd86\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\dc28f4455af04b55a3e3cd86\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\ea8de467b825424566257083\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\ea8de467b825424566257083\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\ea8de467b825424566257083\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\ea8de467b825424566257083\Scott
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\ecede3a6a33348bfd0b12a85\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\ecede3a6a33348bfd0b12a85\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\3558f1cef293452c7931a5ad\ecede3a6a33348bfd0b12a85\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\cc7caa6019104ffa480e9cad\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\cc7caa6019104ffa480e9cad\0d59a60af669480a6ac029b7\#data
C:\Program Files\winantispyware
 
More Combofix log:

2007\RTMonitor.dat\54813b09e2dc461070cfabb8\cc7caa6019104ffa480e9cad\0d59a60af669480a6ac029b7\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\cc7caa6019104ffa480e9cad\0d59a60af669480a6ac029b7\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\cc7caa6019104ffa480e9cad\1ca3eb6cb3c443847f984886\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\cc7caa6019104ffa480e9cad\1ca3eb6cb3c443847f984886\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\cc7caa6019104ffa480e9cad\1ca3eb6cb3c443847f984886\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\cc7caa6019104ffa480e9cad\95447328551846b911f3ceb3\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\cc7caa6019104ffa480e9cad\95447328551846b911f3ceb3\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\cc7caa6019104ffa480e9cad\95447328551846b911f3ceb3\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\cc7caa6019104ffa480e9cad\a9b31d08d1a449146bafb093\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\cc7caa6019104ffa480e9cad\a9b31d08d1a449146bafb093\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\cc7caa6019104ffa480e9cad\a9b31d08d1a449146bafb093\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\fcda81e040504c8b6c48c99e\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\fcda81e040504c8b6c48c99e\12aa938494154c547c435696\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\fcda81e040504c8b6c48c99e\12aa938494154c547c435696\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\fcda81e040504c8b6c48c99e\12aa938494154c547c435696\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\fcda81e040504c8b6c48c99e\a1f96f7e564a4f83f4f86cbd\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\fcda81e040504c8b6c48c99e\a1f96f7e564a4f83f4f86cbd\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\fcda81e040504c8b6c48c99e\a1f96f7e564a4f83f4f86cbd\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\fcda81e040504c8b6c48c99e\e593f324cc254811942d5b91\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\fcda81e040504c8b6c48c99e\e593f324cc254811942d5b91\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\54813b09e2dc461070cfabb8\fcda81e040504c8b6c48c99e\e593f324cc254811942d5b91\#name
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\002800c4f618414a98c7eca3\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\002800c4f618414a98c7eca3\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\002800c4f618414a98c7eca3\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\086f0f770b1843979477ed9f\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\086f0f770b1843979477ed9f\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\0a163dfe907949b466d3aba1\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\0a163dfe907949b466d3aba1\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\0d3d8babfc564e8e0a4bc883\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\0d3d8babfc564e8e0a4bc883\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\11c6a17f48904651daa9a295\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\11c6a17f48904651daa9a295\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\14c96327caff4220af9185a4\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\14c96327caff4220af9185a4\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\22c49734436b4f68039845a2\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\22c49734436b4f68039845a2\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\2a2df3d65842449666bac890\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\2a2df3d65842449666bac890\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\2a6945e5e73b4763e1cfea95\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\2a6945e5e73b4763e1cfea95\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\2f936852351a49b5903517a6\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\2f936852351a49b5903517a6\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\374a5a32bfef44ea075a80b0\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\374a5a32bfef44ea075a80b0\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\497f291d03b94c45d1b4e293\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\497f291d03b94c45d1b4e293\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\508c5e8017c74864baa184aa\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\508c5e8017c74864baa184aa\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\571eb1de6d8f40ce18d7beab\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\571eb1de6d8f40ce18d7beab\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\5a5c7480b91d4213ecda0b9c\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\5a5c7480b91d4213ecda0b9c\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\6752ede15b844471c069d899\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\6752ede15b844471c069d899\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\68df7c2710d8473f4eafc2a1\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\68df7c2710d8473f4eafc2a1\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\7834e6884bf546a25200819a\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\7834e6884bf546a25200819a\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\7c76866b58b44402d390af95\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\7c76866b58b44402d390af95\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\8677fe334d8c4fd070e24d93\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\8677fe334d8c4fd070e24d93\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\88d952ecc8db4f28c2a1d2b5\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\88d952ecc8db4f28c2a1d2b5\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\8b0859fc60be4d2215626e8f\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\8b0859fc60be4d2215626e8f\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\8f92be4c9fec453da8fc8098\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\8f92be4c9fec453da8fc8098\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\8f92be4c9fec453da8fc8098\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\91bf880afd354b43294234a1\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\91bf880afd354b43294234a1\#settings
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\91bf880afd354b43294234a1\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\91f85f478c1c439c53822886\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\91f85f478c1c439c53822886\#startup


C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\9b650a350a054939e427118c\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\9b650a350a054939e427118c\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\a1269440327a490db6f32f8d\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\a1269440327a490db6f32f8d\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\a5ed6e4f11244eb604374586\#data
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\a5ed6e4f11244eb604374586\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\a5ed6e4f11244eb604374586\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\aa51b7d206064486cb3ea89d\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\aa51b7d206064486cb3ea89d\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\aa90df7c886b4ecec668168e\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\aa90df7c886b4ecec668168e\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\b065e545bf334c099bfa09ab\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\b065e545bf334c099bfa09ab\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\b1240d4e172f403cb3526898\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\b1240d4e172f403cb3526898\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\b5a952d74ef74a8d8469d195\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\b5a952d74ef74a8d8469d195\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\bc347cc5c9f3488e8b09ef87\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\bc347cc5c9f3488e8b09ef87\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\bcd16634ccf24515a0b453bc\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\bcd16634ccf24515a0b453bc\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\c008f69fa1374707abdb0493\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\c008f69fa1374707abdb0493\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\c542753e1229492839a34884\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\c542753e1229492839a34884\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\c8090bc9e52a48cb8d48ce89\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\c8090bc9e52a48cb8d48ce89\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\d23c1c9d9533440164f784a7\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\d23c1c9d9533440164f784a7\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\d50ba1184fa240fbe33154b7\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\d50ba1184fa240fbe33154b7\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\dd1f1e07d2d74f6c529b81bb\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\dd1f1e07d2d74f6c529b81bb\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\e6914b4771054a8c71edd089\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\e6914b4771054a8c71edd089\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\e7c4297b6330431ad6ba98a3\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\e7c4297b6330431ad6ba98a3\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\e963d1d133344457f429499a\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\e963d1d133344457f429499a\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\eaaa2c21a0964ce7a5e448bf\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\eaaa2c21a0964ce7a5e448bf\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\eb8752ef9c73443ec239e5ae\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\eb8752ef9c73443ec239e5ae\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\ec7dcbf7a02f4bb7b43a6a95\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\ec7dcbf7a02f4bb7b43a6a95\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\f0819f609d304db570a28c8a\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\f0819f609d304db570a28c8a\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\f348f366f8e74271b1371488\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\f348f366f8e74271b1371488\#startup
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\fd43be11b9ea4152f434e2b1\#internal
C:\Program Files\winantispyware 2007\RTMonitor.dat\a1350906caf4484b4eab5a96\fd43be11b9ea4152f434e2b1\#startup
C:\Program Files\winantispyware 2007\scanlog.xml
C:\Program Files\winantispyware 2007\settings.ini
C:\Program Files\winantispyware 2007\shellext.xml
C:\Program Files\winantispyware 2007\sr.log
C:\Program Files\winantispyware 2007\Summary.dat
C:\Program Files\winantispyware 2007\support.url
C:\Program Files\winantispyware 2007\tasks.dat
C:\Program Files\winantispyware 2007\threatnet.dat
C:\Program Files\winantispyware 2007\threatnet.ini
C:\Program Files\winantispyware 2007\unins000.dat
C:\Program Files\winantispyware 2007\unins000.exe
C:\Program Files\winantispyware 2007\uninstall.ico
C:\Program Files\winantispyware 2007\UnWizard.exe
C:\Program Files\winantispyware 2007\unwizard.xml
C:\Program Files\winantispyware 2007\up.dat
C:\Program Files\winantispyware 2007\updater.dat
C:\Program Files\winantispyware 2007\was7.exe
C:\Program Files\winantispyware 2007\WAS7.url
C:\Program Files\winantispyware 2007\WAS7.xml
C:\WINDOWS\7search.dll
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\crosof~1.net
C:\WINDOWS\crosof~1.net\rundll.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\pbar.dll
C:\WINDOWS\poolsv.exe
C:\WINDOWS\saiemod.dll
C:\WINDOWS\stcloader.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\system32\B0
C:\WINDOWS\system32\B0\mwspasrt83122.exe
C:\WINDOWS\system32\B1
C:\WINDOWS\system32\B1\wr73.exe
C:\WINDOWS\system32\B2
C:\WINDOWS\system32\B2\st2.exe
C:\WINDOWS\system32\B3
C:\WINDOWS\system32\B5
C:\WINDOWS\system32\B5\z53.exe
C:\WINDOWS\system32\drivers\ApiMon.sys
C:\WINDOWS\system32\drivers\fopn.sys
 
Final part of Combofix log:

C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\system32\msdn_lib.dll
C:\WINDOWS\system32\msixu.dll
C:\WINDOWS\system32\ogydvkmn.exe
C:\WINDOWS\system32\sl.bin
C:\WINDOWS\system32\stera.exe
C:\WINDOWS\system32\sxdxvooj.exe
C:\WINDOWS\system32\uypetspj.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wer8274.dll
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\wnscpsv32.exe
C:\WINDOWS\system32\wptftks.dll
C:\WINDOWS\tk58.exe
C:\WINDOWS\voiceip.dll
C:\WINDOWS\wml.exe


((((((((((((((((((((((((( Files Created from 2007-06-17 to 2007-07-17 )))))))))))))))))))))))))))))))


2007-07-16 23:10 <DIR> d-------- C:\HJT
2007-07-13 00:22 736,352 -r-hs---- C:\WINDOWS\amwnmdoA.exe
2007-07-13 00:22 54,784 --a------ C:\WINDOWS\amwnmdo.exe
2007-07-13 00:22 <DIR> d-------- C:\WINDOWS\SYSTEM32\driver
2007-07-13 00:22 <DIR> d-------- C:\WINDOWS\SYSTEM32\b10FdUe
2007-07-13 00:22 <DIR> d-------- C:\Temp\brr
2007-07-13 00:22 <DIR> d-------- C:\Temp\0c2


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-17 03:27:06 12 ----a-w C:\WINDOWS\system32\sl.bin
2007-07-17 03:24:52 -------- d-----w C:\Program Files\Movie Maker
2007-07-16 10:37:44 -------- d-----w C:\Program Files\NetZero
2007-07-13 04:22:47 49,152 ----a-w C:\WINDOWS\TISKY009.exe
2007-07-11 22:15:15 1,802 ----a-w C:\DOCUME~1\Scott\APPLIC~1\wklnhst.dat
2007-06-21 22:57:37 -------- d-----w C:\Program Files\Google
2007-06-18 00:25:39 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-18 00:25:39 -------- d-----w C:\Program Files\Dearborn
2007-06-17 04:11:58 51,200 ----a-w C:\WINDOWS\nircmd.exe
2007-06-12 03:08:37 2,938 ----a-w C:\WINDOWS\system32\tmp.reg
2007-06-12 02:41:31 4 ----a-w C:\WINDOWS\system32\stfv.bin
2007-06-12 00:27:51 18,432 ----a-w C:\WINDOWS\sysrlb32.exe
2007-06-09 17:28:54 10,240 ----a-w C:\WINDOWS\vxddsk.exe
2007-06-09 17:28:33 801 ----a-w C:\WINDOWS\system32\drivers\system_stable_header_small.gif
2007-06-09 17:28:33 567 ----a-w C:\WINDOWS\system32\drivers\users_rating.gif
2007-06-09 17:28:33 291 ----a-w C:\WINDOWS\system32\drivers\v.gif
2007-06-09 17:28:33 283 ----a-w C:\WINDOWS\system32\drivers\x.gif
2007-06-09 17:28:32 6,533 ----a-w C:\WINDOWS\system32\drivers\system_stable_box_small.jpg
2007-06-09 17:28:32 579 ----a-w C:\WINDOWS\system32\drivers\spy_away_header_small.gif
2007-06-09 17:28:32 15,075 ----a-w C:\WINDOWS\system32\drivers\system_stable_box.jpg
2007-06-09 17:28:32 1,636 ----a-w C:\WINDOWS\system32\drivers\system_stable_header.gif
2007-06-09 17:28:31 5,097 ----a-w C:\WINDOWS\system32\drivers\spy_away_box_small.jpg
2007-06-09 17:28:31 14,484 ----a-w C:\WINDOWS\system32\drivers\protect.gif
2007-06-09 17:28:31 13,618 ----a-w C:\WINDOWS\system32\drivers\spy_away_box.jpg
2007-06-09 17:28:31 1,139 ----a-w C:\WINDOWS\system32\drivers\spy_away_header.gif
2007-06-09 17:28:30 841 ----a-w C:\WINDOWS\system32\drivers\perfect_cleaner_header_small.gif
2007-06-09 17:28:30 4,557 ----a-w C:\WINDOWS\system32\drivers\perfect_cleaner_box_small.jpg
2007-06-09 17:28:30 10,260 ----a-w C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
2007-06-09 17:28:30 1,804 ----a-w C:\WINDOWS\system32\drivers\perfect_cleaner_header.gif
2007-06-09 17:28:29 811 ----a-w C:\WINDOWS\system32\drivers\download_btn.gif
2007-06-09 17:28:29 737 ----a-w C:\WINDOWS\system32\drivers\logo_bg.gif
2007-06-09 17:28:29 580 ----a-w C:\WINDOWS\system32\drivers\features.gif
2007-06-09 17:28:29 3,099 ----a-w C:\WINDOWS\system32\drivers\logo.gif
2007-06-09 17:28:28 746 ----a-w C:\WINDOWS\system32\drivers\buy_btn.gif
2007-06-09 17:28:28 50,250 ----a-w C:\WINDOWS\system32\drivers\pt.htm
2007-06-09 17:28:28 427 ----a-w C:\WINDOWS\system32\drivers\4_stars.gif
2007-06-09 17:28:28 365 ----a-w C:\WINDOWS\system32\drivers\5_stars.gif
2007-06-09 17:28:27 945 ----a-w C:\WINDOWS\system32\drivers\s_detect.htm
2007-06-09 17:28:27 6,575 ----a-w C:\WINDOWS\system32\drivers\remove_spyware_button.gif
2007-06-09 17:28:27 6,373 ----a-w C:\WINDOWS\system32\drivers\secuity_center_logo.gif
2007-06-09 17:28:26 64 ----a-w C:\WINDOWS\system32\drivers\close_icon.gif
2007-06-09 17:28:26 4,825 ----a-w C:\WINDOWS\system32\drivers\detect.htm
2007-06-09 17:28:26 360 ----a-w C:\WINDOWS\system32\drivers\header_bg.gif
2007-06-09 17:28:26 2,186 ----a-w C:\WINDOWS\system32\drivers\alert_icon.gif
2007-06-09 17:28:26 1,014 ----a-w C:\WINDOWS\system32\drivers\icon_warning.gif
2007-06-05 01:30:22 -------- d-----w C:\Program Files\Common Files\Scanner
2007-06-05 01:30:15 -------- d-----w C:\Program Files\Yahoo!
2007-06-03 15:26:22 -------- d-----w C:\Program Files\Windows Defender
2007-06-03 15:12:28 -------- d-----w C:\Program Files\Verizon Games on Demand Player
2007-06-03 15:12:23 -------- d-----w C:\Program Files\QuickTime
2007-06-03 15:12:22 -------- d-----w C:\Program Files\OfficeUpdate11
2007-06-03 15:12:20 -------- d-----w C:\Program Files\Modem Helper
2007-06-03 15:12:19 -------- d-----w C:\Program Files\McAfee.com
2007-06-03 15:12:14 -------- d-----w C:\Program Files\Intel
2007-06-03 15:12:11 -------- d-----w C:\Program Files\Connection Wizard
2007-06-03 15:12:09 -------- d-----w C:\Program Files\Common Files\aolshare
2007-06-03 15:12:06 -------- d-----w C:\Program Files\America Online 9.0
2007-06-03 15:12:02 -------- d-----w C:\Program Files\myCleanerPC
2007-06-03 03:16:14 54,784 ----a-w C:\WINDOWS\bawiabh.exe
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe


2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2005-09-04 16:26:07 720,562 ----a-w C:\Program Files\nero_photoshow_express_setup_intl_us.exe
2005-04-26 01:58:34 1,094,021 ----a-w C:\Program Files\dvdshrink32setup.zip
2005-04-24 01:35:04 615,152 ----a-w C:\Program Files\NetzeroSetup.exe
1989-12-12 14:10:10 326,352 --sh--r C:\WINDOWS\bawiabhA.exe
2005-10-19 03:18:19 28,173 --sha-w C:\WINDOWS\SYSTEM32\gebyx.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2005-11-21 15:54 399424 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2003-11-03 15:17 54248 --a------ C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BDA388D-57BB-4F99-A2B4-99DF8A0E2BAC}]
C:\Program Files\ComPlus Applications\mewody83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
2004-12-06 02:05 118842 --a------ C:\WINDOWS\system32\dla\tfswshx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-07-12 04:00 501136 --a------ C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-20 00:55 2403392 -ra------ c:\program files\google\googletoolbar4.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
2007-06-27 07:22 325048 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 11:43]
"P17Helper"="P17.dll" [2004-06-10 12:51 C:\WINDOWS\SYSTEM32\P17.dll]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 17:54]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-11-07 16:41]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe" [2006-11-07 16:41]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-10-22 18:49]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetZero_uoltray"="C:\Program Files\NetZero\exec.exe" [2005-06-28 15:23]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2003-10-14 05:15]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-27 07:22]
"Uaol"="C:\WINDOWS\CROSOF~1.NET\rundll.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Movie Maker\rterelehdu.html
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
Source= C:\WINDOWS\warnhp.html
FriendlyName= Desktop Uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcyaab]
efcyaab.dll


HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999}
C:\WINDOWS\system32\msorcl32.exe

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{Y479C6D0-OTRW-U5GH-S1EE-E02310B4E666}
C:\WINDOWS\system32\tmrsrv32.exe

Contents of the 'Scheduled Tasks' folder
2007-07-10 18:24:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-17 03:06:53 C:\WINDOWS\tasks\MP Scheduled Scan.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-16 23:30:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-16 23:30:40 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-16 23:30
C:\ComboFix2.txt ... 2007-06-11 20:49

--- E O F ---
 
HJT log

Here is the HJT log

Logfile of HijackThis v1.99.1
Scan saved at 11:36:46 PM, on 7/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\tmrsrv32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Hijack This\hjt.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=1.0&bm=ho_home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5BDA388D-57BB-4F99-A2B4-99DF8A0E2BAC} - C:\Program Files\ComPlus Applications\mewody83122.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uaol] "C:\WINDOWS\CROSOF~1.NET\rundll.exe" -vt yazb
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Verizon Central - {5B3FB261-CF72-4c66-B314-8E6FF9980307} - www.verizon.net (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://locator1.cdn.imagesrvr.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://verizon.exent.com/vzunlimited/classes/ExentCtl.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O20 - Winlogon Notify: efcyaab - efcyaab.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

Thanks PS
 
Hello Scott, you can see how bad this infection was from the combofix log, until the legal system does something about these folks, all we can do is plug away at them. Here is information for you.
Since there is a class action involving this one, you may want to view this information:
http://www.networkworld.com/news/2007/030807-mystery-around-winfixer-slowly-unravels.html
http://www.youtube.com/watch?v=zBUZHiKhsog
http://msmvps.com/blogs/spywaresucks/search.aspx?q=winfixer+msn
http://www.revenews.com/wayneporter.../getting_the_fix_on_winfixer_aol_network_now/
http://www.malwarecomplaints.info/ <<< complain here

It looks like combofix did a great job with the junk, there is malware left, we will remove it manually and run a good scan to see how things are.

1) How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm. Click OK.
You may reverse this for safety when we are finished.

2) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.

3) We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
Open Windows Defender, Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.

4) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O2 - BHO: (no name) - {5BDA388D-57BB-4F99-A2B4-99DF8A0E2BAC} - C:\Program Files\ComPlus Applications\mewody83122.dll (file missing)
O4 - HKCU\..\Run: [Uaol] "C:\WINDOWS\CROSOF~1.NET\rundll.exe" -vt yazb
(if you are positive the next item is safe in the TZ, you may leave it)
O15 - Trusted Zone: http://locator1.cdn.imagesrvr.com
O20 - Winlogon Notify: efcyaab - efcyaab.dll (file missing)

Close all programs but HJT and all browser windows, then click on "Fix Checked"

5) RIGHT Click on Start then click on Explore. Locate and delete these items:

C:\WINDOWS\CROSOF~1.NET\ <<< delete that folder if there

C:\WINDOWS\system32\tmrsrv32.exe <<< delete that file

(this file may give you trouble, if it does use this tool and instructions)
How to use the Delete on Reboot tool
http://www.bleepingcomputer.com/tutorials/tutorial42.html#delreb

6) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

7) Run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner

Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make that the following are selected:
* Scan using the following Anti-Virus database:
* Standard
* Scan Options:
* Scan Archives
* Scan Mail Bases
* Click OK
* Now under select a target to scan:
* Select My Computer
* This will program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
* Now click on the Save as Text button:
* Save the file to your desktop.

8) Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
(You may edit out Microsoft, Hotfixes, Security Update for Windows XP, Update for Windows XP and Windows XP Hotfix to shorten the list)

Restart the computer and post the uninstall list, the report from the Kaspersky scan, a new HJT log and any comments you think will help. Let me know how the computer is running.

Thanks...Phil
 
I will have to do multiple replies again. Thanks for all your help.

Here is the Kapersky:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, July 17, 2007 11:38:55 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 17/07/2007
Kaspersky Anti-Virus database records: 340882
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 78978
Number of viruses found: 31
Number of infected objects: 207
Number of suspicious objects: 0
Duration of the scan process: 00:48:45

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_5b150187-0f05-4c72-917c-77c8e6964ac4 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a0cb2472c99f005c6126760533c20ac5_5b150187-0f05-4c72-917c-77c8e6964ac4 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-06032007-112645.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Scott\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Scott\Desktop\backups\backup-20070611-225543-132.dll Infected: Packed.Win32.Klone.j skipped
C:\Documents and Settings\Scott\Desktop\backups\backup-20070611-225543-164.dll Infected: Packed.Win32.Klone.j skipped
C:\Documents and Settings\Scott\Desktop\backups\backup-20070611-225543-821.dll Infected: Trojan-Downloader.Win32.VB.apq skipped
C:\Documents and Settings\Scott\Desktop\backups\backup-20070611-225543-842.dll Infected: Packed.Win32.Klone.j skipped
C:\Documents and Settings\Scott\Desktop\backups\backup-20070611-225543-962.dll Infected: Packed.Win32.Klone.j skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Musicmatch\Jukebox\mmjbaltlog.txt Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Musicmatch\Jukebox\mmjblog.txt Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Musicmatch\MIM\Database\Default.ldb Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\History\History.IE5\MSHist012007071720070718\index.dat Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Temp\JET950C.tmp Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Temp\Perflib_Perfdata_acc.dat Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Scott\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Scott\ntuser.dat.LOG Object is locked skipped
C:\Program Files\NetZero\BootExceptions.log Object is locked skipped
C:\Program Files\NetZero\ExecExceptions.log Object is locked skipped
C:\Program Files\NetZero\IspDblog.txt Object is locked skipped
C:\Program Files\NetZero\MainExceptions.log Object is locked skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD8.tmp Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\QooBox\Quarantine\C\Program Files\Movie Maker\qujawine.dll.vir Infected: Trojan.Win32.BHO.ab skipped
C:\QooBox\Quarantine\C\Program Files\poolsv\k11u72.exe.vir/data0005 Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\QooBox\Quarantine\C\Program Files\poolsv\k11u72.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\Program Files\poolsv\YazzleBundle-1549.exe.vir/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\QooBox\Quarantine\C\Program Files\poolsv\YazzleBundle-1549.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\w.exe.vir Infected: Trojan-Downloader.Win32.Agent.aie skipped
C:\QooBox\Quarantine\C\WINDOWS\dls0523pmw.exe.vir Infected: Trojan-Downloader.Win32.Zlob.bqw skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\B1\wr73.exe.vir Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\B2\st2.exe.vir Infected: Trojan-Dropper.Win32.Agent.bfr skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\B5\z53.exe.vir Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\cghvjarg.dll.vir Infected: Trojan.Win32.BHO.o skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\CURITY~1\smss.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.af skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\msdn_lib.dll.vir Infected: Trojan-Downloader.Win32.VB.apq skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\reohhvcm.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\rmuymrjg.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\T3\am67.exe.vir Infected: Trojan.Win32.BHO.ab skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\T4\amst5.exe.vir Infected: Trojan-Dropper.Win32.Agent.bfr skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\tcdaeifa.dll.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\wmvds32.dll.vir Infected: Trojan-Downloader.Win32.VB.asx skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\~.exe.vir Infected: Trojan-Downloader.Win32.VB.axs skipped
C:\QooBox\Quarantine\C\WINDOWS\tk58.exe.vir Infected: Trojan.Win32.BHO.ab skipped
C:\QooBox\Quarantine\catchme2007-06-11_204841.23.zip/core.sys Infected: Rootkit.Win32.Agent.eq skipped
C:\QooBox\Quarantine\catchme2007-06-11_204841.23.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP598\A0040536.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP600\A0040578.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP600\A0040580.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP601\A0040625.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP601\A0040626.sys Infected: Trojan.Win32.Agent.ny skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP601\A0040630.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP612\A0041863.exe Infected: Trojan.Win32.VB.azo skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP612\A0041866.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP612\A0041867.exe Infected: Trojan.Win32.Agent.anr skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP612\A0041868.exe Infected: Trojan-Clicker.Win32.Small.mw skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP612\A0041870.exe Infected: Trojan.Win32.Agent.anr skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP612\A0041871.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP612\A0041872.exe Infected: Trojan.Win32.Small.ju skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP612\A0041873.exe Infected: Trojan.Win32.Small.ju skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP612\A0041874.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP612\A0041876.exe Infected: Trojan.Win32.Agent.anr skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP612\A0041883.dll Infected: Trojan-Clicker.Win32.Small.mw skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP613\A0041899.exe Infected: Trojan-Downloader.Win32.VB.axs skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP613\A0041900.exe Infected: Trojan-Downloader.Win32.Agent.aie skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP613\A0041903.exe Infected: Trojan-Downloader.Win32.PurityScan.af skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP613\A0041905.exe Infected: Trojan-Dropper.Win32.Agent.bfr skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP613\A0041906.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP613\A0041909.exe Infected: Trojan-Downloader.Win32.Zlob.bqw skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP613\A0041911.dll Infected: Trojan-Downloader.Win32.VB.asx skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP641\A0042678.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP641\A0042679.exe Infected: Trojan-Downloader.Win32.Zlob.bqw skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP641\A0042680.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP641\A0042681.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP641\A0042682.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP641\A0042683.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP641\A0042684.exe Infected: Trojan.Win32.StartPage.ahg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP641\A0042685.exe Infected: Trojan.Win32.StartPage.ahg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP641\A0042687.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP641\A0042700.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP642\A0042708.exe Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP642\A0042724.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP644\A0042765.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP645\A0042772.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP645\A0042781.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP645\A0042787.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP646\A0042798.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP646\A0042808.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP647\A0042811.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP649\A0042837.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP650\A0042849.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP650\A0042853.exe/data0005 Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP650\A0042853.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP650\A0042855.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP650\A0042855.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP650\A0042872.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP650\A0042873.exe Infected: Trojan-Dropper.Win32.Agent.bfr skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP650\A0042874.exe Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP650\A0042875.dll Infected: Trojan-Downloader.Win32.VB.apq skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP650\A0042896.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP650\A0042898.dll Infected: Trojan.Win32.BHO.o skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP650\A0042901.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP650\A0042902.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP650\change.log Object is locked skipped
C:\VundoFix Backups\afjkqhod.dll.bad Infected: Trojan.Win32.BHO.bd skipped
C:\VundoFix Backups\bmiannkf.exe.bad Infected: Trojan.Win32.Agent.anr skipped
C:\VundoFix Backups\cocqymnj.exe.bad Infected: Trojan-Clicker.Win32.Small.mw skipped
C:\VundoFix Backups\fcyirgig.exe.bad Infected: Trojan.Win32.Agent.anr skipped
C:\VundoFix Backups\hxtryjvv.dll.bad Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\VundoFix Backups\iyulgape.exe.bad Infected: Trojan.Win32.Small.ju skipped
C:\VundoFix Backups\j3211432.dll.bad Infected: Trojan-Clicker.Win32.Small.mw skipped
C:\VundoFix Backups\muwlaxmg.exe.bad Infected: Trojan.Win32.Small.ju skipped
C:\VundoFix Backups\rvqnduwu.dll.bad Infected: Trojan.Win32.BHO.bd skipped
C:\VundoFix Backups\vjqvoxoy.exe.bad Infected: Trojan.Win32.Agent.anr skipped
C:\WINDOWS\$NtUninstallKB912812$\wininet.dll Infected: Virus.Win32.Nsag.b skipped
C:\WINDOWS\amwnmdo.exe Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\WINDOWS\bawiabh.exe Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Intel(R) 537EP V9x DF PCI Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{441BD15D-FCA0-4E3B-B942-1D5BE814353D}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\sysrlb32.exe Infected: Trojan.Win32.VB.azo skipped
C:\WINDOWS\SYSTEM32\akgrheli.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\aoihiqmt.exe Infected: Trojan.Win32.Agent.ny skipped
C:\WINDOWS\SYSTEM32\auqdytrh.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\b10FdUe\b10FdUe1099.exe Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\WINDOWS\SYSTEM32\bnsadwli.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\bopjqxue.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\bpwhtooe.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\brikjfsn.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\btyjrwql.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\buptabwn.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\cawlmpct.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\ccyjucrr.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\cgrqgnot.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\chillwjn.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\cktofrji.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
 
Here is the rest of the Kapersky:

C:\WINDOWS\SYSTEM32\CONFIG\Media Ce.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\coqxdpuq.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\cxnykxtk.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\cyykwmes.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\dfewjtnt.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\djajvmsg.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\dliwswvw.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\duwqkpoh.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\eflnoybc.exe Infected: Trojan.Win32.Agent.ny skipped
C:\WINDOWS\SYSTEM32\eslfcnux.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\fcyiykrc.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\fgaaidgb.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\fidhldsn.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\fnostvjv.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\fpvpefiv.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\fyreulea.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\gebyx.dll Infected: Trojan-Downloader.Win32.Agent.yf skipped
C:\WINDOWS\SYSTEM32\geofxaou.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\gmciduwm.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\gnfylqgk.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\gpdvrlbd.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\gwabwkog.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\hbekrkrm.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\hgkjamal.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\hyibrkvy.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\ipfncxkk.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\ipnoihep.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\isymtnle.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\jfoixhwm.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\jfutatme.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\jlmamssm.exe Infected: Trojan.Win32.Agent.ny skipped
C:\WINDOWS\SYSTEM32\jncqaufc.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\joeefpls.exe Infected: Trojan.Win32.Agent.ny skipped
C:\WINDOWS\SYSTEM32\jqxxddxw.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\kapmdxnx.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\kdvqecpy.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\keifummk.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\kswmuqwu.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\lubxtbio.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\lvonpxjs.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\lwlfdpul.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\mbvveqwj.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\miqfahst.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\msorcl32.exe Infected: not-virus:Hoax.Win32.Renos.fn skipped
C:\WINDOWS\SYSTEM32\mywkephx.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\negojtsf.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\nnjfkmkk.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\nqdikcji.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\ohktwoxn.exe Infected: Trojan.Win32.Agent.ny skipped
C:\WINDOWS\SYSTEM32\oiqexdpy.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\omeoobnp.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\omrkvupf.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\oqdjudnt.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\peggordo.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\pjwokpdy.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\pjxaappc.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\qegfrkpq.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\qmeulast.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\qmjloadd.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\SYSTEM32\qmucwpjx.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\qvggbvxa.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\reidwmiw.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\rrbaoihg.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\rrhxyjwa.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\rutmngdp.exe Infected: Trojan.Win32.Agent.ny skipped
C:\WINDOWS\SYSTEM32\sbjvlpvo.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\stpohvji.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\swjoepgl.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\syuqbyfc.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\T1QaSQ\T1QaSQ1065.exe Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\WINDOWS\SYSTEM32\T6\amwr.exe Infected: Trojan-Downloader.Win32.Agent.brf skipped
C:\WINDOWS\SYSTEM32\T9\zn531.exe Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\WINDOWS\SYSTEM32\tkdwsenn.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\tklabfcm.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\tkwwukqb.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\tmrsrv32.exe Infected: Trojan-Downloader.Win32.VB.avl skipped
C:\WINDOWS\SYSTEM32\TQ0\am52.exe Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\WINDOWS\SYSTEM32\twiykbek.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\uenlnlbp.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\ugfgpkev.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\unnthjlq.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\uxrfgjyy.exe Infected: Trojan.Win32.Agent.ny skipped
C:\WINDOWS\SYSTEM32\vrjrxwsc.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\vulwtcwu.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\vxruhqlb.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\wamadunj.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wemlwfev.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\wllqgmet.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\wvomxeoy.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\xaerqedq.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\xwaqyefs.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\xysegugt.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\yblimier.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
 
Here is the HJT log

Logfile of HijackThis v1.99.1
Scan saved at 11:50:35 AM, on 7/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\tmrsrv32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Hijack This\hjt.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=1.0&bm=ho_home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Verizon Central - {5B3FB261-CF72-4c66-B314-8E6FF9980307} - www.verizon.net (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://verizon.exent.com/vzunlimited/classes/ExentCtl.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
 
Here is the Uninstall. Computer seems to be working good. Thank you again with all your help.

Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 9 ActiveX
Adobe Photoshop Elements 3.0
Adobe Reader 6.0.1
Adobe Shockwave Player
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
Apple Software Update
ArcSoft Software Suite
Banctec Service Agreement
Canon PhotoRecord
Canon PIXMA iP4000
Canon Utilities Easy-PhotoPrint
Creative MediaSource
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Picture Studio v3.0
DellSupport
Draft Analyzer
DVD Shrink 3.2
Easy-WebPrint
ESPNMotion
GemMaster Mystic
Get High Speed Internet!
Google Earth
Google Toolbar for Internet Explorer
H&R Block Tax Offer
HijackThis 1.99.1
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java DB 10.2.2.0
Java(TM) 6 Update 2
Java(TM) SE Development Kit 6 Update 2
Kaspersky Online Scanner
Learn2 Player (Uninstall Only)
Macromedia Flash Player
MathPlayer
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Encarta Encyclopedia Standard 2005
Microsoft Money 2005
Microsoft Picture It! Premium 10
Microsoft Streets and Trips 2005
Microsoft Word 2002
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox (2.0.0.4)
MSN
MSN Encarta Plus Support Files
MSN Messenger 6.1
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
Musicmatch® Jukebox
NetZero
NetZero Connection Wizard
Nikon Message Center
Otto
PartyPokerNet
PictureProject
PowerDVD 5.3
QuickBooks Simple Start Special Edition
QuickTime
RealPlayer
Robin Hood: The Legend Of Sherwood Demo
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Series 24 Drill and Practice
Series 7 Drill and Practice
Shockwave
Sonic DLA
Sonic Encoders
Sonic MyDVD
Sonic RecordNow! Plus
Sonic Update Manager
Sound Blaster Live! 24-bit
Spybot - Search & Destroy 1.4
Stronghold Crusader
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB936357)
Verizon Games on Demand Player
Verizon Online
Viewpoint Media Player
WinAntiSpyware 2007 4.0.193.0
Windows Defender
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Yahoo! Anti-Spy
Yahoo! Toolbar
 
There's one thing unusual. Windows Defender detects one High Alert. When I hit Remove All it says "Windows Defender encountered an error 0x8007139f. The group or resource is not in the correct state to perform the requested action."
 
Please take your time, read and follow the instructions carefully. Don't be concerned with Windows Defender just now, if I was a spyware program on this computer I would be screaming too.


Scott, this computer is still badly infected. Look at the Kaspersky results.
Number of viruses found: 31
Number of infected objects: 207

I am trying to figure the best way to kill this junk besides doing it manually. You have many problems in your C:\Windows\System32\ folder. I strongly suggest you keep this computer offline except when troubleshooting. This is going to take a while.

You have a load of junk backed up in backups, quarantines, System Restore, besides a load of other junk. Let's go after ths stuff slowly like this.

1) C:\Documents and Settings\Scott\Desktop\backups\ <<< start here, you should have moved this backup folder with the HJT.exe to here:
C:\Hijack This\hjt.exe.exe <<< if you moved backups it will be in the C:\Hijakc This\ folder, but check in both placed. Open that backup folder like this: Open HJT > Open Main Menu > View the list of backups > Delete All of those backups

2) C:\Program Files\Yahoo!\YPSR\Quarantine\ <<< delete everything that is in that quarantine folder

3) C:\QooBox\ <<< delete that folder, also delete combofix completely from your computer. We will download it again if we need it.

4) C:\System Volume Information\_restore These are your System Restore files and we will have to do this again later, please follow these directions:
System Restore does not know the good files from the bad. Bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

5) C:\VundoFix Backups\ <<< delete that folder, and remove any of the Vundofix tool that is still on your computer.

Please make sure you have followed the directions above completely, I believe from the looks of things that the infection was too massive for the tools to clean it at once. Many files are still showing in the System32 folder as I stated and we will probably need to delete them manually, but let's give the tools another chance.

Restart the computer and download combofix NEW and follow the directions.

6) Thanks to sUBs and anyone else who helped with this fix.

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

7) I need to point out to you that this item: C:\WINDOWS\system32\tmrsrv32.exe is still in the log you just posted.
Logfile of HijackThis v1.99.1 Scan saved at 11:50:35 AM, on 7/17/2007
You may want to look at the delete on reboot instructions again, that item needs to go and I can't remove it for you from here.
Look at the log, you can not miss it.
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\tmrsrv32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

8) Post the combofix results, once you have them posted...

9) Run another Kaspersky scan results and post those.

Thanks
 
Last edited:
One problem. I can't delete the C:\Windows\system32\wscntfy.exe file or the C:\Windows\system32\tmrsrv32.exe items. I get the following message: "Access is denied. Make sure the disk is not write protected and tha tthe file is not currently in use." Also, did you want me to delete C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe.

Here is the Combofix log:

Scott" - 2007-07-17 19:12:44 - ComboFix 07-07-13.8 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\sl.bin


((((((((((((((((((((((((( Files Created from 2007-06-17 to 2007-07-17 )))))))))))))))))))))))))))))))


2007-07-17 19:12 1,168,935 --a------ C:\ComboFix.exe
2007-07-17 10:28 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2007-07-17 10:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-07-16 23:10 <DIR> d-------- C:\HJT
2007-07-13 00:22 736,352 -r-hs---- C:\WINDOWS\amwnmdoA.exe
2007-07-13 00:22 54,784 --a------ C:\WINDOWS\amwnmdo.exe
2007-07-13 00:22 <DIR> d-------- C:\WINDOWS\SYSTEM32\driver
2007-07-13 00:22 <DIR> d-------- C:\WINDOWS\SYSTEM32\b10FdUe
2007-07-13 00:22 <DIR> d-------- C:\Temp\brr
2007-07-13 00:22 <DIR> d-------- C:\Temp\0c2


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-17 03:24:52 -------- d-----w C:\Program Files\Movie Maker
2007-07-16 10:37:44 -------- d-----w C:\Program Files\NetZero
2007-07-13 04:22:47 49,152 ----a-w C:\WINDOWS\TISKY009.exe
2007-07-11 22:15:15 1,802 ----a-w C:\DOCUME~1\Scott\APPLIC~1\wklnhst.dat
2007-06-21 22:57:37 -------- d-----w C:\Program Files\Google
2007-06-18 00:25:39 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-18 00:25:39 -------- d-----w C:\Program Files\Dearborn
2007-06-17 04:11:58 51,200 ----a-w C:\WINDOWS\nircmd.exe
2007-06-12 03:08:37 2,938 ----a-w C:\WINDOWS\system32\tmp.reg
2007-06-12 02:41:31 4 ----a-w C:\WINDOWS\system32\stfv.bin
2007-06-12 00:27:51 18,432 ----a-w C:\WINDOWS\sysrlb32.exe
2007-06-09 17:28:54 10,240 ----a-w C:\WINDOWS\vxddsk.exe
2007-06-09 17:28:33 801 ----a-w C:\WINDOWS\system32\drivers\system_stable_header_small.gif
2007-06-09 17:28:33 567 ----a-w C:\WINDOWS\system32\drivers\users_rating.gif
2007-06-09 17:28:33 291 ----a-w C:\WINDOWS\system32\drivers\v.gif
2007-06-09 17:28:33 283 ----a-w C:\WINDOWS\system32\drivers\x.gif
2007-06-09 17:28:32 6,533 ----a-w C:\WINDOWS\system32\drivers\system_stable_box_small.jpg
2007-06-09 17:28:32 579 ----a-w C:\WINDOWS\system32\drivers\spy_away_header_small.gif
2007-06-09 17:28:32 15,075 ----a-w C:\WINDOWS\system32\drivers\system_stable_box.jpg
2007-06-09 17:28:32 1,636 ----a-w C:\WINDOWS\system32\drivers\system_stable_header.gif
2007-06-09 17:28:31 5,097 ----a-w C:\WINDOWS\system32\drivers\spy_away_box_small.jpg
2007-06-09 17:28:31 14,484 ----a-w C:\WINDOWS\system32\drivers\protect.gif
2007-06-09 17:28:31 13,618 ----a-w C:\WINDOWS\system32\drivers\spy_away_box.jpg
2007-06-09 17:28:31 1,139 ----a-w C:\WINDOWS\system32\drivers\spy_away_header.gif
2007-06-09 17:28:30 841 ----a-w C:\WINDOWS\system32\drivers\perfect_cleaner_header_small.gif
2007-06-09 17:28:30 4,557 ----a-w C:\WINDOWS\system32\drivers\perfect_cleaner_box_small.jpg
2007-06-09 17:28:30 10,260 ----a-w C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
2007-06-09 17:28:30 1,804 ----a-w C:\WINDOWS\system32\drivers\perfect_cleaner_header.gif
2007-06-09 17:28:29 811 ----a-w C:\WINDOWS\system32\drivers\download_btn.gif
2007-06-09 17:28:29 737 ----a-w C:\WINDOWS\system32\drivers\logo_bg.gif
2007-06-09 17:28:29 580 ----a-w C:\WINDOWS\system32\drivers\features.gif
2007-06-09 17:28:29 3,099 ----a-w C:\WINDOWS\system32\drivers\logo.gif
2007-06-09 17:28:28 746 ----a-w C:\WINDOWS\system32\drivers\buy_btn.gif
2007-06-09 17:28:28 50,250 ----a-w C:\WINDOWS\system32\drivers\pt.htm
2007-06-09 17:28:28 427 ----a-w C:\WINDOWS\system32\drivers\4_stars.gif
2007-06-09 17:28:28 365 ----a-w C:\WINDOWS\system32\drivers\5_stars.gif
2007-06-09 17:28:27 945 ----a-w C:\WINDOWS\system32\drivers\s_detect.htm
2007-06-09 17:28:27 6,575 ----a-w C:\WINDOWS\system32\drivers\remove_spyware_button.gif
2007-06-09 17:28:27 6,373 ----a-w C:\WINDOWS\system32\drivers\secuity_center_logo.gif
2007-06-09 17:28:26 64 ----a-w C:\WINDOWS\system32\drivers\close_icon.gif
2007-06-09 17:28:26 4,825 ----a-w C:\WINDOWS\system32\drivers\detect.htm
2007-06-09 17:28:26 360 ----a-w C:\WINDOWS\system32\drivers\header_bg.gif
2007-06-09 17:28:26 2,186 ----a-w C:\WINDOWS\system32\drivers\alert_icon.gif
2007-06-09 17:28:26 1,014 ----a-w C:\WINDOWS\system32\drivers\icon_warning.gif
2007-06-05 01:30:22 -------- d-----w C:\Program Files\Common Files\Scanner
2007-06-05 01:30:15 -------- d-----w C:\Program Files\Yahoo!
2007-06-03 15:26:22 -------- d-----w C:\Program Files\Windows Defender
2007-06-03 15:12:28 -------- d-----w C:\Program Files\Verizon Games on Demand Player
2007-06-03 15:12:23 -------- d-----w C:\Program Files\QuickTime
2007-06-03 15:12:22 -------- d-----w C:\Program Files\OfficeUpdate11
2007-06-03 15:12:20 -------- d-----w C:\Program Files\Modem Helper
2007-06-03 15:12:19 -------- d-----w C:\Program Files\McAfee.com
2007-06-03 15:12:14 -------- d-----w C:\Program Files\Intel
2007-06-03 15:12:11 -------- d-----w C:\Program Files\Connection Wizard
2007-06-03 15:12:09 -------- d-----w C:\Program Files\Common Files\aolshare
2007-06-03 15:12:06 -------- d-----w C:\Program Files\America Online 9.0
2007-06-03 15:12:02 -------- d-----w C:\Program Files\myCleanerPC
2007-06-03 03:16:14 54,784 ----a-w C:\WINDOWS\bawiabh.exe
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2005-09-04 16:26:07 720,562 ----a-w C:\Program Files\nero_photoshow_express_setup_intl_us.exe
2005-04-26 01:58:34 1,094,021 ----a-w C:\Program Files\dvdshrink32setup.zip
2005-04-24 01:35:04 615,152 ----a-w C:\Program Files\NetzeroSetup.exe
1989-12-12 14:10:10 326,352 --sh--r C:\WINDOWS\bawiabhA.exe
2005-10-19 03:18:19 28,173 --sha-w C:\WINDOWS\SYSTEM32\gebyx.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2005-11-21 15:54 399424 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2003-11-03 15:17 54248 --a------ C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
2004-12-06 02:05 118842 --a------ C:\WINDOWS\system32\dla\tfswshx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-07-12 04:00 501136 --a------ C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-20 00:55 2403392 -ra------ c:\program files\google\googletoolbar4.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
2007-06-27 07:22 325048 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 11:43]
"P17Helper"="P17.dll" [2004-06-10 12:51 C:\WINDOWS\SYSTEM32\P17.dll]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 17:54]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-11-07 16:41]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe" [2006-11-07 16:41]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-10-22 18:49]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetZero_uoltray"="C:\Program Files\NetZero\exec.exe" [2005-06-28 15:23]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2003-10-14 05:15]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-27 07:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Movie Maker\rterelehdu.html
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
Source= C:\WINDOWS\warnhp.html
FriendlyName= Desktop Uninstall


HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999}
C:\WINDOWS\system32\msorcl32.exe

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{Y479C6D0-OTRW-U5GH-S1EE-E02310B4E666}
C:\WINDOWS\system32\tmrsrv32.exe

Contents of the 'Scheduled Tasks' folder
2007-07-17 18:24:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-17 23:07:40 C:\WINDOWS\tasks\MP Scheduled Scan.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-17 19:15:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-17 19:15:56
C:\ComboFix-quarantined-files.txt ... 2007-07-17 19:15

--- E O F ---
 
Here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 7:29:36 PM, on 7/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\tmrsrv32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Hijack This\hjt.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=1.0&bm=ho_home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Verizon Central - {5B3FB261-CF72-4c66-B314-8E6FF9980307} - www.verizon.net (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://verizon.exent.com/vzunlimited/classes/ExentCtl.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

The Kapersky is on the way shortly.
 
One problem. I can't delete the C:\Windows\system32\wscntfy.exe file or the C:\Windows\system32\tmrsrv32.exe items. I get the following message: "Access is denied. Make sure the disk is not write protected and tha tthe file is not currently in use." Also, did you want me to delete C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe.
Click to expand...
Please do not delete anything but the bad file, I simply posted it like that so you could see which file was bad, that is the reason I highlited it in red, so you could see where it is in the HJT log,

C:\WINDOWS\system32\tmrsrv32.exe <<< this is the file we need to delete. Once again, here is information about that file:
http://spywarefiles.prevx.com/RREHCD38818560/TMRSRV32.EXE.html
Did you read the information in that link?

That file must go, start like this:

How to use the Delete on Reboot tool
http://www.bleepingcomputer.com/tutorials/tutorial42.html#delreb
Start Hijackthis
Click on the Config button
Click on the Misc Tools button
Click on the button labeled Delete a file on reboot...
A new window will open asking you to select the file that you would like to delete on reboot. Navigate to the file: C:\WINDOWS\SYSTEM32\tmrsrv32.exe and click on it once, and then click on the Open button.
You will now be asked if you would like to reboot your computer to delete the file. Click on the Yes button if you would like to reboot now.


If you can not delete it with that tool then use these instructions to start your computer in safe mode:
http://spyware-free.us/tutorials/safemode/
Navigate to and delete the file when it is not running.


If you need it, read these instructions then download and use Killbox to remove it:
http://forum.malwareremoval.com/viewtopic.php?t=320


Post the Kaspersky scan results as soon and you have it, post a new HJT log as soon as tmrsrv32.exe has been deleted.

Thanks
 
Here is the Kapersky log. Thanks for all your help.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, July 17, 2007 8:25:42 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 18/07/2007
Kaspersky Anti-Virus database records: 341003
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 72321
Number of viruses found: 12
Number of infected objects: 116
Number of suspicious objects: 0
Duration of the scan process: 00:44:15

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_5b150187-0f05-4c72-917c-77c8e6964ac4 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a0cb2472c99f005c6126760533c20ac5_5b150187-0f05-4c72-917c-77c8e6964ac4 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-06032007-112645.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Scott\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{43279B48-8ECB-4326-AA73-F7929FFC7E25} Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Musicmatch\Jukebox\mmjbaltlog.txt Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Musicmatch\Jukebox\mmjblog.txt Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Musicmatch\MIM\Database\Default.ldb Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\History\History.IE5\MSHist012007071720070718\index.dat Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Temp\JETA354.tmp Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Temp\Perflib_Perfdata_9c0.dat Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Temp\~DF5DD3.tmp Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Scott\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Scott\ntuser.dat.LOG Object is locked skipped
C:\Program Files\NetZero\BootExceptions.log Object is locked skipped
C:\Program Files\NetZero\ExecExceptions.log Object is locked skipped
C:\Program Files\NetZero\IspDblog.txt Object is locked skipped
C:\Program Files\NetZero\MainExceptions.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP653\A0043124.dll Infected: Packed.Win32.Klone.j skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP653\A0043126.dll Infected: Trojan-Downloader.Win32.VB.apq skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP653\A0043129.dll Infected: Packed.Win32.Klone.j skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP653\A0043130.dll Infected: Packed.Win32.Klone.j skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP653\A0043131.dll Infected: Packed.Win32.Klone.j skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP653\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB912812$\wininet.dll Infected: Virus.Win32.Nsag.b skipped
C:\WINDOWS\amwnmdo.exe Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\WINDOWS\bawiabh.exe Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Intel(R) 537EP V9x DF PCI Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{808478FC-0251-4282-AD06-5AFE129DBD79}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\sysrlb32.exe Infected: Trojan.Win32.VB.azo skipped
C:\WINDOWS\SYSTEM32\akgrheli.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\aoihiqmt.exe Infected: Trojan.Win32.Agent.ny skipped
C:\WINDOWS\SYSTEM32\auqdytrh.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\b10FdUe\b10FdUe1099.exe Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\WINDOWS\SYSTEM32\bnsadwli.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\bopjqxue.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\bpwhtooe.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\brikjfsn.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\btyjrwql.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\buptabwn.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\cawlmpct.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\ccyjucrr.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\cgrqgnot.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\chillwjn.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\cktofrji.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Media Ce.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\coqxdpuq.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\cxnykxtk.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\cyykwmes.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\dfewjtnt.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\djajvmsg.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\dliwswvw.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\duwqkpoh.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\eflnoybc.exe Infected: Trojan.Win32.Agent.ny skipped
C:\WINDOWS\SYSTEM32\eslfcnux.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\fcyiykrc.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\fgaaidgb.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\fidhldsn.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\fnostvjv.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\fpvpefiv.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\fyreulea.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\gebyx.dll Infected: Trojan-Downloader.Win32.Agent.yf skipped
C:\WINDOWS\SYSTEM32\geofxaou.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\gmciduwm.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\gnfylqgk.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\gpdvrlbd.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\gwabwkog.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\hbekrkrm.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\hgkjamal.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\hyibrkvy.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\ipfncxkk.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\ipnoihep.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\isymtnle.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\jfoixhwm.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\jfutatme.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\jlmamssm.exe Infected: Trojan.Win32.Agent.ny skipped
C:\WINDOWS\SYSTEM32\jncqaufc.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\joeefpls.exe Infected: Trojan.Win32.Agent.ny skipped
C:\WINDOWS\SYSTEM32\jqxxddxw.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\kapmdxnx.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\kdvqecpy.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\keifummk.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\kswmuqwu.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\lubxtbio.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\lvonpxjs.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\lwlfdpul.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\mbvveqwj.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\miqfahst.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\msorcl32.exe Infected: not-virus:Hoax.Win32.Renos.fn skipped
C:\WINDOWS\SYSTEM32\mywkephx.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\negojtsf.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\nnjfkmkk.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\nqdikcji.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\ohktwoxn.exe Infected: Trojan.Win32.Agent.ny skipped
C:\WINDOWS\SYSTEM32\oiqexdpy.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\omeoobnp.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\omrkvupf.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\oqdjudnt.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\peggordo.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\pjwokpdy.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\pjxaappc.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\qegfrkpq.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\qmeulast.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\qmjloadd.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\SYSTEM32\qmucwpjx.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\qvggbvxa.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\reidwmiw.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\rrbaoihg.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\rrhxyjwa.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\rutmngdp.exe Infected: Trojan.Win32.Agent.ny skipped
C:\WINDOWS\SYSTEM32\sbjvlpvo.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\stpohvji.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\swjoepgl.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\syuqbyfc.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\T1QaSQ\T1QaSQ1065.exe Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\WINDOWS\SYSTEM32\T6\amwr.exe Infected: Trojan-Downloader.Win32.Agent.brf skipped
C:\WINDOWS\SYSTEM32\T9\zn531.exe Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\WINDOWS\SYSTEM32\tkdwsenn.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\tklabfcm.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\tkwwukqb.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\tmrsrv32.exe Infected: Trojan-Downloader.Win32.VB.avl skipped
C:\WINDOWS\SYSTEM32\TQ0\am52.exe Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\WINDOWS\SYSTEM32\twiykbek.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\uenlnlbp.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\ugfgpkev.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\unnthjlq.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\uxrfgjyy.exe Infected: Trojan.Win32.Agent.ny skipped
C:\WINDOWS\SYSTEM32\vrjrxwsc.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\vulwtcwu.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\vxruhqlb.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\wamadunj.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wemlwfev.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\wllqgmet.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\wvomxeoy.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\xaerqedq.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\xwaqyefs.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\xysegugt.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\SYSTEM32\yblimier.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
 
I believe tmrsrv32.exe is now gone. Here is the HJT log created after removing it. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 9:12:18 PM, on 7/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Prevx2\PXConsole.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Prevx2\PXAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Hijack This\hjt.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=1.0&bm=ho_home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe"
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Verizon Central - {5B3FB261-CF72-4c66-B314-8E6FF9980307} - www.verizon.net (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://verizon.exent.com/vzunlimited/classes/ExentCtl.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx2\PXAgent.exe" -f (file missing)
 
Thanks for your hard work and returning your information, and great job looks like a clean HJT log. I see Prevx in your log? Did you use that tool to remove tmrsrv32.exe or can you tell me what tool removed it. It was tough and I have not seen that trojan before.
Let's talk about Prevx a moment. I use it from time to time to remove tough malware and have even tried the trial on my computer to see how it runs. In my case it slowed my computer badly and I had to remove it so you may wish to uninstall that product unless you purchased it.

We still have problems with the Kaspersky scan: Number of infected objects: 116
We need to get that number to O Let me say I see what I count seven
(7) infected System Restore files. I believe these may be infected because of the new restore point established when you restarted System Restore, and we will have to do that again, but the balance of these files all appear to be in your C:\Windows\System32\ folder, and it won't do any good to clean System Restore until we remove those files. It appears combofix can't kill them (it can kill only files added and hackers keep coming up with new names)

It is not too hard to see the bad files and I am fairly certain they were all created by the Vundo infection. I am posting one so you can see what they look like:
C:\WINDOWS\SYSTEM32\rutmngdp.exe Infected: Trojan.Win32.Agent.ny skipped
Only the file name is different and random. I can post the list and you can delete them manually, but it may be easier to use Vundofix. I understand you tried Vundofix before at some point, and I don't know if you used it for this infection or not. I suggest you try it, run it again and again, my best guess is there are around 100 files that it must delete. I will also post the list for you to delete manually if you wish, just let me know. Please by sure you have removed the old Vundofix program and download it fresh from the link I provide. Atribune, the creator, is constantly adding new random files to the fix. Thanks to Atribune and any others who helped with this fix.

Please understand these hackers can call there junk anything they wish. Vundofix may not know the files at first, but it will learn. You want to run the fix until you see all Vundo files say: "Has been deleted"

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThislogin a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

If there is a file VundoFix doesn't find we need it submitted. Please submit
the files to upload malware http://www.uploadmalware.com

It appears the only way to see the files beside looking in the System32folder is Kaspersky. I suggest you keep count until you see Vundofix has removed about 100, or until it becomes obvious to you it will not remove more. Then run Kaspersky and post the log. We will remove what is left manually. I will also say I have removed probably 1000 or so of these Vundo infections and I have never seen one this bad.

Thanks...Phil
 
Thanks Phil.

I just ran the Vundofix and it said no infected files were found. Do you want me to post any logs or should I start to just manually remove the bad files. If so, please send them along. Thanks again. Scott
 
You must log in or register to reply here.
Back
Top