Live Safety Center..Online Security..and variety of other attacks

Unknown · November 2007

It's been a couple of years since I have had to seek help. I was glad I found you again since you now seem to have a new website name. Over the past 10 days or so, my computer has been totally inundated with popups. I had microsoft internet explorer showing a Security Toolbar 7.1, and I wasn't even running Internet explorer. (I have since reloaded it in order to complete the scans needed). I have LIve Safety Center and Online Security Guide showing on my desktop.

I attempted fixes that I found on Castle Cops, yet they didn't seem to help. I have tried to use their recommended Vundo Fix and Smitfraud Fix. I also tried to run Combofix, yet it would cease to operate after it rebooted my system.

I have since rediscovered your forum, and have followed all the steps you suggest in the Malware Removal guide. Thanks in advance for your time and assistance.

Following are the requested logs...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:36, on 2007-11-27
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\MediaKey\Versato.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\MediaKey\MePlayer.exe
C:\Program Files\MediaKey\OSD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.netscape.com/"); (C:\Documents and Settings\COOKE FAMILY\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\COOKE FAMILY\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: BndShell3 BHO Class - {875A1348-7674-42aa-ADAC-B4F36A004A2D} - C:\Program Files\QdrDrive\QdrDrive8.dll (file missing)
O2 - BHO: (no name) - {87E272D9-1FFC-462F-8993-A7352CAC22C2} - C:\WINDOWS\System32\ssqon.dll
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\System32\opnnnoo.dll
O2 - BHO: {7478be4d-f1d1-98ab-5854-872bbf00e3ac} - {ca3e00fb-b278-4585-ba89-1d1fd4eb8747} - C:\WINDOWS\System32\uuwtliom.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [7068c1e5] rundll32.exe "C:\WINDOWS\System32\bebuggqe.dll",b
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-18\..\Run: [Windows Streams Server] localsrv.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [sys mrk32] sysmrk.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Windows Streams Server] localsrv.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Versato.lnk = C:\Program Files\MediaKey\Versato.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Cooke Family\My Documents\Kody\poker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Cooke Family\My Documents\Kody\poker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {504ECB49-969A-4F10-B5E8-881191072413} (Image Uploader 3.0 Control) - http://www.heritagemakers.com/publisher/ImageUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: opnnnoo - C:\WINDOWS\SYSTEM32\opnnnoo.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\System32\ImapiRox.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - D:\IPOD\bin\iPodService.exe
O23 - Service: FireDaemon Service: mirc (mirc) - Unknown owner - c:\winnt\inf\IIS\FireDaemon.EXE (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

--
End of file - 9222 bytes

KASPERSKY ONLINE SCANNER REPORT
2007-11-27 21:09
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 28/11/2007
Kaspersky Anti-Virus database records: 467359

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 71367
Number of viruses found: 25
Number of infected objects: 49
Number of suspicious objects: 6
Duration of the scan process: 01:06:52

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\opnnnoo.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped
C:\WINDOWS\system32\mtxhfuts.exe Object is locked skipped
C:\WINDOWS\system32\egebbhlh.dll Object is locked skipped
C:\WINDOWS\system32\jgfgfqhb.dll Object is locked skipped
C:\WINDOWS\system32\tmgvwklo.exe Object is locked skipped
C:\WINDOWS\system32\aoeshfcj.dll Object is locked skipped
C:\WINDOWS\system32\nddeapi0.exe Infected: not-a-virus:AdWare.Win32.AdSrve.a skipped
C:\WINDOWS\system32\afmpyrlp.dll Object is locked skipped
C:\WINDOWS\system32\stdbhsaw.dll Object is locked skipped
C:\WINDOWS\system32\sgnfwmeb.dll Object is locked skipped
C:\WINDOWS\system32\vpbnqnkt.dll Object is locked skipped
C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\bebuggqe.dll Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\ssqon.dll Object is locked skipped
C:\WINDOWS\system32\terabyte.exe Infected: not-a-virus:AdWare.Win32.AdSrve.a skipped
C:\WINDOWS\system32\pinstaller.exe Object is locked skipped
C:\WINDOWS\system32\ActiveScan\pskavs.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{215B0531-BCCF-42BB-9BDD-CFC51E7F7B42}.bin Object is locked skipped
C:\WINDOWS\mrofinu72.exe Object is locked skipped
C:\WINDOWS\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy.zip/msexreg.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy7.zip/msexreg.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy7.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy11.zip/msexreg.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy11.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Cooke Family\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Cooke Family\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\Cooke Family\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Cooke Family\Local Settings\History\History.IE5\MSHist012007112720071128\index.dat Object is locked skipped
C:\Documents and Settings\Cooke Family\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Cooke Family\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Cooke Family\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Cooke Family\Local Settings\Temp\krefkdgn.dll Object is locked skipped
C:\Documents and Settings\Cooke Family\Local Settings\Temp\ mon000.log Object is locked skipped
C:\Documents and Settings\Cooke Family\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Cooke Family\reg.reg Object is locked skipped
C:\Program Files\Windows Media Player\wmplayer.exe.tmp Object is locked skipped
C:\Program Files\TrojanHunter 5.0\Quarantine\78YH0.dat Infected: Trojan.Win32.Obfuscated.kp skipped
C:\Program Files\TrojanHunter 5.0\Quarantine\oPVp.dat Infected: Trojan.Win32.Obfuscated.kp skipped
C:\Program Files\Warez P2P Client\WarezP2P_DLC.exe/stream/data0038 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Program Files\Warez P2P Client\WarezP2P_DLC.exe/stream Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Program Files\Warez P2P Client\WarezP2P_DLC.exe NSIS: infected - 2 skipped
C:\Program Files\Warez P2P Client\WarezP2P.exe/data0041 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Program Files\Warez P2P Client\WarezP2P.exe/data0042 Infected: Packed.Win32.PolyCrypt.d skipped
C:\Program Files\Warez P2P Client\WarezP2P.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{849DAA13-548E-4E18-8FD3-AB621832F591}\RP1129\A0103582.exe Object is locked skipped
C:\System Volume Information\_restore{849DAA13-548E-4E18-8FD3-AB621832F591}\RP1129\A0103592.exe Object is locked skipped
C:\System Volume Information\_restore{849DAA13-548E-4E18-8FD3-AB621832F591}\RP1139\A0110048.DLL Object is locked skipped
C:\System Volume Information\_restore{849DAA13-548E-4E18-8FD3-AB621832F591}\RP1139\A0110057.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{849DAA13-548E-4E18-8FD3-AB621832F591}\RP1139\A0110057.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{849DAA13-548E-4E18-8FD3-AB621832F591}\RP1139\A0110057.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{849DAA13-548E-4E18-8FD3-AB621832F591}\RP1140\A0110120.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{849DAA13-548E-4E18-8FD3-AB621832F591}\RP1140\A0110121.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.av skipped
C:\System Volume Information\_restore{849DAA13-548E-4E18-8FD3-AB621832F591}\RP1140\A0110121.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{849DAA13-548E-4E18-8FD3-AB621832F591}\RP1140\A0110122.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{849DAA13-548E-4E18-8FD3-AB621832F591}\RP1140\change.log Object is locked skipped
C:\System Volume Information\_restore{849DAA13-548E-4E18-8FD3-AB621832F591}\RP1140\A0110125.BAT Object is locked skipped
C:\System Volume Information\_restore{849DAA13-548E-4E18-8FD3-AB621832F591}\RP1132\A0103650.DLL Object is locked skipped
C:\System Volume Information\_restore{849DAA13-548E-4E18-8FD3-AB621832F591}\RP1132\A0103674.dll Object is locked skipped
C:\System Volume Information\_restore{849DAA13-548E-4E18-8FD3-AB621832F591}\RP1132\A0103686.vbs Object is locked skipped
C:\System Volume Information\_restore{849DAA13-548E-4E18-8FD3-AB621832F591}\RP1132\A0103688.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\System Volume Information\_restore{849DAA13-548E-4E18-8FD3-AB621832F591}\RP1132\A0103689.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\System Volume Information\_restore{849DAA13-548E-4E18-8FD3-AB621832F591}\RP1132\A0103692.exe Object is locked skipped
C:\System Volume Information\_restore{849DAA13-548E-4E18-8FD3-AB621832F591}\RP1133\A0103716.EXE Infected: not-a-virus:AdWare.Win32.OneStep.c skipped
C:\System Volume Information\_restore{849DAA13-548E-4E18-8FD3-AB621832F591}\RP1133\A0103731.dll Object is locked skipped
C:\System Volume Information\_restore{849DAA13-548E-4E18-8FD3-AB621832F591}\RP1133\A0104787.exe Object is locked skipped
C:\System Volume Information\_restore{849DAA13-548E-4E18-8FD3-AB621832F591}\RP1133\A0104795.sys Object is locked skipped
C:\System Volume Information\_restore{849DAA13-548E-4E18-8FD3-AB621832F591}\RP1133\A0105795.sys Object is locked skipped
C:\System Volume Information\_restore{849DAA13-548E-4E18-8FD3-AB621832F591}\RP1133\A0105807.sys Object is locked skipped
C:\System Volume Information\_restore{849DAA13-548E-4E18-8FD3-AB621832F591}\RP1133\A0105816.sys Object is locked skipped
C:\System Volume Information\_restore{849DAA13-548E-4E18-8FD3-AB621832F591}\RP1134\A0106816.sys Object is locked skipped
C:\System Volume Information\_restore{849DAA13-548E-4E18-8FD3-AB621832F591}\RP1134\A0106829.exe Infected: not-a-virus:AdWare.Win32.Agent.vv skipped
C:\System Volume Information\_restore{849DAA13-548E-4E18-8FD3-AB621832F591}\RP1134\A0106831.exe Object is locked skipped
C:\System Volume Information\_restore{849DAA13-548E-4E18-8FD3-AB621832F591}\RP1134\A0106832.exe Object is locked skipped
C:\System Volume Information\_restore{849DAA13-548E-4E18-8FD3-AB621832F591}\RP1134\A0106839.sys Object is locked skipped
C:\System Volume Information\_restore{849DAA13-548E-4E18-8FD3-AB621832F591}\RP1134\A0106849.sys Object is locked skipped
C:\System Volume Information\_restore{849DAA13-548E-4E18-8FD3-AB621832F591}\RP1134\A0106855.exe Object is locked skipped
C:\System Volume Information\_restore{849DAA13-548E-4E18-8FD3-AB621832F591}\RP1134\A0106861.dll Object is locked skipped
C:\System Volume Information\_restore{849DAA13-548E-4E18-8FD3-AB621832F591}\RP1134\A0106870.sys Object is locked skipped
C:\System Volume Information\_restore{849DAA13-548E-4E18-8FD3-AB621832F591}\RP1134\A0106900.sys Object is locked skipped
C:\System Volume Information\_restore{849DAA13-548E-4E18-8FD3-AB621832F591}\RP1135\A0106916.exe Infected: Trojan-Downloader.Win32.Agent.fjv skipped
C:\System Volume Information\_restore{849DAA13-548E-4E18-8FD3-AB621832F591}\RP1135\A0106925.DLL Object is locked skipped
C:\System Volume Information\_restore{849DAA13-548E-4E18-8FD3-AB621832F591}\RP1135\A0106929.sys Object is locked skipped
C:\FOUND.002\FILE0003.CHK Infected: not-a-virus:AdWare.Win32.EliteBar.q skipped
C:\FOUND.003\FILE0013.CHK Infected: not-a-virus:AdWare.Win32.EliteBar.q skipped
C:\FOUND.003\FILE0015.CHK Infected: Trojan-Downloader.Win32.Small.um skipped
C:\FOUND.004\FILE0039.CHK/WISE0006.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer.c skipped
C:\FOUND.004\FILE0039.CHK/WISE0007.BIN/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j skipped
C:\FOUND.004\FILE0039.CHK/WISE0007.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j skipped
C:\FOUND.004\FILE0039.CHK WiseSFX: infected - 3 skipped
C:\FOUND.004\FILE0039.CHK WiseSFX Dropper: infected - 3 skipped
C:\FOUND.010\FILE0016.CHK Infected: not-a-virus:AdWare.Win32.EliteBar.q skipped
C:\hpcmerr.log Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\khhhh.dll.vir Object is locked skipped
C:\VundoFix Backups\xrnycwuc.dll.bad Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\Overpro-347.exe/data0005 Infected: not-a-virus:AdWare.Win32.AdSrve.b skipped
C:\Overpro-347.exe/data0007 Infected: not-a-virus:AdWare.Win32.AdSrve.a skipped
C:\Overpro-347.exe/data0010 Infected: Trojan.Win32.KillApp.f skipped
C:\Overpro-347.exe/data0011 Infected: not-a-virus:AdWare.Win32.AdSrve.a skipped
C:\Overpro-347.exe/data0012 Infected: Trojan.Win32.VB.od skipped
C:\Overpro-347.exe NSIS: infected - 5 skipped
C:\WINNT\INF\IIS\mirc.ini Infected: Backdoor.IRC.Zapchast skipped
C:\WINNT\INF\IIS\nt.dll Object is locked skipped
C:\WINNT\INF\IIS\secure.bat.tcf Infected: Trojan.BAT.NoShare.q skipped
D:\Kody\SmileyCentralSetup2.0.3.10.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
D:\Kody\poker\SmileyCentralSetup2.0.3.10.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
D:\My Music\Good Music\Top of Charts - 2003.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
D:\My Music\Good Music\Rare Recording (flicka).wma Infected: Trojan-Downloader.WMA.Wimad.k skipped
D:\My Music\Good Music\01 Track 1 (flicka).wma Infected: Trojan-Downloader.WMA.Wimad.k skipped
D:\My Music\Good Music\07 Track 7 (flicka).wma Infected: Trojan-Downloader.WMA.Wimad.k skipped
D:\My Music\Good Music\Rare Recording (pretty).wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
D:\My Music\Good Music\01 Track 1.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped

Scan process completed.

sonoma · November 2007

My panda Active Scan

Incident Status Location

Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\MTXHFUTS.EXE
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\JGFGFQHB.DLL
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\TMGVWKLO.EXE
Adware:Adware/IEDriver Not disinfected C:\WINDOWS\SYSTEM32\NDDEAPI0.EXE
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\AFMPYRLP.DLL
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\STDBHSAW.DLL
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\SGNFWMEB.DLL
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\BEBUGGQE.DLL
Adware:Adware/IEDriver Not disinfected C:\WINDOWS\SYSTEM32\TERABYTE.EXE
Virus:Generic Malware Disinfected C:\WINDOWS\SYSTEM32\VIC32.DLL
Adware:Adware/IEDriver Not disinfected C:\WINDOWS\SYSTEM32\pinstaller.exe
Adware:adware/ieplugin Not disinfected C:\WINDOWS\KWV2.DAT
Adware:adware/clickalchemy Not disinfected C:\WINDOWS\ALCHEM.INI
Adware:adware/sidesearch Not disinfected C:\WINDOWS\SEPSD.BIN
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe
Adware:Adware/Yazzle Not disinfected C:\WINDOWS\mrofinu72.exe
Adware:Adware/CommAd Not disinfected C:\WINDOWS\Q29va2UgRmFtaWx5\kZ6SuZo0lAIQuqUc.vbs
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Cooke Family\Desktop\SmitfraudFix\Process.exe
Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\Cooke Family\Desktop\SmitfraudFix\Reboot.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Cooke Family\Desktop\SmitfraudFix\RESTART.EXE
Virus:Generic Malware Disinfected C:\Documents and Settings\Cooke Family\Desktop\MyFunCardsSetup2.2.60.6.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Cooke Family\Desktop\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Cooke Family\Desktop\ComboFix.exe[nircmd.cfexe]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\DEFAULT\PM4PKT92.SLT\COOKIES.TXT[.ads.pointroll.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\DEFAULT\PM4PKT92.SLT\COOKIES.TXT[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\DEFAULT\PM4PKT92.SLT\COOKIES.TXT[.atdmt.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\DEFAULT\PM4PKT92.SLT\COOKIES.TXT[.atwola.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\DEFAULT\PM4PKT92.SLT\COOKIES.TXT[.bravenet.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\DEFAULT\PM4PKT92.SLT\COOKIES.TXT[.gostats.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\DEFAULT\PM4PKT92.SLT\COOKIES.TXT[.questionmarket.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\DEFAULT\PM4PKT92.SLT\COOKIES.TXT[.realmedia.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\DEFAULT\PM4PKT92.SLT\COOKIES.TXT[.revenue.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\DEFAULT\PM4PKT92.SLT\COOKIES.TXT[.trafficmp.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\DEFAULT\PM4PKT92.SLT\COOKIES.TXT[.tribalfusion.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\DEFAULT\PM4PKT92.SLT\COOKIES.TXT[ad.yieldmanager.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\DEFAULT\PM4PKT92.SLT\COOKIES.TXT[landing.domainsponsor.com/]
Adware:Adware/MediaTickets Not disinfected C:\Documents and Settings\Cooke Family\REG.REG
Adware:Adware/BHO Not disinfected C:\Program Files\Windows Media Player\wmplayer.exe.tmp
Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\Mozilla Firefox\SmitfraudFix\Process.exe
Virus:Trj/Rebooter.J Disinfected C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Program Files\Mozilla Firefox\SmitfraudFix\RESTART.EXE
Spyware:Spyware/Virtumonde Not disinfected C:\Program Files\TrojanHunter 5.0\Quarantine\78YH0.DAT
Spyware:Spyware/Virtumonde Not disinfected C:\Program Files\TrojanHunter 5.0\Quarantine\oPVp.dat
Spyware:Spyware/New.net Not disinfected C:\Program Files\Warez P2P Client\WarezP2P_DLC.exe[NNWARZ3_88.exe]
Spyware:Spyware/New.net Not disinfected C:\Program Files\Warez P2P Client\WarezP2P.exe[NNWARZ3_88.exe]
Adware:Adware/Lop Not disinfected C:\Program Files\Warez P2P Client\WarezP2P.exe[apwarz0.exe]
Spyware:Cookie/WUpd Not disinfected C:\FOUND.002\FILE0001.CHK
Adware:Adware/EliteBar Not disinfected C:\FOUND.002\FILE0003.CHK
Spyware:Cookie/Advertising Not disinfected C:\FOUND.003\FILE0002.CHK
Spyware:Cookie/Advertising Not disinfected C:\FOUND.003\FILE0010.CHK
Adware:Adware/EliteBar Not disinfected C:\FOUND.003\FILE0013.CHK
Adware:Adware/EliteBar Not disinfected C:\FOUND.003\FILE0015.CHK
Spyware:Cookie/Doubleclick Not disinfected C:\FOUND.011\FILE0004.CHK[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\FOUND.011\FILE0004.CHK[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\FOUND.011\FILE0004.CHK[.atdmt.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\FOUND.011\FILE0004.CHK[www.burstbeacon.com/]
Spyware:Cookie/Zedo Not disinfected C:\FOUND.011\FILE0004.CHK[.zedo.com/]
Spyware:Cookie/PointRoll Not disinfected C:\FOUND.011\FILE0004.CHK[.ads.pointroll.com/]
Spyware:Cookie/Go Not disinfected C:\FOUND.011\FILE0004.CHK[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\FOUND.011\FILE0004.CHK[.ehg-dig.hitbox.com/]
Spyware:Cookie/Overture Not disinfected C:\FOUND.011\FILE0004.CHK[.overture.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\FOUND.011\FILE0004.CHK[.questionmarket.com/]
Spyware:Cookie/Adserver Not disinfected C:\FOUND.011\FILE0004.CHK[.z1.adserver.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\FOUND.011\FILE0004.CHK[.mediaplex.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\FOUND.011\FILE0004.CHK[.bluestreak.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\FOUND.011\FILE0004.CHK[.casalemedia.com/]
Spyware:Cookie/Overture Not disinfected C:\FOUND.011\FILE0004.CHK[.perf.overture.com/]
Spyware:Cookie/did-it Not disinfected C:\FOUND.011\FILE0004.CHK[.did-it.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\FOUND.005\FILE0003.CHK[.atdmt.com/]
Spyware:Cookie/Advertising Not disinfected C:\FOUND.005\FILE0003.CHK[.servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\FOUND.005\FILE0003.CHK[.advertising.com/]
Spyware:Cookie/FastClick Not disinfected C:\FOUND.005\FILE0003.CHK[.fastclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\FOUND.005\FILE0003.CHK[.servedby.advertising.com/]
Spyware:Cookie/FastClick Not disinfected C:\FOUND.005\FILE0003.CHK[.fastclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\FOUND.005\FILE0003.CHK[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\FOUND.005\FILE0003.CHK[.servedby.advertising.com/]
Spyware:Cookie/bravenetA Not disinfected C:\FOUND.005\FILE0003.CHK[.bravenet.com/]
Spyware:Cookie/Atwola Not disinfected C:\FOUND.005\FILE0003.CHK[.atwola.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\FOUND.005\FILE0003.CHK[.doubleclick.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\FOUND.005\FILE0003.CHK[.mediaplex.com/]
Spyware:Cookie/Hitbox Not disinfected C:\FOUND.005\FILE0003.CHK[.phg.hitbox.com/]
Spyware:Cookie/Adserver Not disinfected C:\FOUND.005\FILE0003.CHK[.z1.adserver.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\FOUND.005\FILE0003.CHK[.fortunecity.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\FOUND.005\FILE0003.CHK[.tribalfusion.com/]
Spyware:Cookie/Rightmedia Not disinfected C:\FOUND.005\FILE0003.CHK[rightmedia.net/]
Spyware:Cookie/Gator Not disinfected C:\FOUND.005\FILE0003.CHK[.gator.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\FOUND.005\FILE0003.CHK[.questionmarket.com/]
Spyware:Cookie/PointRoll Not disinfected C:\FOUND.005\FILE0003.CHK[.ads.pointroll.com/]
Spyware:Cookie/Valueclick Not disinfected C:\FOUND.005\FILE0003.CHK[.valueclick.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\FOUND.005\FILE0003.CHK[citi.bridgetrack.com/]
Spyware:Cookie/Valueclick Not disinfected C:\FOUND.005\FILE0003.CHK[.valueclick.com/]
Spyware:Cookie/CentrPort Not disinfected C:\FOUND.005\FILE0003.CHK[.centrport.net/]
Spyware:Cookie/RealMedia Not disinfected C:\FOUND.005\FILE0003.CHK[.realmedia.com/]
Spyware:Cookie/CentrPort Not disinfected C:\FOUND.005\FILE0003.CHK[.centrport.net/]
Spyware:Cookie/RealMedia Not disinfected C:\FOUND.005\FILE0003.CHK[.realmedia.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\FOUND.005\FILE0003.CHK[.trafficmp.com/]
Spyware:Cookie/Zedo Not disinfected C:\FOUND.005\FILE0003.CHK[.zedo.com/]
Spyware:Cookie/Uproar Not disinfected C:\FOUND.005\FILE0003.CHK[ads.uproar.com/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\FOUND.005\FILE0003.CHK[.targetnet.com/]
Spyware:Cookie/Maxserving Not disinfected C:\FOUND.005\FILE0003.CHK[.maxserving.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\FOUND.005\FILE0003.CHK[.serving-sys.com/]
Spyware:Cookie/Falkag Not disinfected C:\FOUND.005\FILE0003.CHK[.as-us.falkag.net/]
Spyware:Cookie/BurstNet Not disinfected C:\FOUND.005\FILE0003.CHK[.burstnet.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\FOUND.005\FILE0003.CHK[.casalemedia.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\FOUND.005\FILE0003.CHK[www.burstbeacon.com/]
Spyware:Cookie/Target Not disinfected C:\FOUND.005\FILE0003.CHK[.target.com/]
Spyware:Cookie/Qsrch Not disinfected C:\FOUND.005\FILE0003.CHK[.qsrch.com/]
Spyware:Cookie/Bfast Not disinfected C:\FOUND.005\FILE0003.CHK[.bfast.com/]
Spyware:Cookie/Com.com Not disinfected C:\FOUND.005\FILE0003.CHK[.com.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\FOUND.005\FILE0003.CHK[server.iad.liveperson.net/hc/68178059]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\FOUND.005\FILE0003.CHK[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\FOUND.005\FILE0003.CHK[server.iad.liveperson.net/hc/68178059]
Spyware:Cookie/Bluestreak Not disinfected C:\FOUND.005\FILE0003.CHK[.bluestreak.com/]
Adware:Adware/EliteBar Not disinfected C:\FOUND.010\FILE0016.CHK
Virus:Rootkit/Lanman.BE Disinfected C:\QOOBOX\Quarantine\C\WINDOWS\SYSTEM32\lanmandrv.sys.vir
Virus:Trj/Agent.GXF Disinfected C:\QOOBOX\Quarantine\C\WINDOWS\b111.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\xrnycwuc.dll.bad
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\ComboFix\nircmd.cfexe
Adware:Adware/IEDriver Not disinfected C:\Overpro-347.exe
Virus:Trj/Mexbin.B Disinfected C:\WINNT\INF\IIS\INST.BAT
Potentially unwanted tool:Application/MotherboardMonitor.A Not disinfected C:\WINNT\INF\IIS\MOODLL.MRC
Virus:Trj/Netstop.B Disinfected C:\WINNT\INF\IIS\NOS.BAT
Potentially unwanted tool:Application/MyWebSearch Not disinfected D:\Kody\SmileyCentralSetup2.0.3.10.exe
Potentially unwanted tool:Application/MyWebSearch Not disinfected D:\Kody\POKER\SmileyCentralSetup2.0.3.10.exe
Virus:Trj/WmaDownloader.F Disinfected D:\My Music\Good Music\02 the end of the road matt goss 58.wma
Virus:Trj/WmaDownloader.F Disinfected D:\My Music\Good Music\live @ flicka soundtrack 47.wma

sonoma · December 2007

New HJT log requested due to posting in 72-hour bump thread. Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24, on 2007-12-01
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\MediaKey\Versato.exe
C:\Program Files\MediaKey\MePlayer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\MediaKey\OSD.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.netscape.com/"); (C:\Documents and Settings\COOKE FAMILY\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\COOKE FAMILY\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: BndShell3 BHO Class - {875A1348-7674-42aa-ADAC-B4F36A004A2D} - C:\Program Files\QdrDrive\QdrDrive8.dll (file missing)
O2 - BHO: (no name) - {9F725D19-C77D-4436-B76B-ED73ED47DA4A} - C:\WINDOWS\System32\ssqon.dll
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\System32\opnnnoo.dll
O2 - BHO: {7478be4d-f1d1-98ab-5854-872bbf00e3ac} - {ca3e00fb-b278-4585-ba89-1d1fd4eb8747} - C:\WINDOWS\System32\uuwtliom.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [7068c1e5] rundll32.exe "C:\WINDOWS\System32\bebuggqe.dll",b
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-18\..\Run: [Windows Streams Server] localsrv.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [sys mrk32] sysmrk.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Windows Streams Server] localsrv.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Versato.lnk = C:\Program Files\MediaKey\Versato.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Cooke Family\My Documents\Kody\poker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Cooke Family\My Documents\Kody\poker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {504ECB49-969A-4F10-B5E8-881191072413} (Image Uploader 3.0 Control) - http://www.heritagemakers.com/publisher/ImageUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: opnnnoo - C:\WINDOWS\SYSTEM32\opnnnoo.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\System32\ImapiRox.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - D:\IPOD\bin\iPodService.exe
O23 - Service: FireDaemon Service: mirc (mirc) - Unknown owner - c:\winnt\inf\IIS\FireDaemon.EXE (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

--
End of file - 9304 bytes

Trogan · December 2007

Hi sonoma,

Lets try ComboFix once more please, but first click Start > Run > type: combofix /u > press OK. If you get an error message, press OK.

Please download ComboFix to your Desktop.

Double click on Combofix.exe & follow the prompts.
When the scan has finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

sonoma · December 2007

Thank you for getting back to me...combofix appears to have completed this time, following is the log...

ComboFix 07-12-02.6 - Cooke Family 2007-12-02 22:40:25.3 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.76 [GMT -7:00]
Running from: C:\Documents and Settings\Cooke Family\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\Cooke Family\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Cooke Family\Desktop\Online Security Guide.lnk
C:\WINDOWS\Favorites\Online Security Guide.lnk
C:\WINDOWS\mrofinu72.exe

.
((((((((((((((((((((((((( Files Created from 2007-11-03 to 2007-12-03 )))))))))))))))))))))))))))))))
.

2007-11-27 21:21 . 2007-11-27 21:21 <DIR> d

C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-11-27 21:21 . 2007-09-06 16:14 75,248 --a

C:\WINDOWS\zllsputility.exe
2007-11-27 21:21 . 2007-11-27 21:23 4,212 ---h

C:\WINDOWS\system32\zllictbl.dat
2007-11-27 21:20 . 2007-11-27 21:20 <DIR> d

C:\WINDOWS\system32\ZoneLabs
2007-11-27 21:20 . 2007-09-06 16:14 1,086,952 --a

C:\WINDOWS\system32\zpeng24.dll
2007-11-27 21:20 . 2007-12-02 22:49 353,247 --a

C:\WINDOWS\system32\vsconfig.xml
2007-11-27 21:19 . 2007-11-27 21:19 <DIR> d

C:\WINDOWS\Internet Logs
2007-11-27 18:17 . 2007-11-27 18:17 <DIR> d

C:\WINDOWS\system32\Kaspersky Lab
2007-11-27 18:17 . 2007-11-27 18:17 <DIR> d

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-26 22:57 . 2007-11-26 22:57 30,590 --a

C:\WINDOWS\system32\pavas.ico
2007-11-26 22:57 . 2007-11-26 22:57 2,550 --a

C:\WINDOWS\system32\Uninstall.ico
2007-11-26 22:57 . 2007-11-26 22:57 1,406 --a

C:\WINDOWS\system32\Help.ico
2007-11-26 20:19 . 2007-11-26 20:19 <DIR> d--hs---- C:\FOUND.016
2007-11-26 20:11 . 2007-11-26 20:11 <DIR> d

C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-26 19:31 . 2007-11-26 19:31 <DIR> d

C:\Program Files\Avira
2007-11-26 19:31 . 2007-11-26 19:31 <DIR> d

C:\Documents and Settings\All Users\Application Data\Avira
2007-11-24 00:29 . 2007-11-24 00:29 331,360

C:\WINDOWS\system32\ssqon.dll
2007-11-24 00:29 . 2007-12-02 22:49 10,077 --ahs---- C:\WINDOWS\system32\noqss.ini
2007-11-24 00:29 . 2007-12-02 22:49 9,975 --ahs---- C:\WINDOWS\system32\noqss.ini2
2007-11-23 23:12 . 2007-11-23 23:12 87,400 --a

C:\WINDOWS\system32\awvww.dll
2007-11-23 22:20 . 2007-11-23 22:31 3,232 --a

C:\WINDOWS\system32\tmp.reg
2007-11-23 22:00 . 2007-11-23 22:00 145,984 --a

C:\WINDOWS\system32\jgfgfqhb.dll
2007-11-23 21:42 . 2007-11-26 20:02 143 --a

C:\WINDOWS\system32\mcrh.tmp
2007-11-23 20:03 . 2007-11-23 20:03 <DIR> d--hs---- C:\FOUND.015
2007-11-23 09:27 . 2007-12-02 22:39 2,195,183 ---hs---- C:\WINDOWS\system32\eqggubeb.ini
2007-11-23 09:26 . 2007-11-23 09:26 85,056 --a

C:\WINDOWS\system32\bebuggqe.dll
2007-11-21 20:18 . 2007-11-21 20:18 80,960 --a

C:\WINDOWS\system32\vpbnqnkt.dll
2007-11-21 20:16 . 2007-11-21 20:49 714,341 ---hs---- C:\WINDOWS\system32\bemwfngs.ini
2007-11-21 13:16 . 2007-11-21 13:16 <DIR> d

C:\Documents and Settings\Cooke Family\Application Data\TrojanHunter
2007-11-21 13:12 . 2007-11-21 13:12 <DIR> d

C:\Program Files\TrojanHunter 5.0
2007-11-21 11:05 . 2007-11-21 11:03 102,664 --a

C:\WINDOWS\system32\drivers\tmcomm.sys
2007-11-21 11:03 . 2007-11-21 11:03 <DIR> d

C:\Documents and Settings\Cooke Family\.housecall6.6
2007-11-21 10:42 . 2007-11-21 10:42 <DIR> d

C:\Program Files\Trend Micro
2007-11-20 20:17 . 2007-11-21 14:10 714,521 ---hs---- C:\WINDOWS\system32\washbdts.ini
2007-11-20 20:17 . 2007-11-20 20:17 85,056 --a

C:\WINDOWS\system32\stdbhsaw.dll
2007-11-20 20:14 . 2007-11-20 20:14 84,544 --a

C:\WINDOWS\system32\egebbhlh.dll
2007-11-20 20:11 . 2007-11-20 20:11 71,232 --a

C:\WINDOWS\system32\mtxhfuts.exe
2007-11-19 20:23 . 2007-11-19 20:23 <DIR> d--hs---- C:\WINDOWS\Q29va2UgRmFtaWx5
2007-11-19 08:22 . 2007-11-20 19:18 702,576 ---hs---- C:\WINDOWS\system32\plrypmfa.ini
2007-11-19 08:22 . 2007-11-19 08:22 85,056 --a

C:\WINDOWS\system32\afmpyrlp.dll
2007-11-19 08:20 . 2007-11-19 08:20 83,008 --a

C:\WINDOWS\system32\aoeshfcj.dll
2007-11-19 08:14 . 2007-11-19 08:14 71,232 --a

C:\WINDOWS\system32\tmgvwklo.exe
2007-11-18 20:04 . 2007-11-18 20:04 36,352

C:\WINDOWS\system32\opnnnoo.dll
2007-11-18 20:03 . 2007-11-18 20:03 <DIR> d

C:\Program Files\Common Files\çasks
2007-11-18 20:03 . 2007-11-18 20:03 <DIR> d

C:\Documents and Settings\Cooke Family\Application Data\çasks
2007-11-17 12:11 . 2007-11-17 12:11 54,156 --ah

C:\WINDOWS\QTFont.qfn
2007-11-17 12:11 . 2007-11-17 12:11 1,409 --a

C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-19 03:03

d

w C:\Program Files\Common Files\?asks
2007-11-19 03:03

d

w C:\Documents and Settings\Cooke Family\Application Data\?asks
2005-10-09 00:51 10,567 ----a-w C:\Program Files\Warez P2P ClientIPGUARD.LOG
2005-04-21 01:35 57,360 ----a-w C:\Documents and Settings\Cooke Family\Application Data\GDIPFONTCACHEV1.DAT
2004-11-25 02:04 1,013 ----a-w C:\Documents and Settings\Cooke Family\reg.reg
2004-11-24 18:14 58 ----a-w C:\Documents and Settings\Cooke Family\runlou.bat
2004-11-24 18:07 20,480

w C:\Documents and Settings\Cooke Family\lou.exe
2005-07-29 23:24 472 --sha-r C:\WINDOWS\Q29va2UgRmFtaWx5\kZ6SuZo0lAIQuqUc.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F2F0B80-F30F-47D2-A000-8C673CB91022}]
2007-11-24 00:29 331360

C:\WINDOWS\System32\ssqon.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}]
2007-11-18 20:04 36352

C:\WINDOWS\system32\opnnnoo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca3e00fb-b278-4585-ba89-1d1fd4eb8747}]
C:\WINDOWS\System32\uuwtliom.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2005-08-19 19:34]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-04-22 02:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2003-03-31 12:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" []
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 07:14]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-20 14:23]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-08-20 14:57]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-20 14:15]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03]
"NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-08-06 11:03]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2007-09-09 09:31]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"7068c1e5"="C:\WINDOWS\System32\bebuggqe.dll" [2007-11-23 09:26]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-26 19:46]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"CreateCD50"="C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.exe" [2001-01-11 05:00]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Streams Server"="localsrv.exe" []
"sys mrk32"="sysmrk.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
Versato.lnk - C:\Program Files\MediaKey\Versato.exe [2004-11-05 19:24:42]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"= C:\WINDOWS\system32\opnnnoo.dll [2007-11-18 20:04 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnnoo]
opnnnoo.dll 2007-11-18 20:04 36352 C:\WINDOWS\system32\opnnnoo.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\System32\ssqon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Cooke Family^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Cooke Family\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1137279850\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
D:\IPOD\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\System32\drivers\kbfilter.sys
S2 mirc;FireDaemon Service: mirc;c:\winnt\inf\IIS\FireDaemon.EXE

.
Contents of the 'Scheduled Tasks' folder
"2007-12-03 04:18:02 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe
"2007-11-06 04:19:08 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#7200#CN38O2B2R3I5.job"
- C:\Program Files\HP\hpcoretech\comp\hpdarc.exe$/#Hewlett-Packard#7200#CN38O2B2R3I5
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-02 22:49:43
Windows 5.1.2600 Service Pack 1 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-02 22:52:31 - machine was rebooted
.
--- E O F ---

Trogan · December 2007

Hi sonoma,

Please delete your copy of VundoFix, and then do the following...

I need to see another log from HijackThis.

Run Hijackthis.
Click on Open the Misc Tools section.
Next click on Open uninstall manager.
Press the Save list button.
Save the file to your desktop, with the default name of uninstall_list
Copy & Paste the entire contents of that file in your in your next post.

sonoma · December 2007

Thanks again for getting back to me, and for the assistance..attached is the log you requested. I wasn't sure if you need a new hjt log, so I have included that below as well... Thanks again

Ad-Aware 2007
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player Plugin
Adobe Photoshop Album 2.0
Adobe Reader 7.0
ArcSoft PhotoStudio 5.5
Avira AntiVir PersonalEdition Classic
Call of Duty
Canon CanoScan Toolbox 4.6
CCleaner (remove only)
Easy CD Creator 5 Platinum
HijackThis 2.0.2
HP Memories Disc
HP Software Update
Humorous Greeting Card Factory
IE Host
iPod for Windows 2005-10-12
iPod for Windows 2006-01-10
iTunes
J2SE Runtime Environment 5.0 Update 6
Jasc Paint Shop Pro 9
Java 2 Runtime Environment, SE v1.4.2_06
Kaspersky Online Scanner
LimeWire 4.9.33
Macromedia Flash Player 8
Macromedia Shockwave Player
Manual CanoScan 4200F
MaxSpeed
Microsoft ActiveSync 3.7
Microsoft Office XP Professional with FrontPage
Mozilla Firefox (1.5.0.12)
MSN Gaming Zone
MSN Messenger 7.0
MSN Music Assistant
Nero - Burning Rom
Netscape (7.2)
NVIDIA Windows 2000/XP Display Drivers
OmniPage SE 2.0
Panda ActiveScan
Photosmart 140,240,7200,7600,7700,7900 Series
QuickTime
RealPlayer Basic
Scrapbook Factory
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905495)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Startnow Navigation Helper (v1.0.1.1)
The Sims Deluxe Edition
TrojanHunter 5.0
TurboTax Deluxe 2004
TurboTax Deluxe 2005
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2005
TurboTax ItsDeductible 2006
U.S. Robotics V.92 PCI Faxmodem
Ulead Photo Express 4.0 My Scrapbook Edition
Update for Windows XP (KB835409)
Update for Windows XP (KB898461)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Versato 1.5.1
VIA Rhine-Family Fast Ethernet Adapter
Viewpoint Media Player
WexTech AnswerWorks
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833987
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB840987
Windows XP Hotfix - KB841356
Windows XP Hotfix - KB841533
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB873376
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889293
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB911567
Windows XP Hotfix - KB912812
Windows XP Hotfix - KB918439
Windows XP Hotfix - KB918899
Windows XP Hotfix - KB925486
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
YEmote2+
ZoneAlarm

NEW HJT LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:17:46 PM, on 12/3/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\MediaKey\Versato.exe
C:\Program Files\MediaKey\MePlayer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\MediaKey\OSD.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.netscape.com/"); (C:\Documents and Settings\COOKE FAMILY\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\COOKE FAMILY\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {9F2F0B80-F30F-47D2-A000-8C673CB91022} - C:\WINDOWS\System32\ssqon.dll
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\system32\opnnnoo.dll
O2 - BHO: {7478be4d-f1d1-98ab-5854-872bbf00e3ac} - {ca3e00fb-b278-4585-ba89-1d1fd4eb8747} - C:\WINDOWS\System32\uuwtliom.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [7068c1e5] rundll32.exe "C:\WINDOWS\System32\bebuggqe.dll",b
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-18\..\Run: [Windows Streams Server] localsrv.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [sys mrk32] sysmrk.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Windows Streams Server] localsrv.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Versato.lnk = C:\Program Files\MediaKey\Versato.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Cooke Family\My Documents\Kody\poker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Cooke Family\My Documents\Kody\poker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {504ECB49-969A-4F10-B5E8-881191072413} (Image Uploader 3.0 Control) - http://www.heritagemakers.com/publisher/ImageUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: opnnnoo - C:\WINDOWS\SYSTEM32\opnnnoo.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\System32\ImapiRox.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - D:\IPOD\bin\iPodService.exe
O23 - Service: FireDaemon Service: mirc (mirc) - Unknown owner - c:\winnt\inf\IIS\FireDaemon.EXE (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

--
End of file - 9240 bytes

Trogan · December 2007

Hi sonoma,

Please do the following...

1. Click Start > Run > type in appwiz.cpl and hit enter. From the list uninstall the following, if present:

Startnow Navigation Helper (v1.0.1.1)

2. You may wish to Print or Save the following instructions, as the internet will not be available once in Safe Mode!

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/

Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
- Click on Change state next to Resident shield. It should now change to inactive.
- Click on Change state next to Automatic updates. It should now change to inactive.
- Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
- Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Reboot your computer in Safe Mode.

If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.

Once in Safe Mode:

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.

Click on Scanner on the toolbar.
Click on the Settings tab.
- Under How to act?
  - Click on Recommended Action and choose Quarantine from the popup menu.
- Under How to scan?
  - All checkboxes should be ticked.
- Under Possibly unwanted software:
  - All checkboxes should be ticked.
- Under Reports:
  - Select Do not automatically generate reports
- Under What to scan?
  - Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
- Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
- At the bottom of the window click on the Apply all Actions button. (3)
When done, click the Save Scan Report button. (4)
- Click the Save Report as button.
- Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Reboot back into Normal Mode

3. Open Notepad and copy/paste the text in the Quote Box below into it:

File::
C:\WINDOWS\system32\opnnnoo.dll
C:\WINDOWS\system32\mtxhfuts.exe
C:\WINDOWS\system32\egebbhlh.dll
C:\WINDOWS\system32\jgfgfqhb.dll
C:\WINDOWS\system32\tmgvwklo.exe
C:\WINDOWS\system32\aoeshfcj.dll
C:\WINDOWS\system32\nddeapi0.exe
C:\WINDOWS\system32\afmpyrlp.dll
C:\WINDOWS\system32\stdbhsaw.dll
C:\WINDOWS\system32\sgnfwmeb.dll
C:\WINDOWS\system32\vpbnqnkt.dll
C:\WINDOWS\SYSTEM32\BEBUGGQE.DLL
C:\WINDOWS\SYSTEM32\pinstaller.exe
C:\WINDOWS\KWV2.DAT
C:\WINDOWS\ALCHEM.INI
C:\WINDOWS\mrofinu72.exe
C:\Documents and Settings\Cooke Family\REG.REG
C:\Program Files\Windows Media Player\wmplayer.exe.tmp
C:\Program Files\Warez P2P Client\WarezP2P_DLC.exe
C:\Program Files\Warez P2P Client\WarezP2P.exe
C:\FOUND.010\FILE0016.CHK
C:\WINDOWS\SEPSD.BIN
C:\WINDOWS\system32\ssqon.dll
C:\WINDOWS\system32\terabyte.exe
C:\FOUND.002
C:\FOUND.003
C:\FOUND.004
C:\Overpro-347.exe
C:\WINNT\INF\IIS\mirc.ini
C:\WINNT\INF\IIS\nt.dll
C:\WINNT\INF\IIS\secure.bat.tcf
D:\Kody\SmileyCentralSetup2.0.3.10.exe
D:\Kody\poker\SmileyCentralSetup2.0.3.10.exe
D:\My Music\Good Music\Top of Charts - 2003.wma
D:\My Music\Good Music\Rare Recording (flicka).wma
D:\My Music\Good Music\01 Track 1 (flicka).wma
D:\My Music\Good Music\07 Track 7 (flicka).wma
D:\My Music\Good Music\Rare Recording (pretty).wma
D:\My Music\Good Music\01 Track 1.wma

Folder::
C:\WINDOWS\Q29va2UgRmFtaWx5

Save this as CFScript.txt to your Desktop

Referring to the picture above, drag CFScript.txt into ComboFix.exe

This will start ComboFix again, and may reboot your computer.

4. Please post the following...

AVG Anti-Spware report
ComboFix log
New HijackThis log

sonoma · December 2007

Thanks again ... this infection is being a real pain!!! I followed your steps as outlined above. I was not able to uninstall Startnow, it comes back with a "fatal error during installation" message.

I ran combofix twice, with your above instructions. The first time I ran it, my computer had troubles rebooting, so I wasn't sure if it ran properly.

Online Security and Live Safety center keep coming back to my desktop. It seems like they disappear as we go through steps, yet then they are back again.

I now have a flashing yellow triangle with an exclamation point it in in my program bar that keeps giving spyware alerts. This was gone for a while, but now it is back again.

Avira Anti Virus keeps popping up with zhowmkglo.dll, that's the only one I appear to be getting from that now.

Here is my AVG log:

AVG Anti-Spyware - Scan Report

+ Created at: 6:44:10 PM 12/4/2007

+ Scan result:

C:\qoobox\Quarantine\C\WINDOWS\mrofinu72.exe.vir -> Downloader.Agent.fhv : Cleaned with backup (quarantined).
C:\FOUND.003\FILE0015.CHK -> Downloader.Small.um : Cleaned with backup (quarantined).
C:\Program Files\Windows Media Player\wmplayer.exe.tmp -> Dropper.VB.cd : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.110:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.135:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.143:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.17:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.18:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.21:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.23:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.24:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.25:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.54:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.62:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.65:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.66:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.67:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.68:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.69:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.70:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.71:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.72:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.73:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.74:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.75:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.76:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.77:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.78:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.79:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.80:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.81:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.82:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.83:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.91:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.99:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Cooke Family\Cookies\cooke [email]family@coxhsi.112.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Cooke Family\Cookies\cooke [email]family@msnportal.112.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Cooke Family\Cookies\cooke [email]family@pandasoftware.112.2o7[1].txt[/email] -> TrackingCookie.2o7 : Cleaned.
:mozilla.31:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Firefox\Profiles\kvo2rpl3.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.33:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Firefox\Profiles\kvo2rpl3.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.34:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Firefox\Profiles\kvo2rpl3.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.35:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Firefox\Profiles\kvo2rpl3.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.134:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.135:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.136:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.24:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Firefox\Profiles\kvo2rpl3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.123:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Adserver : Cleaned.
:mozilla.124:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Adserver : Cleaned.
:mozilla.125:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Adserver : Cleaned.
:mozilla.126:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Adserver : Cleaned.
:mozilla.127:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Adserver : Cleaned.
:mozilla.127:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Adserver : Cleaned.
:mozilla.128:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Adserver : Cleaned.
:mozilla.128:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Adserver : Cleaned.
:mozilla.129:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Adserver : Cleaned.
:mozilla.13:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.14:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.15:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.17:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.20:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.21:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.22:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.23:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.24:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.25:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.26:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.27:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.28:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.29:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.30:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.31:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.32:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.33:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.34:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.35:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.38:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.39:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.40:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.41:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.41:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.42:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.44:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.47:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.48:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.49:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Cooke Family\Cookies\cooke [email]family@advertising[1].txt[/email] -> TrackingCookie.Advertising : Cleaned.
:mozilla.12:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Atdmt : Cleaned.
:mozilla.49:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.50:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Atdmt : Cleaned.
:mozilla.247:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Bfast : Cleaned.
:mozilla.248:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Bfast : Cleaned.
:mozilla.170:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.259:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.150:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.213:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.53:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.210:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Burstnet : Cleaned.
:mozilla.179:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.180:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.181:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.211:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.212:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.164:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Centrport : Cleaned.
:mozilla.166:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Centrport : Cleaned.
:mozilla.167:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Centrport : Cleaned.
:mozilla.104:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Connextra : Cleaned.
:mozilla.224:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.159:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Dealtime : Cleaned.
:mozilla.160:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Dealtime : Cleaned.
:mozilla.161:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Dealtime : Cleaned.
:mozilla.162:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Dealtime : Cleaned.
:mozilla.163:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Dealtime : Cleaned.
:mozilla.37:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.53:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.203:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Falkag : Cleaned.
:mozilla.204:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Falkag : Cleaned.
:mozilla.205:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Falkag : Cleaned.
:mozilla.206:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Falkag : Cleaned.
:mozilla.207:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Falkag : Cleaned.
:mozilla.208:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Falkag : Cleaned.
:mozilla.209:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Falkag : Cleaned.
:mozilla.16:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.18:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.19:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.130:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.144:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Gator : Cleaned.
:mozilla.222:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.223:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.229:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.112:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.113:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.114:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.13:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.204:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.75:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.76:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.77:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.78:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.79:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.7:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.81:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.82:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.8:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Hitbox : Cleaned.
:mozilla.94:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Cooke Family\Cookies\cooke [email]family@ehg-kasperskylab.hitbox[2].txt[/email] -> TrackingCookie.Hitbox : Cleaned.
:mozilla.41:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Hitslink : Cleaned.
:mozilla.42:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Hitslink : Cleaned.
:mozilla.43:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Hitslink : Cleaned.
:mozilla.44:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Hitslink : Cleaned.
:mozilla.158:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.159:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.80:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.81:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.256:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Liveperson : Cleaned.
:mozilla.257:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Liveperson : Cleaned.
:mozilla.258:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Liveperson : Cleaned.
:mozilla.148:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.84:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.85:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Cooke Family\Cookies\cooke [email]family@ssl-hints.netflame[1].txt[/email] -> TrackingCookie.Netflame : Cleaned.
:mozilla.183:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Overture : Cleaned.
:mozilla.84:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Overture : Cleaned.
:mozilla.85:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Overture : Cleaned.
:mozilla.146:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Pointroll : Cleaned.
:mozilla.147:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Pointroll : Cleaned.
:mozilla.148:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Pointroll : Cleaned.
:mozilla.29:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.30:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.31:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.32:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.33:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.34:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.35:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.36:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.37:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.59:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Pointroll : Cleaned.
:mozilla.60:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Pointroll : Cleaned.
:mozilla.61:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Pointroll : Cleaned.
:mozilla.62:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Pointroll : Cleaned.
:mozilla.105:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.106:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.107:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.121:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.122:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.123:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.145:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.144:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.145:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.146:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.165:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Realmedia : Cleaned.
:mozilla.168:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Realmedia : Cleaned.
:mozilla.147:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.148:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.149:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.150:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.151:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.152:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.153:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.154:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.155:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.173:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Revsci : Cleaned.
:mozilla.174:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Revsci : Cleaned.
:mozilla.188:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Ru4 : Cleaned.
:mozilla.189:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Ru4 : Cleaned.
:mozilla.55:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Ru4 : Cleaned.
:mozilla.56:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Ru4 : Cleaned.
:mozilla.57:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Ru4 : Cleaned.
:mozilla.58:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Ru4 : Cleaned.
:mozilla.59:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Ru4 : Cleaned.
:mozilla.60:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Ru4 : Cleaned.
:mozilla.61:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Ru4 : Cleaned.
:mozilla.62:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Ru4 : Cleaned.
:mozilla.63:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Ru4 : Cleaned.
:mozilla.64:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Ru4 : Cleaned.
:mozilla.66:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.67:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.68:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.196:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.197:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.198:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.199:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.25:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Tacoda : Cleaned.
:mozilla.26:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Tacoda : Cleaned.
:mozilla.31:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Tacoda : Cleaned.
:mozilla.32:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Tacoda : Cleaned.
:mozilla.52:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Tacoda : Cleaned.
:mozilla.188:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Targetnet : Cleaned.
:mozilla.169:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.170:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.171:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.172:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.173:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.174:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.131:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.132:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.133:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.175:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.149:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Valueclick : Cleaned.
:mozilla.151:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Valueclick : Cleaned.
:mozilla.191:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.192:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.193:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Profiles\default\pm4pkt92.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.21:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Firefox\Profiles\kvo2rpl3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.22:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Firefox\Profiles\kvo2rpl3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.23:C:\Documents and Settings\Cooke Family\Application Data\Mozilla\Firefox\Profiles\kvo2rpl3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.174:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Zedo : Cleaned.
:mozilla.175:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Zedo : Cleaned.
:mozilla.176:C:\FOUND.005\FILE0003.CHK -> TrackingCookie.Zedo : Cleaned.
:mozilla.56:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Zedo : Cleaned.
:mozilla.57:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Zedo : Cleaned.
:mozilla.58:C:\FOUND.011\FILE0004.CHK -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\system32\pinstaller.exe -> Trojan.KillApp.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Cooke Family\reg.reg -> Trojan.LowZones.a : Cleaned with backup (quarantined).
C:\WINNT\INF\IIS\secure.bat.tcf -> Trojan.NoShare.q : Cleaned with backup (quarantined).
C:\WINDOWS\Q29va2UgRmFtaWx5\kZ6SuZo0lAIQuqUc.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINNT\INF\IIS\nt.dll -> Worm.Randon.m : Cleaned with backup (quarantined).

::Report end

My combo fix log:

ComboFix 07-12-02.6 - Cooke Family 2007-12-04 19:33:13.5 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.87 [GMT -7:00]
Running from: C:\Documents and Settings\Cooke Family\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Cooke Family\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Documents and Settings\Cooke Family\REG.REG
C:\FOUND.002
C:\FOUND.003
C:\FOUND.004
C:\FOUND.010\FILE0016.CHK
C:\Overpro-347.exe
C:\Program Files\Warez P2P Client\WarezP2P.exe
C:\Program Files\Warez P2P Client\WarezP2P_DLC.exe
C:\Program Files\Windows Media Player\wmplayer.exe.tmp
C:\WINDOWS\ALCHEM.INI
C:\WINDOWS\KWV2.DAT
C:\WINDOWS\mrofinu72.exe
C:\WINDOWS\SEPSD.BIN
C:\WINDOWS\system32\afmpyrlp.dll
C:\WINDOWS\system32\aoeshfcj.dll
C:\WINDOWS\SYSTEM32\BEBUGGQE.DLL
C:\WINDOWS\system32\egebbhlh.dll
C:\WINDOWS\system32\jgfgfqhb.dll
C:\WINDOWS\system32\mtxhfuts.exe
C:\WINDOWS\system32\nddeapi0.exe
C:\WINDOWS\system32\opnnnoo.dll
C:\WINDOWS\SYSTEM32\pinstaller.exe
C:\WINDOWS\system32\sgnfwmeb.dll
C:\WINDOWS\system32\ssqon.dll
C:\WINDOWS\system32\stdbhsaw.dll
C:\WINDOWS\system32\terabyte.exe
C:\WINDOWS\system32\tmgvwklo.exe
C:\WINDOWS\system32\vpbnqnkt.dll
C:\WINNT\INF\IIS\mirc.ini
C:\WINNT\INF\IIS\nt.dll
C:\WINNT\INF\IIS\secure.bat.tcf
D:\Kody\poker\SmileyCentralSetup2.0.3.10.exe
D:\Kody\SmileyCentralSetup2.0.3.10.exe
D:\My Music\Good Music\01 Track 1 (flicka).wma
D:\My Music\Good Music\01 Track 1.wma
D:\My Music\Good Music\07 Track 7 (flicka).wma
D:\My Music\Good Music\Rare Recording (flicka).wma
D:\My Music\Good Music\Rare Recording (pretty).wma
D:\My Music\Good Music\Top of Charts - 2003.wma
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Cooke Family\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Cooke Family\Desktop\Online Security Guide.lnk
C:\WINDOWS\Favorites\Online Security Guide.lnk
C:\WINDOWS\system32\opnnnoo.dll
C:\WINDOWS\system32\ssqon.dll
C:\WINDOWS\system32\zhowmkgw.dllbox
.
---- Previous Run

.
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Cooke Family\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Cooke Family\Desktop\Online Security Guide.lnk
C:\FOUND.010\FILE0016.CHK
C:\Overpro-347.exe
C:\Program Files\Warez P2P Client\WarezP2P.exe
C:\Program Files\Warez P2P Client\WarezP2P_DLC.exe
C:\WINDOWS\ALCHEM.INI
C:\WINDOWS\Favorites\Online Security Guide.lnk
C:\WINDOWS\KWV2.DAT
C:\WINDOWS\Q29va2UgRmFtaWx5
C:\WINDOWS\SEPSD.BIN
C:\WINDOWS\system32\afmpyrlp.dll
C:\WINDOWS\system32\aoeshfcj.dll
C:\WINDOWS\SYSTEM32\BEBUGGQE.DLL
C:\WINDOWS\system32\egebbhlh.dll
C:\WINDOWS\system32\eqggubeb.ini
C:\WINDOWS\system32\jgfgfqhb.dll
C:\WINDOWS\system32\mtxhfuts.exe
C:\WINDOWS\system32\nddeapi0.exe
C:\WINDOWS\system32\noqss.ini
C:\WINDOWS\system32\noqss.ini2
C:\WINDOWS\system32\stdbhsaw.dll
C:\WINDOWS\system32\terabyte.exe
C:\WINDOWS\system32\tmgvwklo.exe
C:\WINDOWS\system32\vpbnqnkt.dll
C:\WINDOWS\system32\zhowmkgw.dllbox
C:\WINNT\INF\IIS\mirc.ini
D:\Kody\poker\SmileyCentralSetup2.0.3.10.exe
D:\Kody\SmileyCentralSetup2.0.3.10.exe
D:\My Music\Good Music\01 Track 1 (flicka).wma
D:\My Music\Good Music\01 Track 1.wma
D:\My Music\Good Music\07 Track 7 (flicka).wma
D:\My Music\Good Music\Rare Recording (flicka).wma
D:\My Music\Good Music\Rare Recording (pretty).wma
D:\My Music\Good Music\Top of Charts - 2003.wma

.
((((((((((((((((((((((((( Files Created from 2007-11-05 to 2007-12-05 )))))))))))))))))))))))))))))))
.

2007-12-04 19:04 . 2007-12-04 19:04 <DIR> d--hs---- C:\FOUND.017
2007-12-04 16:57 . 2007-12-04 16:57 <DIR> d

C:\Documents and Settings\Cooke Family\Application Data\Grisoft
2007-12-04 16:56 . 2007-12-04 16:56 <DIR> d

C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-04 16:56 . 2007-05-30 05:10 10,872 --a

C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-04 16:43 . 2007-12-04 16:43 145,984 --a

C:\WINDOWS\system32\zhowmkgw.dll
2007-12-04 16:41 . 2007-12-04 16:42 145,984 --a

C:\WINDOWS\system32\edhjyfdr.dll
2007-11-27 21:21 . 2007-11-27 21:21 <DIR> d

C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-11-27 21:21 . 2007-09-06 16:14 75,248 --a

C:\WINDOWS\zllsputility.exe
2007-11-27 21:21 . 2007-11-27 21:23 4,212 ---h

C:\WINDOWS\system32\zllictbl.dat
2007-11-27 21:20 . 2007-11-27 21:20 <DIR> d

C:\WINDOWS\system32\ZoneLabs
2007-11-27 21:20 . 2007-09-06 16:14 1,086,952 --a

C:\WINDOWS\system32\zpeng24.dll
2007-11-27 21:20 . 2007-12-04 19:39 353,247 --a