Sorry, I meant notepad. Here is my log from Combofix:
ComboFix 08-04-26.5 - User 2008-04-27 20:02:42.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.738 [GMT -4:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\Documents and Settings\All Users\Application Data\ezsid.dat
C:\Documents and Settings\User\Application Data\oljov.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\drivers\diskk.sys
C:\WINDOWS\system32\hgGvuUOG.dll
C:\WINDOWS\system32\jwwtjued.dll
C:\WINDOWS\system32\kijakjcx.ini
C:\WINDOWS\system32\ldmvaqsd.dll
C:\WINDOWS\system32\nnnnKbBQ.dll
C:\WINDOWS\system32\wvUoOHxx.dll
C:\WINDOWS\system32\xcjkajik.dll
C:\WINDOWS\system32\xxHOoUvw.ini
C:\WINDOWS\system32\xxHOoUvw.ini2
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\temp\tn3
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\apxnosdv.dll
C:\WINDOWS\system32\btocskct.ini
C:\WINDOWS\system32\btocskct.ini2
C:\WINDOWS\system32\btocskct.tmp
C:\WINDOWS\system32\drivers\diskk.sys
C:\WINDOWS\system32\jwwtjued.dll
C:\WINDOWS\system32\ldmvaqsd.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nnnnKbBQ.dll
C:\WINDOWS\system32\QBbKnnnn.ini
C:\WINDOWS\system32\QBbKnnnn.ini2
C:\WINDOWS\system32\qihudsyf.dll
C:\WINDOWS\system32\tckscotb.dll
C:\WINDOWS\system32\xcjkajik.dll
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\ezsid.dat
C:\Documents and Settings\User\Application Data\oljov.exe
C:\temp\tn3
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\hgGvuUOG.dll
C:\WINDOWS\system32\jwwtjued.dll
C:\WINDOWS\system32\kijakjcx.ini
C:\WINDOWS\system32\ldmvaqsd.dll
C:\WINDOWS\system32\mcrh.tmp
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DISKK
-------\Service_diskk
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-28 )))))))))))))))))))))))))))))))
.
2078-04-05 01:33 . 2003-08-29 08:59 151,552 --a------ C:\WINDOWS\BCMSMU.exe
2078-04-05 01:33 . 2003-08-29 08:59 122,880 --a------ C:\WINDOWS\system32\BCMSMI32.dll
2078-04-05 01:33 . 2003-08-29 08:59 122,880 --a------ C:\WINDOWS\BCMSMMSG.exe
2078-04-05 01:33 . 2003-08-29 08:59 57,344 --a------ C:\WINDOWS\BCMSMD2K.exe
2078-04-05 01:33 . 2003-08-29 08:59 49,152 --a------ C:\WINDOWS\system32\BCMSM168.dll
2078-04-05 01:09 . 2005-07-19 21:05 135,168 --a------ C:\WINDOWS\system32\igfxres.dll
2008-04-27 18:20 . 2008-04-27 18:20 0 --a------ C:\Documents and Settings\User\.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-27 23:23 --------- d-----w C:\Documents and Settings\User\Application Data\OpenOffice.org2
.
((((((((((((((((((((((((((((( snapshot@2008-04-27_11.53.06.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-27 21:29:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-28 00:07:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2005-10-21 03:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
- 2005-10-21 03:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2000-08-31 15:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 12:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
- 2000-08-31 15:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 12:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
- 2007-05-27 21:10:32 40,394 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-27 23:27:30 40,394 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-05-27 21:10:32 312,172 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-27 23:27:30 312,172 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-04-27 21:29:46 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_554.dat
+ 2008-04-28 00:07:10 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_554.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"i8kfangui"="C:\Program Files\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 12:58 856064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-29 17:30 335872]
"SigmaTel StacMon"="C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [2004-04-29 18:15 90169]
"Broadcom Wireless Manager UI"="C:\WINDOWS\System32\WLTRAY.exe" [2005-12-19 13:08 1347584]
"ZCfgSvc.exe"="C:\WINDOWS\system32\ZCfgSvc.exe" [2005-07-05 05:32 639040]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2005-06-27 12:31 135168]
"ACUMon"="C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.exe" [2004-02-23 15:18 217088]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 20:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 21:09 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 21:06 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 21:10 114688]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 08:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 22:51 233472]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 14:24 49152]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-22 22:33 176128]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 06:42 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 01:16 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
C:\WINDOWS\system32\LgNotify.dll 2005-07-05 05:33 188482 C:\WINDOWS\system32\LgNotify.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 13:31]
R1 fanio;FanIO driver;C:\WINDOWS\system32\drivers\fanio.sys [2007-02-16 05:05]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 13:35]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2002-11-23 00:01]
S3 PCX504;Cisco Systems Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\PCX504.sys [2004-05-04 16:35]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{624746c2-741a-11db-98cd-edf8cb26446b}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-04-27 20:07:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\scardsvr.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2008-04-27 20:12:22 - machine was rebooted [User]
ComboFix-quarantined-files.txt 2008-04-28 00:12:13
ComboFix2.txt 2008-04-27 18:55:21
Pre-Run: 24,882,135,552 bytes free
Post-Run: 24,869,634,560 bytes free
160
Here is my log from Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:14, on 2008-04-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ACUMon] "C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe" -a
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
http://housecall65.t...ivex/hcImpl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\System32\ZipToA.exe
--
End of file - 5598 bytes
The Kaspersky txt:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2008-04-27 21:45
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 27/04/2008
Kaspersky Anti-Virus database records: 727908
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 27571
Number of viruses found: 16
Number of infected objects: 48
Number of suspicious objects: 0
Duration of the scan process: 01:13:32
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\User\.housecall6.6\Quarantine\nnnnKbBQ.dll.bac_a03940 Infected: not-a-virus:AdWare.Win32.Virtumonde.qqw skipped
C:\Documents and Settings\User\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\User\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\History\History.IE5\MSHist012008042720080428\index.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\User\My Documents\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\User\My Documents\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\User\My Documents\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\User\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\User\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\QooBox\Quarantine\C\Documents and Settings\User\Application Data\oljov.exe.vir Infected: not-virus:Hoax.Win32.Renos.bve skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\ASKS~1\wіnword.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.hl skipped
C:\QooBox\Quarantine\C\WINDOWS\default.htm.vir Infected: not-virus:Hoax.HTML.Secureinvites.b skipped
C:\QooBox\Quarantine\C\WINDOWS\lfn.exe.vir Infected: not-virus:Hoax.Win32.Renos.bvd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\000080.exe.vir/stream/data0004 Infected: not-a-virus:AdWare.Win32.AdBand.w skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\000080.exe.vir/stream Infected: not-a-virus:AdWare.Win32.AdBand.w skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\000080.exe.vir NSIS: infected - 2 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\FNTS~1\ati2evxx.exe.vir Infected: Trojan-Downloader.Win32.Agent.kwg skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hgGvuUOG.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ldmvaqsd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qri skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lvwewerg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qrj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ofmgkhnh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qri skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qihudsyf.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qri skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tckscotb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qrj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wmsdkns.exe.vir Infected: not-virus:Hoax.Win32.Renos.bvd skipped
C:\QooBox\Quarantine\C\WINDOWS\winself.exe.vir Infected: Trojan.Win32.DNSChanger.cjd skipped
C:\QooBox\Quarantine\catchme2008-04-27_200540.22.zip/nnnnKbBQ.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qqw skipped
C:\QooBox\Quarantine\catchme2008-04-27_200540.22.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{CC606E13-F5CC-4676-B9CB-33EC86A45153}\RP19\A0009888.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\System Volume Information\_restore{CC606E13-F5CC-4676-B9CB-33EC86A45153}\RP19\A0009888.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{CC606E13-F5CC-4676-B9CB-33EC86A45153}\RP19\A0010901.exe Infected: not-a-virus:AdWare.Win32.AdBand.w skipped
C:\System Volume Information\_restore{CC606E13-F5CC-4676-B9CB-33EC86A45153}\RP19\A0010929.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\System Volume Information\_restore{CC606E13-F5CC-4676-B9CB-33EC86A45153}\RP20\A0012010.exe Infected: not-a-virus:AdWare.Win32.PurityScan.hl skipped
C:\System Volume Information\_restore{CC606E13-F5CC-4676-B9CB-33EC86A45153}\RP20\A0012011.exe Infected: Trojan-Downloader.Win32.Agent.kwg skipped
C:\System Volume Information\_restore{CC606E13-F5CC-4676-B9CB-33EC86A45153}\RP20\A0012046.exe Infected: Trojan.Win32.DNSChanger.cjd skipped
C:\System Volume Information\_restore{CC606E13-F5CC-4676-B9CB-33EC86A45153}\RP20\A0012047.exe Infected: not-virus:Hoax.Win32.Renos.bvd skipped
C:\System Volume Information\_restore{CC606E13-F5CC-4676-B9CB-33EC86A45153}\RP20\A0012048.exe Infected: not-virus:Hoax.Win32.Renos.bvd skipped
C:\System Volume Information\_restore{CC606E13-F5CC-4676-B9CB-33EC86A45153}\RP20\A0012050.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.AdBand.w skipped
C:\System Volume Information\_restore{CC606E13-F5CC-4676-B9CB-33EC86A45153}\RP20\A0012050.exe/stream Infected: not-a-virus:AdWare.Win32.AdBand.w skipped
C:\System Volume Information\_restore{CC606E13-F5CC-4676-B9CB-33EC86A45153}\RP20\A0012050.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{CC606E13-F5CC-4676-B9CB-33EC86A45153}\RP20\A0012051.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrj skipped
C:\System Volume Information\_restore{CC606E13-F5CC-4676-B9CB-33EC86A45153}\RP20\A0012052.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qri skipped
C:\System Volume Information\_restore{CC606E13-F5CC-4676-B9CB-33EC86A45153}\RP22\A0013062.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrj skipped
C:\System Volume Information\_restore{CC606E13-F5CC-4676-B9CB-33EC86A45153}\RP23\A0013117.exe Infected: not-virus:Hoax.Win32.Renos.bve skipped
C:\System Volume Information\_restore{CC606E13-F5CC-4676-B9CB-33EC86A45153}\RP23\A0013118.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{CC606E13-F5CC-4676-B9CB-33EC86A45153}\RP23\A0013121.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qri skipped
C:\System Volume Information\_restore{CC606E13-F5CC-4676-B9CB-33EC86A45153}\RP23\A0014076.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{CC606E13-F5CC-4676-B9CB-33EC86A45153}\RP23\A0014076.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{CC606E13-F5CC-4676-B9CB-33EC86A45153}\RP23\A0014076.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{CC606E13-F5CC-4676-B9CB-33EC86A45153}\RP24\A0015130.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qri skipped
C:\System Volume Information\_restore{CC606E13-F5CC-4676-B9CB-33EC86A45153}\RP24\A0015131.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qrj skipped
C:\System Volume Information\_restore{CC606E13-F5CC-4676-B9CB-33EC86A45153}\RP24\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\mrofinu1000106.exe Infected: Trojan-Downloader.Win32.Homles.bj skipped
C:\WINDOWS\mrofinu72.exe Infected: Trojan-Downloader.Win32.Homles.bj skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\pnVes06\pnVes061083.exe Infected: Trojan-Downloader.Win32.VB.ebf skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_554.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Thanks again!