Active Can't update AVG or go to Windows update page

[Active] Can't update AVG or go to Windows update page

My computer crashed yesterday and had issues trying to download updates to AVG, I disabled the update and ran AVG which found "trojan horse generic.AJIT" and "Trojan horse generic.AJHI ".
I also attempted to run AVG in safe mode but before it got done it rebooted with an auto-shutdown.
I scanned it again this morning and it didn't find the trojan horses but I am still getting nasty pop-ups and can not update AVG or do windows updates.

Need any help with this please, here are the RSIT logs:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Dad at 2009-01-02 05:23:46
Microsoft Windows XP Home Edition Service Pack 2
System drive I: has 26 GB (74%) free of 35 GB
Total RAM: 3071 MB (88% free)

HijackThis download failed

======Scheduled tasks folder======

I:\WINDOWS\tasks\eyyjvgjf.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
I:\WINDOWS\system32\rqRIbCvT.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - I:\Program Files\Java\jre6\bin\ssv.dll [2008-12-31 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - I:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-09-14 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ab70e697-4347-4b8e-a78d-60e6a84dc0a1}]
I:\WINDOWS\system32\naywma.dll [2009-01-01 132608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - I:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-31 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E24496C1-6DC3-4C17-8966-531ED055BFE7}]
I:\WINDOWS\system32\hgGvuRjh.dll [2009-01-01 289792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - I:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-09-14 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "=I:\WINDOWS\System32\NvCpl.dll [2007-10-04 8491008]
"RTHDCPL "=I:\WINDOWS\RTHDCPL.EXE [2008-08-31 16862208]
"Alcmtr "=I:\WINDOWS\ALCMTR.EXE [2008-08-31 69632]
"NvMediaCenter "=I:\WINDOWS\System32\NvMcTray.dll [2007-10-04 81920]
"AVG8_TRAY "=I:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-27 1261336]
"SunJavaUpdateSched "=I:\Program Files\Java\jre6\bin\jusched.exe [2008-12-31 136600]
"prunnet "=I:\WINDOWS\system32\prunnet.exe []
"nwiz "=nwiz.exe /install []
"Adobe Reader Speed Launcher "=I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"407f0733 "=I:\WINDOWS\system32\yvbjejkw.dll [2009-01-01 90112]
"2Wire Wireless Manager "=I:\Program Files\2Wire Wireless Manager\2Wire.exe -a []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RegistryCleanerProMFCT "=I:\Program Files\RegistryCleanerPro\RegistryCleanerPro.exe []
"cdloader "=I:\Documents and Settings\Dad\Application Data\mjusbsp\cdloader2.exe [2008-12-17 50520]

I:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - I:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS "= "avgrsstx.dll naywma.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqRIbCvT]
rqRIbCvT.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} "=I:\WINDOWS\system32\rqRIbCvT.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages "=msv1_0
I:\WINDOWS\system32\hgGvuRjh

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe "= "C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad "
"I:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE "= "I:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook "
"I:\Program Files\AVG\AVG8\avgupd.exe "= "I:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe "
"I:\WINDOWS\system32\dpvsetup.exe "= "I:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test "
"I:\WINDOWS\system32\rundll32.exe "= "I:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App "
"F:\EverQuest Trilogy\eqgame.exe "= "F:\EverQuest Trilogy\eqgame.exe:*:Enabled:eqgame "
"I:\Documents and Settings\Dad\Application Data\mjusbsp\magicJack.exe "= "I:\Documents and Settings\Dad\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
shell\AutoRun\command - J:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
shell\AutoRun\command - K:\autorun.exe
shell\phone\command - K:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f2f1c90-76a2-11dd-8e8f-806d6172696f}]
shell\AutoRun\command - J:\setup.exe


======List of files/folders created in the last 3 months======

2009-01-02 05:23:46 ----D---- I:\rsit
2009-01-02 05:23:46 ----D---- I:\Program Files\trend micro
2009-01-01 20:54:11 ----A---- I:\WINDOWS\system32\MSVolume.dll
2009-01-01 20:54:09 ----D---- I:\Program Files\RegistryCleanerPro
2009-01-01 18:35:22 ----A---- I:\WINDOWS\system32\naywma.dll
2009-01-01 18:35:22 ----A---- I:\WINDOWS\system32\jnjtdimd.dll
2009-01-01 18:33:21 ----SH---- I:\WINDOWS\system32\wkjejbvy.ini
2009-01-01 18:33:17 ----A---- I:\WINDOWS\system32\yvbjejkw.dll
2009-01-01 18:32:47 ----A---- I:\WINDOWS\system32\4b5cc34d-.txt
2009-01-01 18:32:20 ----ASH---- I:\WINDOWS\system32\hjRuvGgh.ini2
2009-01-01 18:32:20 ----ASH---- I:\WINDOWS\system32\hjRuvGgh.ini
2009-01-01 18:32:16 ----A---- I:\WINDOWS\system32\hgGvuRjh.dll
2009-01-01 18:11:48 ----D---- I:\WINDOWS\Sun
2008-12-31 18:47:16 ----D---- I:\Program Files\Magelo
2008-12-31 18:44:46 ----A---- I:\WINDOWS\system32\javaws.exe
2008-12-31 18:44:46 ----A---- I:\WINDOWS\system32\javaw.exe
2008-12-31 18:44:46 ----A---- I:\WINDOWS\system32\deploytk.dll
2008-12-31 18:44:45 ----A---- I:\WINDOWS\system32\java.exe
2008-12-31 18:44:32 ----D---- I:\Program Files\Java
2008-12-31 18:44:00 ----D---- I:\Documents and Settings\Dad\Application Data\Sun
2008-12-12 17:31:26 ----D---- I:\Documents and Settings\All Users\Application Data\MSN6
2008-12-12 17:31:25 ----D---- I:\Documents and Settings\Dad\Application Data\MSN6
2008-11-10 05:06:57 ----HD---- I:\$AVG8.VAULT$

======List of files/folders modified in the last 3 months======

2009-01-02 05:23:46 ----RD---- I:\Program Files
2009-01-02 05:23:14 ----D---- I:\WINDOWS\Temp
2009-01-02 05:22:21 ----D---- I:\Documents and Settings\Dad\Application Data\mjusbsp
2009-01-02 05:21:12 ----A---- I:\WINDOWS\SchedLgU.Txt
2009-01-02 05:21:03 ----A---- I:\WINDOWS\win.ini
2009-01-02 05:21:03 ----A---- I:\WINDOWS\system.ini
2009-01-02 04:57:09 ----D---- I:\WINDOWS\system32
2009-01-01 21:38:53 ----A---- I:\WINDOWS\ntbtlog.txt
2009-01-01 21:04:05 ----D---- I:\Documents and Settings
2009-01-01 20:57:19 ----SHD---- I:\WINDOWS\Installer
2009-01-01 20:57:19 ----D---- I:\Documents and Settings\All Users\Application Data\2Wire
2009-01-01 20:57:17 ----D---- I:\Program Files\2Wire Wireless Manager
2009-01-01 20:57:17 ----D---- I:\Config.Msi
2009-01-01 20:57:03 ----D---- I:\Program Files\Common Files\InstallShield
2009-01-01 20:56:54 ----HD---- I:\WINDOWS\inf
2009-01-01 20:56:51 ----D---- I:\WINDOWS\system32\CatRoot2
2009-01-01 20:56:49 ----HD---- I:\Program Files\InstallShield Installation Information
2009-01-01 20:56:49 ----D---- I:\WINDOWS\system32\drivers
2009-01-01 20:54:20 ----D---- I:\WINDOWS\Prefetch
2009-01-01 18:48:30 ----D---- I:\Documents and Settings\All Users\Application Data\Avg8
2009-01-01 18:27:16 ----SD---- I:\WINDOWS\Tasks
2009-01-01 18:11:48 ----D---- I:\WINDOWS
2009-01-01 18:11:29 ----D---- I:\WINDOWS\Registration
2008-12-27 08:19:32 ----D---- I:\Program Files\WinEQ2
2008-12-24 19:25:26 ----D---- I:\WINDOWS\system32\config
2008-12-24 19:25:13 ----D---- I:\WINDOWS\system32\wbem
2008-12-07 15:23:51 ----SD---- I:\Documents and Settings\Dad\Application Data\Microsoft
2008-12-07 15:23:50 ----D---- I:\Documents and Settings\Dad\Application Data\Ventrilo
2008-12-05 07:09:20 ----D---- I:\Program Files\Common Files\System
2008-11-30 03:05:47 ----D---- I:\Documents and Settings\Dad\Application Data\Mozilla
2008-11-22 18:02:56 ----RSHDC---- I:\WINDOWS\system32\dllcache
2008-11-17 14:57:16 ----D---- I:\WINDOWS\Help
2008-11-13 18:23:53 ----A---- I:\WINDOWS\system32\PerfStringBackup.INI
2008-11-10 05:06:58 ----D---- I:\WINDOWS\system32\Tools
2008-10-16 14:13:40 ----A---- I:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- I:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- I:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- I:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- I:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- I:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- I:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- I:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- I:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- I:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- I:\WINDOWS\system32\wuaueng.dll.mui
2008-10-09 20:52:56 ----RSD---- I:\WINDOWS\assembly
2008-10-09 20:52:56 ----D---- I:\WINDOWS\Microsoft.NET
2008-10-09 19:11:30 ----D---- I:\WINDOWS\WinSxS
2008-10-09 19:11:14 ----D---- I:\WINDOWS\system32\mui

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; I:\WINDOWS\System32\Drivers\avgldx86.sys [2008-09-14 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; I:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-09-14 26824]
R1 intelppm;Intel Processor Driver; I:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; I:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Microsoft HID Class Driver; I:\WINDOWS\System32\DRIVERS\hidusb.sys [2003-03-31 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); I:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-08-31 4739072]
R3 mouhid;Mouse HID Driver; I:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-03-31 12160]
R3 nv;nv; I:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2007-10-04 6854464]
R3 RT2500USB;Wireless USB Card Driver; I:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2005-09-30 242432]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; I:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; I:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;USB Mass Storage Driver; I:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; I:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 GMSIPCI;GMSIPCI; \??\J:\INSTALL\GMSIPCI.SYS []
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; \??\I:\WINDOWS\System32\PCTINDIS5.SYS []
S3 RimUsb;BlackBerry Smartphone; I:\WINDOWS\System32\Drivers\RimUsb.sys [2007-05-14 22656]
S3 usbaudio;USB Audio Driver (WDM); I:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; I:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS); I:\WINDOWS\System32\DRIVERS\zd1211Bu.sys []
S4 IntelIde;IntelIde; I:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG8 WatchDog; I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-14 231704]
R2 JavaQuickStarterService;Java Quick Starter; I:\Program Files\Java\jre6\bin\jqs.exe [2008-12-31 152984]
R2 NVSvc;NVIDIA Display Driver Service; I:\WINDOWS\System32\nvsvc32.exe [2007-10-04 155716]
S3 aspnet_state;ASP.NET State Service; I:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; I:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 odserv;Microsoft Office Diagnostics Service; I:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; I:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------


Info:

info.txt logfile of random's system information tool 1.05 2009-01-02 05:23:48

======Uninstall list======

-->msiexec /package {90120000-001A-0000-0000-0000000FF1CE} /uninstall {BE2E11CC-5DF5-4AF0-9131-932F4A8B51FC}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 I:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->I:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Advertisement Service-->I:\WINDOWS\system32\prunnet.exe Uninstall
AVG Free 8.0-->I:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
High Definition Audio Driver Package - KB888111--> "I:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe "
Hotfix for Office (KB941275)-->msiexec /package {90120000-001A-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Magelo Sync (uninstall only)--> "I:\Program Files\Magelo\Magelo Sync\UnInstall.exe "
MetaFrame Presentation Server Web Client for Win32-->I:\WINDOWS\system32\ctxsetup.exe /uninst I:\PROGRA~1\Citrix\icaweb32\uninst.inf
Microsoft .NET Framework 2.0-->I:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office 2000 SR-1 Professional-->MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Outlook 2007--> "I:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall OUTLOOK /dll OSETUP.DLL
Microsoft Office Outlook 2007-->MsiExec.exe /X{90120000-001A-0000-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
NVIDIA Drivers-->I:\WINDOWS\system32\nvuninst.exe UninstallGUI
Realtek High Definition Audio Driver-->RunDll32 I:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Security Update for Windows Media Player (KB911564)--> "I:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe "
Security Update for Windows Media Player 9 (KB911565)--> "I:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe "
Security Update for Windows XP (KB890046)--> "I:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe "
Security Update for Windows XP (KB893756)--> "I:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe "
Security Update for Windows XP (KB896358)--> "I:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe "
Security Update for Windows XP (KB896423)--> "I:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe "
Security Update for Windows XP (KB896424)--> "I:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe "
Security Update for Windows XP (KB896428)--> "I:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe "
Security Update for Windows XP (KB899587)--> "I:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe "
Security Update for Windows XP (KB899591)--> "I:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe "
Security Update for Windows XP (KB900725)--> "I:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe "
Security Update for Windows XP (KB901017)--> "I:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe "
Security Update for Windows XP (KB901214)--> "I:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe "
Security Update for Windows XP (KB904706)--> "I:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe "
Security Update for Windows XP (KB905414)--> "I:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe "
Security Update for Windows XP (KB905749)--> "I:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe "
Security Update for Windows XP (KB908519)--> "I:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe "
Security Update for Windows XP (KB911562)--> "I:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe "
Security Update for Windows XP (KB911927)--> "I:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe "
Security Update for Windows XP (KB912919)--> "I:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe "
Security Update for Windows XP (KB913580)--> "I:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe "
Security Update for Windows XP (KB914388)--> "I:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe "
Security Update for Windows XP (KB914389)--> "I:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe "
Security Update for Windows XP (KB917344)--> "I:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe "
Security Update for Windows XP (KB917422)--> "I:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe "
Security Update for Windows XP (KB917953)--> "I:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe "
Security Update for Windows XP (KB919007)--> "I:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe "
Security Update for Windows XP (KB920670)--> "I:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe "
Security Update for Windows XP (KB920683)--> "I:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe "
Security Update for Windows XP (KB920685)--> "I:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe "
Security Update for Windows XP (KB921398)--> "I:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe "
Security Update for Windows XP (KB921883)--> "I:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe "
Security Update for Windows XP (KB922616)--> "I:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe "
Security Update for Windows XP (KB922819)--> "I:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe "
Security Update for Windows XP (KB923191)--> "I:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe "
Security Update for Windows XP (KB923414)--> "I:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe "
Security Update for Windows XP (KB924191)--> "I:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe "
Security Update for Windows XP (KB924496)--> "I:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe "
Update for Office 2007 (KB946691)-->msiexec /package {90120000-001A-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Windows XP (KB898461)--> "I:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe "
Update for Windows XP (KB908531)--> "I:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe "
Update for Windows XP (KB910437)--> "I:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe "
Update for Windows XP (KB911280)--> "I:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe "
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Windows Installer 3.1 (KB893803)--> "I:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe "
Windows XP Hotfix - KB873333-->I:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->I:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->I:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->I:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->I:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859--> "I:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe "
Windows XP Hotfix - KB891781-->I:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Service Pack 2-->I:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe

======Security center information======

AV: AVG Anti-Virus Free

System event log

Computer Name: DADSHOME
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk1\D.

Record Number: 18368
Source Name: Disk
Time Written: 20090101130319.000000-300
Event Type: error
User:

Computer Name: DADSHOME
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk1\D.

Record Number: 18367
Source Name: Disk
Time Written: 20090101130314.000000-300
Event Type: error
User:

Computer Name: DADSHOME
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk1\D.

Record Number: 18366
Source Name: Disk
Time Written: 20090101130309.000000-300
Event Type: error
User:

Computer Name: DADSHOME
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk1\D.

Record Number: 18365
Source Name: Disk
Time Written: 20090101130304.000000-300
Event Type: error
User:

Computer Name: DADSHOME
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk1\D.

Record Number: 18364
Source Name: Disk
Time Written: 20090101130259.000000-300
Event Type: error
User:

Application event log

Computer Name: DADSHOME
Event Code: 7
Message: Successful auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

Record Number: 310
Source Name: crypt32
Time Written: 20081005170743.000000-240
Event Type: information
User:

Computer Name: DADSHOME
Event Code: 2
Message: Successful auto update retrieval of third-party root list cab from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

Record Number: 309
Source Name: crypt32
Time Written: 20080926170719.000000-240
Event Type: information
User:

Computer Name: DADSHOME
Event Code: 7
Message: Successful auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

Record Number: 308
Source Name: crypt32
Time Written: 20080926170719.000000-240
Event Type: information
User:

Computer Name: DADSHOME
Event Code: 1002
Message: Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 307
Source Name: Application Hang
Time Written: 20080925194554.000000-240
Event Type: error
User:

Computer Name: DADSHOME
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 306
Source Name: SecurityCenter
Time Written: 20080921134415.000000-240
Event Type: information
User:

======Environment variables======

"ComSpec "=%SystemRoot%\system32\cmd.exe
"Path "=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir "=%SystemRoot%
"OS "=Windows_NT
"PROCESSOR_ARCHITECTURE "=x86
"PROCESSOR_LEVEL "=6
"PROCESSOR_IDENTIFIER "=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION "=0f0b
"NUMBER_OF_PROCESSORS "=2
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK "=NO

-----------------EOF-----------------

 

I downloaded RSIT on another PC and transferred it by thumbdrive, I disabled the firewall and no matter what I do it says "Hijack This Failed to download ".
So how do I get it to download?

 

If you know what your doing I am good with it here is the HiJack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:11:17 AM, on 1/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\Explorer.EXE
I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
I:\Program Files\Java\jre6\bin\jqs.exe
I:\WINDOWS\System32\nvsvc32.exe
I:\WINDOWS\RTHDCPL.EXE
I:\WINDOWS\system32\RUNDLL32.EXE
I:\Program Files\Java\jre6\bin\jusched.exe
I:\WINDOWS\system32\rundll32.exe
I:\PROGRA~1\AVG\AVG8\avgrsx.exe
I:\Program Files\WinEQ2\WinEQ2.exe
I:\WINDOWS\system32\rundll32.exe
I:\WINDOWS\system32\rundll32.exe
I:\Documents and Settings\Dad\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - I:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] I:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [prunnet] "I:\WINDOWS\system32\prunnet.exe "
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [407f0733] rundll32.exe "I:\WINDOWS\system32\yvbjejkw.dll ",b
O4 - HKLM\..\Run: [2Wire Wireless Manager] "I:\Program Files\2Wire Wireless Manager\2Wire.exe" -a
O4 - HKCU\..\Run: [RegistryCleanerProMFCT] I:\Program Files\RegistryCleanerPro\RegistryCleanerPro.exe
O4 - HKCU\..\Run: [cdloader] "I:\Documents and Settings\Dad\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - Global Startup: Microsoft Office.lnk = I:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://notesshecl1.pb.com/iNotes6W.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1220125847203
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://connect2.pb.com/dana-cached/setup/JuniperSetupSP1.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - I:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll naywma.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - I:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\System32\nvsvc32.exe

--
End of file - 3629 bytes

 

well its been 2 days since hte last post by Pete thanks, but seems no more responses on analysing my logs, do I need to go to another board to get help?

Thanks

 

Hi wildone34134,

You may need to use another computer to download the following tool, then transfer it to the affected machine. Download ComboFix by sUBs from here, saving the file to your desktop.


Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click ComboFix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

here is combofix log

ComboFix 09-01-05.02 - Dad 2009-01-05 17:16:54.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3071.2727 [GMT -5:00]
Running from: i:\documents and settings\Dad\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

i:\docume~1\Dad\LOCALS~1\Temp\tmp2.tmp
i:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
i:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
i:\windows\system32\ahtn.htm
i:\windows\system32\drivers\seneka.sys
i:\windows\system32\drivers\senekauiurrvim.sys
i:\windows\system32\frmwrk32.exe
i:\windows\system32\getarrmc.dll
i:\windows\system32\hdmnakfm.ini
i:\windows\system32\hgGvuRjh.dll
i:\windows\system32\hjRuvGgh.ini
i:\windows\system32\hjRuvGgh.ini2
i:\windows\system32\inlujlqv.dll
i:\windows\system32\jnjtdimd.dll
i:\windows\system32\kioryk.dll
i:\windows\system32\mdm.exe
i:\windows\system32\mfkanmdh.dll
i:\windows\system32\MSVolume.dll
i:\windows\system32\naywma.dll
i:\windows\system32\ntdll64.exe
i:\windows\system32\ntwlrwky.dll
i:\windows\system32\okeswoyc.dll
i:\windows\system32\seneka.dat
i:\windows\system32\senekadf.dat
i:\windows\system32\senekalog.dat
i:\windows\system32\senekaoyjppbvt.dll
i:\windows\system32\senekatwkrqlrg.dll
i:\windows\system32\senekaxblxylqp.dll
i:\windows\system32\toamju.dll
i:\windows\system32\uniq.tll
i:\windows\system32\warning.gif
i:\windows\system32\wfuippib.ini
i:\windows\system32\win32hlp.cnf
i:\windows\system32\wkjejbvy.ini
i:\windows\system32\ykwrlwtn.ini
i:\windows\system32\ypwrnb.dll

----- BITS: Possible infected sites -----

hxxp://childhe.com
hxxp://patch.everquest.com:7001
Infected copy of i:\windows\system32\userinit.exe was found and disinfected
Restored copy from - i:\windows\ServicePackFiles\i386\userinit.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SENEKA


((((((((((((((((((((((((( Files Created from 2008-12-05 to 2009-01-05 )))))))))))))))))))))))))))))))
.

2009-01-05 07:36 . 2009-01-05 07:36 24,576 --a------ i:\windows\system32\pcload.exe
2009-01-02 05:23 . 2009-01-02 05:23 <DIR> d-------- I:\rsit
2009-01-02 05:23 . 2009-01-02 05:23 <DIR> d-------- i:\program files\trend micro
2009-01-01 21:04 . 2009-01-01 21:05 <DIR> d-------- i:\documents and settings\Administrator
2009-01-01 20:54 . 2009-01-01 20:57 <DIR> d-------- i:\program files\RegistryCleanerPro
2009-01-01 19:01 . 2009-01-01 19:01 <DIR> d-------- i:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR
2009-01-01 18:11 . 2009-01-01 18:11 <DIR> d-------- i:\windows\Sun
2008-12-31 18:47 . 2008-12-31 18:47 <DIR> d-------- i:\program files\Magelo
2008-12-31 18:44 . 2008-12-31 18:44 <DIR> d-------- i:\program files\Java
2008-12-31 18:44 . 2008-12-31 18:44 410,984 --a------ i:\windows\system32\deploytk.dll
2008-12-31 18:44 . 2008-12-31 18:44 73,728 --a------ i:\windows\system32\javacpl.cpl
2008-12-12 17:31 . 2008-12-12 17:31 <DIR> d-------- i:\documents and settings\Dad\Application Data\MSN6
2008-12-12 17:31 . 2008-12-12 17:31 <DIR> d-------- i:\documents and settings\All Users\Application Data\MSN6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 10:22 --------- d-----w i:\documents and settings\Dad\Application Data\mjusbsp
2009-01-02 01:57 --------- d-----w i:\program files\Common Files\InstallShield
2009-01-02 01:57 --------- d-----w i:\program files\2Wire Wireless Manager
2009-01-02 01:57 --------- d-----w i:\documents and settings\All Users\Application Data\2Wire
2009-01-02 01:56 --------- d--h--w i:\program files\InstallShield Installation Information
2009-01-01 23:48 --------- d-----w i:\documents and settings\All Users\Application Data\Avg8
2008-12-27 13:19 --------- d-----w i:\program files\WinEQ2
2008-12-07 20:23 --------- d-----w i:\documents and settings\Dad\Application Data\Ventrilo
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "i:\windows\system32\NvCpl.dll" [2007-10-04 8491008]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop "= 1 (0x1)
"NoActiveDesktopChanges "= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=avgrsstx.dll ypwrnb.dll

[HKLM\~\startupfolder\I:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=i:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=i:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 i:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
--a------ 2008-11-27 08:36 1261336 i:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
--a------ 2008-12-17 13:36 50520 i:\documents and settings\Dad\Application Data\mjusbsp\cdloader2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-10-04 16:14 8491008 i:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-10-04 16:14 81920 i:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-31 18:44 136600 i:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2008-08-31 13:42 69632 i:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-16 13:01 1630208 i:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2008-08-31 13:42 16862208 i:\windows\RTHDCPL.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe "=
"i:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"i:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"i:\\WINDOWS\\system32\\dpvsetup.exe "=
"f:\\EverQuest Trilogy\\eqgame.exe "=
"i:\\Documents and Settings\\Dad\\Application Data\\mjusbsp\\magicJack.exe "=

R1 AvgLdx86;AVG AVI Loader Driver x86;i:\windows\system32\drivers\avgldx86.sys [2008-09-14 97928]
R4 avg8wd;AVG8 WatchDog;i:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-14 231704]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\autorun.exe
\Shell\phone\command - K:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f2f1c90-76a2-11dd-8e8f-806d6172696f}]
\Shell\AutoRun\command - J:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-05 i:\windows\Tasks\eyyjvgjf.job
- i:\windows\system32\rundll32.exe [2004-08-04 02:56]
.
- - - - ORPHANS REMOVED - - - -

BHO-{389efcc2-9a70-4fb8-bd7b-d8c8be7a87e5} - i:\windows\system32\ypwrnb.dll
BHO-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - i:\windows\system32\rqRIbCvT.dll
BHO-{884F2940-2C74-4A00-A807-0830E05FE466} - i:\windows\system32\hgGvuRjh.dll
ShellExecuteHooks-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - i:\windows\system32\rqRIbCvT.dll
Notify-rqRIbCvT - rqRIbCvT.dll
MSConfigStartUp-2Wire Wireless Manager - i:\program files\2Wire Wireless Manager\2Wire.exe
MSConfigStartUp-407f0733 - i:\windows\system32\ntwlrwky.dll
MSConfigStartUp-prunnet - i:\windows\system32\prunnet.exe
MSConfigStartUp-RegistryCleanerProMFCT - i:\program files\RegistryCleanerPro\RegistryCleanerPro.exe
MSConfigStartUp-Framework Windows - frmwrk32.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
LSP: i:\windows\TEMP\ntdll64.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-05 17:20:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
i:\program files\Java\jre6\bin\jqs.exe
i:\windows\system32\nvsvc32.exe
i:\program files\AVG\AVG8\avgrsx.exe
i:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-05 17:21:33 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-05 22:21:30

Pre-Run: 27,285,299,200 bytes free
Post-Run: 27,562,590,208 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(7)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(7)\WINDOWS= "Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition" /fastdetect

181 --- E O F --- 2008-08-30 20:42:38

 

Please run ComboFix once more as previously described, then post the new log here.

 

here is Combofix run again

ComboFix 09-01-05.05 - Dad 2009-01-06 6:48:42.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3071.2573 [GMT -5:00]
Running from: i:\documents and settings\Dad\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((( Files Created from 2008-12-06 to 2009-01-06 )))))))))))))))))))))))))))))))
.

2009-01-05 18:18 . 2009-01-05 18:18 <DIR> d-------- i:\windows\LastGood
2009-01-02 05:23 . 2009-01-02 05:23 <DIR> d-------- I:\rsit
2009-01-02 05:23 . 2009-01-02 05:23 <DIR> d-------- i:\program files\trend micro
2009-01-01 21:04 . 2009-01-01 21:05 <DIR> d-------- i:\documents and settings\Administrator
2009-01-01 20:54 . 2009-01-01 20:57 <DIR> d-------- i:\program files\RegistryCleanerPro
2009-01-01 19:01 . 2009-01-01 19:01 <DIR> d-------- i:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR
2009-01-01 18:11 . 2009-01-01 18:11 <DIR> d-------- i:\windows\Sun
2008-12-31 18:47 . 2008-12-31 18:47 <DIR> d-------- i:\program files\Magelo
2008-12-31 18:44 . 2008-12-31 18:44 <DIR> d-------- i:\program files\Java
2008-12-31 18:44 . 2008-12-31 18:44 410,984 --a------ i:\windows\system32\deploytk.dll
2008-12-31 18:44 . 2008-12-31 18:44 73,728 --a------ i:\windows\system32\javacpl.cpl
2008-12-12 17:31 . 2008-12-12 17:31 <DIR> d-------- i:\documents and settings\Dad\Application Data\MSN6
2008-12-12 17:31 . 2008-12-12 17:31 <DIR> d-------- i:\documents and settings\All Users\Application Data\MSN6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 10:22 --------- d-----w i:\documents and settings\Dad\Application Data\mjusbsp
2009-01-02 01:57 --------- d-----w i:\program files\Common Files\InstallShield
2009-01-02 01:57 --------- d-----w i:\program files\2Wire Wireless Manager
2009-01-02 01:57 --------- d-----w i:\documents and settings\All Users\Application Data\2Wire
2009-01-02 01:56 --------- d--h--w i:\program files\InstallShield Installation Information
2009-01-01 23:48 --------- d-----w i:\documents and settings\All Users\Application Data\Avg8
2008-12-27 13:19 --------- d-----w i:\program files\WinEQ2
2008-12-07 20:23 --------- d-----w i:\documents and settings\Dad\Application Data\Ventrilo
2008-10-16 19:13 202,776 ----a-w i:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w i:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w i:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w i:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w i:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w i:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w i:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w i:\windows\system32\wups.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-05_17.21.08.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-05 23:07:58 16,384 ----atw i:\windows\Temp\Perflib_Perfdata_66c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "i:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"AVG8_TRAY "= "i:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"MSConfig "= "i:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 158208]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop "= 1 (0x1)
"NoActiveDesktopChanges "= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=avgrsstx.dll ypwrnb.dll

[HKLM\~\startupfolder\I:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=i:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=i:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 i:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
--a------ 2008-12-17 13:36 50520 i:\documents and settings\Dad\Application Data\mjusbsp\cdloader2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-10-04 16:14 8491008 i:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-10-04 16:14 81920 i:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-12-31 18:44 136600 i:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2008-08-31 13:42 69632 i:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-16 13:01 1630208 i:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2008-08-31 13:42 16862208 i:\windows\RTHDCPL.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe "=
"i:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"i:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"i:\\WINDOWS\\system32\\dpvsetup.exe "=
"f:\\EverQuest Trilogy\\eqgame.exe "=
"i:\\Documents and Settings\\Dad\\Application Data\\mjusbsp\\magicJack.exe "=

R1 AvgLdx86;AVG AVI Loader Driver x86;i:\windows\system32\drivers\avgldx86.sys [2008-09-14 97928]
R4 avg8wd;AVG8 WatchDog;i:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-14 231704]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\autorun.exe
\Shell\phone\command - K:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f2f1c90-76a2-11dd-8e8f-806d6172696f}]
\Shell\AutoRun\command - J:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-06 i:\windows\Tasks\eyyjvgjf.job
- i:\windows\system32\rundll32.exe [2004-08-04 02:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-06 06:49:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)
i:\windows\system32\avgrsstx.dll

- - - - - - - > 'lsass.exe'(732)
i:\windows\system32\avgrsstx.dll
.
Completion time: 2009-01-06 6:49:38
ComboFix-quarantined-files.txt 2009-01-06 11:49:30
ComboFix2.txt 2009-01-06 11:47:55
ComboFix3.txt 2009-01-05 22:44:56
ComboFix4.txt 2009-01-05 22:21:33

Pre-Run: 27,193,745,408 bytes free
Post-Run: 27,182,616,576 bytes free

126 --- E O F --- 2008-08-30 20:42:38

 

Appears you ran ComboFix 3 more times. Please post the contents of C:\Qoobox\ComboFix2.txt and C:\Qoobox\ComboFix3.txt
I'll review this evening after work.