Solved Re-installing Windows XP to remove Virus without original disks

[Resolved] Re-installing Windows XP to remove Virus without original disks

Hi, I recently got hit with a big wave of viruses and spyware which have slowed down my computer a great deal. AVG and Ad-Aware have found all they can but my computer is still playing up with all sorts of spyware, and still says VIRUS ALERT! by the clock.

I figured the easiest way to deal with it would be to clear my Hard drive and reinstall XP, but I was given this computer and I do not have the installation disks. I was told that if you re-install windows without a license then your computer gives you a few days and then stops working permanently. Is it safe for me to have windows reinstalled from a friends disks? Cheers, Justin.

 

Hi Justin

No it is not, It's called pirated software and is illegal.

Your computer can more then likely be cleaned.

If you want to give it a go follow these instructions.

Please download RSIT.exe, Run a scan and post the logs in this thread.
Links and instructions here.

Geri

 

RSIT scan results

OK, the log file contains...

Logfile of random's system information tool 1.04 (written by random/random)
Run by Justin at 2008-11-21 15:44:51
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 64 GB (56%) free of 114 GB
Total RAM: 511 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:45: VIRUS ALERT!, on 11/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Justin\Desktop\RSIT.exe
C:\Program Files\trend micro\Justin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = About:Blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {0CDC8D7B-BA78-420C-893B-A5183A5A6F3B} - C:\WINDOWS\system32\wvUnLDwW.dll (file missing)
O2 - BHO: (no name) - {159229C1-C44F-42D8-AEC6-09FBFB6375FC} - C:\WINDOWS\system32\opnnmMcC.dll (file missing)
O2 - BHO: (no name) - {54D58DB7-2B8C-4733-8417-7BA1368305A3} - C:\WINDOWS\system32\byXOfEXo.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: {d091192d-d8ff-dd1a-fa94-176bc1d9ebe7} - {7ebe9d1c-b671-49af-a1dd-ff8dd291190d} - C:\WINDOWS\system32\wufsvg.dll
O2 - BHO: (no name) - {83081BA6-C044-4A13-A928-87D70956B409} - C:\WINDOWS\system32\ddcASiHb.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: QXK Olive - {A1AA0364-0E20-48D2-BC4B-F44EA78CE955} - C:\WINDOWS\grfxbanomvt.dll (file missing)
O2 - BHO: (no name) - {BF9A1924-E2E1-4E6C-BC02-CBCDE6B04462} - C:\WINDOWS\system32\awtrRLEw.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: rosqxvmn - {ED2FC0D9-9ABF-42E3-96F8-049740A1C435} - C:\WINDOWS\rosqxvmn.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [34fa3ad6] rundll32.exe "C:\WINDOWS\system32\gnskxceu.dll ",b
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [encmd] C:\WINDOWS\system32\gnqtwfkd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [xy6mB2LbE1] C:\Documents and Settings\All Users\Application Data\edqvebmf\uhgryvux.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll wufsvg.dll
O20 - Winlogon Notify: opnnmMcC - opnnmMcC.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys

--
End of file - 5953 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CDC8D7B-BA78-420C-893B-A5183A5A6F3B}]
C:\WINDOWS\system32\wvUnLDwW.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{159229C1-C44F-42D8-AEC6-09FBFB6375FC}]
C:\WINDOWS\system32\opnnmMcC.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54D58DB7-2B8C-4733-8417-7BA1368305A3}]
C:\WINDOWS\system32\byXOfEXo.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7ebe9d1c-b671-49af-a1dd-ff8dd291190d}]
C:\WINDOWS\system32\wufsvg.dll [2008-11-21 115712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83081BA6-C044-4A13-A928-87D70956B409}]
C:\WINDOWS\system32\ddcASiHb.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-04 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1AA0364-0E20-48D2-BC4B-F44EA78CE955}]
QXK Olive - C:\WINDOWS\grfxbanomvt.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF9A1924-E2E1-4E6C-BC02-CBCDE6B04462}]
C:\WINDOWS\system32\awtrRLEw.dll [2008-10-23 270336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-04 2055960]
{ED2FC0D9-9ABF-42E3-96F8-049740A1C435} - rosqxvmn - C:\WINDOWS\rosqxvmn.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "=C:\WINDOWS\system32\NvCpl.dll [2004-09-30 4603904]
"nwiz "=nwiz.exe /install []
"NvMediaCenter "=C:\WINDOWS\system32\NvMcTray.dll [2004-09-30 86016]
"Cmaudio "=RunDll32 cmicnfg.cpl []
"NWEReboot "= []
"AVG8_TRAY "=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-09-30 1234712]
"SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"QuickTime Task "=C:\Program Files\QuickTime\QTTask.exe [2008-03-29 413696]
"iTunesHelper "=C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]
"34fa3ad6 "=C:\WINDOWS\system32\gnskxceu.dll [2008-11-21 77312]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"xy6mB2LbE1 "=C:\Documents and Settings\All Users\Application Data\edqvebmf\uhgryvux.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LaunchList "=C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe [2007-03-21 145496]
"encmd "=C:\WINDOWS\system32\gnqtwfkd.exe []
"MSMSGS "=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS "= "avgrsstx.dll wufsvg.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnnmMcC]
opnnmMcC.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{159229C1-C44F-42D8-AEC6-09FBFB6375FC} "=C:\WINDOWS\system32\opnnmMcC.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages "=msv1_0
C:\WINDOWS\system32\awtrRLEw

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr "=1
"DisableRegistryTools "=1
"NoDispCPL "=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=145
"NoToolbarCustomize "=1
"StartMenuLogoff "=1
"NoStartMenuMorePrograms "=1
"NoSetFolders "=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\AVG\AVG8\avgupd.exe "= "C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe "
"C:\Program Files\AVG\AVG8\avgemc.exe "= "C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe "
"C:\Program Files\iTunes\iTunes.exe "= "C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes "
"C:\Program Files\Pinnacle\Studio 11\programs\RM.exe "= "C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Bonjour\mDNSResponder.exe "= "C:\Program Files\Bonjour\mDNSResponder.exe:*isabled:Bonjour "
"C:\Program Files\LimeWire\LimeWire.exe "= "C:\Program Files\LimeWire\LimeWire.exe:*isabled:LimeWire "
"C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe "= "C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*isabledMSRegisterFile "
"C:\WINDOWS\system32\sessmgr.exe "= "C:\WINDOWS\system32\sessmgr.exe:*isabledxpsp2res.dll,-22019 "
"C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe "= "C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:*isabled:Studio "
"C:\Program Files\Pinnacle\Studio 11\programs\umi.exe "= "C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:*isabled:umi "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "

======List of files/folders created in the last 3 months======

2008-11-21 15:44:52 ----D---- C:\Program Files\trend micro
2008-11-21 15:44:51 ----D---- C:\rsit
2008-11-21 15:06:00 ----SH---- C:\WINDOWS\system32\uecxksng.ini
2008-11-21 15:05:55 ----A---- C:\WINDOWS\system32\gnskxceu.dll
2008-11-21 15:03:44 ----A---- C:\WINDOWS\system32\wufsvg.dll
2008-11-21 15:03:43 ----A---- C:\WINDOWS\system32\hdhboaeh.dll
2008-11-20 16:53:28 ----SH---- C:\WINDOWS\system32\lwwccyti.ini
2008-11-20 16:53:26 ----A---- C:\WINDOWS\system32\ityccwwl.dll
2008-11-20 16:50:40 ----A---- C:\WINDOWS\system32\ukejhc.dll
2008-11-20 16:50:39 ----A---- C:\WINDOWS\system32\apydkywc.dll
2008-11-17 18:16:32 ----SH---- C:\WINDOWS\system32\sdxtnyyi.ini
2008-11-17 18:14:24 ----A---- C:\WINDOWS\system32\dehmdd.dll
2008-11-17 18:14:19 ----A---- C:\WINDOWS\system32\frmrgjgq.dll
2008-11-14 12:23:50 ----SH---- C:\WINDOWS\system32\qtiguqtn.ini
2008-11-14 12:23:47 ----A---- C:\WINDOWS\system32\ntqugitq.dll
2008-11-14 12:21:01 ----A---- C:\WINDOWS\system32\nwjrnf.dll
2008-11-14 12:21:00 ----A---- C:\WINDOWS\system32\agrwixbd.dll
2008-11-11 22:41:38 ----SH---- C:\WINDOWS\system32\lgmpugru.ini
2008-11-11 16:42:29 ----A---- C:\WINDOWS\system32\xehkap.dll
2008-11-11 16:42:27 ----A---- C:\WINDOWS\system32\uiewmrel.dll
2008-11-10 22:40:58 ----SH---- C:\WINDOWS\system32\lnkenfto.ini
2008-11-10 21:45:55 ----SH---- C:\WINDOWS\system32\rxgiandn.ini
2008-11-10 21:42:59 ----A---- C:\WINDOWS\system32\ysdcvl.dll
2008-11-10 21:42:57 ----A---- C:\WINDOWS\system32\trwmhibn.dll
2008-11-09 21:43:32 ----SH---- C:\WINDOWS\system32\kowypcvi.ini
2008-11-09 21:41:27 ----A---- C:\WINDOWS\system32\zdmomb.dll
2008-11-09 21:41:25 ----A---- C:\WINDOWS\system32\plahcnss.dll
2008-11-04 19:45:11 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-04 12:10:56 ----SH---- C:\WINDOWS\system32\rcrwpakw.ini
2008-11-04 12:08:52 ----A---- C:\WINDOWS\system32\vvglem.dll
2008-11-04 12:08:49 ----A---- C:\WINDOWS\system32\csjjrliv.dll
2008-11-02 20:42:54 ----SH---- C:\WINDOWS\system32\ssfphfhu.ini
2008-11-02 20:40:41 ----A---- C:\WINDOWS\system32\iohifh.dll
2008-11-02 20:40:40 ----A---- C:\WINDOWS\system32\vwqjaoip.dll
2008-10-30 11:40:17 ----SH---- C:\WINDOWS\system32\aygqbdly.ini
2008-10-30 11:40:15 ----A---- C:\WINDOWS\system32\uwkfaf.dll
2008-10-30 11:40:15 ----A---- C:\WINDOWS\system32\qfyvcoxa.dll
2008-10-30 11:18:31 ----SH---- C:\WINDOWS\system32\kivodluh.ini
2008-10-30 11:16:17 ----A---- C:\WINDOWS\system32\anxjgh.dll
2008-10-30 11:16:16 ----A---- C:\WINDOWS\system32\qriauocn.dll
2008-10-28 20:41:57 ----SH---- C:\WINDOWS\system32\oeotigqv.ini
2008-10-28 20:38:56 ----A---- C:\WINDOWS\system32\beffmu.dll
2008-10-28 20:38:54 ----A---- C:\WINDOWS\system32\uianqdil.dll
2008-10-28 20:35:54 ----ASH---- C:\WINDOWS\system32\kSrrYJlm.ini2
2008-10-28 20:35:53 ----ASH---- C:\WINDOWS\system32\kSrrYJlm.ini
2008-10-28 16:18:39 ----SH---- C:\WINDOWS\system32\nrnqfhcr.ini
2008-10-28 16:16:31 ----A---- C:\WINDOWS\system32\yonvyr.dll
2008-10-28 16:16:29 ----A---- C:\WINDOWS\system32\iqbruyyj.dll
2008-10-23 21:08:08 ----SH---- C:\WINDOWS\system32\elvpinpc.ini
2008-10-23 21:05:25 ----A---- C:\WINDOWS\system32\zzyeyj.dll
2008-10-23 21:05:24 ----A---- C:\WINDOWS\system32\btxrlwai.dll
2008-10-23 21:05:04 ----ASH---- C:\WINDOWS\system32\wELRrtwa.ini2
2008-10-23 21:05:04 ----ASH---- C:\WINDOWS\system32\wELRrtwa.ini
2008-10-23 21:04:55 ----A---- C:\WINDOWS\system32\awtrRLEw.dll
2008-10-19 18:44:16 ----D---- C:\Program Files\Lavasoft
2008-10-19 18:44:15 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-19 18:41:41 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-19 18:30:12 ----D---- C:\Program Files\Ad-Aware 2008
2008-10-19 18:25:38 ----SH---- C:\WINDOWS\system32\jgufnfbc.ini
2008-10-19 18:24:55 ----ASH---- C:\WINDOWS\system32\oXEfOXyb.ini2
2008-10-19 18:24:54 ----ASH---- C:\WINDOWS\system32\oXEfOXyb.ini
2008-10-19 16:51:01 ----SH---- C:\WINDOWS\system32\qinpedds.ini
2008-10-19 16:50:15 ----ASH---- C:\WINDOWS\system32\bHiSAcdd.ini2
2008-10-19 16:50:14 ----ASH---- C:\WINDOWS\system32\bHiSAcdd.ini
2008-10-19 16:45:35 ----D---- C:\WINDOWS\system32\smp
2008-10-19 16:45:35 ----D---- C:\WINDOWS\mslagent
2008-10-19 16:45:35 ----D---- C:\Program Files\akl
2008-10-19 16:45:35 ----A---- C:\WINDOWS\zipped.tmp
2008-10-19 16:45:35 ----A---- C:\WINDOWS\zip3.tmp
2008-10-19 16:45:35 ----A---- C:\WINDOWS\zip2.tmp
2008-10-19 16:45:35 ----A---- C:\WINDOWS\zip1.tmp
2008-10-19 16:45:35 ----A---- C:\WINDOWS\winsystem.exe
2008-10-19 16:45:35 ----A---- C:\WINDOWS\userconfig9x.dll
2008-10-19 16:45:35 ----A---- C:\WINDOWS\system32\WINWGPX.EXE
2008-10-19 16:45:35 ----A---- C:\WINDOWS\system32\winsystem.exe
2008-10-19 16:45:35 ----A---- C:\WINDOWS\system32\winlogonpc.exe
2008-10-19 16:45:35 ----A---- C:\WINDOWS\system32\vcatchpi.dll
2008-10-19 16:45:35 ----A---- C:\WINDOWS\system32\vbsys2.dll
2008-10-19 16:45:35 ----A---- C:\WINDOWS\system32\thun32.dll
2008-10-19 16:45:35 ----A---- C:\WINDOWS\system32\thun.dll
2008-10-19 16:45:35 ----A---- C:\WINDOWS\system32\temp#01.exe
2008-10-19 16:45:35 ----A---- C:\WINDOWS\system32\taack.exe
2008-10-19 16:45:35 ----A---- C:\WINDOWS\system32\sysreq.exe
2008-10-19 16:45:35 ----A---- C:\WINDOWS\system32\ssvchost.exe
2008-10-19 16:45:35 ----A---- C:\WINDOWS\system32\ssvchost.com
2008-10-19 16:45:35 ----A---- C:\WINDOWS\system32\ssurf022.dll
2008-10-19 16:45:35 ----A---- C:\WINDOWS\system32\sncntr.exe
2008-10-19 16:45:35 ----A---- C:\WINDOWS\system32\Rundl1.exe
2008-10-19 16:45:35 ----A---- C:\WINDOWS\system32\regm64.dll
2008-10-19 16:45:35 ----A---- C:\WINDOWS\system32\regc64.dll
2008-10-19 16:45:35 ----A---- C:\WINDOWS\system32\psoft1.exe
2008-10-19 16:45:35 ----A---- C:\WINDOWS\system32\psof1.exe
2008-10-19 16:45:35 ----A---- C:\WINDOWS\system32\ps1.exe
2008-10-19 16:45:35 ----A---- C:\WINDOWS\system32\newsd32.exe
2008-10-19 16:45:35 ----A---- C:\WINDOWS\system32\netode.exe
2008-10-19 16:45:35 ----A---- C:\WINDOWS\system32\mwin32.exe
2008-10-19 16:45:35 ----A---- C:\WINDOWS\system32\mtr2.exe
2008-10-19 16:45:35 ----A---- C:\WINDOWS\system32\msvchost.exe
2008-10-19 16:45:35 ----A---- C:\WINDOWS\system32\mssecu.exe
2008-10-19 16:45:35 ----A---- C:\WINDOWS\system32\msnbho.dll
2008-10-19 16:45:35 ----A---- C:\WINDOWS\system32\msgp.exe
2008-10-19 16:45:35 ----A---- C:\WINDOWS\system32\hxiwlgpm.exe
2008-10-19 16:45:35 ----A---- C:\WINDOWS\system32\hoproxy.dll
2008-10-19 16:45:35 ----A---- C:\WINDOWS\system32\h@tkeysh@@k.dll
2008-10-19 16:45:35 ----A---- C:\WINDOWS\system32\dpcproxy.exe
2008-10-19 16:45:35 ----A---- C:\WINDOWS\system32\bsva-egihsg52.exe
2008-10-19 16:45:35 ----A---- C:\WINDOWS\system32\bdn.com
2008-10-19 16:45:35 ----A---- C:\WINDOWS\system32\awtoolb.dll
2008-10-19 16:45:35 ----A---- C:\WINDOWS\system32\anticipator.dll
2008-10-19 16:45:35 ----A---- C:\WINDOWS\system32\akttzn.exe
2008-10-19 16:45:35 ----A---- C:\WINDOWS\mssecu.exe
2008-10-19 16:45:35 ----A---- C:\WINDOWS\iTunesMusic.exe
2008-10-19 16:45:35 ----A---- C:\WINDOWS\FVProtect.exe
2008-10-19 16:45:35 ----A---- C:\WINDOWS\bdn.com
2008-10-19 16:45:35 ----A---- C:\WINDOWS\base64.tmp
2008-10-19 16:45:35 ----A---- C:\WINDOWS\a.bat
2008-10-19 15:19:30 ----SH---- C:\WINDOWS\system32\ussggkmy.ini
2008-10-19 15:18:42 ----A---- C:\WINDOWS\system32\3fd9fea8-.txt
2008-10-19 15:16:22 ----ASH---- C:\WINDOWS\system32\WwDLnUvw.ini2
2008-10-19 15:16:22 ----ASH---- C:\WINDOWS\system32\WwDLnUvw.ini
2008-10-19 15:11:49 ----D---- C:\Documents and Settings\All Users\Application Data\edqvebmf
2008-10-19 15:10:56 ----D---- C:\WINDOWS\privacy_danger
2008-10-19 15:10:52 ----D---- C:\Documents and Settings\Justin\Application Data\TmpRecentIcons
2008-10-19 15:10:40 ----A---- C:\WINDOWS\lomxeqsn.exe
2008-10-19 15:09:45 ----D---- C:\WINDOWS\system32\MAGIX
2008-10-19 15:09:45 ----A---- C:\WINDOWS\system32\mgxoschk.dll
2008-10-19 15:09:45 ----A---- C:\WINDOWS\mgxoschk.ini
2008-10-16 10:16:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 10:16:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 10:16:13 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 10:16:07 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 10:15:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-16 10:14:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-07 16:34:59 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-07 15:51:37 ----D---- C:\Documents and Settings\Justin\Application Data\LimeWire
2008-10-06 11:54:55 ----D---- C:\WINDOWS\Prefetch
2008-10-06 11:52:56 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-10-06 11:52:50 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-06 11:52:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-06 11:52:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-06 11:52:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-06 11:52:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-06 11:52:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-10-06 11:52:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-06 11:52:07 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-06 11:52:00 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-06 11:51:50 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-10-06 11:51:44 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-06 11:51:38 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-06 11:49:32 ----A---- C:\WINDOWS\setuplog.txt
2008-10-06 11:48:28 ----D---- C:\WINDOWS\system32\en-us
2008-10-06 11:48:27 ----D---- C:\WINDOWS\system32\scripting
2008-10-06 11:48:26 ----D---- C:\WINDOWS\l2schemas
2008-10-06 11:48:25 ----D---- C:\WINDOWS\system32\en
2008-10-06 11:48:25 ----D---- C:\WINDOWS\system32\bits
2008-10-06 11:44:58 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-06 11:42:33 ----D---- C:\WINDOWS\network diagnostic
2008-10-06 11:40:38 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-06 11:37:21 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-06 11:37:19 ----D---- C:\WINDOWS\EHome
2008-09-24 22:45:22 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-09-24 22:45:19 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-24 22:45:17 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-24 22:45:15 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-24 22:45:15 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-24 22:45:06 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-24 22:45:06 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-24 22:44:59 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-24 22:44:58 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-24 22:44:56 ----N---- C:\WINDOWS\system32\slserv.exe
2008-09-24 22:44:56 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-24 22:44:56 ----N---- C:\WINDOWS\system32\slgen.dll
2008-09-24 22:44:56 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-09-24 22:44:56 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-09-24 22:44:56 ----N---- C:\WINDOWS\slrundll.exe
2008-09-24 22:44:52 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-24 22:44:49 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-09-24 22:44:48 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-24 22:44:46 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-24 22:44:45 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-24 22:44:44 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-24 22:44:44 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-24 22:44:44 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-24 22:44:42 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-24 22:44:39 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-24 22:44:28 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-24 22:44:28 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-24 22:44:28 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-24 22:44:27 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-24 22:44:24 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-24 22:44:23 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-24 22:44:06 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-24 22:44:06 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-24 22:44:06 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-24 22:44:06 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-24 22:44:03 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-09-24 22:43:52 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-24 22:43:41 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-24 22:43:41 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-24 22:43:41 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-24 22:43:40 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-24 22:43:40 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-24 22:43:19 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-24 22:43:12 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-24 22:43:12 ----A---- C:\WINDOWS\002787_.tmp
2008-09-24 22:43:10 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-24 22:43:10 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-24 22:43:10 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-24 22:43:10 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-24 22:43:10 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-24 22:43:10 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-24 22:43:10 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-24 22:43:10 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-24 22:43:06 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-24 22:43:06 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-24 22:43:06 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-24 22:43:06 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-24 22:43:06 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-24 22:43:06 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-24 22:43:06 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-24 22:43:04 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-24 22:43:04 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-24 22:43:04 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-24 22:43:00 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-24 22:42:45 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-24 22:42:44 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-24 22:42:41 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-09-24 22:42:41 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-24 22:42:39 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-09-24 22:42:38 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-24 22:42:37 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-09-24 22:42:37 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-24 22:42:36 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-09-24 22:42:15 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-09-10 23:15:45 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-09-10 23:14:57 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-03 22:43:58 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-09-03 22:41:05 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

======List of files/folders modified in the last 3 months======

2008-11-21 15:44:52 ----RD---- C:\Program Files
2008-11-21 15:42:22 ----D---- C:\Program Files\Mozilla Firefox
2008-11-21 15:40:12 ----D---- C:\WINDOWS\system32
2008-11-21 15:40:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-21 15:37:44 ----D---- C:\WINDOWS\Temp
2008-11-21 15:35:39 ----D---- C:\WINDOWS
2008-11-20 17:36:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-11 21:48:17 ----D---- C:\Documents and Settings\Justin\Application Data\OpenOffice.org2
2008-11-11 21:10:18 ----SHD---- C:\WINDOWS\Installer
2008-11-11 20:50:51 ----D---- C:\Program Files\Common Files\Adobe
2008-11-11 20:50:50 ----D---- C:\Program Files\Common Files
2008-11-11 20:50:27 ----D---- C:\WINDOWS\WinSxS
2008-11-11 20:29:29 ----D---- C:\Documents and Settings\Justin\Application Data\Adobe
2008-11-11 16:50:04 ----HD---- C:\$AVG8.VAULT$
2008-11-10 17:24:39 ----SD---- C:\Documents and Settings\Justin\Application Data\Microsoft
2008-11-04 18:03:28 ----HD---- C:\BJPrinter
2008-11-04 12:13:54 ----HD---- C:\WINDOWS\inf
2008-11-04 12:13:49 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-04 12:04:00 ----A---- C:\WINDOWS\wininit.ini
2008-10-30 11:04:32 ----D---- C:\WINDOWS\system32\drivers
2008-10-19 15:14:25 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-16 10:16:29 ----A---- C:\WINDOWS\imsins.BAK
2008-10-16 10:16:28 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-16 10:16:26 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-08 08:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-06 11:57:51 ----AC---- C:\WINDOWS\OEWABLog.txt
2008-10-06 11:54:30 ----D---- C:\WINDOWS\system32\Setup
2008-10-06 11:54:30 ----D---- C:\WINDOWS\AppPatch
2008-10-06 11:54:29 ----D---- C:\WINDOWS\system32\wbem
2008-10-06 11:54:28 ----RSD---- C:\WINDOWS\Fonts
2008-10-06 11:53:42 ----D---- C:\WINDOWS\security
2008-10-06 11:53:01 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-06 11:51:45 ----D---- C:\Program Files\Messenger
2008-10-06 11:48:45 ----D---- C:\WINDOWS\ime
2008-10-06 11:48:44 ----D---- C:\WINDOWS\Help
2008-10-06 11:48:28 ----D---- C:\WINDOWS\system32\usmt
2008-10-06 11:48:27 ----D---- C:\Program Files\Internet Explorer
2008-10-06 11:48:25 ----D---- C:\WINDOWS\PeerNet
2008-10-06 11:48:25 ----D---- C:\Program Files\Movie Maker
2008-10-06 11:44:52 ----D---- C:\WINDOWS\system32\Restore
2008-10-06 11:44:52 ----D---- C:\WINDOWS\system32\npp
2008-10-06 11:44:50 ----D---- C:\WINDOWS\msagent
2008-10-06 11:44:49 ----D---- C:\WINDOWS\srchasst
2008-10-06 11:44:48 ----D---- C:\Program Files\NetMeeting
2008-10-06 11:44:46 ----D---- C:\WINDOWS\system32\Com
2008-10-06 11:44:44 ----D---- C:\Program Files\Windows Media Player
2008-10-06 11:44:43 ----D---- C:\Program Files\Windows NT
2008-10-06 11:44:43 ----D---- C:\Program Files\Outlook Express
2008-10-06 11:44:39 ----D---- C:\Program Files\Common Files\System
2008-10-06 11:44:19 ----D---- C:\WINDOWS\system32\oobe
2008-10-06 11:44:17 ----D---- C:\WINDOWS\system
2008-09-25 17:21:55 ----D---- C:\Program Files\Adobe
2008-09-23 10:37:07 ----D---- C:\WINDOWS\Debug
2008-08-31 16:01:12 ----AC---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2002-07-17 16877]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-30 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-04 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-03-09 77184]
R2 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-07-04 76040]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2003-11-06 755392]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2007-03-14 165760]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-01 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-09-30 2743840]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 cel90xbe;cel90xbe; \??\C:\DOCUME~1\Fergus\LOCALS~1\Temp\cel90xbe.sys []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-11-11 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-01-15 110592]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-30 875288]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-09-30 127043]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S2 PCLEPCI;PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [2005-02-09 14165]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------





AND the info logfile contains....

info.txt logfile of random's system information tool 1.04 2008-11-21 15:45:24

======Uninstall list======

-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AbiWord 2.6.2-->C:\Program Files\AbiSuite2\UninstallAbiWord2.exe
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 4.0-->C:\WINDOWS\ISUNINST.EXE -f "C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c "C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll "
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
ALZip--> "C:\Program Files\ESTsoft\ALZip\unins000.exe "
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Audacity 1.2.6--> "C:\Program Files\Audacity\unins000.exe "
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Canon PIXMA iP3000-->C:\WINDOWS\system32\CNMCP61.exe "-PRINTERNAMECanon PIXMA iP3000" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP3000 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP3000 Installer\Inst2\cnmi0409.dll "
C-Media WDM Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
EAX(tm) Unified (SHELL)-->C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Creative Labs\EAX(tm) Unified (SHELL)\Uninst.isu "
Encarta Learn and Explore CD-->MsiExec.exe /I{326800C0-E9B4-4DF6-A845-CAAFD093E477}
Google Earth-->MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
HijackThis 2.0.2--> "C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)--> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe "
Hotfix for Windows Media Player 11 (KB939683)--> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB952287)--> "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe "
Intel(R) PRO Network Connections 12.3.31.0-->MsiExec.exe /i{DDD0A758-F44C-47D3-8E88-692FFF775127} ARPREMOVE=1
iTunes-->MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Microsoft .NET Framework 1.1 Hotfix (KB928366)--> "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp "
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP--> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe "
Microsoft User-Mode Driver Framework Feature Pack 1.0--> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe "
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Monopoly-->C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Hasbro Interactive\Monopoly\Uninst.isu "
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Nero 7 Essentials-->MsiExec.exe /I{470E721B-D0D4-4A39-AF93-E8F91C401033}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenOffice.org 2.4-->MsiExec.exe /I{2CD2C0DB-81C3-416B-9FA6-589B9235359B}
Pinnacle Instant DVD Recorder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}\setup.exe" -l0x9 UNINSTALL
Power Tab Editor 1.7-->MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Security Update for Windows Media Player 11 (KB936782)--> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe "
Security Update for Windows Media Player 11 (KB954154)--> "C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe "
Security Update for Windows XP (KB938464)--> "C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941569)--> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe "
Security Update for Windows XP (KB946648)--> "C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950759)--> "C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950760)--> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950762)--> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950974)--> "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951066)--> "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376)--> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376-v2)--> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951698)--> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951748)--> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe "
Security Update for Windows XP (KB952954)--> "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe "
Security Update for Windows XP (KB953838)--> "C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe "
Security Update for Windows XP (KB953839)--> "C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe "
Security Update for Windows XP (KB954211)--> "C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956390)--> "C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956391)--> "C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956803)--> "C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956841)--> "C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe "
Security Update for Windows XP (KB957095)--> "C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe "
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\INSTALL.LOG
Studio 11-->C:\Program Files\InstallShield Installation Information\{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}\Setup2.exe -runfromtemp -l0x0009 UNINSTALL -removeonly
Update for Windows XP (KB951072-v2)--> "C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe "
Update for Windows XP (KB951978)--> "C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe "
WebVideo Support-->C:\WINDOWS\lomxeqsn.exe
Windows Media Format 11 runtime--> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime--> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe "
Windows Media Player 11--> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11--> "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe "
Windows XP Service Pack 3--> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe "
Worms World Party-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A200E68-D5F4-4E70-910F-2871753A0E2B}\setup.exe"
Yahoo! Desktop Login-->MsiExec.exe /I{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}

======Security center information======

AV: AVG Anti-Virus Free

======Environment variables======

"ComSpec "=%SystemRoot%\system32\cmd.exe
"Path "=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\ESTsoft\ALZip\;C:\Program Files\QuickTime\QTSystem\
"windir "=%SystemRoot%
"FP_NO_HOST_CHECK "=NO
"OS "=Windows_NT
"PROCESSOR_ARCHITECTURE "=x86
"PROCESSOR_LEVEL "=15
"PROCESSOR_IDENTIFIER "=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION "=0209
"NUMBER_OF_PROCESSORS "=2
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP
"CLASSPATH "=.;C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip
"QTJAVA "=C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------





Thanks for taking your time to help me, I've been getting really frustrated with this! Another thing I forgot to metnion in my first post is that the 'All programs' option disappeared from my start menu when I first got infected. I'm not sure if that will help in any way but I thought I'd let you know. Thanks again, looking forward to a reply

 

Hi
OK please do the following in the order given. Please do not install or download anything until you are cleaned.

Download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

Double click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select 'Perform Quick Scan', then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Post the entire report in your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Now this.

Download ComboFix from Here to your Desktop.

It's best to disable realtime protection applications (AVG8) as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• Vista users right click Combofix.exe and select Run As Administrator.
• When finished, it shall produce a log for you. Post the Combofix log

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - Allow ComboFix to update if prompted.

Note - ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note - Combofix makes some changes when run to prevent autorun/autoplay of ALL CDs, floppies and USB devices, to assist with malware removal & increase security. If this is an issue or makes it difficult for you to use those devices, please ask how to reset it.

Please post the MBAM log and the Combofix log.

Thanks
Geri

 

Howdy, things are looking alot better on my system now, those programs were fantastic! Combofix log contains...

ComboFix 08-11-21.03 - Justin 2008-11-22 14:55:18.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.272 [GMT 13:00]
Running from: c:\documents and settings\Justin\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\agrwixbd.dll
c:\windows\system32\apydkywc.dll
c:\windows\system32\aygqbdly.ini
c:\windows\system32\bHiSAcdd.ini
c:\windows\system32\bHiSAcdd.ini2
c:\windows\system32\csjjrliv.dll
c:\windows\system32\elvpinpc.ini
c:\windows\system32\hdhboaeh.dll
c:\windows\system32\jgufnfbc.ini
c:\windows\system32\kivodluh.ini
c:\windows\system32\kowypcvi.ini
c:\windows\system32\kSrrYJlm.ini
c:\windows\system32\kSrrYJlm.ini2
c:\windows\system32\lgmpugru.ini
c:\windows\system32\lnkenfto.ini
c:\windows\system32\nrnqfhcr.ini
c:\windows\system32\oeotigqv.ini
c:\windows\system32\oXEfOXyb.ini
c:\windows\system32\oXEfOXyb.ini2
c:\windows\system32\qinpedds.ini
c:\windows\system32\rcrwpakw.ini
c:\windows\system32\rxgiandn.ini
c:\windows\system32\sdxtnyyi.ini
c:\windows\system32\ssfphfhu.ini
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\trwmhibn.dll
c:\windows\system32\uiewmrel.dll
c:\windows\system32\ukejhc.dll
c:\windows\system32\ussggkmy.ini
c:\windows\system32\vvglem.dll
c:\windows\system32\wufsvg.dll
c:\windows\system32\WwDLnUvw.ini
c:\windows\system32\WwDLnUvw.ini2
c:\windows\system32\xehkap.dll
c:\windows\system32\ysdcvl.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV
-------\Service_TDSSserv
-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2008-10-22 to 2008-11-22 )))))))))))))))))))))))))))))))
.

2008-11-22 14:06 . 2008-11-22 14:06 <DIR> d-------- c:\documents and settings\Justin\Application Data\Malwarebytes
2008-11-22 14:05 . 2008-11-22 14:06 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-22 14:05 . 2008-11-22 14:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-22 14:05 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-22 14:05 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-21 15:44 . 2008-11-21 15:45 <DIR> d-------- C:\rsit
2008-11-21 15:44 . 2008-11-21 15:45 <DIR> d-------- c:\program files\trend micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-21 23:56 --------- d-----w c:\documents and settings\Justin\Application Data\OpenOffice.org2
2008-11-11 07:50 --------- d-----w c:\program files\Common Files\Adobe
2008-11-03 23:03 --------- d-----w c:\documents and settings\Fergus\Application Data\OpenOffice.org2
2008-10-29 22:44 --------- d-----w c:\documents and settings\Justin\Application Data\LimeWire
2008-10-19 05:46 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-19 05:44 --------- d-----w c:\program files\Lavasoft
2008-10-19 05:41 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-19 05:34 --------- d-----w c:\program files\Ad-Aware 2008
2008-10-19 05:20 --------- d-----w c:\documents and settings\All Users\Application Data\edqvebmf
2008-10-19 02:14 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-06-23 09:28 3,300,087 ----a-w c:\program files\ip3000xp180aus.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchList "= "c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2004-09-30 4603904]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2004-09-30 86016]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-03-29 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"nwiz "= "nwiz.exe" [2004-09-30 c:\windows\system32\nwiz.exe]

c:\documents and settings\Fergus\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=avgrsstx.dll wufsvg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420 "= vdrcodec.dll
"vidc.ir41 "= c:\windows\system32\ir41_32.ax
"vidc.iv32 "= c:\windows\system32\ir32_32.dll
"vidc.iv31 "= c:\windows\system32\ir32_32.dll
"VIDC.MJPG "= Pvmjpg30.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe "=
"c:\\WINDOWS\\system32\\sessmgr.exe "=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe "=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe "=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-06-08 97928]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-06-08 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-06-08 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-06-08 76040]
S3 cel90xbe;cel90xbe;\??\c:\docume~1\Fergus\LOCALS~1\Temp\cel90xbe.sys []
.
Contents of the 'Scheduled Tasks' folder

2008-06-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 18:57]
.
- - - - ORPHANS REMOVED - - - -

BHO-{0CDC8D7B-BA78-420C-893B-A5183A5A6F3B} - c:\windows\system32\wvUnLDwW.dll
BHO-{54D58DB7-2B8C-4733-8417-7BA1368305A3} - c:\windows\system32\byXOfEXo.dll
BHO-{7ebe9d1c-b671-49af-a1dd-ff8dd291190d} - c:\windows\system32\wufsvg.dll
BHO-{83081BA6-C044-4A13-A928-87D70956B409} - c:\windows\system32\ddcASiHb.dll
HKCU-Run-encmd - c:\windows\system32\gnqtwfkd.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-NWEReboot - (no file)
HKLM-Explorer_Run-xy6mB2LbE1 - c:\documents and settings\All Users\Application Data\edqvebmf\uhgryvux.exe
SafeBoot-TDSSmqlt.sys


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Justin\Application Data\Mozilla\Firefox\Profiles\ao5qiak9.default\
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-22 14:58:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-11-22 15:00:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-22 02:00:52

Pre-Run: 66,096,594,944 bytes free
Post-Run: 66,559,135,744 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

176 --- E O F --- 2008-10-15 21:16:30


And MBAM log contains...



Malwarebytes' Anti-Malware 1.30
Database version: 1414
Windows 5.1.2600 Service Pack 3

11/22/2008 2:24:25 PM
mbam-log-2008-11-22 (14-24-25).txt

Scan type: Quick Scan
Objects scanned: 50370
Time elapsed: 7 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 40
Registry Values Infected: 5
Registry Data Items Infected: 14
Folders Infected: 5
Files Infected: 102

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\awtrRLEw.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\gnskxceu.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{159229c1-c44f-42d8-aec6-09fbfb6375fc} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnnmmcc (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{159229c1-c44f-42d8-aec6-09fbfb6375fc} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{268b6c28-1d69-48b8-9ab9-2a9888b3d7f3} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{268b6c28-1d69-48b8-9ab9-2a9888b3d7f3} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{268b6c28-1d69-48b8-9ab9-2a9888b3d7f3} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{159229c1-c44f-42d8-aec6-09fbfb6375fc} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rosqxvmn.bflo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rosqxvmn.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1aa0364-0e20-48d2-bc4b-f44ea78ce955} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a1aa0364-0e20-48d2-bc4b-f44ea78ce955} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\34fa3ad6 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{159229c1-c44f-42d8-aec6-09fbfb6375fc} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\awtrrlew -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\awtrrlew -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76477-OEM-0048423-16074) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (h:mm:ss tt) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\opnnmMcC.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtrRLEw.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wELRrtwa.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wELRrtwa.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gnskxceu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\uecxksng.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ityccwwl.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lwwccyti.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ntqugitq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qtiguqtn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iqbruyyj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vwqjaoip.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uwkfaf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\beffmu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iohifh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qfyvcoxa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\btxrlwai.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anxjgh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qriauocn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yonvyr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zzyeyj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uianqdil.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fergus\Local Settings\Temp\fsyeeahn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\INUV8H2L\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\OZ0J09WF\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\SP6HWZ6L\kb600179[2] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\WBDZG4ZM\zc113432[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Justin\Local Settings\Temporary Internet Files\Content.IE5\WBDZG4ZM\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Fergus\Local Settings\Temporary Internet Files\Content.IE5\OZ0J09WF\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nwjrnf.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\lomxeqsn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Justin\Favorites\Malware Defender.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Justin\Favorites\Protect Your Privacy.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Justin\Favorites\System Error Fixer.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSbubx.log (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSSlxwp.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSSnmxh.log (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSSoiqh.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSSosvn.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSSxfum.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\TDSSmqlt.sys (Rootkit.Agent) -> Delete on reboot.



Thanks again, eagerly awaiting your next post

 

Hi
OK please do the following.

Highlight and copy the contents of the code box below and paste it into a blank Notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Code:

File::
c:\docume~1\Fergus\LOCALS~1\Temp\cel90xbe.sys

RootKit::
cel90xbe

Driver::
cel90xbe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
 "AppInit_DLLS "= "avgrsstx.dll "


DirLook::
c:\documents and settings\All Users\Application Data\edqvebmf 

Please post the Combofix log.

Thanks

 

ComboFix 08-11-22.02 - Justin 2008-11-23 13:09:24.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.290 [GMT 13:00]
Running from: c:\documents and settings\Justin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Justin\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\docume~1\Fergus\LOCALS~1\Temp\cel90xbe.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CEL90XBE
-------\Service_cel90xbe


((((((((((((((((((((((((( Files Created from 2008-10-23 to 2008-11-23 )))))))))))))))))))))))))))))))
.

2008-11-22 15:02 . 2008-10-25 00:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-22 15:01 . 2008-09-05 06:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-22 15:01 . 2008-10-16 05:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-11-22 14:06 . 2008-11-22 14:06 <DIR> d-------- c:\documents and settings\Justin\Application Data\Malwarebytes
2008-11-22 14:05 . 2008-11-22 14:06 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-22 14:05 . 2008-11-22 14:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-22 14:05 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-22 14:05 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-21 15:44 . 2008-11-21 15:45 <DIR> d-------- C:\rsit
2008-11-21 15:44 . 2008-11-21 15:45 <DIR> d-------- c:\program files\trend micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-21 23:56 --------- d-----w c:\documents and settings\Justin\Application Data\OpenOffice.org2
2008-11-11 07:50 --------- d-----w c:\program files\Common Files\Adobe
2008-11-03 23:03 --------- d-----w c:\documents and settings\Fergus\Application Data\OpenOffice.org2
2008-10-29 22:44 --------- d-----w c:\documents and settings\Justin\Application Data\LimeWire
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-19 05:46 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-19 05:44 --------- d-----w c:\program files\Lavasoft
2008-10-19 05:41 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-19 05:34 --------- d-----w c:\program files\Ad-Aware 2008
2008-10-19 05:20 --------- d-----w c:\documents and settings\All Users\Application Data\edqvebmf
2008-10-19 02:14 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-06-23 09:28 3,300,087 ----a-w c:\program files\ip3000xp180aus.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\documents and settings\All Users\Application Data\edqvebmf ----



((((((((((((((((((((((((((((( snapshot@2008-11-22_15.00.29.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-11-22 03:38:22 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2008-04-14 00:12:01 1,306,624 -c----w c:\windows\system32\dllcache\msxml6.dll
+ 2008-09-10 01:14:56 1,307,648 -c----w c:\windows\system32\dllcache\msxml6.dll
- 2008-10-07 19:19:40 16,721,856 ----a-w c:\windows\system32\MRT.exe
+ 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe
- 2008-04-14 00:12:01 1,104,896 ----a-w c:\windows\system32\msxml3.dll
+ 2008-09-04 17:15:04 1,106,944 ----a-w c:\windows\system32\msxml3.dll
- 2007-05-08 02:03:04 1,275,392 ----a-w c:\windows\system32\msxml4.dll
+ 2008-09-30 03:43:34 1,286,152 ----a-w c:\windows\system32\msxml4.dll
- 2008-04-14 00:12:01 1,306,624 ----a-w c:\windows\system32\msxml6.dll
+ 2008-09-10 01:14:56 1,307,648 ----a-w c:\windows\system32\msxml6.dll
- 2008-04-14 00:12:01 337,408 ----a-w c:\windows\system32\netapi32.dll
+ 2008-10-15 16:34:24 337,408 ----a-w c:\windows\system32\netapi32.dll
- 2008-11-22 01:39:23 62,286 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-23 00:04:27 62,286 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-22 01:39:23 400,624 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-23 00:04:27 400,624 ----a-w c:\windows\system32\perfh009.dat
- 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-07-08 13:02:01 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-09-30 03:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 03:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchList "= "c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2004-09-30 4603904]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2004-09-30 86016]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-03-29 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"nwiz "= "nwiz.exe" [2004-09-30 c:\windows\system32\nwiz.exe]

c:\documents and settings\Fergus\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420 "= vdrcodec.dll
"vidc.ir41 "= c:\windows\system32\ir41_32.ax
"vidc.iv32 "= c:\windows\system32\ir32_32.dll
"vidc.iv31 "= c:\windows\system32\ir32_32.dll
"VIDC.MJPG "= Pvmjpg30.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe "=
"c:\\WINDOWS\\system32\\sessmgr.exe "=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe "=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe "=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-06-08 97928]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-06-08 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-06-08 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-06-08 76040]
.
Contents of the 'Scheduled Tasks' folder

2008-06-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 18:57]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-23 13:13:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-11-23 13:15:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-23 00:15:19
ComboFix2.txt 2008-11-22 02:00:57

Pre-Run: 66,610,135,040 bytes free
Post-Run: 66,598,846,464 bytes free

149 --- E O F --- 2008-11-22 03:41:12


It's times like these I realise how little I know about computers Thanks alot

 

Hi
OK that looks good.

Now lets get a on line scan.

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Now the scan.

Please do an online scan with Kaspersky WebScanner

It's best to disable real time protection applications as they sometimes interfere with the scan.
Check this link for any applicable programs you may have.

Click on “Accept” If your pop –up blocker blocks any windows from opening.

Click Run on the window that opens.
Windows Vista users you must open the web browser using the Run as Administrator command.

• The program will launch and then begin downloading the latest definition files:
• Under Scan on the left side.Click on My Computer
• This will start the program and scan your system.
• Click the “Scan Report” On the left side.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
• Save the text file to your desktop.
• Copy and paste that information in your next post.

Please post the Kaspersky results.

Thanks
Geri

 

Gidday there, I found a couple of threats with this one as follows. Thanks again

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, November 24, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, November 24, 2008 04:00:16
Records in database: 1406620
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Files scanned: 50095
Threat name: 1
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 00:59:51


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\csjjrliv.dll.vir Infected: Email-Worm.Win32.Zhelatin.ahu 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\vvglem.dll.vir Infected: Email-Worm.Win32.Zhelatin.ahu 1

The selected area was scanned.

 

Hi
Ok great, those are quarantined in the combofix folder.

Please do this.

Click Start > Run in the run box copy and paste or type ComboFix /u then hit Enter to uninstall ComboFix and remove the files/folders it created. This action will also reset the System Restore points, removing any infected files there as well.
Please check and verify that C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file.

Deleye RSIT.exe and this folder C:\rsit

Let me know how things are running.

Thanks

 

Howdy, things sure are alot faster which is such a relief. I'm no longer being redirected all the time to various irrelevant pages and I think things are back to normal. In the future, should I just run Malwarebytes and ATF cleaner to keep things running smoothly? I can't say I have a lot of faith in AVG after seeing what a difference those other programs made. Any tips for general computer maintenance? I never really cared about it until I got infected, now I have learned my lesson How do you recommend I check downloaded files that need to be installed or unzipped? do they have to be unzipped before I can scan them effectively and what should I use? Thanks a lot Geri

 

Hi
OK good to hear, you are welcome.

That would be a good idea, make sure you update MBAM before you do the scan.

Checkdisk and a Defrag should be ran every few months.

Your Anti-virus program.
When ever downloading a program save it to disk, not a good idea to click Run, your virus program should scan it upon download. You can also run a scan on them before opening them.
I believe they now scan zipped files.

Please look at this link for some preventive recommendations, It could keep you from ending up back here to the Malware and Virus Removal Forums.
http://www.windowsbbs.com/showthread.php?t=67958

I'll mark this one resolved.

Surf Safely
Geri

 

Hi there, I just want to thank you sooooo much for helping me out. You must be pretty busy taking care of all the newbies like me You've been awesome Geri, I really appreciate it. Thanks again, Justin.