for the past couple weeks my computer has basically been locked up by some malware. it keeps the most popular programs like IE and Windows Media Player,a nd most games from working, and it has affected the correct operation of dll's and prevented most installs from happening, and when I try to run programs that are isntalled like Word it just brings up a frozen installer.

Now I have scanned with Spybot, F-Prot, and they either didn't get anything or "fixed it" but nothing changed. Trendmicro Housecall picked up a bunch of stuff and said it fixed it but nothing really changed. Less popular or non microsoft programs like Firefox (what I'm using now) and Quicktime, Itunes, etc. work however.

SO at least a couple times I have thought I deleted the virtumonde files, but nothing changed after their deletion. Tried to install MBAM (changed the exe name multiple times with no avail) but I kept getting the Runtime error 0 Acceleration Grid,etc. and MBAM Runtime 404 error, a

"CoCreateInstance failed; code 0x80040154. Class not registered." when the .ink files tried to install. So MBAM installs but these errors come up both during install and when I tryto run it. I have seen other people's topics where MBAM eliminated their problems so I hope to get it installed and let it have a crack.

I have found some suspicious files like one related to a malware I got last year

C:\WINDOWS\SysWOW64\Drivers\ylcgcuoq.dat

and also wsil32.dll which i'm not sure about

In addition, attempted install of Superantispyware gives the same cocreate instance error, and I have already tried a number of specific virtumonde fix programs.

PLEASE HELP! I have tried all I can by myself before bugging y'all with this problem, but I need some more experienced help with this now, so I'll roll out the logs.

Gmer log

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-03-01 00:19:34
Windows 5.2.3790 Service Pack 2


---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

---- EOF - GMER 1.0.14 ----

HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:23 AM, on 03/01/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files (x86)\FSI\F-Prot\fpavupdm.exe
C:\Program Files (x86)\Java\jre6\bin\jqs.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\SysWOW64\PnkBstrA.exe
C:\WINDOWS\SysWOW64\wwSecure.exe
C:\Program Files (x86)\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\FSI\F-Prot\F-Sched.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\iPod\bin\iPodService.exe
C:\Documents and Settings\Administrator\Desktop\system health tools\gmer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page =

http://go.microsoft.com/fwlink/?LinkId=54843
O1 - Hosts: be placed in the first column followed by the corresponding host

name.
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -

(no file)
O4 - HKLM\..\Run: [FRISK FP-Scheduler] "C:\Program Files

(x86)\FSI\F-Prot\F-Sched.exe" STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files

(x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files

(x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files

(x86)\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft

Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI

Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d

locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Window Washer] C:\Program Files

(x86)\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search

& Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall]

%systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall]

%systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\S-1-5-21-2712546392-667894355-3133765092-500\..\Run: [Aim6]

"C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User

'?')
O4 - HKUS\S-1-5-21-2712546392-667894355-3133765092-500\..\Run: [SpybotSD

TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (User

'?')
O4 - HKUS\S-1-5-18\..\Run: [kffo] C:\PROGRA~2\COMMON~1\kffo\kffom.exe (User

'?')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall]

%systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [kffo] C:\PROGRA~2\COMMON~1\kffo\kffom.exe (User

'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall]

%systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files

(x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

(no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote -

{2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no

file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no

file)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} -

http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} -

http://upload.facebook.com/controls/2008.1...kPhotoUploader5.

cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} -

http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -

http://a840.g.akamai.net/7/840/537/2004061...icro.com/housec

all/xscan53.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} -

http://www.livemetallica.com/nugster/dlControl.CAB
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} -

http://driveragent.com/files/driveragent.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - (no

file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program

Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner -

C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2saag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) -

Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner -

C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program

Files (x86)\FSI\F-Prot\fpavupdm.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner -

C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files (x86)\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner -

C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files

(x86)\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun

Microsystems, Inc. - C:\Program Files (x86)\Java\jre6\bin\jqs.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner -

C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner -

C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner -

C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner -

C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner -

C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner -

C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown

owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner -

C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner -

C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files

(x86)\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner -

C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner -

C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. -

C:\WINDOWS\system32\wwSecure.exe

--
End of file - 8121 bytes

Deckard's System Scanner

Deckard's System Scanner v20071014.68
Run by Administrator on 2009-03-01 00:25:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25 AM, on 03/01/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files (x86)\FSI\F-Prot\fpavupdm.exe
C:\Program Files (x86)\Java\jre6\bin\jqs.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\SysWOW64\PnkBstrA.exe
C:\WINDOWS\SysWOW64\wwSecure.exe
C:\Program Files (x86)\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\FSI\F-Prot\F-Sched.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\iPod\bin\iPodService.exe
C:\Documents and Settings\Administrator\Desktop\system health tools\gmer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\system health tools\dss.exe
C:\PROGRA~2\TRENDM~1\HIJACK~1\ADMINI~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O1 - Hosts: be placed in the first column followed by the corresponding host name.
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
O4 - HKLM\..\Run: [FRISK FP-Scheduler] "C:\Program Files (x86)\FSI\F-Prot\F-Sched.exe" STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Window Washer] C:\Program Files (x86)\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\S-1-5-21-2712546392-667894355-3133765092-500\..\Run: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User '?')
O4 - HKUS\S-1-5-21-2712546392-667894355-3133765092-500\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [kffo] C:\PROGRA~2\COMMON~1\kffo\kffom.exe (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [kffo] C:\PROGRA~2\COMMON~1\kffo\kffom.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} - http://www.livemetallica.com/nugster/dlControl.CAB
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://driveragent.com/files/driveragent.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2saag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files (x86)\FSI\F-Prot\fpavupdm.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files (x86)\Java\jre6\bin\jqs.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

--
End of file - 8180 bytes

-- Files created between 2009-02-01 and 2009-03-01 -----------------------------

2009-02-28 22:19:43 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2009-02-28 21:08:27 0 d-------- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2009-02-16 20:16:38 0 d-------- C:\VundoFix Backups
2009-02-16 02:51:29 0 d-------- C:\Documents and Settings\Administrator\.housecall6.6
2009-02-15 01:07:42 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2009-02-15 00:34:09 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI(4)
2009-02-02 22:57:09 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI(3)
2009-02-02 22:40:32 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI(2)


-- Find3M Report ---------------------------------------------------------------

2009-02-28 22:18:59 0 d-------- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2009-02-16 21:43:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2009-02-16 20:16:37 0 d-------- C:\Program Files (x86)\zips of games
2009-02-15 11:46:19 0 d-------- C:\Program Files (x86)\GameSpy Arcade
2009-02-15 01:07:14 0 d-------- C:\Program Files (x86)\ATI Technologies
2009-02-10 21:41:16 0 d-------- C:\Program Files (x86)\botf
2009-02-08 23:00:45 0 d--h----- C:\Program Files (x86)\InstallShield Installation Information
2009-02-02 23:12:27 0 d-------- C:\Program Files (x86)\CyberLink
2009-01-18 00:32:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Bioshock
2009-01-08 21:35:04 0 d-------- C:\Program Files (x86)\ubernesv3rev2
2008-12-07 22:39:06 8812 --ah----- C:\WINDOWS\system32\repefeji


-- Registry Dump ---------------------------------------------------------------



-- End of Deckard's System Scanner: finished at 2009-03-01 00:25:41 ------------

Also just a heads-up I run XP Professional x64 OS, so some things like ComboFix won't work with my x64 operating system b/c they are 32 only.

ONe other thing I want to mention is that My installer seems to be really messed up, nothing will install, always gives the error 1719 (problem with windows installer), or it gives me some thing about the permission settings not being right (though I am the sole administrator)

I ran Ad-Aware in the meantime while waiting for some help, so I'll post that log too

Ad-Aware 2007 Build
Log File Created on: 2009-03-01 23:11:40
Using Definitions File: C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\core.aawdef
Computer name: DREWS-SGAMER
Name of user performing scan: SYSTEM

System information
===========================
Number of processors: 1
Processor type: AMD Athlon™ 64 Processor 3200+
Memory Available: 25%
Total Physical Memory: 1073094656 Bytes
Available Physical Memory: 257556480 Bytes
Total Page File Size: 3148898304 Bytes
Available On Page File: 2420752384 Bytes
Total Virtual Memory: 2147352576 Bytes
Available Virtual Memory: 1772601344 Bytes
OS: Microsoft Windows Server 2003 family Service Pack 2 (Build 3790)

Ad-Aware 2007 Settings
===========================
Skipping files larger than 1048576 kB
Ignoring infections with lower TAI than: 3


Extended Ad-Aware 2007 Settings
===========================
Unloading known modules during scan
Ignoring spanned files when scanning cab archives
Reanalyzing results after scanning before displaying results
Trying to unload modules prior to removal
Unloading Explorer if necessary during removal
Let Windows remove files currently in use at next reboot
Removing quarantined objects after restore
Deactivating Ad-Watch during scans
Writeprotecting system files after repairs
Include info about ignored objects in log file
Including basic settings in log file
Including advanced settings in log file
Including user and computer name in log file
Create and save WebUpdate log file

Databaseinfo
===========================
Version number: 146
Build Number: 0
Build Date and Time: 2009/01/22 14:54:48

Scan Statistics
===========================
Method: Smart
Scan tracking cookies.............................: On
Scan ADS filestreams..............................: On

Item Scanned: 189436
Infections Detected: 7
Infections Ignored: 0

Scan detailed statistics
===========================
Type Critical Total
Process Scan....: 0 0
Registry Scan...: 0 0
Registry PE Scan: 0 0
Hosts File Scan.: 0 0
File Scan.......: 0 0
Folder Scan.....: 0 0
LSP Scan........: 0 0
ADS Scan........: 0 0
Cookie Scan.....: 4 4
File Hash Scan..: 0 0

Infections Found
===========================
Family Id: 725 Name: Tracking Cookie Category: DataMiner TAI:3
Item Id: 409170 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Administrator\Cookies\index.dat adlegend.com PrefID /
Item Id: 409170 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Administrator\Cookies\index.dat adlegend.com CSList /
Item Id: 409363 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Administrator\Cookies\index.dat kontera.com cluid /
Item Id: 409363 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Administrator\Cookies\index.dat kontera.com imprs /
Family Id: 9999 Name: MRU Object Category: MRU Object TAI:0
Item Id: 1 Value: MRU Path: C:\Documents and Settings\Administrator\Recent Count: 149
Item Id: 2 Value: MRU Registry Key: S-1-5-21-2712546392-667894355-3133765092-500\Software\Microsoft\Search Assistant\ACMru\5603 Count: 9
Item Id: 3 Value: MRU Registry Key: S-1-5-21-2712546392-667894355-3133765092-500\Software\Microsoft\Internet Explorer\TypedURLs Count: 10

Items Ignored During Scan
===========================


Listing of running processes
===========================
C:\PROGRAM FILES (X86)\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE
c:\program files (x86)\lavasoft\ad-aware 2007\aawservice.exe

c:\windows\system32\ntdll.dll

c:\windows\syswow64\kernel32.dll

c:\program files (x86)\lavasoft\ad-aware 2007\ceapi.dll

c:\windows\syswow64\advapi32.dll

c:\windows\syswow64\rpcrt4.dll

c:\windows\syswow64\secur32.dll

c:\program files (x86)\lavasoft\ad-aware 2007\pkarchive84cb.dll

c:\windows\syswow64\shell32.dll

c:\windows\syswow64\msvcrt.dll

c:\windows\syswow64\gdi32.dll

c:\windows\syswow64\user32.dll

c:\windows\syswow64\shlwapi.dll

c:\windows\syswow64\ole32.dll

c:\windows\syswow64\crypt32.dll

c:\windows\syswow64\msasn1.dll

c:\windows\syswow64\wldap32.dll

c:\windows\system32\psapi.dll

c:\windows\syswow64\version.dll

c:\windows\syswow64\wininet.dll

c:\windows\syswow64\normaliz.dll

c:\windows\syswow64\iertutil.dll

c:\program files (x86)\lavasoft\ad-aware 2007\update.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\userenv.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\wow64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5fa17f4e\comctl32.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\rasadhlp.dll

C:\PROGRAM FILES (X86)\FSI\F-PROT\FPAVUPDM.EXE
c:\program files (x86)\fsi\f-prot\fpavupdm.exe

c:\windows\system32\ntdll.dll

c:\windows\syswow64\kernel32.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\syswow64\msvcrt.dll

c:\windows\system32\ws2help.dll

c:\windows\syswow64\advapi32.dll

c:\windows\syswow64\rpcrt4.dll

c:\windows\syswow64\secur32.dll

c:\windows\syswow64\wininet.dll

c:\windows\syswow64\shlwapi.dll

c:\windows\syswow64\gdi32.dll

c:\windows\syswow64\user32.dll

c:\windows\syswow64\normaliz.dll

c:\windows\syswow64\iertutil.dll

c:\windows\syswow64\ole32.dll

c:\windows\syswow64\oleaut32.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\wow64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5fa17f4e\comctl32.dll

c:\windows\syswow64\shell32.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\syswow64\netapi32.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\winmm.dll

c:\windows\syswow64\crypt32.dll

c:\windows\syswow64\msasn1.dll

c:\windows\system32\userenv.dll

c:\windows\system32\msapsspc.dll

c:\windows\system32\msvcrt40.dll

c:\windows\system32\msnsspc.dll

c:\windows\syswow64\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\psapi.dll

c:\windows\system32\sensapi.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\rasadhlp.dll

c:\windows\syswow64\urlmon.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\winrnr.dll

c:\windows\syswow64\wldap32.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JQS.EXE
c:\program files (x86)\java\jre6\bin\jqs.exe

c:\windows\system32\ntdll.dll

c:\windows\syswow64\kernel32.dll

c:\windows\system32\ws2_32.dll

c:\windows\syswow64\msvcrt.dll

c:\windows\system32\ws2help.dll

c:\windows\syswow64\advapi32.dll

c:\windows\syswow64\rpcrt4.dll

c:\windows\syswow64\secur32.dll

c:\windows\syswow64\ole32.dll

c:\windows\syswow64\gdi32.dll

c:\windows\syswow64\user32.dll

c:\program files (x86)\java\jre6\bin\msvcr71.dll

c:\windows\system32\imm32.dll

c:\windows\system32\psapi.dll

c:\windows\system32\pdh.dll

c:\windows\syswow64\shlwapi.dll

c:\windows\syswow64\comdlg32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.3790.3959_x-ww_78fcf8d0\comctl32.dll

c:\windows\syswow64\shell32.dll

c:\windows\syswow64\oleaut32.dll

c:\windows\system32\odbc32.dll

c:\windows\system32\odbcbcp.dll

c:\windows\syswow64\version.dll

c:\windows\syswow64\crypt32.dll

c:\windows\syswow64\msasn1.dll

c:\windows\winsxs\wow64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5fa17f4e\comctl32.dll

c:\windows\system32\odbcint.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\perfos.dll

c:\windows\system32\perfdisk.dll

C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
c:\program files (x86)\common files\microsoft shared\vs7debug\mdm.exe

c:\windows\system32\ntdll.dll

c:\windows\syswow64\kernel32.dll

c:\windows\syswow64\ole32.dll

c:\windows\syswow64\msvcrt.dll

c:\windows\syswow64\gdi32.dll

c:\windows\syswow64\user32.dll

c:\windows\syswow64\advapi32.dll

c:\windows\syswow64\rpcrt4.dll

c:\windows\syswow64\secur32.dll

c:\windows\syswow64\oleaut32.dll

c:\windows\syswow64\version.dll

c:\windows\syswow64\shlwapi.dll

c:\windows\system32\shimeng.dll

c:\windows\system32\apphelp.dll

c:\windows\apppatch\acwow64.dll

c:\windows\system32\imm32.dll

c:\windows\system32\psapi.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\program files (x86)\common files\microsoft shared\vs7debug\msdbg2.dll

c:\windows\syswow64\netapi32.dll

c:\windows\winsxs\wow64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5fa17f4e\comctl32.dll

C:\WINDOWS\SYSWOW64\PNKBSTRA.EXE
c:\windows\syswow64\pnkbstra.exe

c:\windows\system32\ntdll.dll

c:\windows\syswow64\kernel32.dll

c:\windows\syswow64\wsock32.dll

c:\windows\syswow64\ws2_32.dll

c:\windows\syswow64\msvcrt.dll

c:\windows\syswow64\ws2help.dll

c:\windows\syswow64\advapi32.dll

c:\windows\syswow64\rpcrt4.dll

c:\windows\syswow64\secur32.dll

c:\windows\syswow64\user32.dll

c:\windows\syswow64\gdi32.dll

c:\windows\syswow64\shell32.dll

c:\windows\syswow64\shlwapi.dll

c:\windows\syswow64\wintrust.dll

c:\windows\syswow64\crypt32.dll

c:\windows\syswow64\msasn1.dll

c:\windows\syswow64\imagehlp.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\wow64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5fa17f4e\comctl32.dll

c:\windows\system32\mswsock.dll

c:\windows\syswow64\ole32.dll

c:\windows\syswow64\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

C:\WINDOWS\SYSWOW64\WWSECURE.EXE
c:\windows\syswow64\wwsecure.exe

c:\windows\system32\ntdll.dll

c:\windows\syswow64\kernel32.dll

c:\windows\syswow64\user32.dll

c:\windows\syswow64\gdi32.dll

c:\windows\syswow64\advapi32.dll

c:\windows\syswow64\rpcrt4.dll

c:\windows\syswow64\secur32.dll

c:\windows\syswow64\oleaut32.dll

c:\windows\syswow64\msvcrt.dll

c:\windows\syswow64\ole32.dll

c:\windows\syswow64\version.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.3790.3959_x-ww_78fcf8d0\comctl32.dll

c:\windows\system32\imm32.dll

c:\windows\syswow64\uxtheme.dll

c:\windows\syswow64\sxs.dll

c:\windows\syswow64\xpsp2res.dll

c:\windows\syswow64\clbcatq.dll

c:\windows\syswow64\comres.dll

C:\WINDOWS\SYSWOW64\CTFMON.EXE
c:\windows\syswow64\ctfmon.exe

c:\windows\system32\ntdll.dll

c:\windows\syswow64\kernel32.dll

c:\windows\syswow64\msvcrt.dll

c:\windows\syswow64\advapi32.dll

c:\windows\syswow64\rpcrt4.dll

c:\windows\syswow64\secur32.dll

c:\windows\syswow64\user32.dll

c:\windows\syswow64\gdi32.dll

c:\windows\syswow64\msctf.dll

c:\windows\syswow64\msutb.dll

c:\windows\system32\imm32.dll

c:\windows\syswow64\uxtheme.dll

c:\windows\syswow64\apphelp.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\ole32.dll

C:\PROGRAM FILES (X86)\FSI\F-PROT\F-SCHED.EXE
c:\program files (x86)\fsi\f-prot\f-sched.exe

c:\windows\system32\ntdll.dll

c:\windows\syswow64\kernel32.dll

c:\windows\system32\mfc42.dll

c:\windows\syswow64\msvcrt.dll

c:\windows\syswow64\user32.dll

c:\windows\syswow64\gdi32.dll

c:\windows\syswow64\advapi32.dll

c:\windows\syswow64\rpcrt4.dll

c:\windows\syswow64\secur32.dll

c:\windows\syswow64\ole32.dll

c:\windows\syswow64\oleaut32.dll

c:\windows\syswow64\wininet.dll

c:\windows\syswow64\shlwapi.dll

c:\windows\syswow64\normaliz.dll

c:\windows\syswow64\iertutil.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\odbc32.dll

c:\windows\winsxs\wow64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5fa17f4e\comctl32.dll

c:\windows\syswow64\shell32.dll

c:\windows\syswow64\comdlg32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\odbcint.dll

c:\program files (x86)\fsi\f-prot\schedeng.dll

c:\windows\system32\uxtheme.dll

c:\windows\syswow64\msctf.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\msctfime.ime

C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JUSCHED.EXE
c:\program files (x86)\java\jre6\bin\jusched.exe

c:\windows\system32\ntdll.dll

c:\windows\syswow64\kernel32.dll

c:\windows\syswow64\advapi32.dll

c:\windows\syswow64\rpcrt4.dll

c:\windows\syswow64\secur32.dll

c:\windows\syswow64\gdi32.dll

c:\windows\syswow64\user32.dll

c:\windows\syswow64\wininet.dll

c:\windows\syswow64\msvcrt.dll

c:\windows\syswow64\shlwapi.dll

c:\windows\syswow64\normaliz.dll

c:\windows\syswow64\iertutil.dll

c:\windows\syswow64\ole32.dll

c:\windows\syswow64\shell32.dll

c:\windows\syswow64\oleaut32.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\wow64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5fa17f4e\comctl32.dll

c:\windows\system32\uxtheme.dll

c:\windows\syswow64\msctf.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\syswow64\netapi32.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\winmm.dll

c:\windows\syswow64\crypt32.dll

c:\windows\syswow64\msasn1.dll

c:\windows\system32\userenv.dll

c:\windows\syswow64\msapsspc.dll

c:\windows\system32\msvcrt40.dll

c:\windows\syswow64\msnsspc.dll

c:\windows\syswow64\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\psapi.dll

c:\windows\system32\sensapi.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\winrnr.dll

c:\windows\syswow64\wldap32.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\dhcpcsvc.dll

c:\windows\system32\netman.dll

c:\windows\system32\netshell.dll

c:\windows\system32\credui.dll

c:\windows\system32\atl.dll

c:\windows\system32\clusapi.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\samlib.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\wzcsvc.dll

c:\windows\system32\wmi.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\esent.dll

c:\windows\system32\wzcsapi.dll

c:\windows\syswow64\urlmon.dll

C:\PROGRAM FILES (X86)\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
c:\program files (x86)\common files\real\update_ob\realsched.exe

c:\windows\system32\ntdll.dll

c:\windows\syswow64\kernel32.dll

c:\windows\syswow64\ole32.dll

c:\windows\syswow64\msvcrt.dll

c:\windows\syswow64\gdi32.dll

c:\windows\syswow64\user32.dll

c:\windows\syswow64\advapi32.dll

c:\windows\syswow64\rpcrt4.dll

c:\windows\syswow64\secur32.dll

c:\windows\syswow64\version.dll

c:\windows\system32\imm32.dll

c:\windows\syswow64\shell32.dll

c:\windows\syswow64\shlwapi.dll

c:\windows\winsxs\wow64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5fa17f4e\comctl32.dll

c:\windows\system32\uxtheme.dll

c:\windows\syswow64\msctf.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\syswow64\oleaut32.dll

c:\windows\system32\comres.dll

c:\windows\system32\ntmarta.dll

c:\windows\syswow64\wldap32.dll

c:\windows\system32\samlib.dll

C:\PROGRAM FILES (X86)\IPOD\BIN\IPODSERVICE.EXE
c:\program files (x86)\ipod\bin\ipodservice.exe

c:\windows\system32\ntdll.dll

c:\windows\syswow64\kernel32.dll

c:\windows\system32\cfgmgr32.dll

c:\windows\system32\setupapi.dll

c:\windows\syswow64\msvcrt.dll

c:\windows\syswow64\advapi32.dll

c:\windows\syswow64\rpcrt4.dll

c:\windows\syswow64\secur32.dll

c:\windows\syswow64\gdi32.dll

c:\windows\syswow64\user32.dll

c:\windows\syswow64\version.dll

c:\windows\syswow64\ole32.dll

c:\windows\syswow64\oleaut32.dll

c:\windows\system32\imm32.dll

c:\program files (x86)\ipod\bin\ipodservice.resources\en.lproj\ipodservicelocalized.dll

c:\program files (x86)\ipod\bin\ipodservice.resources\ipodservice.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\uxtheme.dll

c:\windows\syswow64\wintrust.dll

c:\windows\syswow64\crypt32.dll

c:\windows\syswow64\msasn1.dll

c:\windows\syswow64\imagehlp.dll

C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE
c:\program files (x86)\mozilla firefox\firefox.exe

c:\windows\system32\ntdll.dll

c:\windows\syswow64\kernel32.dll

c:\program files (x86)\mozilla firefox\xul.dll

c:\program files (x86)\mozilla firefox\sqlite3.dll

c:\program files (x86)\mozilla firefox\mozcrt19.dll

c:\windows\syswow64\msvcrt.dll

c:\program files (x86)\mozilla firefox\js3250.dll

c:\program files (x86)\mozilla firefox\nspr4.dll

c:\windows\syswow64\advapi32.dll

c:\windows\syswow64\rpcrt4.dll

c:\windows\syswow64\secur32.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\winmm.dll

c:\windows\syswow64\user32.dll

c:\windows\syswow64\gdi32.dll

c:\program files (x86)\mozilla firefox\smime3.dll

c:\program files (x86)\mozilla firefox\nss3.dll

c:\program files (x86)\mozilla firefox\nssutil3.dll

c:\program files (x86)\mozilla firefox\plc4.dll

c:\program files (x86)\mozilla firefox\plds4.dll

c:\program files (x86)\mozilla firefox\ssl3.dll

c:\windows\syswow64\shell32.dll

c:\windows\syswow64\shlwapi.dll

c:\windows\syswow64\ole32.dll

c:\windows\syswow64\version.dll

c:\windows\system32\winspool.drv

c:\windows\syswow64\comdlg32.dll

c:\windows\winsxs\wow64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5fa17f4e\comctl32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msimg32.dll

c:\windows\system32\usp10.dll

c:\windows\syswow64\oleaut32.dll

c:\program files (x86)\mozilla firefox\xpcom.dll

c:\windows\system32\dbghelp.dll

c:\windows\system32\uxtheme.dll

c:\windows\syswow64\msctf.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\program files (x86)\mozilla firefox\components\browserdirprovider.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\psapi.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\winrnr.dll

c:\windows\syswow64\wldap32.dll

c:\windows\system32\xpsp2res.dll

c:\program files (x86)\mozilla firefox\components\brwsrcmp.dll

c:\windows\syswow64\netapi32.dll

c:\windows\system32\urlmon.dll

c:\windows\syswow64\iertutil.dll

c:\windows\system32\userenv.dll

c:\windows\system32\rsaenh.dll

c:\program files (x86)\mozilla firefox\softokn3.dll

c:\program files (x86)\mozilla firefox\nssdbm3.dll

c:\program files (x86)\mozilla firefox\freebl3.dll

c:\program files (x86)\mozilla firefox\nssckbi.dll

c:\windows\system32\rasadhlp.dll

c:\windows\syswow64\wintrust.dll

c:\windows\syswow64\crypt32.dll

c:\windows\syswow64\msasn1.dll

c:\windows\syswow64\imagehlp.dll

c:\windows\system32\wdmaud.drv

c:\windows\system32\msacm32.drv

c:\windows\system32\msacm32.dll

c:\windows\system32\midimap.dll

c:\windows\system32\ntshrui.dll

c:\windows\system32\linkinfo.dll

C:\PROGRAM FILES (X86)\LAVASOFT\AD-AWARE 2007\AD-AWARE2007.EXE
c:\program files (x86)\lavasoft\ad-aware 2007\ad-aware2007.exe

c:\windows\system32\ntdll.dll

c:\windows\syswow64\kernel32.dll

c:\windows\syswow64\user32.dll

c:\windows\syswow64\gdi32.dll

c:\windows\syswow64\advapi32.dll

c:\windows\syswow64\rpcrt4.dll

c:\windows\syswow64\secur32.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.3790.3959_x-ww_78fcf8d0\comctl32.dll

c:\windows\syswow64\comdlg32.dll

c:\windows\syswow64\msvcrt.dll

c:\windows\syswow64\shlwapi.dll

c:\windows\syswow64\shell32.dll

c:\windows\winsxs\wow64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5fa17f4e\comctl32.dll

c:\windows\syswow64\oleaut32.dll

c:\windows\syswow64\ole32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\inetmib1.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\psapi.dll

c:\windows\system32\snmpapi.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\syswow64\netapi32.dll

c:\windows\syswow64\wldap32.dll

c:\windows\system32\credui.dll

c:\windows\system32\atl.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\samlib.dll

c:\windows\system32\setupapi.dll

c:\windows\syswow64\version.dll

c:\windows\syswow64\mpr.dll

c:\windows\system32\winmm.dll

c:\windows\system32\oleacc.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\uxtheme.dll

c:\windows\syswow64\msctf.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\olepro32.dll

c:\windows\system32\drprov.dll

c:\windows\system32\ntlanman.dll

c:\windows\system32\netui0.dll

c:\windows\system32\netui1.dll

c:\windows\system32\davclnt.dll

c:\windows\system32\userenv.dll

End of Scan Section
===========================

Quarantined Infections
===========================
Browser: Internet Explorer Cookie: C:\Documents and Settings\Administrator\Cookies\index.dat adlegend.com PrefID /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Administrator\Cookies\index.dat adlegend.com CSList /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Administrator\Cookies\index.dat kontera.com cluid /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\Administrator\Cookies\index.dat kontera.com imprs /, Belonging to Tracking Cookie
MRU Path: C:\Documents and Settings\Administrator\Recent Count: 149, Belonging to MRU Object
MRU Registry Key: S-1-5-21-2712546392-667894355-3133765092-500\Software\Microsoft\Search Assistant\ACMru\5603 Count: 9, Belonging to MRU Object
MRU Registry Key: S-1-5-21-2712546392-667894355-3133765092-500\Software\Microsoft\Internet Explorer\TypedURLs Count: 10, Belonging to MRU Object

End of Quarantined Infections
===========================

Please run the following scanner.

Please download to your Desktop: Dr.Web CureIt

• After the file has downloaded, disable your current Anti-Virus and disconnect from the Internet
• Doubleclick the drweb-cureit.exe file, then click the Start button, then the OK button to perform an Express Scan.
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.
• Once the short scan has finished, Click on the Complete scan radio button.
• Then click on the Settings menu on top, the select Change Settings or press the F9 key. You can also change the Language
• Choose the Scanning tab and I recomend leaving the Heuristic analysis enabled (this can lead to False Positives though)
• On the File types tab ensure you select All files
• Click on the Actions tab and set the following:
  
  • Objects Infected objects = Cure, Incurable objects = Move, Suspicious objects = Report
  • Infected packages Archive = Move, E-mails = Report, Containers = Move
  • Malware Adware = Move, Dialers = Move, Jokes = Move, Riskware = Move, Hacktools = Move
  • Do not change the Rename extension - default is: #??
  • Leave the default save path for Moved files here: %USERPROFILE%\DoctorWeb\Quarantine\
  • Leave prompt on Action checked
• On the Log file tab leave the Log to file checked.
• Leave the log file path alone: %USERPROFILE%\DoctorWeb\CureIt.log
• Log mode = Append
• Encoding = ANSI
• Details Leave Names of file packers and Statistics checked.
• Limit log file size = 2048 KB and leave the check mark on the Maximum log file size.
• On the General tab leave the Scan Priority on High
• Click the Apply button at the bottom, and then the OK button.
• On the right side under the Dr Web Anti-Virus Logo you will see 3 little buttons. Click the left VCR style Start button.
• In this mode it will scan Boot sectors of all disks, All removable media, and all local drives
• The more files and folders you have the longer the scan will take. On large drives it can take hours to complete.
• When the Cure option is selected, an additional context menu will open. Select the necessary action of the program, if the curing fails.
• Click 'Yes to all' if it asks if you want to cure/move the files.
• This will move it to the %USERPROFILE%\DoctorWeb\Quarantine\ folder if it can't be cured. (in this case we need samples)
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
• Save the report to your Desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
• After reboot, post the contents of the log from Dr.Web you saved previously to your Desktop in your next reply with a new hijackthis log.
  

  

Dr.Web log found a lot of stuff but wasnt able to delete it all. Excel won't open due to the virus so this is the only way to put the drweb log in, since it won't let me upload .csv files

c.bat;C:\32788R22FWJFW;Probably BATCH.Virus;Moved.;
psexec.cfexe;C:\32788R22FWJFW;Program.PsExec.171;Moved.;
A0042298.dll.bac_a02020;C:\Documents and Settings\Administrator\.housecall6.6\Quarantine;Trojan.Siggen.568;Deleted.;
A0042299.dll.bac_a02020;C:\Documents and Settings\Administrator\.housecall6.6\Quarantine;Trojan.Virtumod.1459;Deleted.;
A0042301.dll.bac_a02020;C:\Documents and Settings\Administrator\.housecall6.6\Quarantine;Trojan.Virtumod.1534;Deleted.;
A0042302.dll.bac_a02020;C:\Documents and Settings\Administrator\.housecall6.6\Quarantine;Trojan.Virtumod.1534;Deleted.;
A0042303.dll.bac_a02020;C:\Documents and Settings\Administrator\.housecall6.6\Quarantine;Trojan.Virtumod.1534;Deleted.;
A0045631.dll.bac_a02020;C:\Documents and Settings\Administrator\.housecall6.6\Quarantine;Trojan.Siggen.568;Deleted.;
A0045632.dll.bac_a02020;C:\Documents and Settings\Administrator\.housecall6.6\Quarantine;Trojan.Virtumod.1459;Deleted.;
A0045633.dll.bac_a02020;C:\Documents and Settings\Administrator\.housecall6.6\Quarantine;Trojan.Virtumod.1534;Deleted.;
A0045634.dll.bac_a02020;C:\Documents and Settings\Administrator\.housecall6.6\Quarantine;Trojan.Virtumod.1534;Deleted.;
A0045635.dll.bac_a02020;C:\Documents and Settings\Administrator\.housecall6.6\Quarantine;Trojan.Virtumod.1534;Deleted.;
BACKUP-20071207-233006-457.0LL.bac_a02020;C:\Documents and Settings\Administrator\.housecall6.6\Quarantine;Trojan.Click.4871;Deleted.;
BACKUP-20071207-233103-479.0LL.bac_a02020;C:\Documents and Settings\Administrator\.housecall6.6\Quarantine;Trojan.Click.4871;Deleted.;
BACKUP-20071207-233123-734.0LL.bac_a02020;C:\Documents and Settings\Administrator\.housecall6.6\Quarantine;Trojan.Click.4871;Deleted.;
BACKUP-20071207-233141-958.0LL.bac_a02020;C:\Documents and Settings\Administrator\.housecall6.6\Quarantine;Trojan.Click.4871;Deleted.;
BACKUP-20071207-235336-312.0LL.bac_a02020;C:\Documents and Settings\Administrator\.housecall6.6\Quarantine;Trojan.Click.4871;Deleted.;
BACKUP-20071208-000717-169.0LL.bac_a02020;C:\Documents and Settings\Administrator\.housecall6.6\Quarantine;Trojan.Click.4871;Deleted.;
sch20ddshlp.dll.bac_a02020;C:\Documents and Settings\Administrator\.housecall6.6\Quarantine;Probably Trojan.Packed.196;Moved.;
wnl32.dll.bac_a02020;C:\Documents and Settings\Administrator\.housecall6.6\Quarantine;Trojan.DownLoader.61955;Deleted.;
VirtumundoBeGone.exe\data005;C:\Documents and Settings\Administrator\Desktop\system health tools\VirtumundoBeGone.exe;Tool.Prockill;;
VirtumundoBeGone.exe;C:\Documents and Settings\Administrator\Desktop\system health tools;Archive contains infected objects;Moved.;
nsh2F.tmp;C:\Documents and Settings\Administrator\Local Settings\Temp;Tool.Prockill;Moved.;
nsuA.tmp;C:\Documents and Settings\Administrator\Local Settings\Temp;Tool.Prockill;Moved.;
nsv5.tmp;C:\Documents and Settings\Administrator\Local Settings\Temp;Tool.Prockill;Moved.;
nswD.tmp;C:\Documents and Settings\Administrator\Local Settings\Temp;Tool.Prockill;Moved.;
inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3;Probably BACKDOOR.Trojan;Incurable.Moved.;
ocpinst.exe\data529;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\ocpinst.exe;Probably BACKDOOR.Trojan;;
ocpinst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3;Archive contains infected objects;Moved.;
regLocal.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Backups;Probably SCRIPT.Virus;Incurable.Moved.;
RegUBP2b-Administrator.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
ylcgcuoq.dat;C:\WINDOWS\system32\Drivers;Trojan.NtRootKit.511;Deleted.;

new hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:05 PM, on 03/02/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files (x86)\FSI\F-Prot\fpavupdm.exe
C:\Program Files (x86)\Java\jre6\bin\jqs.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\WINDOWS\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\SysWOW64\wwSecure.exe
C:\Program Files (x86)\FSI\F-Prot\F-Sched.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\iPod\bin\iPodService.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page =

http://go.microsoft.com/fwlink/?LinkId=54843
O1 - Hosts: be placed in the first column followed by the corresponding host

name.
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -

(no file)
O4 - HKLM\..\Run: [FRISK FP-Scheduler] "C:\Program Files

(x86)\FSI\F-Prot\F-Sched.exe" STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files

(x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files

(x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files

(x86)\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft

Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI

Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d

locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Window Washer] C:\Program Files

(x86)\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search

& Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall]

%systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall]

%systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\S-1-5-21-2712546392-667894355-3133765092-500\..\Run: [Aim6]

"C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User

'?')
O4 - HKUS\S-1-5-21-2712546392-667894355-3133765092-500\..\Run: [SpybotSD

TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (User

'?')
O4 - HKUS\S-1-5-18\..\Run: [kffo] C:\PROGRA~2\COMMON~1\kffo\kffom.exe (User

'?')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall]

%systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [kffo] C:\PROGRA~2\COMMON~1\kffo\kffom.exe (User

'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall]

%systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files

(x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

(no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote -

{2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no

file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no

file)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} -

http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} -

http://upload.facebook.com/controls/2008.1...kPhotoUploader5.

cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} -

http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -

http://a840.g.akamai.net/7/840/537/2004061...icro.com/housec

all/xscan53.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} -

http://www.livemetallica.com/nugster/dlControl.CAB
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} -

http://driveragent.com/files/driveragent.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - (no

file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program

Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner -

C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2saag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) -

Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner -

C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program

Files (x86)\FSI\F-Prot\fpavupdm.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner -

C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files (x86)\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner -

C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files

(x86)\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun

Microsystems, Inc. - C:\Program Files (x86)\Java\jre6\bin\jqs.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner -

C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner -

C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner -

C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner -

C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner -

C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner -

C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown

owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner -

C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner -

C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files

(x86)\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner -

C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner -

C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. -

C:\WINDOWS\system32\wwSecure.exe

--
End of file - 7986 bytes

Please turn off WORD WRAP in Notepad.



How is the computer running now? Are you still having an issue with it?

I attached it with non word wrap. All the same problems still there, due to the 2 or 3 things taht could not be fixed I guess. No change that I can tell, everything is still messed up

Nothing will install, all programs taht were messed up before still are. There are a lot of files in the quarantine bins for trendmicro housecall and Dr. Web, but i dont think it moved anymore in there after my restart. I attached pictures of the two quarantine folders so you can see the files in there

Also I consulted Jotti online malware scan and Im pretty sure that the Dr.Web folder's AOL files, VirtumundobeGone, and the batch file, possibly the reg entries are false positives from the heuristics, but the other files in that folder showed up as infections.

RootRepeal - Rootkit Detector

• Please download the following tool: RootRepeal - Rootkit Detector
• Direct download link is here: RootRepeal.rar
• If you don't already have a program to open a .RAR compressed file you can download a trial version from here: WinRAR
• Extract the program file to a new folder such as C:\RootRepeal
• Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button
• Select ALL of the checkboxes and then click OK and it will start scanning your system.
• If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
• When done, click on Save Report
• Save it to the same location where you ran it from, such as C:\RootRepeal
• Save it as your_name_rootrepeal.txt - where your_name is your forum name
• This makes it more easy to track who the log belongs to.
• Then open that log and select all and copy/paste it back on your next reply please.
• Quit the RootRepeal program.

Just attempted to run that program and I get this error

"Mismatch between the kernel reported by windows and the one reported by a hardware scan.

Do you want to use the kernel reported by windows?"

Yes No

If I click Yes it says Could not load driver (0xc000036b)!

same error no matter which option I pick. Apparently it does not work with my 64 bit OS from what a google search dug up--Windows XP Professional x64

Kaspersky won't start either--I know that some of those files in the Quarantine folder are viruses, and I hate it when none of these programs seems to work. You got anything else up your sleeve that might do the trick? You think if i delete those quarantined files it might make a difference?

No probably not. The issue is that it's 64 Bit and very few tools actually work well on 64 Bit, including Malware.

Please try the following BOOT CD AV Scanner.


Avira AntiVir Rescue System

Requires access to a working computer with a CD/DVD burner to create a bootable CD.

• Download the Avira AntiVir Rescue System from here
• Place a blank CD in your burner and double-click on the downloaded file.
• The program will automatically burn the CD for you.
• Place the burned CD into the affected computer and start the computer from this CD.
• On the bottom left side of the screen there are 2 flags. Using your mouse click on the British flag to use English.
• Click on the Configuration button.
  
  • Select Scan all files
  • Select Try to repair infected files and Rename files, if they cannot be removed
  • Select Scan for dialers
  • Select Scan for joke programs (Jokes)
  • Select Scan for games
  • Select Scan for spyware (SPR)
• Click on Virus scanner
• Click on Start scanner at the bottom of the screen
• Currently the program does not support saving a log. Write down the amount of items for Records, Suspect files, and Warnings

The Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore and is updated several times a day so that the most recent security updates are always available.

Screen resolution problems
Please see the post here if you're unable to view the entire screen of Avira.

Please post a status update on this.

Sorry It took me so long I was waiting to get a blank cd. I have one now, and I will run the scan tonight and post it after I get back from work tomorrow. Bear with me please : /

It starts to boot up (I can see the files loading up for it, but it never loads up), but then the monitor goes into the powersave mode as it would if the computer is turned off, like it's not even connected. I can't even see the GUI to use the commandline because it's like the computer isnt even connected to the monitor, though I know it is b/c it was showing just seconds before. What to do?

Well does the computer allow you to logon and still download and run programs or is Internet access down, or can't logon?

Do you have access to another computer to burn CD or do you have the Windows XP CD?


Can you run CHKDSK on it?



You may have corrupted files on your disk. Please try running the following.
First close ALL Applications as this routine will automatically restart your computer.
Click on START - RUN and copy / paste the following entry into the box and click OK

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Post re-opened at user request.

Note. My current available time is very limited right now and I've asked other helpers to take over my current logs if possible. I will try to get back to you if no one has taken over, but please keep in mind that it could take a while so please post an update to ask that someone review your post.

Hi

AdvancedSetup is currently unavailable and I will now be assisting your good self.

Do you still need help with your machine?

If the instructions are unclear or something isn't working, please let me know before proceeding.