Total Security has infected computer

Total Security has infected my friend's computer and since GeekPolice did such a great job curing my computer of Antivirus System Pro, I volunteered to help my friend out by reaching out to GeekPolice once again...

I read the instructions for removing Total Security but the problems with the computer prevent me from doing any of the following: the computer is unable to connect to the internet. I then tried installing Malwarebytes of a USB jump drive but it would not let the program even start. I then tried to run HJT off the jump drive with the same result, it was not even able to start.

Please help! Thanks in advance.

I am going to go out on a limb and guess that you are going to suggest that I download and run DDS.scr off my jump drive from reading other threads on this forum, BUT I am going to wait until you instruct me so.

Hello.
Try this renamed version of Hijack This, let me know if it will work.
http://www.sendspace.com/pro/dl/fpzz64

The version that I was trying to run and the version that I downloaded from the link provided are one and the same: winlogon.scr.

Unfortunately, I am not able to run it. As soon as I click on it, Total Security shuts it down.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  
:filefind
scecli.dll
netlogon.dll
eventlog.dll
cngaudit.dll

  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

I tried to run SystemLook.exe off of the jump drive but to no avail -- like all the other programs it will not run as it is shut down immediately.

One more note, I just noticed on the desktop there are icons for AntivirusPro 2010 and Advanced Virus Remover as well as Total Security 2009. The others are inactive and Total Security seems to be running the show (as I see no pop ups or warnings from the other programs).

Lets try something in safe mode with networking:

Please do the following in Safe Mode with Networking: as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press your Enter key.

Note: With some computers if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the "F8 key", tap the "F8 key" continuously until you get the startup menu.) Once in the start up menu, select "Safe Mode with Networking", then do the following instructions:

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

I was able to run ComboFix with the instructions provided while in Safe mode with networking. I was unable to disable AVG before running ComboFix, but it still seemed to work just fine. The log is posted below.

ComboFix 09-09-11.05 - Muhammad 09/12/2009 15:32.1.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.351 [GMT -4:00]
Running from: c:\documents and settings\Muhammad\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\12015624
c:\documents and settings\All Users\Application Data\12015624\12015624
c:\documents and settings\All Users\Application Data\12015624\12015624.exe
c:\documents and settings\All Users\Application Data\12015624\pc12015624ins
c:\documents and settings\All Users\Application Data\jyty._sy
c:\documents and settings\All Users\Application Data\pape.inf
c:\documents and settings\All Users\Application Data\vidam.ban
c:\documents and settings\All Users\Documents\nonetuky.reg
c:\documents and settings\All Users\Documents\tecahefo.dll
c:\documents and settings\Muhammad\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk
c:\documents and settings\Muhammad\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk
c:\documents and settings\Muhammad\Application Data\rexikuny.dll
c:\documents and settings\Muhammad\Cookies\obos._dl
c:\documents and settings\Muhammad\Cookies\sigo.bin
c:\documents and settings\Muhammad\Cookies\symobasyzy.scr
c:\documents and settings\Muhammad\Cookies\xadaxafa.ban
c:\documents and settings\Muhammad\Cookies\xotofino.com
c:\documents and settings\Muhammad\Desktop\Advanced Virus Remover.lnk
c:\documents and settings\Muhammad\Desktop\AntivirusPro_2010.lnk
c:\documents and settings\Muhammad\Desktop\Total Security 2009.lnk
c:\documents and settings\Muhammad\Local Settings\Application Data\cuhebi.bat
c:\documents and settings\Muhammad\Local Settings\Application Data\vebapi.vbs
c:\documents and settings\Muhammad\Local Settings\Application Data\vyga.ban
c:\documents and settings\Muhammad\Local Settings\Application Data\ziry.vbs
c:\documents and settings\Muhammad\Start Menu\Advanced Virus Remover.lnk
c:\documents and settings\Muhammad\Start Menu\Programs\AntivirusPro_2010
c:\documents and settings\Muhammad\Start Menu\Programs\AntivirusPro_2010\AntivirusPro_2010.lnk
c:\documents and settings\Muhammad\Start Menu\Programs\AntivirusPro_2010\Uninstall.lnk
c:\documents and settings\Muhammad\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
c:\documents and settings\Muhammad\Start Menu\Programs\Total Security
c:\documents and settings\Muhammad\Start Menu\Programs\Total Security\Total Security 2009.lnk
C:\kqbvc.exe
C:\p2hhr.bat
c:\program files\AdvancedVirusRemover
c:\program files\AdvancedVirusRemover\PAVRM.exe
c:\program files\AntivirusPro_2010
c:\program files\AntivirusPro_2010\AntivirusPro_2010.cfg
c:\program files\AntivirusPro_2010\AntivirusPro_2010.exe
c:\program files\AntivirusPro_2010\AVEngn.dll
c:\program files\AntivirusPro_2010\data\daily.cvd
c:\program files\AntivirusPro_2010\htmlayout.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcm80.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcp80.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcr80.dll
c:\program files\AntivirusPro_2010\pthreadVC2.dll
c:\program files\AntivirusPro_2010\Uninstall.exe
c:\program files\AntivirusPro_2010\wscui.cpl
c:\program files\Common Files\abyj.dl
c:\program files\Common Files\dokoci.bat
c:\program files\Mozilla Firefox\plc4.dll
c:\windows\Installer\21bf64.msp
c:\windows\Installer\21bf6e.msp
c:\windows\Installer\21bf79.msp
c:\windows\Installer\c1937f.msp
c:\windows\Installer\c19380.msp
c:\windows\Installer\c19381.msp
c:\windows\Installer\c19382.msp
c:\windows\Installer\c19383.msp
c:\windows\Installer\c19384.msp
c:\windows\Installer\c19385.msp
c:\windows\Installer\c19386.msp
c:\windows\Installer\c19387.msp
c:\windows\Installer\c6c407.msp
c:\windows\Installer\c6c408.msp
c:\windows\Installer\c6c409.msp
c:\windows\Installer\c6c40a.msp
c:\windows\Installer\c6c40b.msp
c:\windows\Installer\c6c40c.msp
c:\windows\Installer\c6c40d.msp
c:\windows\Installer\c6c40e.msp
c:\windows\Installer\c6c40f.msp
c:\windows\Installer\c6c410.msp
c:\windows\oqidetymyl.sys
c:\windows\system32\_scui.cpl
c:\windows\system32\~.exe
c:\windows\system32\41.exe
c:\windows\system32\ajyvyx.sys
c:\windows\system32\braviax.exe
c:\windows\system32\fyvano.dl
c:\windows\system32\gumunijo.dll
c:\windows\system32\lazahuji.exe
c:\windows\system32\lepefihi.exe
c:\windows\system32\metigime.dll
c:\windows\system32\mojujebu.dll
c:\windows\system32\nacukahe.bin
c:\windows\system32\sipudabube.inf
c:\windows\system32\taJF83ikdmf.dll
c:\windows\system32\tapi.nfo
c:\windows\system32\winhelper.dll
c:\windows\system32\winupdate.exe
c:\windows\system32\wisdstr.exe
c:\windows\system32\zohevanim.scr
c:\windows\xice.inf
c:\windows\ygycimi.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2009-08-12 to 2009-09-12 )))))))))))))))))))))))))))))))
.

2009-09-11 07:08 . 2009-09-11 07:08 -------- d-----w- c:\documents and settings\Muhammad\Application Data\U3
2009-09-10 01:32 . 2009-09-10 01:32 17470 ----a-w- c:\windows\qotedo.com
2009-09-10 01:32 . 2009-09-10 01:32 15478 ----a-w- c:\windows\yworolymo.dat
2009-09-10 01:26 . 2009-09-12 19:46 80256 ----a-w- c:\windows\system32\drivers\d4f31910.sys
2009-09-10 01:24 . 2009-09-10 01:24 49664 ----a-w- C:\scmhux.exe
2009-09-10 01:24 . 2009-09-10 01:24 22016 ----a-w- C:\udtcnn.exe
2009-08-28 21:28 . 2009-06-25 08:25 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll
2009-08-28 21:28 . 2009-06-25 08:25 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll
2009-08-28 21:28 . 2009-06-25 08:25 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll
2009-08-28 21:28 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys
2009-08-24 21:07 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-24 21:07 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-24 21:07 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-24 21:07 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-24 21:07 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-24 21:07 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-24 21:07 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-24 21:07 . 2009-08-24 21:07 -------- d-----w- C:\fbcd292a309e8114d9b8a77e
2009-08-24 17:40 . 2009-08-24 17:40 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-21 07:12 . 2009-08-24 21:08 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-21 07:12 . 2009-08-21 07:12 -------- d-----w- c:\program files\MSBuild
2009-08-21 07:12 . 2009-08-21 07:12 -------- d-----w- c:\program files\Reference Assemblies
2009-08-13 21:30 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-12 19:47 . 2008-05-13 07:27 65857824 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-12 19:13 . 2008-05-18 03:23 -------- d-----w- c:\documents and settings\Muhammad\Application Data\Move Networks
2009-09-12 07:12 . 2008-05-13 07:27 882980 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-10 01:32 . 2009-06-10 01:32 88576 --sha-w- c:\windows\system32\gabuwuwo.dll
2009-09-10 01:32 . 2009-09-10 01:32 16233 ----a-w- c:\documents and settings\Muhammad\Application Data\wavuvykatu.dat
2009-09-10 01:32 . 2009-09-10 01:32 10566 ----a-w- c:\program files\Common Files\terevalyzu._sy
2009-09-10 01:30 . 2008-05-16 18:07 -------- d-----w- c:\documents and settings\Muhammad\Application Data\OpenOffice.org2
2009-08-26 04:59 . 2008-06-05 05:17 21168 ----a-w- c:\documents and settings\Muhammad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-24 17:35 . 2008-05-13 11:44 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-15 01:05 . 2009-07-15 01:05 -------- d-----w- c:\program files\MSECache
2009-07-14 03:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 16:12 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 08:25 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-22 02:24 . 2008-05-17 05:06 664 ----a-w- c:\documents and settings\Muhammad\Local Settings\Application Data\d3d9caps.dat
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-10 01:25 . 2009-06-10 01:25 49664 --sha-w- c:\windows\system32\vajozesi.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f4734c9-393c-42c7-8d37-eb2c26d9530e}]
2009-06-10 01:25 49664 --sha-w- c:\windows\system32\vajozesi.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"Google Update"="c:\documents and settings\Muhammad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-26 133104]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-05-04 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-09 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-09 126976]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"zowuhidot"="c:\windows\system32\gabuwuwo.dll" [2009-09-10 88576]

c:\documents and settings\Admin\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

c:\documents and settings\Muhammad\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{da0d7c43-fe69-4ce3-8ced-c9bb76fda2ca}"= "c:\windows\system32\gabuwuwo.dll" [2009-09-10 88576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"gudarobad"= {da0d7c43-fe69-4ce3-8ced-c9bb76fda2ca} - c:\windows\system32\gabuwuwo.dll [2009-09-10 88576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-21 02:09 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Muhammad\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Muhammad\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/13/2008 7:44 AM 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/13/2008 7:44 AM 108552]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2009-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1897051121-682003330-1006Core.job
- c:\documents and settings\Muhammad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-26 03:57]

2009-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1897051121-682003330-1006UA.job
- c:\documents and settings\Muhammad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-26 03:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
FF - ProfilePath - c:\documents and settings\Muhammad\Application Data\Mozilla\Firefox\Profiles\gldkb2wh.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - plugin: c:\documents and settings\Muhammad\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Muhammad\Application Data\Move Networks\plugins\npqmp071504000001.dll
FF - plugin: c:\documents and settings\Muhammad\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Muhammad\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
HKLM-Run-12015624 - c:\documents and settings\All Users\Application Data\12015624\12015624.exe
HKLM-Run-tenasunume - metigime.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-12 15:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\d4f31910]
"ImagePath"="\SystemRoot\System32\drivers\d4f31910.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1456)
c:\windows\system32\WININET.dll
c:\windows\system32\gabuwuwo.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Common Files\logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2009-09-12 15:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-12 19:50

Pre-Run: 15,446,548,480 bytes free
Post-Run: 16,023,154,688 bytes free

284 --- E O F --- 2009-09-02 00:10

Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\qotedo.com
c:\windows\yworolymo.dat
c:\windows\system32\drivers\d4f31910.sys
C:\scmhux.exe
C:\udtcnn.exe
c:\windows\system32\gabuwuwo.dll
c:\documents and settings\Muhammad\Application Data\wavuvykatu.dat
c:\program files\Common Files\terevalyzu._sy
c:\windows\system32\vajozesi.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f4734c9-393c-42c7-8d37-eb2c26d9530e}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zowuhidot"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{da0d7c43-fe69-4ce3-8ced-c9bb76fda2ca}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"gudarobad"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\d4f31910]

Driver::
d4f31910

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

ComboFix 09-09-11.05 - Muhammad 09/12/2009 19:08.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.113 [GMT -4:00]
Running from: c:\documents and settings\Muhammad\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Muhammad\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\documents and settings\Muhammad\Application Data\wavuvykatu.dat"
"c:\program files\Common Files\terevalyzu._sy"
"C:\scmhux.exe"
"C:\udtcnn.exe"
"c:\windows\qotedo.com"
"c:\windows\system32\drivers\d4f31910.sys"
"c:\windows\system32\gabuwuwo.dll"
"c:\windows\system32\vajozesi.dll"
"c:\windows\yworolymo.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Muhammad\Application Data\wavuvykatu.dat
c:\program files\Common Files\terevalyzu._sy
C:\scmhux.exe
C:\udtcnn.exe
c:\windows\qotedo.com
c:\windows\system32\drivers\d4f31910.sys
c:\windows\system32\gabuwuwo.dll
c:\windows\system32\vajozesi.dll
c:\windows\yworolymo.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_d4f31910


((((((((((((((((((((((((( Files Created from 2009-08-12 to 2009-09-12 )))))))))))))))))))))))))))))))
.

2009-09-11 07:08 . 2009-09-11 07:08 -------- d-----w- c:\documents and settings\Muhammad\Application Data\U3
2009-08-28 21:28 . 2009-06-25 08:25 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll
2009-08-28 21:28 . 2009-06-25 08:25 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll
2009-08-28 21:28 . 2009-06-25 08:25 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll
2009-08-28 21:28 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys
2009-08-24 21:07 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-24 21:07 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-24 21:07 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-24 21:07 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-24 21:07 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-24 21:07 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-24 21:07 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-24 21:07 . 2009-08-24 21:07 -------- d-----w- C:\fbcd292a309e8114d9b8a77e
2009-08-24 17:40 . 2009-08-24 17:40 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-21 07:12 . 2009-08-24 21:08 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-21 07:12 . 2009-08-21 07:12 -------- d-----w- c:\program files\MSBuild
2009-08-21 07:12 . 2009-08-21 07:12 -------- d-----w- c:\program files\Reference Assemblies

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-12 23:23 . 2008-05-13 07:27 65936672 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-12 23:21 . 2008-05-13 07:27 884084 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-12 19:47 . 2008-05-16 18:07 -------- d-----w- c:\documents and settings\Muhammad\Application Data\OpenOffice.org2
2009-09-12 19:13 . 2008-05-18 03:23 -------- d-----w- c:\documents and settings\Muhammad\Application Data\Move Networks
2009-08-26 04:59 . 2008-06-05 05:17 21168 ----a-w- c:\documents and settings\Muhammad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-24 17:35 . 2008-05-13 11:44 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-15 01:05 . 2009-07-15 01:05 -------- d-----w- c:\program files\MSECache
2009-07-14 03:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 16:12 . 2004-08-04 12:00 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 08:25 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-22 02:24 . 2008-05-17 05:06 664 ----a-w- c:\documents and settings\Muhammad\Local Settings\Application Data\d3d9caps.dat
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-09-12_19.46.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-12 23:22 . 2008-07-26 13:25 109080 c:\windows\temp\logishrd\LVPrcInj01.dll
- 2009-09-12 19:45 . 2008-07-26 13:25 109080 c:\windows\temp\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"Google Update"="c:\documents and settings\Muhammad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-26 133104]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-05-04 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-09 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-09 126976]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"tenasunume"="metigime.dll" [BU]

c:\documents and settings\Admin\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

c:\documents and settings\Muhammad\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-21 02:09 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Muhammad\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Muhammad\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\iFrmewrk.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/13/2008 7:44 AM 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/13/2008 7:44 AM 108552]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2009-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1897051121-682003330-1006Core.job
- c:\documents and settings\Muhammad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-26 03:57]

2009-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1897051121-682003330-1006UA.job
- c:\documents and settings\Muhammad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-26 03:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
FF - ProfilePath - c:\documents and settings\Muhammad\Application Data\Mozilla\Firefox\Profiles\gldkb2wh.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - plugin: c:\documents and settings\Muhammad\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Muhammad\Application Data\Move Networks\plugins\npqmp071504000001.dll
FF - plugin: c:\documents and settings\Muhammad\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Muhammad\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-12 19:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2556)
c:\windows\system32\WININET.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Common Files\logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-12 19:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-12 23:27
ComboFix2.txt 2009-09-12 19:50

Pre-Run: 16,037,191,680 bytes free
Post-Run: 16,007,483,392 bytes free

189 --- E O F --- 2009-09-02 00:10

Hello.
Post a new Hijack This log now.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:04:28 PM, on 9/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Muhammad\Desktop\winlogon.scr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [tenasunume] Rundll32.exe "metigime.dll",s
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Muhammad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210638136390
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 6320 bytes

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Malwarebytes' Anti-Malware 1.41
Database version: 2797
Windows 5.1.2600 Service Pack 3

9/14/2009 5:34:51 PM
mbam-log-2009-09-14 (17-34-51).txt

Scan type: Quick Scan
Objects scanned: 95601
Time elapsed: 7 minute(s), 24 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
C:\Documents and Settings\Muhammad\Desktop\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tenasunume (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Muhammad\Desktop\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

The system is running fine and fast. THANKS A LOT ONCE AGAIN GEEKPOLICE!!!

Since this issue appears to be solved, this topic is now closed and being marked solved.

If you need the topic reopened, PM an administrator, moderator, or staff.