Unable to open any programs such as internet explorer, itunes, AVG etc.

Hello,

I had a virus warning yesterday from something called Vista Antivirus 2010, Id never heard of it before so thought this may be a trick, I scanned with AVG and they found 6 virus's, mostly Trojans. When I told it to delete them it warned me one was in system 32 and it may damage my computer.

After deleting the virus's I am unable to open any program such as internet explorer, itunes, AVG. whenever I try it asks me what I want to open iexplore with and recommends Adobe Reader 8.0. If i choose internet explorer to run it asks me to run iexplore.exe. Is this safe to run?

it also came up with ssvagent.exe and asking me what i wanted to open this with

Is this part of the virus? Or have I messed up my registry by deleting the virus in my system 32 file?

Thanks for any help you can provide, this is my hijackthis log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:20, on 24/02/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Users\Nick\Desktop\winlogon.scr
C:\Windows\system32\NOTEPAD.EXE

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

--
End of file - 1977 bytes

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

Hi, just got the log here:

ComboFix 10-02-23.04 - Nick 24/02/2010 15:16:09.1.2 - x86
Microsoft Windows Vista Home Basic 6.0.6001.1.1252.44.1033.18.3000.1877 [GMT 0:00]
Running from: c:\users\Nick\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-527980394-1904920414-4175649791-500
c:\users\Nick\AppData\Local\{F045DC86-AF0A-4FD2-BF25-5ACC1710EDAB}
c:\users\Nick\AppData\Local\{F045DC86-AF0A-4FD2-BF25-5ACC1710EDAB}\chrome.manifest
c:\users\Nick\AppData\Local\{F045DC86-AF0A-4FD2-BF25-5ACC1710EDAB}\chrome\content\_cfg.js
c:\users\Nick\AppData\Local\{F045DC86-AF0A-4FD2-BF25-5ACC1710EDAB}\chrome\content\overlay.xul
c:\users\Nick\AppData\Local\{F045DC86-AF0A-4FD2-BF25-5ACC1710EDAB}\install.rdf
c:\users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\3Ba1AM.jpg
c:\users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\m12bllPb.jpg
c:\users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\n7nAOb.jpg
c:\users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\ymxnL3.jpg
c:\users\Nick\AppData\Roaming\sdra64.exe
c:\windows\Suyin.reg
c:\windows\system32\SIntf16.dll
c:\windows\Temp\log.txt

.
((((((((((((((((((((((((( Files Created from 2010-01-24 to 2010-02-24 )))))))))))))))))))))))))))))))
.

2010-02-24 15:25 . 2010-02-24 15:25 -------- d-----w- c:\users\Nick\AppData\Local\temp
2010-02-24 15:25 . 2010-02-24 15:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-24 13:41 . 2010-02-24 13:50 -------- d-----w- C:\Diablo
2010-02-24 13:41 . 2010-02-24 13:41 86528 ----a-w- c:\windows\bnetunin.exe
2010-02-24 13:41 . 2010-02-24 13:41 61440 ----a-w- c:\windows\diabunin.exe
2010-02-24 10:40 . 2010-01-23 09:44 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 10:40 . 2010-01-25 08:35 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 10:40 . 2010-01-25 08:34 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 10:40 . 2010-01-25 12:48 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 10:40 . 2010-01-25 12:48 472064 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 10:40 . 2010-01-25 08:35 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 10:40 . 2010-01-25 08:34 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 10:40 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 10:40 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 10:40 . 2010-01-25 12:45 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-02-22 22:19 . 2010-02-22 22:19 -------- d-----w- c:\users\Nick\AppData\Local\Promosoft Corporation
2010-02-22 22:18 . 2010-02-22 22:18 -------- d-----w- c:\program files\Promosoft Corporation
2010-02-21 18:24 . 2010-02-21 18:24 271360 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-02-21 18:24 . 2010-02-21 18:24 18048 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-02-21 11:33 . 2010-02-22 18:56 120 ----a-w- c:\users\Nick\AppData\Local\Glezeqo.dat
2010-02-21 11:33 . 2010-02-22 13:49 0 ----a-w- c:\users\Nick\AppData\Local\Rsagikufevori.bin
2010-02-21 11:29 . 2010-02-22 20:42 -------- d-sh--w- c:\users\Nick\AppData\Roaming\lowsec
2010-02-10 13:34 . 2010-02-10 13:34 -------- d-----w- c:\program files\iPod
2010-02-10 13:29 . 2010-02-10 13:29 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-09 20:18 . 2010-02-09 20:18 52736 ----a-w- c:\windows\ipuninst.exe
2010-02-09 20:17 . 2010-02-09 20:17 -------- d-----w- c:\program files\BlackIsle
2010-02-09 19:59 . 2010-02-09 19:59 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-09 19:59 . 2010-02-09 19:59 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-02-09 19:58 . 2010-02-09 20:16 -------- d-----w- c:\users\Nick\AppData\Roaming\DAEMON Tools Lite
2010-02-09 19:58 . 2010-02-09 19:58 -------- d-----w- c:\programdata\DAEMON Tools Lite

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-24 15:19 . 2009-05-25 15:08 -------- d-----w- c:\users\Nick\AppData\Roaming\uTorrent
2010-02-24 15:08 . 2008-12-28 15:31 71064 ----a-w- c:\users\Nick\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-21 18:52 . 2008-05-15 05:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-17 19:05 . 2010-01-16 20:02 -------- d-----w- c:\program files\Ask.com
2010-02-17 13:03 . 2009-05-25 15:08 -------- d-----w- c:\program files\uTorrent
2010-02-11 10:57 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-10 13:35 . 2009-01-08 19:54 -------- d-----w- c:\program files\iTunes
2010-02-10 13:34 . 2009-01-08 19:51 -------- d-----w- c:\program files\Common Files\Apple
2010-01-16 19:49 . 2009-01-08 19:55 -------- d-----w- c:\users\Nick\AppData\Roaming\Apple Computer
2010-01-15 21:21 . 2010-01-15 21:20 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-15 21:18 . 2010-01-15 21:17 -------- d-----w- c:\program files\QuickTime
2010-01-15 21:10 . 2010-01-15 21:10 -------- d-----w- c:\program files\Safari
2010-01-15 21:09 . 2010-01-15 21:09 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2010-01-15 21:09 . 2010-01-15 21:09 -------- d-----w- c:\program files\Bonjour
2010-01-14 11:12 . 2009-12-01 17:10 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-05 19:04 . 2010-01-05 19:04 -------- d-----w- c:\programdata\WindowsSearch
2010-01-03 19:15 . 2008-12-28 16:37 -------- d-----w- c:\programdata\avg8
2010-01-02 06:38 . 2010-02-24 12:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-02-24 12:03 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-02-24 12:03 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-02-24 12:03 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-28 12:35 . 2010-02-10 20:56 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35 . 2010-02-10 20:56 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:32 . 2010-02-10 20:56 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:32 . 2010-02-10 20:56 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:32 . 2010-02-10 20:56 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:32 . 2010-02-10 20:56 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:31 . 2010-02-10 20:56 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:31 . 2010-02-10 20:56 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:28 . 2010-02-10 20:56 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:28 . 2010-02-10 20:56 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-12-11 12:07 . 2010-02-10 20:56 301568 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 12:07 . 2010-02-10 20:56 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:52 . 2010-02-10 20:56 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:52 . 2010-02-10 20:56 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:52 . 2010-02-10 20:56 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-04 16:12 . 2010-02-10 20:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 16:12 . 2010-02-10 20:56 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2008-10-15 16:27 . 2008-10-15 16:26 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 13:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 16:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-15 00:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-02-16 319280]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-10 809480]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-15 526896]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-13 2043160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-17 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [28/12/2008 16:37 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [22/03/2009 15:37 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [22/03/2009 15:37 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [22/03/2009 15:37 297752]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03/03/2008 20:11 16384]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [15/05/2008 05:50 24576]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [07/04/2008 05:42 50424]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [15/10/2008 16:26 3658752]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [04/04/2008 10:03 131072]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [21/01/2008 02:32 179712]
S3 MRV6X32U;Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x);c:\windows\System32\drivers\MRVW24B.sys [19/03/2008 06:10 310016]
S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [09/02/2010 19:59 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder

2010-02-24 c:\windows\Tasks\Free Registry Fix reminder.job
- c:\program files\Promosoft Corporation\Free Registry Fix\application\regfix.exe [2010-02-14 14:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://news.bbc.co.uk/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=1008&m=aspire_5735
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Fdobiwogi - c:\users\Nick\AppData\Local\mdlswlp.dll
HKCU-Run-Jgeleki - c:\users\Nick\AppData\Local\ucegijan.dll
HKLM-Run-eRecoveryService - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-24 15:25
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-02-24 15:28:41
ComboFix-quarantined-files.txt 2010-02-24 15:28

Pre-Run: 8,327,024,640 bytes free
Post-Run: 8,568,721,408 bytes free

- - End Of File - - C85E7F009FE76AE7986B85657BF6DFC5

Thanks for helping

Please download Cheetah-Anti-Rogue, and save to your Desktop.

• Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
  
• Double-click on Cheetah-Anti-Rogue.cmd to start.
  
• It will finish quickly and launch a log.
  
• Post the contents of it in your next reply.

Hi results were:

Cheetah-Anti-Rogue v1.3.11
by DragonMaster Jay

Microsoft Windows [Version 6.0.6001]
Date: 24/02/2010 - Time: 22:24:12 - Arch.: x86


-- Malware removal tools check --


-- Known infection --



Extra message: Detection only.


EOF

Hi again. Please do these steps in order.

1. Please download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

2. Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

3. Please visit this webpage for instructions for downloading and running SUPERAntiSpyware (SAS) to scan and remove malware from your computer:

http://www.bleepingcomputer.com/virus-removal/how-to-use-superantispyware-tutorial

Post the log from SUPERAntiSpyware when you've accomplished that.

4. Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

5. Post the following in your next reply:

• MBAM log
  
• SAS log
  
• ESET log

And, please tell me how your computer is doing.

Hi, sorry for the delay it took me a while to do all the tests

the logs are:

Malwarebytes' Anti-Malware 1.44
Database version: 3788
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882

25/02/2010 14:26:47
mbam-log-2010-02-25 (14-26-47).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 223371
Time elapsed: 2 hour(s), 39 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\sdra64.exe.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Nick\Desktop\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

and:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/25/2010 at 04:24 PM

Application Version : 4.34.1000

Core Rules Database Version : 4618
Trace Rules Database Version: 2430

Scan type : Complete Scan
Total Scan Time : 01:25:08

Memory items scanned : 703
Memory threats detected : 0
Registry items scanned : 6171
Registry threats detected : 0
File items scanned : 23235
File threats detected : 45

Adware.Tracking Cookie
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@adviva[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@ad.yieldmanager[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@avgtechnologies.112.2o7[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@apmebf[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@content.yieldmanager[3].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@statcounter[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@cm.stenaline.co.uk.cns.coremetrics[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@content.yieldmanager[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@tribalfusion[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@serving-sys[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@tradedoubler[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@bs.serving-sys[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@doubleclick[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@mediaplex[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@revsci[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@fr.sitestat[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@cdn5.specificclick[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@atdmt[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@fr.sitestat[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@richmedia.yahoo[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\nick@specificclick[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@apmebf[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@content.yieldmanager[3].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@www.googleadservices[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@www.googleadservices[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@specificclick[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@adserver.adtechus[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@microsoftwindows.112.2o7[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@stats.adbrite[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@statcounter[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@aimfar.solution.weborama[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@richmedia.yahoo[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@at.atwola[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@ads.gmodules[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@avgtechnologies.112.2o7[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@chitika[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@click.ccard-processing[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@collective-media[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@content.yieldmanager[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@eas.apm.emediate[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@interclick[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@imrworldwide[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@kontera[2].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@media6degrees[1].txt
C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick@xiti[1].txt

I couldnt do the ESET scan as each time i tried it stuck at 44% even after 9 hours!

The computers working alot better now, no problems i can see, thanks alot i appreciate all the help you gave me!

Please download Cheetah-Anti-Rogue, and save to your Desktop.

• Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
  
• Double-click on Cheetah-Anti-Rogue.cmd to start.
  
• It will finish quickly and launch a log.
  
• Post the contents of it in your next reply.