Solve : Not again!!!!!!!!!?

1.	Solve : Not again!!!!!!!!!?
Answer» Hey Evilfantasy! God I just suddenly got this flood of threats, a million trojan horses and viruses, All I was doing was that I was online in IRC Chat n had my MSN on , also Ch opened up in the browser! First log! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:27:41 PM, on 10/23/2008 Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\COMODO\Firewall\cmdagent.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\COMODO\SafeSurf\cssurf.exe C:\Program Files\COMODO\Firewall\cfp.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Sify Broadband\BBClient.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Sify Broadband\BBImpSec.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\mspaint.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Cmaudio] RUNDLL32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{4B49B764-A2EE-4C58-ACFC-6B323C5575DA}: NameServer = 202.144.13.50,202.144.66.6 O17 - HKLM\System\CS1\Services\Tcpip\..\{4B49B764-A2EE-4C58-ACFC-6B323C5575DA}: NameServer = 202.144.13.50,202.144.66.6 O17 - HKLM\System\CS2\Services\Tcpip\..\{4B49B764-A2EE-4C58-ACFC-6B323C5575DA}: NameServer = 202.144.13.50,202.144.66.6 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe -- End of file - 4951 bytes There is nothing bad showing in the log. You will need to run the MlawareBytes scan and post that log also.Sorry I couldn't post the other logs yesterday because my internet was EXTREMELY slow, it didn't allow me to put up the screenshots.AVG put the viruses in the virus vault! SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 10/23/2008 at 11:25 PM Application Version : 4.21.1004 Core Rules Database Version : 3555 Trace Rules Database Version: 1543 Scan type : Complete Scan Total Scan Time : 00:10:26 Memory items scanned : 342 Memory threats detected : 0 Registry items scanned : 3187 Registry threats detected : 0 File items scanned : 7378 File threats detected : 0 Malwarebytes' Anti-Malware 1.30 Database version: 1306 Windows 5.1.2600 Service Pack 2, v.2096 10/24/2008 8:05:21 AM mbam-log-2008-10-24 (08-05-21).txt Scan type: Quick Scan Objects scanned: 38004 Time elapsed: 4 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Administrator\Local Settings\Temp\Gameeeeeee.vbs (Trojan.Agent) -> Quarantined and deleted successfully. DOWNLOAD random's system information tool (RSIT) by random/random from and save it to your Desktop. Double click on RSIT.exe to run. Click Continue at the disclaimer screen. Once it has finished, two logs will open. log.txt <will be maximized and info.txt <will be minimized Please post the contents of both logs in the next reply. Here is the first log file [Saving space - attachment deleted by admin]Second One: info.txt logfile of random's system information tool 1.04 2008-10-24 12:02:52 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Ask Toolbar-->rundll32 C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll,O AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" C-Media 3D Audio-->C:\WINDOWS\CMIUnInstall.exe COMODO Firewall Pro-->C:\Program Files\COMODO\Firewall\cfpconfg.exe -u COMODO SafeSurf-->C:\Program Files\COMODO\SafeSurf\cssconfg.exe -u EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe" HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562 Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSN Messenger 7.5-->MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5} OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9} RTLSetup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\SETUP.EXE" -l0x9 REMOVE Sify Broadband 3.22-->"C:\Program Files\Sify Broadband\unins000.exe" SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} Trillian-->C:\Program Files\Trillian\trillian.exe /uninstall Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe ======Security center information====== AV: AVG Anti-Virus Free FW: COMODO Firewall Pro ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel "PROCESSOR_REVISION"=0401 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- Download OTMoveIt2 by OldTimer and save it to your Desktop. Note: If you are running on Vista, right-click on OTMoveIt2.exe and choose Run As Administrator. 1. Double-click OTMoveIt2.exe to run it. 2. Copy the lines in the codebox below. Code: [Select][kill explorer] C:\WINDOWS\SET7.tmp C:\WINDOWS\SET3.tmp EmptyTemp [start explorer] 3. Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste 4. Click the red Moveit! button. 5. Copy everything in the Results window (under the green bar) and paste it in your next reply. 6. Close OTMoveIt2 Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in ORDER to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.Explorer killed successfully C:\WINDOWS\SET7.tmp moved successfully. C:\WINDOWS\SET3.tmp moved successfully. < EmptyTemp > File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_1tgyJ8uCP8YQElCdItSc scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF9CFC.tmp scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. Explorer started successfully OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10252008_091705 Files moved on Reboot... File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_1tgyJ8uCP8YQElCdItSc not found! File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF9CFC.tmp not found! 1. Double click OTMoveIt2.exe to launch it. If using Vista Right-Click OTMoveIt and choose Run As Administrator 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?) When finished exit out of OTMoveIt2 . ---------- Download DrWeb CureIt & save it to your desktop. Scan with DrWeb-CureIt as follows: Double-click on drweb-cureit.exe and then click Start. An Express Scan of your PC notice will appear. Under Start the Express Scan Now Click OK to start. This is a short scan that will scan the files currently running in memory. If or when something is found, click the Yes button when it asks you if you want to cure it. Once the short scan has finished, Click Options > Change settings Choose the Scan tab and UNcheck Heuristic analysis and click OK Back at the main window, select the Complete scan button. Then click the Green Arrow Start Scanning button on the right and the scan will start. Click Yes to all if it asks if you want to cure/move any file(s). When the scan is done. In the Dr.Web CureIt menu on top left, click File and choose Save report list. Save the DrWeb.csv report to your Desktop. Exit Dr.Web Cureit. Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot. [/COLOR] After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad Copy and paste that log in the next reply I ran OTMoveIt2.exe again, it rebooted, then I went on the next download , when I click on 'download now', It gave me a page saying 'Index of ftp://ftp.drweb.com/pub/drweb/cureit/launch.exe/ Up to higher level directory Name Size Last Modified What shall I do?Click here ftp://ftp.drweb.com/pub/drweb/cureit/launch.exeIts clicky here but It wasn't clicky on that page, and when I click on the link you gave me it again sends me to the same page, and on that page it is not clicky.Try here http://majorgeeks.com/downloadget.php?id=4783&file=1&evp=ef9669e4f16e6e75d95abcde8f88163d

Answer»

Hey Evilfantasy!

God I just suddenly got this flood of threats, a million trojan horses and viruses, All I was doing was that I was online in IRC Chat n had my MSN on , also Ch opened up in the browser!

First log!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27:41 PM, on 10/23/2008
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Sify Broadband\BBClient.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cmaudio] RUNDLL32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B49B764-A2EE-4C58-ACFC-6B323C5575DA}: NameServer = 202.144.13.50,202.144.66.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{4B49B764-A2EE-4C58-ACFC-6B323C5575DA}: NameServer = 202.144.13.50,202.144.66.6
O17 - HKLM\System\CS2\Services\Tcpip\..\{4B49B764-A2EE-4C58-ACFC-6B323C5575DA}: NameServer = 202.144.13.50,202.144.66.6
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe

--
End of file - 4951 bytes
There is nothing bad showing in the log. You will need to run the MlawareBytes scan and post that log also.Sorry I couldn't post the other logs yesterday because my internet was EXTREMELY slow, it didn't allow me to put up the screenshots.AVG put the viruses in the virus vault!

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/23/2008 at 11:25 PM

Application Version : 4.21.1004

Core Rules Database Version : 3555
Trace Rules Database Version: 1543

Scan type : Complete Scan
Total Scan Time : 00:10:26

Memory items scanned : 342
Memory threats detected : 0
Registry items scanned : 3187
Registry threats detected : 0
File items scanned : 7378
File threats detected : 0
Malwarebytes' Anti-Malware 1.30
Database version: 1306
Windows 5.1.2600 Service Pack 2, v.2096

10/24/2008 8:05:21 AM
mbam-log-2008-10-24 (08-05-21).txt

Scan type: Quick Scan
Objects scanned: 38004
Time elapsed: 4 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Administrator\Local Settings\Temp\Gameeeeeee.vbs (Trojan.Agent) -> Quarantined and deleted successfully.
DOWNLOAD random's system information tool (RSIT) by random/random from and save it to your Desktop.

Double click on RSIT.exe to run.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open.
log.txt <will be maximized and info.txt <will be minimized
Please post the contents of both logs in the next reply.

Here is the first log file

[Saving space - attachment deleted by admin]Second One:

info.txt logfile of random's system information tool 1.04 2008-10-24 12:02:52

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Ask Toolbar-->rundll32 C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll,O
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
C-Media 3D Audio-->C:\WINDOWS\CMIUnInstall.exe
COMODO Firewall Pro-->C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
COMODO SafeSurf-->C:\Program Files\COMODO\SafeSurf\cssconfg.exe -u
EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Messenger 7.5-->MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
RTLSetup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\SETUP.EXE" -l0x9 REMOVE
Sify Broadband 3.22-->"C:\Program Files\Sify Broadband\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Trillian-->C:\Program Files\Trillian\trillian.exe /uninstall
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Security center information======

AV: AVG Anti-Virus Free
FW: COMODO Firewall Pro

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
Download OTMoveIt2 by OldTimer and save it to your Desktop.

Note: If you are running on Vista, right-click on OTMoveIt2.exe and choose Run As Administrator.

1. Double-click OTMoveIt2.exe to run it.
2. Copy the lines in the codebox below.

Code: [Select][kill explorer]
C:\WINDOWS\SET7.tmp
C:\WINDOWS\SET3.tmp
EmptyTemp
[start explorer]
3. Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste
4. Click the red Moveit! button.
5. Copy everything in the Results window (under the green bar) and paste it in your next reply.
6. Close OTMoveIt2

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in ORDER to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.Explorer killed successfully
C:\WINDOWS\SET7.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_1tgyJ8uCP8YQElCdItSc scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF9CFC.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10252008_091705

Files moved on Reboot...
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_1tgyJ8uCP8YQElCdItSc not found!
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF9CFC.tmp not found!
1. Double click OTMoveIt2.exe to launch it.
If using Vista Right-Click OTMoveIt and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)

When finished exit out of OTMoveIt2

.
----------

Download DrWeb CureIt & save it to your desktop.

Scan with DrWeb-CureIt as follows:

Double-click on drweb-cureit.exe and then click Start.
An Express Scan of your PC notice will appear.
Under Start the Express Scan Now Click OK to start.
- This is a short scan that will scan the files currently running in memory.
- If or when something is found, click the Yes button when it asks you if you want to cure it.
Once the short scan has finished, Click Options > Change settings
Choose the Scan tab and UNcheck Heuristic analysis and click OK
Back at the main window, select the Complete scan button.
Then click the Green Arrow Start Scanning button on the right and the scan will start.
- Click Yes to all if it asks if you want to cure/move any file(s).
When the scan is done.
In the Dr.Web CureIt menu on top left, click File and choose Save report list.
Save the DrWeb.csv report to your Desktop.
Exit Dr.Web Cureit.

Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

[/COLOR]

After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
Copy and paste that log in the next reply

I ran OTMoveIt2.exe again, it rebooted, then I went on the next download , when I click on 'download now', It gave me a page saying

'Index of ftp://ftp.drweb.com/pub/drweb/cureit/launch.exe/

Up to higher level directory
Name Size Last Modified

What shall I do?Click here ftp://ftp.drweb.com/pub/drweb/cureit/launch.exeIts clicky here but It wasn't clicky on that page, and when I click on the link you gave me it again sends me to the same page, and on that page it is not clicky.Try here http://majorgeeks.com/downloadget.php?id=4783&file=1&evp=ef9669e4f16e6e75d95abcde8f88163d

Solve : Not again!!!!!!!!!?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment