Hello i am new here, i first suspected i had a bug in need of a good fixing was on the 15th, since then i have tried everything on your list and then some, but im still having trouble.
I have restored my system back two weeks to the 1st of october but again im still having trouble. I have always used AVG, Spybot and AdAware, and i thought i cleaned my system out on sunday, however, i re-checked my system about 30 hours later and lo and behold i had about 7 trojan horses. Then i found this site. I know a fair bit about computers but nothing about viruses and their filthy kind.
Before i give you my logs there are a few things i would like you to know, spybot has recently "removed" smitfraud, v.codec and zlob.downloader. i dont know what they are but i have heard bad things about smitfraud. AVG has recently "removed" lots of dialers and generic trojans, mainly COH and 28A. again i dont know what they mean. AdAware has recently "removed" Virtumonde, lots of Win32 related things and downloaders called "small" and "purityscan". Help.
These are my most recent logs:

HJT:

Logfile of HijackThis v1.99.1
Scan saved at 20:50:22, on 17/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Wrezz\My Documents\Jack\Virus Killers\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Alcohol.exe Autorun] C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe /startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1153925410062
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155396515700
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe


Panda Online:


Incident Status Location

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Wrezz\Cookies\wrezz@atwola[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Wrezz\Cookies\wrezz@azjmp[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Wrezz\Cookies\wrezz@cgi-bin[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Wrezz\Cookies\wrezz@cgi-bin[3].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Wrezz\Cookies\wrezz@drivecleaner[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Wrezz\Cookies\wrezz@go[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Wrezz\Cookies\wrezz@stats.drivecleaner[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Wrezz\Cookies\wrezz@www.drivecleaner[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Wrezz\Cookies\wrezz@xiti[1].txt
Adware:Adware/ISearch Not disinfected C:\Documents and Settings\Wrezz\Local Settings\Temp\b104.exe[MTE3MTk6ODoxNg.exe]
Adware:Adware/PCodec Not disinfected C:\Documents and Settings\Wrezz\Local Settings\Temp\b104.exe[²ÜÇ\nsRandom.dll]
Adware:Adware/YazzleSudoku Not disinfected C:\Documents and Settings\Wrezz\Local Settings\Temp\b116.exe
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\Wrezz\Local Settings\Temp\b122.exe[mc-0-0-0.exe][²ÜÇ\nsProcess.dll]
Adware:Adware/PCodec Not disinfected C:\Documents and Settings\Wrezz\Local Settings\Temp\b122.exe[²ÜÇ\nsRandom.dll]
Adware:Adware/PrintView Not disinfected C:\Documents and Settings\Wrezz\Local Settings\Temp\b124.exe
Adware:Adware/SecurityError Not disinfected C:\Documents and Settings\Wrezz\Local Settings\Temp\temp.fr5EF7
Adware:Adware/UltimateCleaner Not disinfected C:\Documents and Settings\Wrezz\Local Settings\Temp\tinst26.exe
Potentially unwanted tool:Application/UltimateDefender Not disinfected C:\Documents and Settings\Wrezz\Local Settings\Temp\tinst3.exe
Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\Wrezz\Local Settings\Temp\win4B.tmp.exe
Adware:Adware/PrintView Not disinfected C:\Documents and Settings\Wrezz\Local Settings\Temporary Internet Files\Content.IE5\OUM9OUTJ\124[1].net
Adware:Adware/YazzleSudoku Not disinfected C:\Documents and Settings\Wrezz\Local Settings\Temporary Internet Files\Content.IE5\TV7ZPEBO\116[1].net

AVG Anti-Spyware:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 22:47:36 17/10/2006

+ Scan result:



C:\System Volume Information\_restore{4D30F95E-8CDA-4237-89BA-94E1C06903FE}\RP164\A0010330.exe -> Downloader.PurityScan.dc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4D30F95E-8CDA-4237-89BA-94E1C06903FE}\RP164\A0010009.exe -> Dropper.Small : Cleaned with backup (quarantined).
:mozilla.152:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.294:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.336:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.371:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.481:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.61:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Wrezz\Cookies\wrezz@cartoonnetwork.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Wrezz\Cookies\wrezz@laptopmag.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Wrezz\Cookies\wrezz@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Wrezz\Cookies\wrezz@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Wrezz\Cookies\wrezz@usatoday1.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.580:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.581:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.95:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.96:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.97:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Wrezz\Cookies\wrezz@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.102:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.103:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.313:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.353:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.584:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.585:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.586:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.587:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Wrezz\Cookies\wrezz@netli.media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.149:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Wrezz\Cookies\wrezz@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Wrezz\Cookies\wrezz@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.164:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.165:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Wrezz\Cookies\wrezz@cz5.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.157:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Wrezz\Cookies\wrezz@com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.34:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned.
:mozilla.35:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned.
C:\Documents and Settings\Wrezz\Cookies\wrezz@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.189:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.190:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.191:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.192:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.193:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.194:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.195:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.196:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Wrezz\Cookies\wrezz@e-2dj6wfk4snczebo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Wrezz\Cookies\wrezz@e-2dj6wflicocjcdq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Wrezz\Cookies\wrezz@e-2dj6wflicpdzibp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Wrezz\Cookies\wrezz@e-2dj6wjkyclczgfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Wrezz\Cookies\wrezz@e-2dj6wjlyggd5gap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Wrezz\Cookies\wrezz@e-2dj6wjmiendjaao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Wrezz\Cookies\wrezz@e-2dj6wjmyggc5mlq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Wrezz\Cookies\wrezz@e-2dj6wjnyqkdjkcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.100:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.98:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.99:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Wrezz\Cookies\wrezz@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.531:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.532:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.266:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Wrezz\Cookies\wrezz@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.60:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.32:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.33:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.107:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.108:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.109:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.110:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.23:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.24:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.25:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.26:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.27:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.28:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.29:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Wrezz\Cookies\wrezz@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.285:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.101:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Wrezz\Cookies\wrezz@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.436:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.437:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.438:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.439:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Wrezz\Cookies\wrezz@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.571:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.572:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Wrezz\Cookies\wrezz@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.582:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.583:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.91:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.92:C:\Documents and Settings\Wrezz\Application Data\Mozilla\Firefox\Profiles\5msmapix.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Wrezz\Cookies\wrezz@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end



Thanks in advance.

Hi Wrezz,

Sorry to keep you waiting.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Then surf to http://privacy.getnetwise.org/browsing/tools/ and follow the instructions there to prevent third party cookies for your browser.

Then reboot and do a Full system scan with AVG AntiSpyware (after updating obviously)
Post the Scanreport please.

Regards,

Recent scan:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 23:28:55 23/10/2006

+ Scan result:



C:\System Volume Information\_restore{4D30F95E-8CDA-4237-89BA-94E1C06903FE}\RP164\A0010011.dll -> Adware.PrintView : Cleaned with backup (quarantined).


::Report end

Thanks very much that seemed to kill all the cookies, however i am really concerned about the virtumonde and the smitfraud related articles. AVG free is picking up new trojan horses everyday and i can't get to the bottom of it. What is the next step?

Thanks again

The last item AVG found was in your Restore Points, but I am hesitant to flsuh those since we are not sure what is going on and we might need those.

When AVG gives youthe next alert, can you give me ALL the information it gives you?
Name of the file and the full path, name of the trojan etc.

Also

• surf to: Sophos free tools: Anti-Rootkit
• Click the "Download" button
• Read the conditions and fill out your Details.
• Click the Download Sophos Anti-Rootkit link.
• Save the sarsfx.exe to location on your harddrive where you can find it later on.

Installing

• Close as many applications as possible and execute sarsfx.exe by doubleclicking it.
• Accept the EULA and install the software to the loaction of your choice.(Default is C:\SOPHTEMP)

Running for analysis

• In that folder find and double-click sargui.exe
• Select the areas that you want to scan for hidden objects (Running processes, Windows registry, Local hard drives)
• Click Start > Run and copy this command into the window %TEMP%\sarscan.log and click OK to execute.
• A textfile will open. Post the content of that file.

Regards,

My computer is acting very strange recently, most of the time applications stop responding after 10 - 20 minutes. I did everything you asked , however, sardui didnt bring up anything and i ran it twice.




Here is the virus vault log from AVG free, its a bit of a mess to read:

"";"";"Trojan horse Dialer.COH";"C:\Documents and Settings\Wrezz\Local Settings\Temporary Internet Files\Content.IE5\1NFBXPKE\srvtfx[1].exe";"17/10/2006 19:48:05";"srvtfx[1].exe";"19 KB"

"";"";"Trojan horse Dialer.COH";"C:\WINDOWS\Temp\win1E8.tmp.exe";"17/10/2006 19:48:05";"win1E8.tmp.exe";"19 KB"

"";"";"Trojan horse Dialer.COH";"C:\WINDOWS\Temp\win1ED.tmp.exe";"17/10/2006 19:48:05";"win1ED.tmp.exe";"19 KB"

"";"";"Trojan horse Dialer.COH";"C:\WINDOWS\Temp\win1F7.tmp.exe";"17/10/2006 19:48:05";"win1F7.tmp.exe";"19 KB"

"";"";"Trojan horse Dialer.COH";"C:\WINDOWS\Temp\win1FD.tmp.exe";"17/10/2006 19:48:05";"win1FD.tmp.exe";"19 KB"

"";"";"Trojan horse Dialer.COH";"C:\WINDOWS\Temp\win203.tmp.exe";"17/10/2006 19:48:05";"win203.tmp.exe";"19 KB"

"";"";"Trojan horse Dialer.28.A";"C:\Documents and Settings\Wrezz\Local Settings\Temporary Internet Files\Content.IE5\6SDQ4EVK\srvgbo[1].exe";"17/10/2006
19:48:53";"srvgbo[1].exe";"8.13 KB"

"";"";"Trojan horse Dialer.28.A";"C:\Documents and Settings\Wrezz\Local Settings\Temporary Internet Files\Content.IE5\KPMNWHUN\srvujt[1].exe";"17/10/2006 19:48:53";"srvujt[1].exe";"8.13 KB"

"";"";"Trojan horse Dialer.28.A";"C:\Documents and Settings\Wrezz\Local Settings\Temporary Internet Files\Content.IE5\TV7ZPEBO\srvumc[1].exe";"17/10/2006 19:48:53";"srvumc[1].exe";"8.13 KB"

"";"";"Trojan horse Dialer.28.A";"C:\Documents and Settings\Wrezz\Local Settings\Temporary Internet Files\Content.IE5\WDEZK5YB\srvdtz[1].exe";"17/10/2006 19:48:54";"srvdtz[1].exe";"8.13 KB"

"";"";"Trojan horse Agent.KH";"C:\System Volume Information\_restore{4D30F95E-8CDA-4237-89BA-94E1C06903FE}\RP164\A0010010.exe";"19/10/2006 08:31:01";"A0010010.exe";"49.5 KB"

"";"";"Trojan horse Generic2.ETW";"C:\Documents and Settings\Wrezz\Local Settings\Temp\jcaxhwbx.dll";"15/10/2006 21:37:50";"jcaxhwbx.dll";"96 KB"

"";"";"Trojan horse Generic2.EMA";"C:\Documents and Settings\Wrezz\Local Settings\Temp\win51.tmp.exe";"15/10/2006 21:37:50";"win51.tmp.exe";"57.29 KB"

"";"";"Trojan horse Dialer.COH";"C:\Documents and Settings\Wrezz\Local Settings\Temporary Internet Files\Content.IE5\6SDQ4EVK\srvdpr[1].exe";"15/10/2006 21:37:51";"srvdpr[1].exe";"19 KB"

"";"";"Trojan horse Dialer.COH";"C:\WINDOWS\Temp\win108.tmp.exe";"15/10/2006 21:37:51";"win108.tmp.exe";"19 KB"

"";"";"Trojan horse Dialer.COH";"C:\WINDOWS\Temp\win30.tmp.exe";"15/10/2006 21:37:51";"win30.tmp.exe";"19 KB"

"";"";"Trojan horse Dialer.COH";"C:\WINDOWS\Temp\win93.tmp.exe";"15/10/2006 21:37:51";"win93.tmp.exe";"19 KB"

"";"";"Trojan horse Downloader.Zlob.EKZ";"C:\System Volume Information\_restore{4D30F95E-8CDA-4237-89BA-94E1C06903FE}\RP161\A0009863.exe";"22/10/2006 08:31:31";"A0009863.exe";"37 KB"

"";"";"Trojan horse Downloader.Zlob.EKU";"C:\System Volume Information\_restore{4D30F95E-8CDA-4237-89BA-94E1C06903FE}\RP164\A0010328.exe";"22/10/2006 08:31:31";"A0010328.exe";"5.5 KB"

"";"";"Trojan horse Lop.AG";"C:\System Volume Information\_restore{4D30F95E-8CDA-4237-89BA-94E1C06903FE}\RP168\A0010761.dll";"22/10/2006 08:31:31";"A0010761.dll";"668 KB"

"";"";"Trojan horse Generic2.EZO";"C:\System Volume Information\_restore{4D30F95E-8CDA-4237-89BA-94E1C06903FE}\RP168\A0010762.dll";"22/10/2006 08:31:31";"A0010762.dll";"15.5 KB"

"";"";"Trojan horse Lop.AG";"C:\WINDOWS\system32\ssqro.dll";"21/10/2006 08:28:16";"ssqro.dll";"668 KB"

"";"";"Trojan horse Generic2.EZO";"C:\WINDOWS\system32\winjyp32(2).dll";"21/10/2006 08:28:17";"winjyp32(2).dll";"15.5 KB"

"";"";"Trojan horse Generic2.ETW";"C:\Documents and Settings\Wrezz\Local Settings\Temp\jwawutkb.dll";"17/10/2006 08:51:23";"jwawutkb.dll";"96 KB"

"";"";"Trojan horse Dialer.COH";"C:\WINDOWS\Temp\win17A.tmp.exe";"17/10/2006 08:51:24";"win17A.tmp.exe";"19 KB"

"";"";"Trojan horse Dialer.COH";"C:\WINDOWS\Temp\win17F.tmp.exe";"17/10/2006 08:51:24";"win17F.tmp.exe";"19 KB"

"";"";"Trojan horse Dialer.COH";"C:\WINDOWS\Temp\win192.tmp.exe";"17/10/2006 08:51:25";"win192.tmp.exe";"19 KB"

"";"";"Trojan horse Dialer.COH";"C:\WINDOWS\Temp\win1BA.tmp.exe";"17/10/2006 08:51:25";"win1BA.tmp.exe";"19 KB"

"";"";"Trojan horse Dialer.COH";"C:\WINDOWS\Temp\win1C7.tmp.exe";"17/10/2006 08:51:25";"win1C7.tmp.exe";"19 KB"

"";"";"Trojan horse Dialer.COH";"C:\WINDOWS\Temp\win1CD.tmp.exe";"17/10/2006 08:51:25";"win1CD.tmp.exe";"19 KB"

"";"";"Trojan horse Dialer.COH";"C:\WINDOWS\Temp\win1D3.tmp.exe";"17/10/2006 08:51:25";"win1D3.tmp.exe";"19 KB"

"";"";"Trojan horse Dialer.COH";"C:\WINDOWS\Temp\win1D9.tmp.exe";"17/10/2006 08:51:25";"win1D9.tmp.exe";"19 KB"

Bear in mind that most of these were detected before i had used ATF cleaner.


The Sargui log:
Sophos Anti-Rootkit Version 1.0 © 2006 Sophos Plc
Started logging on 25/10/2006 at 23:38:15
Warning: Failed to flush drive \\.\C:. Registry scan may produce
invalid results.
The process cannot access the file because it is being used by another process.
Stopped logging on 25/10/2006 at 23:41:21


Sophos Anti-Rootkit Version 1.0 © 2006 Sophos Plc
Started logging on 26/10/2006 at 18:45:15
Warning: Failed to flush drive \\.\C:. Registry scan may produce
invalid results.
The process cannot access the file because it is being used by another process.
Stopped logging on 26/10/2006 at 18:54:27

My system seems to be getting worse but most of my virus scanners and things pull up nothing.
Thanks again

Please

• download this file - combofix.exe
• Double click combofix.exe & follow the prompts.
• When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Regards,

The program didnt take long, is that a good thing?

Here's the log:

Wrezz - 06-10-27 19:03:31.14 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Wrezz\My Documents\Jack\Virus Killers"

((((((((((((((((((((((((((((((( Files Created from 2006-09-27 to 2006-10-27 ))))))))))))))))))))))))))))))))))


2006-10-17 20:34 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-16 17:55 380,032 ---hs---- C:\WINDOWS\system32\orqss.bak2
2006-10-15 12:13 363,154 ---hs---- C:\WINDOWS\system32\orqss.bak1
2006-09-30 22:08 223,128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-09-30 22:07 611,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-27 19:01 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-27 12:36 -------- d-------- C:\Program Files\a-squared Anti-Malware
2006-10-22 12:52 -------- d-------- C:\Program Files\Microsoft Games
2006-10-22 10:57 -------- d-------- C:\Documents and Settings\Wrezz\Application Data\Azureus
2006-10-21 22:18 -------- d-------- C:\Program Files\Common Files\Adobe
2006-10-21 22:16 869 --a------ C:\Documents and Settings\Wrezz\Application Data\AdobeDLM.log
2006-10-21 22:16 0 --a------ C:\Documents and Settings\Wrezz\Application Data\dm.ini
2006-10-21 22:16 -------- d-------- C:\Program Files\Adobe
2006-10-21 22:10 -------- d-------- C:\Program Files\Common Files
2006-10-21 22:10 -------- d-------- C:\Documents and Settings\Wrezz\Application Data\Adobe
2006-10-21 22:06 -------- d-------- C:\Documents and Settings\Wrezz\Application Data\Macromedia
2006-10-21 21:57 -------- d-------- C:\Program Files\Internet Explorer
2006-10-21 15:04 -------- d-------- C:\Program Files\Google
2006-10-21 14:24 -------- d-------- C:\Program Files\MSXML 4.0
2006-10-19 18:03 -------- d-------- C:\Program Files\Azureus
2006-10-18 08:29 -------- d-------- C:\Documents and Settings\Wrezz\Application Data\Talkback
2006-10-17 22:11 -------- d-------- C:\Program Files\Zen Vision M
2006-10-17 22:11 -------- d-------- C:\Program Files\WinRAR
2006-10-17 22:11 -------- d-------- C:\Program Files\Windows Media Player
2006-10-17 22:09 -------- d-------- C:\Program Files\SpywareGuard
2006-10-17 22:09 -------- d-------- C:\Program Files\MSN Messenger
2006-10-17 22:08 -------- d-------- C:\Program Files\Messenger
2006-10-17 20:34 -------- d-------- C:\Program Files\Grisoft
2006-10-17 18:55 -------- d-------- C:\Program Files\MusicBrainz Tagger
2006-10-17 18:55 -------- d-------- C:\Program Files\ComPlus Applications
2006-10-17 18:55 -------- d-------- C:\Documents and Settings\Wrezz\Application Data\ICAClient
2006-10-17 17:53 -------- d-------- C:\Documents and Settings\Wrezz\Application Data\AVG7
2006-10-16 23:34 -------- d-------- C:\Program Files\Bullfrog
2006-10-15 14:25 -------- d-------- C:\Documents and Settings\Wrezz\Application Data\Mozilla
2006-10-01 14:46 -------- d-------- C:\Program Files\Driving Test Success 2003-2004
2006-10-01 08:22 778656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-30 21:40 -------- d-------- C:\Program Files\The Codecs
2006-09-17 15:52 -------- d-------- C:\Program Files\Citrix
2006-09-15 21:11 -------- d-------- C:\Documents and Settings\Wrezz\Application Data\Google
2006-09-13 06:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-13 06:01 1084416 --a------ C:\WINDOWS\system32\msxml3(2).dll
2006-09-12 18:40 -------- d-------- C:\Documents and Settings\Wrezz\Application Data\Sun
2006-09-12 17:51 1245184 --a------ C:\WINDOWS\system32\msxml4.dll
2006-09-10 01:27 -------- d---s---- C:\Documents and Settings\Wrezz\Application Data\Microsoft
2006-09-04 07:08 1494016 --a------ C:\WINDOWS\system32\shdocvw(2).dll
2006-08-25 16:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-25 16:45 617472 --a------ C:\WINDOWS\system32\comctl32(2).dll
2006-08-23 10:33 6144 --a------ C:\WINDOWS\system32\ff_vfw.dll
2006-08-21 13:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 12:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-27 19:12 9216 --a------ C:\MsnHandWriting.dll
2006-07-27 14:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-26 15:16 62 --ahs---- C:\Documents and Settings\Wrezz\Application Data\desktop.ini


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"Alcohol.exe Autorun"="C:\\Program Files\\Alcohol Soft\\Alcohol 120\\Alcohol.exe /startup"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"a-squared"="\"C:\\Program Files\\a-squared Anti-Malware\\a2guard.exe\""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"ClearRecentDocsOnExit"=dword:00000001
"NoRecentDocsMenu"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgcc"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-10-27 19:04:15.10
C:\ComboFix.txt ... 06-10-27 19:04

Thanks

The faster the better. As long as they show me what I need.

Here's another fast one.

Downlaod and run http://noahdfear.geekstogo.com/FindAWF.exe
It will open a textfile called awf.txt

Can you post the content of that file as well please?

Regards,

Here is the report:

Find AWF report by noahdfear ©2006


21K files found
~~~~~~~~~



21K files found with strings
~~~~~~~~~~~~~~~~



25K files found
~~~~~~~~~



25K files found with strings
~~~~~~~~~~~~~~~~



bak folders found
~~~~~~~~~~~



Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report


Doesnt seem that enlightening, maybe it makes more sense to you.