Did all the steps in the "do this before u post" thread.
Here are the Logs.
SUPERAntiSpyware Scan Log
Generated 04/17/2008 at 00:09 AM
Application Version : 3.6.1000
Core Rules Database Version : 3440
Trace Rules Database Version: 1432
Scan type : Complete Scan
Total Scan Time : 00:46:09
Memory items scanned : 328
Memory threats detected : 0
Registry items scanned : 4532
Registry threats detected : 2
File items scanned : 46164
File threats detected : 4
Adware.IST/ISTBar (Slotch Bar)
HKU\S-1-5-21-1482476501-583907252-839522115-1003\Software\Microsoft\Internet Explorer\Main#BandRest [ Never ]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main#BandRest [ Never ]
Trojan.Unclassified/CRU629
C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\AVANQUEST\SYSTEMSUITE\QUARANTINE\CRU629.DAT.QUAR00
C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\AVANQUEST\SYSTEMSUITE\QUARANTINE\CRU629.DAT.QUAR01
Rogue.WinReanimator
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\WINREANIMATOR\WINREANIMATOR.EXE.VIR
Trojan.Downloader-Gen/MROFIN
C:\QOOBOX\QUARANTINE\C\WINDOWS\MROFINU2000382.EXE.VIR
Malwarebytes' Anti-Malware 1.11
Database version: 636
Scan type: Quick Scan
Objects scanned: 29173
Time elapsed: 4 minute(s), 8 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Nvchost (Trojan.Goldun) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMafcd3bd7 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\twxereqq.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\sysmivb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-04-17 01:06:51
PROTECTIONS: 0
MALWARE: 15
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\t4puzp6u.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\t4puzp6u.default\cookies.txt[.mediaplex.com/]
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\t4puzp6u.default\cookies.txt[.clickbank.net/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\t4puzp6u.default\cookies.txt[.xiti.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\t4puzp6u.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\t4puzp6u.default\cookies.txt[.apmebf.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\t4puzp6u.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\t4puzp6u.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\t4puzp6u.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\t4puzp6u.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\t4puzp6u.default\cookies.txt[.advertising.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\t4puzp6u.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\t4puzp6u.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\t4puzp6u.default\cookies.txt[.go.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\t4puzp6u.default\cookies.txt[.target.com/]
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\Documents and Settings\Chris\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.cfexe]
02895262 W32/PatchLog.P Virus Yes 0 Yes No C:\PROGRAM FILES\JAVA\JRE1.6.0_05\BIN\JUSCHED.EXE
02895262 W32/PatchLog.P Virus Yes 0 Yes No C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBARNOTIFIER\1.2.1128.5462\GOOGLETOOLBARNOTIFIER.EXE
02895262 W32/PatchLog.P Virus Yes 0 Yes No C:\PROGRAM FILES\ATI MULTIMEDIA\REMCTRL\ATIRW.EXE
02895262 W32/PatchLog.P Virus Yes 0 Yes No C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
02895340 Adware/PurityScan Adware No 0 Yes No C:\Documents and Settings\Chris\Application Data\Avanquest\SystemSuite\Quarantine\univrs32.dat.QUAR00
02907283 Application/WinReanimator Spyware No 0 Yes No C:\QooBox\Quarantine\C\Program Files\WinReanimator\WinReanimator.dll.vir
02907453 Application/WinReanimator Spyware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\winivstr.exe.vir
02907453 Application/WinReanimator Spyware No 0 Yes No C:\QooBox\Quarantine\C\Program Files\WinReanimator\install.exe.vir
02913300 Spyware/Virtumonde Spyware No 1 Yes No C:\Documents and Settings\Chris\Application Data\Avanquest\SystemSuite\Quarantine\ssqRJyvT.dll.QUAR00
02913545 Spyware/Virtumonde Spyware No 1 Yes No C:\Documents and Settings\Chris\Application Data\Avanquest\SystemSuite\Quarantine\ygoquglc.dll.QUAR00
02913546 Spyware/Virtumonde Spyware No 1 Yes No C:\Documents and Settings\Chris\Application Data\Avanquest\SystemSuite\Quarantine\jmqohkou.dll.QUAR00
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description
;===============================================================================
=================================================================================
===================
184380 MEDIUM MS08-002
184379 MEDIUM MS08-001
182048 HIGH MS07-069
182046 HIGH MS07-067
182043 HIGH MS07-064
179553 HIGH MS07-061
176382 HIGH MS07-057
176383 HIGH MS07-058
170911 HIGH MS07-050
170907 HIGH MS07-046
170906 HIGH MS07-045
170904 HIGH MS07-043
164915 HIGH MS07-035
164913 HIGH MS07-033
164911 HIGH MS07-031
160623 HIGH MS07-027
157262 HIGH MS07-022
157261 HIGH MS07-021
157260 HIGH MS07-020
157259 HIGH MS07-019
156477 HIGH MS07-017
150253 HIGH MS07-016
150249 HIGH MS07-013
150248 HIGH MS07-012
150247 HIGH MS07-011
150243 HIGH MS07-008
150242 HIGH MS07-007
150241 MEDIUM MS07-006
141034 HIGH MS06-076
141033 MEDIUM MS06-075
141030 HIGH MS06-072
137571 HIGH MS06-070
137568 HIGH MS06-067
133387 MEDIUM MS06-065
133386 MEDIUM MS06-064
133385 MEDIUM MS06-063
133379 HIGH MS06-057
131654 HIGH MS06-055
129977 MEDIUM MS06-053
129976 MEDIUM MS06-052
126093 HIGH MS06-051
126092 MEDIUM MS06-050
126087 HIGH MS06-046
126086 MEDIUM MS06-045
126083 HIGH MS06-042
126082 HIGH MS06-041
126081 HIGH MS06-040
123421 HIGH MS06-036
123420 HIGH MS06-035
120825 MEDIUM MS06-032
120823 MEDIUM MS06-030
120818 HIGH MS06-025
120815 HIGH MS06-022
120814 HIGH MS06-021
117384 MEDIUM MS06-018
114666 HIGH MS06-015
114664 HIGH MS06-013
108744 MEDIUM MS06-008
108743 MEDIUM MS06-007
108742 MEDIUM MS06-006
104567 HIGH MS06-002
104237 HIGH MS06-001
96574 HIGH MS05-053
93395 HIGH MS05-051
93394 HIGH MS05-050
93454 MEDIUM MS05-049
;===============================================================================
=================================================================================
===================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:20:00 AM, on 4/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [razertra] C:\Program Files\Razer\razertra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: vtUkHWmJ - vtUkHWmJ.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 3890 bytes
Thanks in advance for any advice and help.
C