I had no problems with any of your instructions or running any programs. All appears to be fixed. Please let me know if I need to do anything else...and THANK YOU! I probably spent 40 hours of futility trying to fix this myself. I appreciate your help!
>>dt<<
X X X X X X X X X X X X X X
AVENGER
Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.comPlatform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\WINDOWS\system32\rxwlrqix.dll" deleted successfully.
File "c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr0.dat" deleted successfully.
File "c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr1.dat" deleted successfully.
Folder "C:\WINDOWS\system32\.14177ce4" deleted successfully.
File "e:\autoexec.ns0" deleted successfully.
File "e:\autoexec.ns1" deleted successfully.
File "e:\autoexec.ns2" deleted successfully.
File "e:\autoexec.ns3" deleted successfully.
File "e:\autoexec.ns4" deleted successfully.
File "e:\autoexec.ns5" deleted successfully.
File "e:\autoexec.ns6" deleted successfully.
File "e:\autoexec.ns8" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
X X X X X X X X X X X X X X X X X X X X X X X X
OTScan Fix Log
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\\~EmptyValue deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rxwlrqix\ deleted successfully.
File C:\WINDOWS\system32\rxwlrqix.dll not found.
File E:\AUTOEXEC.NS0 not found.
File E:\AUTOEXEC.NS1 not found.
File E:\AUTOEXEC.NS2 not found.
File E:\AUTOEXEC.NS3 not found.
File E:\AUTOEXEC.NS4 not found.
File E:\AUTOEXEC.NS5 not found.
File E:\AUTOEXEC.NS6 not found.
File E:\AUTOEXEC.NS8 not found.
[Files/Folders - Created Within 30 days]
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\System32\.14177ce4 not found!
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
< End of fix log >
OTScanIt by OldTimer - Version 1.0.15.4 fix logfile created on 05302008_072841
Files moved on Reboot...
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat moved successfully.
X X X X X X X X X X X X X X X X X X X X X X X X X X X X X
FSecure Report
Scanning Report
Friday, May 30, 2008 07:38:14 - 11:04:14
Computer name: WICKHOUSE
Scanning type: Scan system for malware, rootkits
Target: C:\ E:\
Result: 3 malware found
RemoteAdmin.Win32.WinVNC (spyware)
System
RiskTool.Win32.Reboot (spyware)
System
Tracking Cookie (spyware)
System
Statistics
Scanned:
Files: 102430
System: 4630
Not scanned: 14
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 3
Submitted: 0
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\TEMP\TMP0000002B4C18C511F2E39859
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\RECORDED TV\TEMPREC\TEMPSBE\MSDVRMM_337083620_786432_54900
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3AD391678A806EC4D691E83AAA393B6F_24ADF822-76F7-4481-B30B-FF1B40F8687F
E:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP311\A0031489.DLL
E:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP311\A0031490.EXE
E:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP311\A0031491.DLL
E:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP311\A0031492.DLL
Options
Scanning engines:
F-Secure USS: 2.30.0
F-Secure Blacklight: 1.0.68
F-Secure Hydra: 2.8.8110, 2008-05-30
F-Secure Pegasus: 1.20.0, 2008-04-14
F-Secure AVP: 7.0.171, 2008-05-30
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics
Copyright © 1998-2007 Product support
X X X X X X X X X X X X X X
The end...Thanks again!