AVG
Symantec Anti-virus
A2 anti-virus
Counterspy
Spybot
Ad-Aware
Superantispyware
CWShredder
ATF
Hijackthis
Killbox
and several more.None of these effectively cleaned it.I removed all entries in the registry that were linked to the infected files as well.Nothing seems to actually keep it from returning.At this point I'm frustrated and don't have the time to dedicated to keep fighting it.I come humble with my pride sucked up fully.Please help, and thanks in advance.I have cleaned all temp files already and below is my Hijackthis log and Malwarebytes log files.
Malwarebytes' Anti-Malware 1.14
Database version: 818
3:53:04 PM 6/3/2008
mbam-log-6-3-2008 (15-53-04).txt
Scan type: Quick Scan
Objects scanned: 45650
Time elapsed: 5 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\WINDOWS\system32\AppCert (Trojan.Downloader) -> Quarantined and deleted successfully.
Files Infected:
(No malicious items detected)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:05:47 PM, on 6/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\Sunbelt Software\CounterSpy\Agent\SBCSESvc.exe
C:\PROGRA~1\ESRI\License\arcgis9x\ARCGIS.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\lyncusb.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\mssql2k\MSSQL\binn\sqlservr.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
c:\program files\sedc\clientmanagement\v1.5.1.0711\sedcdeploymentservice.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Sunbelt Software\CounterSpy\Agent\SBCSTray.exe
C:\WINDOWS\system32\ctfmon.exe
c:\mssql2k\MSSQL\binn\sqlagent.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\SEDC\ClientManagement\v1.5.1.0711\ClientManager.exe
C:\Program Files\SEDC\ClientManagement\v1.5.1.0711\DeploymentServiceModule.exe
C:\Program Files\SEDC\ClientVerificationComponent\v1.0.0.0711\ClientVerificationComponent.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.beci.org/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by - BECI
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3697E8F3-2263-4D98-902F-0E27F8315400} - C:\WINDOWS\system32\dspropj.dll
O2 - BHO: (no name) - {D4BEE954-326A-4C6E-A1CA-5CEBECFAF652} - c:\windows\system32\lqjrcml.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ccApp] -
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCounterSpyIconApp] C:\Program Files\Sunbelt Software\CounterSpy\Agent\SBCSTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Client Management Components.lnk = C:\Program Files\SEDC\ClientManagement\AppLauncher.exe
O4 - Global Startup: SEDC Client Settings.lnk = C:\Program Files\SEDC\ClientManagement\UtilityLauncher.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.devl9000
O15 - Trusted IP range: 10.20.30.8
O15 - Trusted IP range: http://10.20.30.8
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1191688457629
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1191688445504
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = coop.beci.org
O17 - HKLM\Software\..\Telephony: DomainName = coop.beci.org
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F24EA4E-82E5-4053-BB05-0865FA3C03A6}: NameServer = 10.20.30.9,10.20.30.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = coop.beci.org
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F24EA4E-82E5-4053-BB05-0865FA3C03A6}: NameServer = 10.20.30.9,10.20.30.2
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = coop.beci.org
O17 - HKLM\System\CS2\Services\Tcpip\..\{0F24EA4E-82E5-4053-BB05-0865FA3C03A6}: NameServer = 10.20.30.9,10.20.30.2
O20 - Winlogon Notify: tkhrggtu - C:\WINDOWS\SYSTEM32\lqjrcml.dll
O23 - Service: ArcGIS License Manager - Unknown owner - C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CounterSpyAgent - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\Agent\SBCSESvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lync USB Auditor Service (LyncUSBServ) - Lync Software Pty Ltd - C:\WINDOWS\system32\lyncusb.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SEDC Deployment Service - - c:\program files\sedc\clientmanagement\v1.5.1.0711\sedcdeploymentservice.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VPRemote Install Bootstrap Service (VPREMOTE) - Unknown owner - C:\TEMP\Clt-Inst\vpremote.exe (file missing)
--
End of file - 6765 bytes