[SOLVED] critical system warning, virus remover 2008 infected

[Chewy]

Hello, i am infected with a virus and it has taken control of my browser and computer. I have popups all over the place from virus remover 2008 and windows security center and antispyware pro xp. they have hijacked my browser and i cannot go anywhere without getting redirected.

Please help as my computer has become useless.

I have attatched the appropriate requested logs:

thanx

[Glaswegian]

Hi and welcome to the TSF Security Forum

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.



Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from here or here

Double-click mbam-setup.exe and follow the prompts to install the program.

• Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please save it to a convenient location.

You can also access the log by doing the following:

-> Click on the Malwarebytes' Anti-Malware icon to launch the program.
-> Click on the Logs tab.
-> Click on the log at the bottom of those listed to highlight it.
-> Click Open.

Copy & Paste the entire report in your next reply.




Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, ComboFix shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[Chewy]

here are my results of the scans

Malwarebytes' Anti-Malware 1.30
Database version: 1410
Windows 5.1.2600 Service Pack 2

11/18/2008 11:56:50 PM
mbam-log-2008-11-18 (23-56-50).txt

Scan type: Quick Scan
Objects scanned: 47064
Time elapsed: 6 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7aa32fc7-133b-4ae7-998e-ced0d9829b12} (Trojan.Dialer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e43b6656-814b-4839-8ff8-affde0da9a3f} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8710df42-3171-4a3b-9079-3f7d7101552b} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00bdd82 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00fc16e (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{e43b6656-814b-4839-8ff8-affde0da9a3f} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00ff74b13d1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f79bdae1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f8942c08.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\DivoCodec (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\TorrentSoftware (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\TorrentSoftware\Skins (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\TorrentSoftware\Support (Trojan.Lop) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\512686 (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\TorrentSoftware\TorrentSoftware.trc (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\TorrentSoftware\unins000.dat (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\TorrentSoftware\Skins\WinterBlues.skf (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\TorrentSoftware\Support\connecting.gif (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\TorrentSoftware\Support\default.htm (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\TorrentSoftware\Support\dots.gif (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\TorrentSoftware\Support\logo.jpg (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\TorrentSoftware\Support\porttest_error.htm (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\TorrentSoftware\Support\porttest_start.htm (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Online Antispyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.

combo fix

ComboFix 08-11-18.04 - Owner 2008-11-19 0:02:26.1 - NTFSx86
Running from: c:\documents and settings\Owner\Desktop\Tech Support\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\inst.exe
c:\windows\Downloaded Program Files\setup.inf
c:\windows\jestertb.dll
c:\windows\system32\jjtxleuw.ini
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-10-19 to 2008-11-19 )))))))))))))))))))))))))))))))
.

2008-11-18 23:47 . 2008-11-18 23:47 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-18 23:47 . 2008-11-18 23:47 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2008-11-18 23:47 . 2008-11-18 23:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-18 23:47 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-18 23:47 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-18 23:46 . 2008-11-18 23:46 <DIR> d-------- c:\documents and settings\Owner\Application Data\PCF-VLC
2008-11-13 20:25 . 2008-11-14 22:10 5,490 --a------ c:\windows\system32\tmp.reg
2008-11-13 19:01 . 2008-11-13 19:01 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-11-13 19:01 . 2008-11-13 19:01 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-11-13 19:01 . 2008-11-13 19:01 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-11-13 19:01 . 2008-11-13 19:01 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-18 08:00 --------- d-----w c:\documents and settings\All Users\Application Data\avg7
2008-11-17 15:40 --------- d-----w c:\documents and settings\Owner\Application Data\Vso
2008-11-16 02:45 --------- d-----w c:\program files\FinePixViewer
2008-11-14 02:20 --------- d-----w c:\program files\Lx_cats
2008-11-12 06:06 --------- d-----w c:\documents and settings\Owner\Application Data\AVG7
2008-11-11 04:36 --------- d-----w c:\documents and settings\Owner\Application Data\OpenOffice.org2
2008-10-18 22:16 --------- d-----w c:\program files\Common Files\Adobe
2008-10-18 21:17 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-10-12 15:48 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-10-03 01:39 --------- d-----w c:\documents and settings\All Users\Application Data\1Click DVD Copy
2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-06-18 00:34 47,360 -c--a-w c:\documents and settings\Owner\Application Data\pcouffin.sys
2007-04-11 04:35 87,608 -c--a-w c:\documents and settings\Owner\Application Data\ezpinst.exe
2005-05-16 04:46 0 -c--a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
2007-11-30 03:20 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 495616]
"WeatherEye"="c:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe" [2008-05-30 4501912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-09-13 6731312]
"LXBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-03-17 65536]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-17 590848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-01-14 219136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-18 113664]
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2008-08-22 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"vidc.CDVC"= cdvccodc.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4aaf261-33ca-11d9-acb9-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
.
Contents of the 'Scheduled Tasks' folder

2008-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-NapsterShell - c:\program files\Napster\napster.exe
HKLM-Run-PC Pitstop Optimize Reminder - c:\program files\PCPitstop\Optimize2\Reminder.exe
HKU-Default-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-19 00:04:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-19 0:05:13
ComboFix-quarantined-files.txt 2008-11-19 06:05:05

Pre-Run: 18,644,414,464 bytes free
Post-Run: 18,646,142,976 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

124 --- E O F --- 2008-11-18 09:01:00

thanx

[Glaswegian]

Hi again

How is your system running now?


P2P - I see you have P2P software (i.e. Limewire) installed on your machine. We are not here to pass judgement on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. Although the P2P application itself may be 'clean', the files you download may well contain malware. P2P is often used as a method of distributing malware. This page will give you further information.



Online Scan
Perform an online scan with Panda ActiveScan

• Click on Scan Your PC Now
• A "pop up" window will appear, or a new tab will open.
• Click on Register
• Choose the option you like most, but we recommend the Free Registration.
• Click on Register
• Enter your e-mail address, and create a password.
• Select "I do not want to receive any type of information". (unless you want to receive such information)
• Click on Send
• Confirm registration, and continue by entering your user name and password, then click on Enter
• Select Full Scan, then Click on Scan Now
• Wait for the components to be loaded and installed. Don't close this window or go to another page while it is downloading. You can continue using the Internet by opening another window in your browser.
• If it finds any malware it can disinfect, the Disinfect button will be enabled. Click on Disinfect
• Please ignore the offer to buy the program. Click on Export To
  
• Export the log and save it to your desktop.
• Please attach the contents of that log to your reply.

* Turn off the real time scanner of any existing antivirus program while performing the online scan.


DDS Scan
Download DDS and save it to your desktop.

Disable any script blocker, and then double click dds.scr to run the tool.

• When done, DDS.txt will open.
• Click Yes at the next prompt for Optional Scan.
• Save both reports to your desktop.

-----------------------------------------------------

Please include the following logs in your thread:

• Contents of the DDS.txt posted as text in your reply
• Attach the Attach.txt to your post by clicking the Manage Attachments button under Additonal Options>Attach Files on the composition page. Browse to where you saved the file, and click Upload.

[Chewy]

here is my dds text

DDS (Version 1.0) - NTFSx86
Run by Owner at 16:05:25.53 on Thu 11/20/2008

============== Psuedo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Orb] "c:\program files\winamp remote\bin\OrbTray.exe" /background
uRun: [WeatherEye] c:\program files\theweathernetwork\weathereye\WeatherEye.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [!AVG Anti-Spyware] "c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe" /minimized
mRun: [LXBTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXBTtime.dll,_RunDLLEntry@16
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [AVG7_CC] c:\progra~1\grisoft\avg7\avgcc.exe /STARTUP
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2008-11-19 18:58 <DIR> --d----- c:\docume~1\owner\applic~1\PCF-VLC
2008-11-19 00:00 <DIR> a-dshr-- C:\cmdcons
2008-11-18 23:58 161,792 a------- c:\windows\SWREG.exe
2008-11-18 23:58 98,816 a------- c:\windows\sed.exe
2008-11-18 23:47 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2008-11-18 23:47 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-11-18 23:47 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-18 23:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-11-18 23:47 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-11-13 20:25 5,490 a------- c:\windows\system32\tmp.reg
2008-11-13 19:01 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-11-13 19:01 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-11-13 19:01 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-11-13 19:01 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy)

==================== Find3M ====================

2008-11-20 02:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg7
2008-11-17 09:40 <DIR> --d----- c:\docume~1\owner\applic~1\Vso
2008-11-13 20:20 <DIR> --d----- c:\program files\Lx_cats
2008-11-12 00:06 <DIR> --d----- c:\docume~1\owner\applic~1\AVG7
2008-10-02 19:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\1Click DVD Copy
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-18 12:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCPitstop
2008-06-17 19:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\vsosdk
2008-04-13 08:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Napster
2008-04-07 15:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Lavasoft
2008-01-19 08:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\OrbNetworks
2008-01-14 00:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Grisoft
2008-01-09 12:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2007-12-19 11:33 <DIR> --d----- c:\docume~1\owner\applic~1\Participatory Culture Foundation
2007-12-19 11:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Participatory Culture Foundation
2007-10-27 08:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avg7(2)
2007-10-27 08:34 <DIR> --d----- c:\docume~1\owner\applic~1\AVG7(2)
2007-10-27 08:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kodak
2007-10-27 07:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab(2)
2007-10-08 16:18 <DIR> --d----- c:\docume~1\owner\applic~1\TorrentSoftware
2007-09-09 15:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PurePlay
2007-07-14 11:24 <DIR> --d----- c:\docume~1\owner\applic~1\vlc
2007-05-03 11:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2007-04-30 13:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2007-04-23 23:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2007-04-23 22:22 <DIR> --d----- c:\docume~1\owner\applic~1\Symantec
2006-08-25 21:12 <DIR> --d----- c:\docume~1\owner\applic~1\AdobeAUM
2006-07-28 12:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PopCap
2006-06-12 02:15 <DIR> --d----- c:\docume~1\owner\applic~1\Xerox
2006-04-29 18:36 <DIR> --d----- c:\docume~1\owner\applic~1\Ulead Systems
2005-06-28 18:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\pixelStorm
2005-05-15 22:44 <DIR> --d----- c:\docume~1\owner\applic~1\McAfee
2005-05-06 18:27 <DIR> --d----- c:\docume~1\owner\applic~1\MSNInstaller
2004-11-11 04:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Prism Deploy
2004-11-11 04:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Pure Networks
2006-07-23 23:29 13 ac-sh--- c:\windows\CPSYSDLG.SYS
2007-11-29 21:20 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 1623.78 ===============

[Glaswegian]

How is your system running now? Logs look clean.

[Chewy]

system is running great

thanx

[Glaswegian]

If there are no more problems we’ll just tidy up and I’ll let you go, along with my recommendations for staying safe and secure.

The following procedure will clear out the tools we've used as well as the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

Referring to the image below



Click Start > Run and copy/paste, or type the following bold text into the Run box and click OK:


ComboFix /u



Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:


General Protection
Spyware Blaster to help prevent spyware from installing in the first place.
Spyware Guard to catch and block spyware before it can execute.



SnoopFree
SnoopFree is a real time monitor that notifies you when a programme wants to record your keystrokes or read your screen. Note that SnoopFree is only for XP systems.


MVPS Hosts File
The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Note that if you use a company provided HOSTS file you should not use the MVPS HOSTS file.

Alternate Browsers
Try the following free alternate browsers rather than Internet Explorer
Firefox
Opera
Maxthon

Firewalls
A good firewall will monitor incoming and outgoing traffic. NOTE: Microsoft's Firewall for XP does not monitor outgoing traffic. If you do not have a firewall, here are 3 free ones available for personal use:
Comodo Personal Firewall
Sygate Personal Firewall
ZoneAlarm


Other Protection
Winpatrol - Download and install the free version of Winpatrol. A tutorial for this product is located here:
Using Winpatrol to protect your computer.

ERUNT & NTREGOPT
ERUNT is a programme that will create automatic backups of your Registry. These backups can be used to help restore your system in the event of a serious crash.
NTREGOPT will compact and optimise your Registry, to assist the smooth running of your system


Additional Reading
In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

PC Safety & Security - What Do I Need?.
Making Internet Explorer Safer.

Have a look here if your PC is still running a bit slow
Is your PC running slow...?


Keep clean and safe and enjoy your computing!

Please respond to this thread one more time so we can mark this thread as resolved.