Cool. Well, that seems to be all taken care of.
Cheers, Geoff. Good luck out there.

The name of its creator? Obviously you have checked for that, and one is not there. It did not delete, which is interesting.... so rename it and see what complains, if anything, ever - it has not...

That looks better, illahae. Just one thing, what does this file relate to : c:\windows\NV32643396.TMP ?
If it is benign [check its properties] then remove a few of those specialist tools you have...

Skynet. A rootkit. So that is what was hiding msiebbar.dll
This should not take long, but because there are still two drivers to delete we will use Combofix to delete them, in case they are...

Get CCleaner [see below].
Right. This method kinda ramps up... stop when you win. When you do, fix the O18 entry with hijackthis, and then run CCLeaner.
For a start, in an Explorer window, go...

Ah, okay, illahae.. It is gone, so you are pretty clear to go too. Ignore my post re SAS and Registry Editor - not required.
Cheers.

An example would be C:\ autorun.inf
Just use Explorer, expand each drive [partition] if it exists. If not, just run MBAM. These files are usually found in software cds to automatically start the...

Okay, It slipped my mind your having Superantispyware: Please disable it from starting with Windows via the system tray control centre. Restart your sys, and then fix that O18 entry with hijackthis,...

Aw... please don't run registry cleaners. They just don't do anything worthwhile. If you really want to speed up registry access then remove spaces and defragment it - sysinternals have a pgm for...

Okay on the MBAm action... did you miss fixing this one with hijackthis?:
O18 - Filter hijack: text/html - {27ad87fe-f8bf-4593-8e1e-9e7ca6a99ca6} - C:\WINDOWS\system32\msiebbar.dll
It is a protocol...

Neitz, check in the root of each affected drive to see if there is a file called autoruns.inf: if so, delete it. Then...
==Please download Malwarebytes' Anti-Malware
from:...

Please do not use Rapidshare for posting logs. Post them here.
Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked....

In safe mode.. rename your MBAM and hijackthis exe files to say, mm.exe and ht.exe, try then to run them.

I bet heaps that Crunchie is going to ask for that comboFix log... it's in C:\.

I'm hoping so.
Cheers.

Well, that is interesting behaviour, not at all what I expected.
This is the file that concerned me.. it is a virus capable of spawning 100s of other files: C:\WINDOWS\system32\fokubino.dll
It was...

Ok, we shall try this, MBAM is blind to them for some reason.
==Download this file to your DESKTOP: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
.....or this file:...

And so give administrator privileges to any malware that would be interested in possessing them.

Bit of infection still in there, so for a start:
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
or:...

Well, simplest way is to rclick your IE icon, go Properties, Shortcut, Advanced. You will work it out from there.

Okay. It does look like a few keys in registry are not being cleaned, and Windows Security is picking up on them. More worrying is the inability to run anti-malware scans, loss of restore points....

Good-oh. You might try running the correct removal tool from this site, and then attempt to reinstall KIS.
http://support.kaspersky.com/faq/?qid=208279463
Good luck. And please come back if that...

..or perhaps you installed the AV into an infected system, or perhaps you have become infected with some malware which your AV does not detect.
Tell which AV you uninstalled.

Which AV. Some, eg, Norton, AVG, require a special uninstaller tool to be run. The slowness is most likely due to a confused AV installation - all file activity, traffic is monitored by the AV.

You still have a hefty vundo infection there, JR.
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
or:...

Good-oh, glad you are clean. But believe me on the RECYCLER/Recycle Bin thing... they are parts of the whole. You could have deleted those S-...com files manually from RECYCLERs, and run CCleaner to...

The Recycle Bin is a composite of all RECYCLERs, and shows all the deleted files' names. But only if they are in those S- folders. You will not see any file that you dragged into a RECYCLER, you must...

S-0-0-75-100020897-100014327-100022846-4120.com
.COM??!! Yep, you found a pest, there should be no .com on the end of that S- folder name. :)
Trust me, the Recycle Bin shows as RECYCLER in...

The recycle bin is a strange place, and emptying it does not always work. Ask Bill Gates. It [they] may show in explorer as having 0 bytes, and in properties as anything up to many MBs... even after...

RECYCLER is your recycle bin... there is a bin for each partition. May I suggest that you go into explorer, tools, folder options, view, and Hide Protected OpSys files?
Next:
==Please download...

Fine, pg. When you have used that Symantec removal tool could you post a final hijackthis log, please?

I was just making sure that those files are gone, pg. If you could not find them, that is fine.
Some antivirus software, for example Symantec's [and McAfee's too] cannot be simply removed without...

Hello, pg, yes, that is what i wanted.
Please start hijackthis again, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.

O4 -...

:), so he did.... should have worn all the rough bits off it, then.
GEAR is what I was hoping you would find in that file, spyder. It is a set of drivers that interface iTunes with your cd burner....

Ah. See? It was worth running Combofix also, wasn't it?
I take it that you ran random's sys info tool?
Is this associated with your iPod? c:\documents and settings\All Users\Application...

Those two tools have done a superb job. You had a pretty comprehensive infection there. MBAM took out the ADS file attached to svchost.exe, so no action by you is required there.
May I see the...

Spyder, this will remove the ADS ext.exe from C:\WINDOWS\system32\svchost.exe:ext.exe
ext.exe is an ADS [alternate data stream] attached to C:\WINDOWS\system32\svchost.exe, and you need a special...

At work and online? Then grab a flashdrive and dl Combofix into it from http://download.bleepingcomputer.com/sUBs/ComboFix.exe
.....or : http://subs.geekstogo.com/ComboFix.exe
Change the filename...

Ah, thank you, pg. Could you poat a fresh hijack this log, please?

Hello, spyder, your sys has been knocked silly by some malwares. Being midnight in Aust Cohen has likely wandered off to bed.
I see these things in running processes:
C:\Program Files\Malwarebytes'...