This is one of my older computers. I had it about for three years now. I get lots of pop ups and viruses. Most programs i can't even start up.
Here is the hjt log only shows up to 22 for some reason:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:33:32 PM, on 1/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\AT&T\Communication Manager\ATTCM.exe
C:\Program Files\AT&T\Communication Manager\bmctl.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\user\LOCALS~1\Temp\csrssc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\AT&T\Communication Manager\bmop.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twex.exe,
O2 - BHO: (no name) - {026DD580-84D3-4C0C-AB35-B0DAC5669154} - C:\WINDOWS\system32\urqQhFvt.dll
O2 - BHO: (no name) - {12699d45-3f0f-4c85-9d9b-10ce65a60c2f} - C:\WINDOWS\system32\hilivoze.dll (file missing)
O2 - BHO: C:\WINDOWS\system32\tyshb36rfjdf.dll - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\tyshb36rfjdf.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [bihomivabu] Rundll32.exe "C:\WINDOWS\system32\dunulaju.dll",s
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\user\Application Data\gadcom\gadcom.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\user\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [tezrtsjhfr84iusjfo84f] C:\DOCUME~1\user\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [VnrPack22] "C:\Program Files\VnrPack\VnrPack22.exe"
O4 - HKCU\..\Run: [GetModule35] C:\Program Files\GetModule\GetModule35.exe
O4 - HKCU\..\Run: [GetPack28] "C:\Program Files\GetPack\GetPack28.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [bihomivabu] Rundll32.exe "C:\WINDOWS\system32\dunulaju.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusremover2008.com
O15 - Trusted Zone: *.virusschlacht.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1191099616095
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/...jolauncher.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{2351A425-A26B-40A4-ADBB-99450D8C5E4A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{5155EB13-C52B-4965-8EE3-C18B2E198951}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C7B25F9-A3B1-462D-B6F0-6C4C8B6B2C57}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB840167-8C0B-459E-9407-8A46C8A271F9}: NameServer = 209.183.54.151
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7CD77B1-4D33-47F9-BE3F-852B1695B32E}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{2351A425-A26B-40A4-ADBB-99450D8C5E4A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{2351A425-A26B-40A4-ADBB-99450D8C5E4A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{2351A425-A26B-40A4-ADBB-99450D8C5E4A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - AppInit_DLLs: mzwcza.dll uwoowg.dll olqoee.dll xojlqy.dll fjqkdv.dll uspbhd.dll zodpnq.dll djrdvx.dll kqtbda.dll fahoeb.dll phzyog.dll uyzvki.dll aanlvn.dll dixzql.dll amdlbr.dll ynpgdu.dll vigbrk.dll yxhigj.dll olytwt.dll uvhwlu.dll kxczoi.dll yzxdtd.dll piugbj.dll fdanmf.dll cuvlfy.dll kbczhe.dll,C:\WINDOWS\system32\guzapamu.dll
O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll
O20 - Winlogon Notify: nnnnNDtQ - C:\WINDOWS\SYSTEM32\nnnnNDtQ.dll
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O22 - SharedTaskScheduler: FGYbf743iujndsfAfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\tyshb36rfjdf.dll

--
End of file - 8096 bytes


Thanks for helping

Hi and welcome to the Daniweb forums .

==========

Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebyt...are_d5756.html) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Make sure that you restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Post new HJT log.

i have that program on my computer, but when i start it, it doesn't load up. I tried redownloading it from that site, but i cant access that site for some reason. I had my friend send me the exe file, but when i click run on the exe file it doesn't load up at all. This is very troublesome and thank you for going through the trouble to help me. So what do i do now here is another hjt log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:58:57 PM, on 1/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AT&T\Communication Manager\ATTCM.exe
C:\Program Files\AT&T\Communication Manager\bmctl.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\AT&T\Communication Manager\bmop.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twex.exe,
O2 - BHO: (no name) - {12699d45-3f0f-4c85-9d9b-10ce65a60c2f} - C:\WINDOWS\system32\hilivoze.dll (file missing)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\nnnnNDtQ.dll
O2 - BHO: (no name) - {C55FDCBA-5EA6-4D92-929B-11593CDCCFF0} - C:\WINDOWS\system32\urqQhFvt.dll
O2 - BHO: C:\WINDOWS\system32\tyshb36rfjdf.dll - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\tyshb36rfjdf.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [bihomivabu] Rundll32.exe "C:\WINDOWS\system32\dunulaju.dll",s
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\user\Application Data\gadcom\gadcom.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [bihomivabu] Rundll32.exe "C:\WINDOWS\system32\dunulaju.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusremover2008.com
O15 - Trusted Zone: *.virusschlacht.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1191099616095
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/...jolauncher.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{2351A425-A26B-40A4-ADBB-99450D8C5E4A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{5155EB13-C52B-4965-8EE3-C18B2E198951}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C7B25F9-A3B1-462D-B6F0-6C4C8B6B2C57}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB840167-8C0B-459E-9407-8A46C8A271F9}: NameServer = 209.183.54.151
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7CD77B1-4D33-47F9-BE3F-852B1695B32E}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{2351A425-A26B-40A4-ADBB-99450D8C5E4A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{2351A425-A26B-40A4-ADBB-99450D8C5E4A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{2351A425-A26B-40A4-ADBB-99450D8C5E4A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - AppInit_DLLs: mzwcza.dll uwoowg.dll olqoee.dll xojlqy.dll fjqkdv.dll uspbhd.dll zodpnq.dll djrdvx.dll kqtbda.dll fahoeb.dll phzyog.dll uyzvki.dll aanlvn.dll dixzql.dll amdlbr.dll ynpgdu.dll vigbrk.dll yxhigj.dll olytwt.dll uvhwlu.dll kxczoi.dll yzxdtd.dll piugbj.dll fdanmf.dll cuvlfy.dll kbczhe.dll,C:\WINDOWS\system32\guzapamu.dll
O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll
O20 - Winlogon Notify: nnnnNDtQ - C:\WINDOWS\SYSTEM32\nnnnNDtQ.dll
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O22 - SharedTaskScheduler: FGYbf743iujndsfAfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\tyshb36rfjdf.dll

--
End of file - 7287 bytes

If I may comment here, I believe that your log shows no entries after O22 because you don't seem to have any XP services running.
Several other things I note, your O4 entries, which are the auto starting programs that start when the computer starts shows AVG7 antivirus but it is not running on the machine which certainly would explain this log showing multiple infections. The computer is grossly infected.
Your Trusted Zone section shows multiple BAD entries:
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusremover2008.com
O15 - Trusted Zone: *.virusschlacht.com

I see multiple Trojans, password stealers, hijackers.
You might try SDFix and see if this works to remove some of them.

Download SDFix and save it to the desktop.
double-click on the SDFix icon that should be residing on your desktop. If a Open File - Security Warning box opens, click on the Run button.

A window will now open showing SDFix being extracted into the C:\SDFix folder. Once the installation program has finished extracting SDFix, it will open a Notepad with further instructions
# Next, please reboot your computer into Safe Mode by doing the following:

1. Restart your computer

2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

3. Instead of Windows loading as normal, a menu should appear

4. Select the first option, to run Windows in Safe Mode.

5. When you are at the logon prompt, log in as the same user that you had performed the previous steps as.

When your computer has started in safe mode, and you see the desktop, close all open Windows.

Click on the Start button, click on the Run menu option, and type the following into the Open: field:

C:\SDFix\RunThis.bat
Then press the OK button.
The SDFix window will open containing some brief info and a disclaimer on the use of the tool.
please press the Y key on your keyboard and then press enter.
SDFix will now start scanning your computer for known infections
This process can take a while so be prepared to just sit and wait until it is complete.
When the scanning process has finished you will see a new screen stating that you need to restart your computer in order to continue.

At this point you should press any key on your computer's keyboard in order to restart the computer.
After your computer reboots SDFix will automatically start and perform a last check.
You will now be presented with a screen stating that SDFix has finished.
At this point you should press any key on your computer's keyboard in order to continue to your desktop.

When you are back at your Windows desktop, the SDFix log will automatically be opened in notepad.
Please post back here with that log.

Sorry for the full reply and thank you for helping me. Here is the report from SDFIX:


SDFix: Version 1.240
Run by user on Thu 01/29/2009 at 09:12 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\user\Desktop\SDFix

Checking Services :

Rootkit Found :
C:\WINDOWS\system32\drivers\WINAF40.sys - Rootkit Pandex/Cutwail - Runtime.sys
C:\WINDOWS\system32\drivers\WINAF84.sys - Rootkit Pandex/Cutwail - Runtime.sys
C:\WINDOWS\system32\drivers\WINBG73.sys - Rootkit Pandex/Cutwail - Runtime.sys
C:\WINDOWS\system32\drivers\WINCH84.sys - Rootkit Pandex/Cutwail - Runtime.sys
C:\WINDOWS\system32\drivers\WINGL62.sys - Rootkit Pandex/Cutwail - Runtime.sys
C:\WINDOWS\system32\drivers\WINJO27.sys - Rootkit Pandex/Cutwail - Runtime.sys
C:\WINDOWS\system32\drivers\WINLQ27.sys - Rootkit Pandex/Cutwail - Runtime.sys
C:\WINDOWS\system32\drivers\WINOT84.sys - Rootkit Pandex/Cutwail - Runtime.sys
C:\WINDOWS\system32\drivers\WINUA16.sys - Rootkit Pandex/Cutwail - Runtime.sys
C:\WINDOWS\system32\drivers\WINVB62.sys - Rootkit Pandex/Cutwail - Runtime.sys
C:\WINDOWS\system32\drivers\WINWC05.sys - Rootkit Pandex/Cutwail - Runtime.sys
C:\WINDOWS\system32\drivers\WINWC16.sys - Rootkit Pandex/Cutwail - Runtime.sys
C:\WINDOWS\system32\drivers\WINXD16.sys - Rootkit Pandex/Cutwail - Runtime.sys
C:\WINDOWS\system32\drivers\WINXD84.sys - Rootkit Pandex/Cutwail - Runtime.sys

Name :
tdssserv
WINAF40
WINAF84
WINBG73
WINCH84
WINGL62
WINJO27
WINLQ27
WINOT84
WINUA16
WINVB62
WINWC05
WINWC16
WINXD16
WINXD84

Path :
\systemroot\system32\drivers\TDSSserv.sys
\??\C:\WINDOWS\System32\drivers\Winaf40.sys
\??\C:\WINDOWS\System32\drivers\Winaf84.sys
\??\C:\WINDOWS\System32\drivers\Winbg73.sys
\??\C:\WINDOWS\System32\drivers\Winch84.sys
\??\C:\WINDOWS\System32\drivers\Wingl62.sys
\??\C:\WINDOWS\System32\drivers\Winjo27.sys
\??\C:\WINDOWS\System32\drivers\Winlq27.sys
\??\C:\WINDOWS\System32\drivers\Winot84.sys
\??\C:\WINDOWS\System32\drivers\Winua16.sys
\??\C:\WINDOWS\System32\drivers\Winvb62.sys
\??\C:\WINDOWS\System32\drivers\Winwc05.sys
\??\C:\WINDOWS\System32\drivers\Winwc16.sys
\??\C:\WINDOWS\System32\drivers\Winxd16.sys
\??\C:\WINDOWS\System32\drivers\Winxd84.sys

tdssserv - Deleted
WINAF40 - Deleted
WINAF84 - Deleted
WINBG73 - Deleted
WINCH84 - Deleted
WINGL62 - Deleted
WINJO27 - Deleted
WINLQ27 - Deleted
WINOT84 - Deleted
WINUA16 - Deleted
WINVB62 - Deleted
WINWC05 - Deleted
WINWC16 - Deleted
WINXD16 - Deleted
WINXD84 - Deleted



Restoring Default Security Values
Restoring Default Hosts File
Restoring Default Schedule Service Path

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\nnnnNDtQ.dll - Deleted
C:\Documents and Settings\user\Application Data\gadcom\gadcom.exe - Deleted
C:\Documents and Settings\user\Application Data\SpeedRunner\config.cfg - Deleted
C:\Temp\1cb\syscheck.log - Deleted
C:\Program Files\GetModule\GetModule35.exe - Deleted
C:\Program Files\GetPack\dictame.gz - Deleted
C:\Program Files\GetPack\GetPack27.exe - Deleted
C:\Program Files\GetPack\GetPack28.exe - Deleted
C:\Program Files\GetPack\trgtame.gz - Deleted
C:\Program Files\iCheck\Uninstall.exe - Deleted
C:\Program Files\Mjcore\Mjcore.dll - Deleted
C:\Program Files\VnrPack\dicts.gz - Deleted
C:\Program Files\VnrPack\trgts.gz - Deleted
C:\Program Files\VnrPack\VnrPack22.exe - Deleted
C:\Program Files\Webtools\webtools.dll - Deleted
C:\DOCUME~1\user\LOCALS~1\Temp\gettpa135.exe - Deleted
C:\DOCUME~1\user\LOCALS~1\Temp\gettpa227.exe - Deleted
C:\DOCUME~1\user\LOCALS~1\Temp\gettpa228.exe - Deleted
C:\DOCUME~1\user\LOCALS~1\Temp\TMP43.tmp - Deleted
C:\DOCUME~1\user\LOCALS~1\Temp\Csrssc.exe - Deleted
C:\WINDOWS\system32\crypts.dll - Deleted
C:\WINDOWS\system32\WinCtrl32.dll - Deleted
C:\WINDOWS\system32\windows_update.exe - Deleted
C:\WINDOWS\system32\drivers\TDSSserv.sys - Deleted
C:\WINDOWS\system32\TDSSoiqn.dll - Deleted
C:\WINDOWS\system32\TDSShlxr.dll - Deleted
C:\WINDOWS\system32\TDSSrtqp.dll - Deleted
C:\WINDOWS\system32\TDSSxfum.dll - Deleted
C:\WINDOWS\system32\TDSSlxwp.dll - Deleted
C:\WINDOWS\system32\TDSSorvd.dat - Deleted
C:\WINDOWS\system32\TDSSrhyp.log - Deleted
C:\WINDOWS\system32\TDSSkkbi.log - Deleted
C:\WINDOWS\system32\drivers\WINAF40.sys - Deleted
C:\WINDOWS\system32\drivers\WINAF84.sys - Deleted
C:\WINDOWS\system32\drivers\WINBG73.sys - Deleted
C:\WINDOWS\system32\drivers\WINCH84.sys - Deleted
C:\WINDOWS\system32\drivers\WINGL62.sys - Deleted
C:\WINDOWS\system32\drivers\WINJO27.sys - Deleted
C:\WINDOWS\system32\drivers\WINLQ27.sys - Deleted
C:\WINDOWS\system32\drivers\WINOT84.sys - Deleted
C:\WINDOWS\system32\drivers\WINUA16.sys - Deleted
C:\WINDOWS\system32\drivers\WINVB62.sys - Deleted
C:\WINDOWS\system32\drivers\WINWC05.sys - Deleted
C:\WINDOWS\system32\drivers\WINWC16.sys - Deleted
C:\WINDOWS\system32\drivers\WINXD16.sys - Deleted
C:\WINDOWS\system32\drivers\WINXD84.sys - Deleted



Folder C:\Documents and Settings\user\Application Data\gadcom - Removed
Folder C:\Documents and Settings\user\Application Data\SpeedRunner - Removed
Folder C:\Program Files\GetModule - Removed
Folder C:\Program Files\GetPack - Removed
Folder C:\Program Files\iCheck - Removed
Folder C:\Program Files\InetGet2 - Removed
Folder C:\Program Files\Mjcore - Removed
Folder C:\Program Files\VnrPack - Removed
Folder C:\Program Files\Webtools - Removed
Folder C:\Temp\1cb - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-29 12:42:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\TDSSserv.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\TDSSserv.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSpqlt.sys"
"group"="file system"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TDSSserv]
"start"=dword:00000004
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TDSSserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSpqlt.sys"
"group"="file system"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSpqlt.sys"
"group"="file system"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules]
"TDSSserv"="\systemroot\system32\drivers\TDSSpqlt.sys"
"TDSSl"="\systemroot\system32\TDSSoiqn.dll"
"tdssservers"="\systemroot\system32\TDSSorvd.dat"
"tdssmain"="\systemroot\system32\TDSShlxr.dll"
"tdsslog"="\systemroot\system32\TDSSrtqp.dll"
"tdssadw"="\systemroot\system32\TDSSxfum.dll"
"tdssinit"="\systemroot\system32\TDSSlxwp.dll"
"tdssurls"="\systemroot\system32\TDSSnmxh.log"
"tdsspanels"="\systemroot\system32\TDSSsihc.dll"
"tdsserrors"="\systemroot\system32\TDSSrhyp.log"
"TDSSproc"="\systemroot\system32\TDSSkkbi.log"

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\system32\dunulaju.dll 69120 bytes executable
C:\WINDOWS\system32\drivers\TDSSpqlt.sys 60416 bytes executable
C:\WINDOWS\system32\guzapamu.dll 69120 bytes executable
C:\WINDOWS\system32\hilivoze.dll 69120 bytes executable
C:\WINDOWS\system32\gaheduwe 6456 bytes
C:\Documents and Settings\user\Desktop\SDFix\backups\tdssserv.reg 1268 bytes
C:\Documents and Settings\user\Local Settings\Temp\TDSS48e0.tmp 102400 bytes executable
C:\Documents and Settings\user\Local Settings\Temp\TDSS4a3f.tmp 617472 bytes executable

scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 8


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:enabledxpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exeisabled:Firefox"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:Enabled:Veoh Client"
"C:\\Program Files\\Trillian\\trillian.exe"="C:\\Program Files\\Trillian\\trillian.exe:Enabled:Trillian"
"C:\\WINDOWS\\system32\\a.exe"="C:\\WINDOWS\\system32\\a.exeisabled:a"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:Enabled:avgcc.exe"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:Enabled:æTorrent"
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe"="C:\\Program Files\\Paltalk Messenger\\paltalk.exeisabledaltalkScene"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:Enabled:Explorer"
"C:\\WINDOWS\\system32\\winlogon.exe"="C:\\WINDOWS\\system32\\winlogon.exe:Enabled:winlogon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:enabledxpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\DOCUME~1\user\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sun 13 Apr 2008 4,639 A.SH. --- "C:\Program Files\Windows Media Player\mplayer2.exe"
Wed 18 Oct 2006 64,000 A.SH. --- "C:\Program Files\Windows Media Player\wmplayer.exe"
--- 69,120 A.SH. --- "C:\WINDOWS\system32\dunulaju.dll"
--- 69,120 A.SH. --- "C:\WINDOWS\system32\guzapamu.dll"
--- 69,120 A.SH. --- "C:\WINDOWS\system32\hilivoze.dll"
Mon 25 Feb 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 10 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!

Download ComboFix
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop.
Once the download is complete you will see the Combofix on the desktop.

* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
Doubleclick the combofix icon on the desktop to run the program.



Windows will issue a prompt asking whether you wish to run the program, click Run
You will then see a Disclaimer screen asking you to agree to the disclaimer. Press the number 1 key to accept the disclaimer.

Now just sit back and allow the program to run

Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.

When all is complete then please post back here with that log.

I am having problems running combofix.exe, When i open up task manager i can see combofix in the back ground but when i run combofix nothing pops up. Other exe files do the same. I tried running in safe mode and ran combofix but the same thing happened.

Open Device Manager and on the VIEW Tab, select the Show hidden devices option.
Go down to non plug and play drivers and see if there is one called TDSSserv and disable it.

==

Reboot and try again to run combofix if you found it.

==

If that does not work,

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the /, it needs to be there.
  
  
• CF_cleanup.png
  

Now, download ComboFix by sUBs from HERE or HERE

• You must rename combofix BEFORE saving it to your pc.
• CF_download_rename.gif
• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Post removed as I didn't see Crunchie's instructions.

Wow that really worked Thanks. okay here is the Combofix log:

ComboFix 09-02-01.01 - user 2009-02-01 13:34:49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1791.1439 [GMT -8:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: AVG 7.5.549 *On-access scanning enabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\user\Application Data\GetModule
c:\documents and settings\user\Application Data\GetModule\dicik.gz
c:\documents and settings\user\Application Data\GetModule\kwdik.gz
c:\documents and settings\user\Application Data\GetModule\ofadik.gz
c:\documents and settings\user\Application Data\shca35j0ejdn
c:\documents and settings\user\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\BM2feafb14.txt
c:\windows\system32\aanlvn.dll
c:\windows\system32\aecbcewa.dll
c:\windows\system32\amdlbr.dll
c:\windows\system32\anmkrpm.dll
c:\windows\system32\anmkrpmp.dll
c:\windows\system32\awtrRHYQ.dll
c:\windows\system32\bxmdlspe.ini
c:\windows\system32\cbXNFurp.dll
c:\windows\system32\ccaideuk.dll
c:\windows\system32\coecxsph.ini
c:\windows\system32\crypts.dll
c:\windows\system32\cuvlfy.dll
c:\windows\system32\cvrapgul.ini
c:\windows\system32\dbyefacd.ini
c:\windows\system32\dcafeybd.dll
c:\windows\system32\dixzql.dll
c:\windows\system32\djrdvx.dll
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\Drivers\TDSSpqlt.sys
c:\windows\system32\dunulaju.dll
c:\windows\system32\dwopoxfk.ini
c:\windows\system32\efcCspOh.dll
c:\windows\system32\eqyttkhj.ini
c:\windows\system32\fahoeb.dll
c:\windows\system32\fakeskyr.ini
c:\windows\system32\favdxjtr.dll
c:\windows\system32\fbgdikjj.ini
c:\windows\system32\fdanmf.dll
c:\windows\system32\fhtpnyim.ini
c:\windows\system32\geBspmnl.dll
c:\windows\system32\gusvynkf.dll
c:\windows\system32\guzapamu.dll
c:\windows\system32\gwgdbeef.ini
c:\windows\system32\hilivoze.dll
c:\windows\system32\hpsxceoc.dll
c:\windows\system32\iehelper.dll
c:\windows\system32\ihsocl.dll
c:\windows\system32\ilkfcdix.ini
c:\windows\system32\iqjyfdhj.dll
c:\windows\system32\iukbpfik.dll
c:\windows\system32\jjkidgbf.dll
c:\windows\system32\jolvtpqf.dll
c:\windows\system32\jvopeuho.dll
c:\windows\system32\jyhyfawl.ini
c:\windows\system32\kbczhe.dll
c:\windows\system32\kehmhwve.dll
c:\windows\system32\kfpuyjkq.dll
c:\windows\system32\kfxopowd.dll
c:\windows\system32\khfFXrQI.dll
c:\windows\system32\kifpbkui.ini
c:\windows\system32\klemfxud.ini
c:\windows\system32\kqgqwolr.ini
c:\windows\system32\kqtbda.dll
c:\windows\system32\kxczoi.dll
c:\windows\system32\kxotruvb.ini
c:\windows\system32\L5
c:\windows\system32\ljJYQGvT.dll
c:\windows\system32\lugparvc.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\mfmcsonf.ini
c:\windows\system32\mgicmcoh.dll
c:\windows\system32\mjmwelui.dll
c:\windows\system32\nbwoxnbq.ini
c:\windows\system32\obqdwosy.dll
c:\windows\system32\olytwt.dll
c:\windows\system32\pawpbxsw.dll
c:\windows\system32\phzyog.dll
c:\windows\system32\piugbj.dll
c:\windows\system32\pkboofff.dll
c:\windows\system32\pkxmqdua.ini
c:\windows\system32\prunnet.exe
c:\windows\system32\qbnxowbn.dll
c:\windows\system32\qorsjxbn.dll
c:\windows\system32\ratkqfir.dll
c:\windows\system32\rpguwr.dll
c:\windows\system32\rqRJAttQ.dll
c:\windows\system32\rtjxdvaf.ini
c:\windows\system32\ssjbarhc.ini
c:\windows\system32\ssqQjIAp.dll
c:\windows\system32\ssqRLeeE.dll
c:\windows\system32\TDSShlxr.dll
c:\windows\system32\TDSSoiqn.dll
c:\windows\system32\TDSSorvd.dat
c:\windows\system32\TDSSrtqp.dll
c:\windows\system32\TDSSxfum.dll
c:\windows\system32\tncdxxlh.dll
c:\windows\system32\tnprfkdx.dll
c:\windows\system32\tvFhQqru.ini
c:\windows\system32\tvFhQqru.ini2
c:\windows\system32\twex.exe
c:\windows\system32\tyshb36rfjdf.dll
c:\windows\system32\udpvbuig.ini
c:\windows\system32\uerdoilh.dll
c:\windows\system32\urqQhFvt.dll
c:\windows\system32\uvhwlu.dll
c:\windows\system32\uyzvki.dll
c:\windows\system32\vgpflmag.ini
c:\windows\system32\vigbrk.dll
c:\windows\system32\vpvvtyny.ini
c:\windows\system32\vuugnyla.ini
c:\windows\system32\wcapmact.dll
c:\windows\system32\wsxbpwap.ini
c:\windows\system32\xidcfkli.dll
c:\windows\system32\xoyjwlvt.dll
c:\windows\system32\xshfrpft.ini
c:\windows\system32\xxyvusrR.dll
c:\windows\system32\xxywUKdE.dll
c:\windows\system32\yedmomaa.ini
c:\windows\system32\yhenqlcx.dll
c:\windows\system32\ynpgdu.dll
c:\windows\system32\ypcstnlw.ini
c:\windows\system32\yppppiru.dll
c:\windows\system32\yxhigj.dll
c:\windows\system32\yzxdtd.dll
c:\windows\system32\zodpnq.dll
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat . . . . failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat . . . . failed to delete

----- BITS: Possible infected sites -----

hxxp://77.74.48.101
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2009-01-01 to 2009-02-01 )))))))))))))))))))))))))))))))
.

2009-01-30 02:09 . 2009-02-01 11:51 2,190 --a------ c:\windows\system32\TDSSlxwp.dll
2009-01-29 22:42 . 2009-01-29 22:42 2,713 --ahs---- c:\windows\system32\lazogiya.exe
2009-01-29 09:02 . 2009-01-29 09:02 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-01-29 08:29 . 2009-01-29 08:29 <DIR> d-------- c:\windows\ERUNT
2009-01-29 08:26 . 2009-01-29 08:26 <DIR> d-------- c:\documents and settings\Administrator.UNKNOW-91070FE2
2009-01-24 20:45 . 2009-02-01 09:41 <DIR> d--hs---- c:\windows\system32\twain32
2009-01-24 20:45 . 2009-01-24 20:45 266,248 --a------ c:\windows\sysguard.exe
2009-01-18 06:16 . 2009-01-18 06:16 <DIR> d-------- c:\documents and settings\user\Application Data\Sierra Wireless
2009-01-18 06:16 . 2009-01-18 06:16 <DIR> d-------- c:\documents and settings\user\Application Data\DBUpdater
2009-01-18 06:16 . 2009-01-18 06:16 <DIR> d-------- c:\documents and settings\user\Application Data\AT&T
2009-01-18 06:16 . 2008-11-20 21:59 27,072 --a------ c:\windows\system32\drivers\PCASp50.sys
2009-01-18 06:16 . 2008-08-22 10:05 26,760 -ra------ c:\windows\system32\drivers\swmsflt.sys
2009-01-18 06:11 . 2009-01-18 06:11 <DIR> d-------- c:\program files\Sierra Wireless Inc
2009-01-18 06:11 . 2009-01-18 06:11 <DIR> d-------- c:\program files\Common Files\Motorola Shared
2009-01-18 06:11 . 2009-01-18 06:11 <DIR> d-------- c:\program files\AT&T
2009-01-18 06:11 . 2009-01-18 06:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\AT&T
2009-01-18 06:10 . 2009-01-18 06:10 <DIR> d-------- c:\program files\Option
2009-01-18 06:09 . 2009-01-18 06:09 <DIR> d-------- c:\documents and settings\user\Application Data\Research In Motion
2009-01-18 06:09 . 2009-01-29 06:42 256 --a------ c:\windows\system32\pool.bin
2009-01-18 06:08 . 2007-01-18 10:24 26,496 -ra------ c:\windows\system32\drivers\RimSerial.sys
2009-01-18 06:07 . 2009-01-18 06:07 <DIR> d-------- c:\program files\Research In Motion
2009-01-18 06:07 . 2009-01-28 15:34 <DIR> d-------- c:\program files\Common Files\Research In Motion
2009-01-18 06:04 . 2009-01-18 06:04 <DIR> d--hs---- c:\windows\ftpcache
2009-01-10 08:20 . 2009-01-10 08:20 <DIR> d-------- c:\documents and settings\user\Application Data\TeamViewer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-21 16:00 --------- d-----w c:\documents and settings\user\Application Data\AVG7
2008-12-20 22:55 --------- d-----w c:\program files\AllToAVI
2008-12-19 23:48 --------- d-----w c:\program files\PartyGaming
2008-12-13 01:11 69,632 ----a-w c:\windows\system32\drivers\zqgyhlq6pgg.sys
2007-12-10 11:46 47,360 ----a-w c:\documents and settings\user\Application Data\pcouffin.sys
2004-05-07 22:31 348,160 ----a-w c:\program files\mozilla firefox\components\MSVCR71.DLL
2006-11-07 19:58 139,264 ------w c:\program files\mozilla firefox\components\SABFF20.DLL
2008-10-20 15:13 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008102020081021\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-13 169984]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-10-04 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.X264"= x264vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2008-12-20 07:57 2356088 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AT&T Communication Manager]
--a------ 2008-12-01 14:23 33280 c:\program files\AT&T\Communication Manager\ATTCM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2008-10-19 07:14 590848 c:\progra~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 16:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 16:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-05-18 12:20 7700480 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-05-18 12:21 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-29 07:05 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-08-28 09:18 3660848 c:\program files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 16:43 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-05-18 12:21 1622016 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"aawservice"=2 (0x2)
"a2AntiMalware"=2 (0x2)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"Schedule"=2 (0x2)
"NVSvc"=2 (0x2)
"ATTRcAppSvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCPxpsp2res.dll,-22015
"1701:UDP"= 1701:UDPxpsp2res.dll,-22016
"500:UDP"= 500:UDPxpsp2res.dll,-22017

R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2006-06-24 89749]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [2006-06-24 9600]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys --> c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [?]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2005-08-25 466880]
S3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [2008-04-02 16269]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [2004-04-19 6656]
S3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\system32\drivers\NtApm.sys [2007-09-29 9344]
S3 u2kg54;BUFFALO WLI-U2-KG54 Wireless LAN Adapter Service;c:\windows\system32\drivers\rt2500usb.sys [2008-04-02 104320]
S3 USBAU;USB Audio Device Interface;c:\windows\system32\drivers\CM102.sys [2008-11-09 1312768]
S3 XDva031;XDva031;\??\c:\windows\system32\XDva031.sys --> c:\windows\system32\XDva031.sys [?]
S4 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [2008-11-20 113152]
.
- - - - ORPHANS REMOVED - - - -

BHO-{12699d45-3f0f-4c85-9d9b-10ce65a60c2f} - c:\windows\system32\hilivoze.dll
BHO-{4CE528E2-58C1-4256-9567-7DC19D3C4886} - c:\windows\system32\urqQhFvt.dll
BHO-{D5BF49A2-94F1-42BD-F434-3604812C807D} - c:\windows\system32\tyshb36rfjdf.dll
SharedTaskScheduler-{D5BF49A2-94F1-42BD-F434-3604812C807D} - c:\windows\system32\tyshb36rfjdf.dll
MSConfigStartUp-2ef07 - c:\program files\rhedelzvdocyw\nfvsrsz.exe
MSConfigStartUp-AACKWin - c:\progra~1\KSYSCO~1\smss.exe
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
MSConfigStartUp-bihomivabu - c:\windows\system32\dunulaju.dll
MSConfigStartUp-BlackBerryAutoUpdate - c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
MSConfigStartUp-Control Center - c:\program files\ASUS\WLAN Card Utilities\Center.exe
MSConfigStartUp-GetModule35 - c:\program files\GetModule\GetModule35.exe
MSConfigStartUp-GetPack28 - c:\program files\GetPack\GetPack28.exe
MSConfigStartUp-Jnskdfmf9eldfd - c:\docume~1\user\LOCALS~1\Temp\csrssc.exe
MSConfigStartUp-jsf8j34rgfght - c:\docume~1\user\LOCALS~1\Temp\winloggn.exe
MSConfigStartUp-lphcc35j0ejdn - c:\windows\system32\lphcc35j0ejdn.exe
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Nero\Lib\NeroCheck.exe
MSConfigStartUp-prunnet - c:\windows\system32\prunnet.exe
MSConfigStartUp-runner1 - c:\windows\mrofinu1535.exe
MSConfigStartUp-SpeedX - c:\progra~1\MyPortal\Speed-X\SpeedX.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-sysrest32 - c:\windows\system32\sysrest32.exe
MSConfigStartUp-tezrtsjhfr84iusjfo84f - c:\docume~1\user\LOCALS~1\Temp\csrssc.exe
MSConfigStartUp-VnrPack22 - c:\program files\VnrPack\VnrPack22.exe
MSConfigStartUp-winlogon - c:\documents and settings\user\svchost.exe
MSConfigStartUp-[system] - c:\windows\system32\drivers\services.exe
MSConfigStartUp-Cm102Sound - cm102.cpl
MSConfigStartUp-CTHelper - CTHELPER.EXE
MSConfigStartUp-CTxfiHlp - CTXFIHLP.EXE


.
------- Supplementary Scan -------
.
LSP: bmnet.dll
Trusted Zone: amaena.com
Trusted Zone: avsystemcare.com
Trusted Zone: onerateld.com
Trusted Zone: safetydownload.com
Trusted Zone: trustedantivirus.com
Trusted Zone: virusremover2008.com
Trusted Zone: virusschlacht.com
TCP: {2351A425-A26B-40A4-ADBB-99450D8C5E4A} = 208.67.220.220,208.67.222.222
TCP: {5155EB13-C52B-4965-8EE3-C18B2E198951} = 208.67.220.220,208.67.222.222
TCP: {6C7B25F9-A3B1-462D-B6F0-6C4C8B6B2C57} = 208.67.220.220,208.67.222.222
TCP: {E7CD77B1-4D33-47F9-BE3F-852B1695B32E} = 208.67.220.220,208.67.222.222
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\7805yqbd.default\
FF - component: c:\program files\Mozilla Firefox\components\SABFF20.DLL
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-01 13:48:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(728)
c:\windows\system32\bmnet.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wscntfy.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-02-01 13:50:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-01 21:50:14

Pre-Run: 67,190,714,368 bytes free
Post-Run: 67,343,056,896 bytes free

340 --- E O F --- 2008-12-12 11:02:28