Hey i updated my Adaware to the newest version i just want to know how to get rid of this virus????

Please help this is my log




Logfile of HijackThis v1.99.1
Scan saved at 4:56:32 PM, on 11/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Kevin\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\tfiqwatj.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [68017d79] rundll32.exe "C:\WINDOWS\system32\xnierjox.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187691094765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187691088046
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WUSB54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GS.exe (file missing)

Hello.kmradley & Welcome

May I ask that you run Ad-Aware update it. Then run me a Full System scan and add it's logfile here as an Attachment. I'm also going to have you run this tool here post it's logfile along with a logfile of the new Ver of HijackThis.

NOTE After you remove the Ver of HijackThis you have now. Make sure not to install the new Ver to a Temp folder.


Download HJTInstall.exe to your Desktop.

[list=4]Doubleclick HJTInstall.exe to install it.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch HijackThis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Save the log to a convenient location as you'll need to post it soon.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.[/list]

======================

Download ComboFix from Here or Here to your Desktop.

[*]Double click combofix.exe and follow the prompts.
[*]When finished, it shall produce a log for you. Post that log and a HiJackThis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Gogo

These are the new logs from what you said
First Combo fix

ComboFix 07-11-08.1 - Kevin 2007-11-14 21:09:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.457 [GMT -5:00]
Running from: C:\Documents and Settings\Kevin\Desktop\ComboFix.exe
* Created a new restore point
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\All Users\Desktop\internet.lnk
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Kevin\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Kevin\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Kevin\Favorites\Online Security Guide.lnk
C:\Program Files\Common Files\Yazzle1560OinAdmin.exe
C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe
C:\Program Files\inetget2
C:\Program Files\inetget2\Installeur.exe
C:\Program Files\Insider
C:\Program Files\Insider\Insider.exe
C:\Program Files\Insider\UnInstall.exe
C:\Program Files\Temporary
C:\Program Files\WinAble
C:\WINDOWS\b104.exe
C:\WINDOWS\b128.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\dccdd.bak1
C:\WINDOWS\system32\dccdd.bak2
C:\WINDOWS\system32\dccdd.ini
C:\WINDOWS\system32\ddccd.dll
C:\WINDOWS\system32\f1
C:\WINDOWS\system32\h2
C:\WINDOWS\system32\h2\jumper83122.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\r2
C:\WINDOWS\system32\r2\revdrive33b.exe
C:\WINDOWS\system32\tfiqwatj.dllbox

.
((((((((((((((((((((((((( Files Created from 2007-10-15 to 2007-11-15 )))))))))))))))))))))))))))))))
.

2007-11-14 21:20 36,864 --a------ C:\Documents and Settings\Kevin\services.exe
2007-11-14 21:06 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-14 21:05 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-14 20:29 40,960 --a------ C:\Documents and Settings\Kevin\f.exe
2007-11-14 20:28 <DIR> d-------- C:\WINDOWS\system32\rMa18yy
2007-11-14 20:28 <DIR> d-------- C:\WINDOWS\system32\6E696D6B6D746F7
2007-11-14 20:28 124,416 --a------ C:\WINDOWS\system32\140F1311131A151.exe
2007-11-14 20:28 36,352 --a------ C:\WINDOWS\system32\hggfeca.dll
2007-11-14 20:28 35,840 --a------ C:\WINDOWS\mrofinu1000106.exe
2007-11-13 23:23 85,056 --a------ C:\WINDOWS\system32\xnierjox.dll
2007-11-13 23:22 80,448 --a------ C:\WINDOWS\system32\cuwlruhu.dll
2007-11-13 23:22 71,232 --a------ C:\WINDOWS\system32\ajsigpwv.exe
2007-11-13 22:31 80,448 --a------ C:\WINDOWS\system32\icjoeoin.dll
2007-11-13 22:20 71,232 --a------ C:\WINDOWS\system32\vsapeawa.exe
2007-11-13 19:39 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-13 19:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-13 19:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-13 18:35 <DIR> d-------- C:\Program Files\XoftSpySE
2007-11-13 10:52 36,352 --a------ C:\WINDOWS\system32\gebbaax.dll
2007-11-13 10:42 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-11-13 10:42 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-11-12 22:31 81,472 --a------ C:\WINDOWS\system32\schujcqq.dll
2007-11-12 22:23 145,984 --a------ C:\WINDOWS\system32\tfiqwatj.dll
2007-11-12 22:22 145,984 --a------ C:\WINDOWS\system32\cnejuitr.dll
2007-11-12 10:12 120 --a------ C:\n.bat
2007-11-12 10:11 172,032 --a------ C:\winlogon.exe
2007-11-12 10:11 36,352 --a------ C:\WINDOWS\system32\nnnkigh.dll
2007-11-12 10:11 256 --a------ C:\Documents and Settings\Kevin\z.dat
2007-11-12 10:11 0 --a------ C:\z.dat
2007-11-12 10:11 0 --a------ C:\x.dat
2007-11-12 10:11 0 --a------ C:\Documents and Settings\Kevin\x.dat
2007-11-07 18:49 <DIR> d-------- C:\Program Files\Total Video Converter
2007-11-07 17:24 <DIR> d-------- C:\Program Files\Incomplete
2007-11-07 17:22 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-07 12:55 <DIR> d-------- C:\Program Files\iTunes
2007-11-07 12:55 <DIR> d-------- C:\Program Files\iPod
2007-11-07 12:53 <DIR> d-------- C:\Program Files\QuickTime
2007-11-06 20:03 <DIR> d-------- C:\Movavi files
2007-11-06 19:37 <DIR> d-------- C:\Documents and Settings\Kevin\Application Data\Ahead
2007-11-06 19:35 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-11-06 19:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-11-06 19:25 <DIR> d-------- C:\Program Files\Nero
2007-11-06 19:05 <DIR> d-------- C:\Program Files\Movavi Flash Converter
2007-11-06 19:05 33,824 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2007-11-06 18:19 <DIR> d-------- C:\Documents and Settings\Kevin\dwhelper

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-15 02:21 77 ----a-w C:\Documents and Settings\Kevin\2009.bat
2007-11-15 02:20 36,864 ----a-w C:\svchost.exe
2007-11-15 01:32 --------- d-----w C:\Documents and Settings\Kevin\Application Data\LimeWire
2007-11-08 03:50 --------- d-----w C:\Program Files\PokerStars.NET
2007-11-07 22:22 278,532 ----a-w C:\WINDOWS\Fonts\Setup.exe
2007-11-07 22:11 278,531 --sh--w C:\WINDOWS\Fonts\svchost.exe
2007-11-05 22:35 --------- d-----w C:\Documents and Settings\Kevin\Application Data\Ruckus Network
2007-11-02 15:28 --------- d-----w C:\Program Files\Java
2007-10-03 07:01 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-10-03 00:42 --------- d-----w C:\Program Files\MTV Networks
2007-10-03 00:16 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-10-02 20:33 --------- d-----w C:\Program Files\Ruckus Player
2007-10-02 20:33 --------- d-----w C:\Program Files\Bonjour
2007-09-27 00:31 --------- d-----w C:\Program Files\MSECache
2007-09-20 07:02 --------- d-----w C:\Program Files\Common Files\Java
2007-09-20 06:33 --------- d-----w C:\Program Files\Creative
2007-09-20 06:32 --------- d-----w C:\Documents and Settings\Kevin\Application Data\Creative
2007-09-20 06:15 --------- d-----w C:\Program Files\Intel
2007-09-20 06:02 --------- d-----w C:\Program Files\microsoft frontpage
2007-09-18 18:14 --------- d-----w C:\Program Files\Common Files\eSellerate
2007-09-17 22:57 --------- d-----w C:\Documents and Settings\Kevin\Application Data\Apple Computer
2007-09-17 22:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-17 22:56 --------- d-----w C:\Program Files\Common Files\Apple
2007-09-17 22:56 --------- d-----w C:\Program Files\Apple Software Update
2007-09-17 22:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-08-02 13:43 282,624 ----a-w C:\Program Files\TTC.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01CD0B31-9154-45F2-9414-F5D64B74EAF6}]
2007-11-12 10:11 36352 --a------ C:\WINDOWS\system32\nnnkigh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-12 22:23 145984 --a------ C:\WINDOWS\system32\tfiqwatj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{debec373-4fc6-4076-afc9-d7d65d60adae}]
2007-11-13 23:22 80448 --a------ C:\WINDOWS\system32\cuwlruhu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E31701AA-1862-445A-ADD3-8B700B2A6734}]
C:\Program Files\Microsoft Office\mewodykuwC:\WINDOWS\system32\h2\jumper83122.exe.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\tfiqwatj.dll [2007-11-12 22:23 145984]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\tfiqwatj.dll [2007-11-12 22:23 145984]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"1A15191719201B231"="140F1311131A151.exe" [2007-11-02 17:39 C:\WINDOWS\system32\140F1311131A151.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22]
"nwiz"="nwiz.exe" [2006-10-22 11:22 C:\WINDOWS\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2006-08-11 13:56 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 13:56 C:\WINDOWS\system32\CTXFIHLP.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 03:59 C:\WINDOWS\BCMSMMSG.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 17:03]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 11:22 C:\WINDOWS\system32\nvmctray.dll]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 09:57]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" [2007-11-07 17:11]
"68017d79"="C:\WINDOWS\system32\xnierjox.dll" [2007-11-13 23:23]
"runner1"="C:\WINDOWS\mrofinu1188.exe" [2007-11-14 21:21]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{01CD0B31-9154-45F2-9414-F5D64B74EAF6}"= C:\WINDOWS\system32\nnnkigh.dll [2007-11-12 10:11 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnkigh]
nnnkigh.dll 2007-11-12 10:11 36352 C:\WINDOWS\system32\nnnkigh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tfiqwatj]
tfiqwatj.dll 2007-11-12 22:23 145984 C:\WINDOWS\system32\tfiqwatj.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau C:\WINDOWS\system32\ddccd.dll

R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
R3 USB_RNDIS_XP;Linksys Wireless-G USB Network Adapter with SpeedBooster Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-07 16:56:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-15 02:18:04 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2007-11-13 23:35:35 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-14 21:19:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-14 21:24:28 - machine was rebooted
.
--- E O F ---


Attached is the adaware and hijack this

I hope this works

Hi.kmradley

Backup the Registry:

Navigate to Start | Run and paste the following:

regedit /e c:\registrybackup.reg

Now click OK
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.


=======================

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quote box below into it (but don't include the word: quote). Make sure to use NotePad and nothing else.


Save this as CFScript.txt, in the same location as ComboFix.exe

Click to view attachment

Refering to the picture above, drag CFScript into ComboFix.exe


When finished, it will produce a log for you at "C:\ComboFix.txt"


Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

========================

Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\tfiqwatj.dll

O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [68017d79] rundll32.exe "C:\WINDOWS\system32\xnierjox.dll",b
O4 - HKLM\..\Run: [1A15191719201B231] 140F1311131A151.exe

Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Then exit Or Close HijackThis.


Then come back here with both the HijackThis log and ComboFix.txt


Gogo

New logs are attached and copied here.

Seems like things are getting better i saw only 2 of those 4 things to fix so i did them.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:53:14 PM, on 11/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {55703c6b-728b-be99-8734-72fa82b6efa4} - {4afe6b28-af27-4378-99eb-b827b6c30755} - C:\WINDOWS\system32\qbrdmqok.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {E31701AA-1862-445A-ADD3-8B700B2A6734} - C:\Program Files\Microsoft Office\mewodykuwC:\WINDOWS\system32\h2\jumper83122.exe.dll (file missing)
O2 - BHO: (no name) - {E733A8A9-D395-472F-AAA9-E77003465AF4} - C:\Program Files\Microsoft Office\mewodykuwC:\WINDOWS\system32\h2\jumper83122.exe.dll (file missing)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187691094765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187691088046
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WUSB54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
--
End of file - 7405 bytes

Not sure if i got the right log for combo so let me know.

Admin edit by LS CalamityJane: Pasting in ComboFix log for easier review

ComboFix 07-11-08.1 - Kevin 2007-11-14 21:09:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.457 [GMT -5:00]
Running from: C:\Documents and Settings\Kevin\Desktop\ComboFix.exe
* Created a new restore point
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\All Users\Desktop\internet.lnk
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Kevin\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Kevin\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Kevin\Favorites\Online Security Guide.lnk
C:\Program Files\Common Files\Yazzle1560OinAdmin.exe
C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe
C:\Program Files\inetget2
C:\Program Files\inetget2\Installeur.exe
C:\Program Files\Insider
C:\Program Files\Insider\Insider.exe
C:\Program Files\Insider\UnInstall.exe
C:\Program Files\Temporary
C:\Program Files\WinAble
C:\WINDOWS\b104.exe
C:\WINDOWS\b128.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\dccdd.bak1
C:\WINDOWS\system32\dccdd.bak2
C:\WINDOWS\system32\dccdd.ini
C:\WINDOWS\system32\ddccd.dll
C:\WINDOWS\system32\f1
C:\WINDOWS\system32\h2
C:\WINDOWS\system32\h2\jumper83122.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\r2
C:\WINDOWS\system32\r2\revdrive33b.exe
C:\WINDOWS\system32\tfiqwatj.dllbox

.
((((((((((((((((((((((((( Files Created from 2007-10-15 to 2007-11-15 )))))))))))))))))))))))))))))))
.

2007-11-14 21:20 36,864 --a------ C:\Documents and Settings\Kevin\services.exe
2007-11-14 21:06 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-14 21:05 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-14 20:29 40,960 --a------ C:\Documents and Settings\Kevin\f.exe
2007-11-14 20:28 <DIR> d-------- C:\WINDOWS\system32\rMa18yy
2007-11-14 20:28 <DIR> d-------- C:\WINDOWS\system32\6E696D6B6D746F7
2007-11-14 20:28 124,416 --a------ C:\WINDOWS\system32\140F1311131A151.exe
2007-11-14 20:28 36,352 --a------ C:\WINDOWS\system32\hggfeca.dll
2007-11-14 20:28 35,840 --a------ C:\WINDOWS\mrofinu1000106.exe
2007-11-13 23:23 85,056 --a------ C:\WINDOWS\system32\xnierjox.dll
2007-11-13 23:22 80,448 --a------ C:\WINDOWS\system32\cuwlruhu.dll
2007-11-13 23:22 71,232 --a------ C:\WINDOWS\system32\ajsigpwv.exe
2007-11-13 22:31 80,448 --a------ C:\WINDOWS\system32\icjoeoin.dll
2007-11-13 22:20 71,232 --a------ C:\WINDOWS\system32\vsapeawa.exe
2007-11-13 19:39 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-13 19:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-13 19:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-13 18:35 <DIR> d-------- C:\Program Files\XoftSpySE
2007-11-13 10:52 36,352 --a------ C:\WINDOWS\system32\gebbaax.dll
2007-11-13 10:42 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-11-13 10:42 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-11-12 22:31 81,472 --a------ C:\WINDOWS\system32\schujcqq.dll
2007-11-12 22:23 145,984 --a------ C:\WINDOWS\system32\tfiqwatj.dll
2007-11-12 22:22 145,984 --a------ C:\WINDOWS\system32\cnejuitr.dll
2007-11-12 10:12 120 --a------ C:\n.bat
2007-11-12 10:11 172,032 --a------ C:\winlogon.exe
2007-11-12 10:11 36,352 --a------ C:\WINDOWS\system32\nnnkigh.dll
2007-11-12 10:11 256 --a------ C:\Documents and Settings\Kevin\z.dat
2007-11-12 10:11 0 --a------ C:\z.dat
2007-11-12 10:11 0 --a------ C:\x.dat
2007-11-12 10:11 0 --a------ C:\Documents and Settings\Kevin\x.dat
2007-11-07 18:49 <DIR> d-------- C:\Program Files\Total Video Converter
2007-11-07 17:24 <DIR> d-------- C:\Program Files\Incomplete
2007-11-07 17:22 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-07 12:55 <DIR> d-------- C:\Program Files\iTunes
2007-11-07 12:55 <DIR> d-------- C:\Program Files\iPod
2007-11-07 12:53 <DIR> d-------- C:\Program Files\QuickTime
2007-11-06 20:03 <DIR> d-------- C:\Movavi files
2007-11-06 19:37 <DIR> d-------- C:\Documents and Settings\Kevin\Application Data\Ahead
2007-11-06 19:35 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-11-06 19:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-11-06 19:25 <DIR> d-------- C:\Program Files\Nero
2007-11-06 19:05 <DIR> d-------- C:\Program Files\Movavi Flash Converter
2007-11-06 19:05 33,824 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2007-11-06 18:19 <DIR> d-------- C:\Documents and Settings\Kevin\dwhelper

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-15 02:21 77 ----a-w C:\Documents and Settings\Kevin\2009.bat
2007-11-15 02:20 36,864 ----a-w C:\svchost.exe
2007-11-15 01:32 --------- d-----w C:\Documents and Settings\Kevin\Application Data\LimeWire
2007-11-08 03:50 --------- d-----w C:\Program Files\PokerStars.NET
2007-11-07 22:22 278,532 ----a-w C:\WINDOWS\Fonts\Setup.exe
2007-11-07 22:11 278,531 --sh--w C:\WINDOWS\Fonts\svchost.exe
2007-11-05 22:35 --------- d-----w C:\Documents and Settings\Kevin\Application Data\Ruckus Network
2007-11-02 15:28 --------- d-----w C:\Program Files\Java
2007-10-03 07:01 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-10-03 00:42 --------- d-----w C:\Program Files\MTV Networks
2007-10-03 00:16 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-10-02 20:33 --------- d-----w C:\Program Files\Ruckus Player
2007-10-02 20:33 --------- d-----w C:\Program Files\Bonjour
2007-09-27 00:31 --------- d-----w C:\Program Files\MSECache
2007-09-20 07:02 --------- d-----w C:\Program Files\Common Files\Java
2007-09-20 06:33 --------- d-----w C:\Program Files\Creative
2007-09-20 06:32 --------- d-----w C:\Documents and Settings\Kevin\Application Data\Creative
2007-09-20 06:15 --------- d-----w C:\Program Files\Intel
2007-09-20 06:02 --------- d-----w C:\Program Files\microsoft frontpage
2007-09-18 18:14 --------- d-----w C:\Program Files\Common Files\eSellerate
2007-09-17 22:57 --------- d-----w C:\Documents and Settings\Kevin\Application Data\Apple Computer
2007-09-17 22:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-17 22:56 --------- d-----w C:\Program Files\Common Files\Apple
2007-09-17 22:56 --------- d-----w C:\Program Files\Apple Software Update
2007-09-17 22:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-08-02 13:43 282,624 ----a-w C:\Program Files\TTC.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01CD0B31-9154-45F2-9414-F5D64B74EAF6}]
2007-11-12 10:11 36352 --a------ C:\WINDOWS\system32\nnnkigh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-12 22:23 145984 --a------ C:\WINDOWS\system32\tfiqwatj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{debec373-4fc6-4076-afc9-d7d65d60adae}]
2007-11-13 23:22 80448 --a------ C:\WINDOWS\system32\cuwlruhu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E31701AA-1862-445A-ADD3-8B700B2A6734}]
C:\Program Files\Microsoft Office\mewodykuwC:\WINDOWS\system32\h2\jumper83122.exe.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\tfiqwatj.dll [2007-11-12 22:23 145984]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\tfiqwatj.dll [2007-11-12 22:23 145984]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"1A15191719201B231"="140F1311131A151.exe" [2007-11-02 17:39 C:\WINDOWS\system32\140F1311131A151.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22]
"nwiz"="nwiz.exe" [2006-10-22 11:22 C:\WINDOWS\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2006-08-11 13:56 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 13:56 C:\WINDOWS\system32\CTXFIHLP.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 03:59 C:\WINDOWS\BCMSMMSG.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 17:03]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 11:22 C:\WINDOWS\system32\nvmctray.dll]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 09:57]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" [2007-11-07 17:11]
"68017d79"="C:\WINDOWS\system32\xnierjox.dll" [2007-11-13 23:23]
"runner1"="C:\WINDOWS\mrofinu1188.exe" [2007-11-14 21:21]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{01CD0B31-9154-45F2-9414-F5D64B74EAF6}"= C:\WINDOWS\system32\nnnkigh.dll [2007-11-12 10:11 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnkigh]
nnnkigh.dll 2007-11-12 10:11 36352 C:\WINDOWS\system32\nnnkigh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tfiqwatj]
tfiqwatj.dll 2007-11-12 22:23 145984 C:\WINDOWS\system32\tfiqwatj.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau C:\WINDOWS\system32\ddccd.dll

R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
R3 USB_RNDIS_XP;Linksys Wireless-G USB Network Adapter with SpeedBooster Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-07 16:56:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-15 02:18:04 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2007-11-13 23:35:35 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-14 21:19:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-14 21:24:28 - machine was rebooted
.
--- E O F ---

Apologies for jumping in here but in browsing forum posts looking for those machines that have signs of being infected with a certain new variant of SDbot backdoor trojan, I have found yours here has been affected.

Additional note about the SDbot trojan you had running there.

It is really bad news in that recent reports on this nasty include the fact that it not only contacts a remote site to download additional malware to the PC, but also that it often includes a data theft routine to steal info off of your computer and a password stealer which may affect any and all accounts you have stored on there.

This is a very serious threat and I can't caution you enough about the damage going on. This is beyond a spyware/adware problem in that this infection includes this extremely dangerous backdoor/remote access trojan. We are seeing quite a few of these and it is one of the nastier infections we have seen in quite a while.

What is a backdoor or remote access trojan?
Read this article.
Danger: Remote Access Trojans
http://www.microsoft.com/technet/sec.....;/virusrat.mspx

Basically, your system has been compromised. Anyone may have had access to anything on your system or done whatever they want to it and hidden it from you.

I'm now getting real concerned if this PC is still connected to the internet and being used? You are at high risk of identify theft as well. Really the best remediation recommendation may be to stop trying to clean and do a reformat/reinstall of the operating system to be certain this machine is trustworthy for future use.

When should I re-format? How should I reinstall?
http://www.dslreports.com/faq/10063

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451


The trojan is running as evidenced by these entries in your logs:

2007-11-07 22:22 278,532 ----a-w C:\WINDOWS\Fonts\Setup.exe
2007-11-07 22:11 278,531 --sh--w C:\WINDOWS\Fonts\svchost.exe

These files were likely created by the trojan to hold and transmit stolen account data and passwords to the attacker
2007-11-12 10:11 256 --a------ C:\Documents and Settings\Kevin\z.dat
2007-11-12 10:11 0 --a------ C:\z.dat
2007-11-12 10:11 0 --a------ C:\x.dat
2007-11-12 10:11 0 --a------ C:\Documents and Settings\Kevin\x.dat

Further to add: I hope you realize that you probably got this infection by downloading illegal cracks from the internet for illegal copies of software OR downloading and running infected files obtained through P2P programs.
.................
@HJThis: If you are going to continue to try to clean instead of the recommended reformat/reinstall you'll need to be sure to include a online AV scan with eSet:

* Go here to run an online scannner from ESET.

• Note: You will need to use Internet explorer for this scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats and the option Scan unwanted applications is checkmarked.
• Click Scan
• Wait for the scan to finish
• Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
• Copy and paste that log as a reply to this topic, laong with a new HijackThis log & a description of any remaining problems

And you'll probably find the newest updated VundoFix version for the Vundo infection may help. ( Vundofix v 6.6.2 just released today)

But I wouldn't mess around too long with the machine infected with that trojan and get the SDbot squared away ASAP (there are many more infected files than you can find with the tools ComboFix and HJT are showing), and while SDFix might also be useful - a full system scan with the online AV scanner using the *remove all threats* option checkmarked is the first thing you should probably do here.