I've read across many forums, and other sites. I haven't received any trouble accessing google(yet). I used AVG after my computer couldn't go into hibernation mode, and found the vundo.ka in the windows/explorer file. Two hours later, another 2 files containing vundo has been found in iexplorer files. Please help. I've tried downloading osam automanager as a solution, but my computer can't recognise it as an msi file.

This is the logfile from using hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:54:31, on 9/02/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3C2.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [EPSON Stylus C63 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3C2.EXE /P23 "EPSON Stylus C63 Series" /O5 "LPT1:" /M "Stylus C63"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus C63 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3C2.EXE /P23 "EPSON Stylus C63 Series" /M "Stylus C63" /EF "HKCU"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .psd: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 8169 bytes

Hello. Welcome to the forums.

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

ComboFix 10-02-08.09 - Simon Tang 10/02/2010 0:57.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.619 [GMT 11:00]
Running from: C:\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Outdated) {00000000-0000-0000-0000-000000000000}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\desktop
c:\windows\desktop\Lamex338\Unwise32.exe

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\i386\proquota.exe

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - c:\windows\system32\dllcache\atapi.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SFX
-------\Legacy_SFXDRV
-------\Service_SfX


((((((((((((((((((((((((( Files Created from 2010-01-09 to 2010-02-09 )))))))))))))))))))))))))))))))
.

2010-02-09 14:02 . 2004-08-03 21:00 50176 ----a-w- c:\windows\system32\proquota.exe
2010-02-09 14:02 . 2004-08-03 21:00 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2010-02-09 13:30 . 2010-02-09 13:30 3852379 ----a-r- C:\ComboFix.exe
2010-02-09 07:38 . 2010-02-09 07:39 11223040 ----a-w- C:\osam_autorun_manager_5_0.msi
2010-02-09 06:30 . 2010-02-09 06:30 -------- d-----w- C:\VundoFix Backups
2010-02-09 06:29 . 2010-02-09 06:29 119808 ----a-w- C:\VundoFix.exe
2010-02-09 06:15 . 2010-02-09 06:15 23040 ------w- C:\chktrust.exe
2010-02-09 05:29 . 2010-02-09 05:29 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-09 04:28 . 2010-02-09 05:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-27 22:28 . 2010-01-25 03:59 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-01-27 22:28 . 2010-01-25 03:59 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-01-25 04:00 . 2010-01-25 04:00 -------- d-----w- C:\$AVG
2010-01-25 03:59 . 2010-01-25 03:59 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-25 03:59 . 2010-01-25 03:59 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-25 03:59 . 2010-01-25 03:59 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-25 03:59 . 2010-01-25 03:59 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-25 03:59 . 2010-02-09 09:40 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-25 03:59 . 2010-01-25 03:59 -------- d-----w- c:\program files\AVG
2010-01-25 03:59 . 2010-02-09 13:16 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-25 03:58 . 2010-01-26 01:33 -------- d-----w- c:\windows\SxsCaPendDel
2010-01-24 23:54 . 2010-01-24 23:55 891248 ------w- C:\avg_free_stb_all_9_40_cnet.exe
2010-01-20 11:25 . 2010-01-20 11:25 152576 ----a-w- c:\documents and settings\Simon Tang\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-20 11:24 . 2010-01-20 11:24 79488 ----a-w- c:\documents and settings\Simon Tang\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-20 09:08 . 2010-01-20 09:08 800544 ----a-w- C:\JavaSetup6u17-rv.exe
2010-01-20 06:31 . 2010-01-20 06:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus

Please download SpiderKill by DragonMaster Jay and save it to your Desktop.

• Right-click on SpiderKill.zip and click Extract All. Follow the prompts and read carefully, to save it to your Desktop.
  
• Double-click on the SpiderKill folder, and then double-click on SpiderKill.bat and follow all the prompts in the program.
  
• Within a minute, it will save its log titled SpiderKill.txt. Please post that in your next reply. You may have to use two or three posts to be able to fit the information in.

here's the spiderkill.txt (part 1):

SpiderKill by DragonMaster Jay ( Oct 2009 )


Microsoft Windows XP [Version 5.1.2600]

********************Drivers list********************


Volume in drive C has no label.
Volume Serial Number is 3C53-C1D5

Directory of C:\Windows\System32\Drivers

10/02/2010 01:10 .
10/02/2010 01:10 ..
09/08/2005 16:51 3,501 1028_Dell_DIM_DIM3000.mrk
17/08/2001 16:52 23,552 ABP480N5.SYS
04/08/2004 08:00 187,776 acpi.sys
04/08/2004 08:00 11,648 acpiec.sys
17/08/2001 17:07 101,888 adpu160m.sys
15/02/2006 11:22 142,464 aec.sys
14/08/2008 20:51 138,368 afd.sys
04/08/2004 02:07 42,368 AGP440.SYS
04/08/2004 02:07 44,928 AGPCPQ.SYS
17/08/2001 16:52 12,800 aha154x.sys
17/08/2001 17:07 55,168 aic78u2.sys
17/08/2001 17:07 56,960 aic78xx.sys
17/08/2001 16:51 5,248 aliide.sys
04/08/2004 02:07 42,752 ALIM1541.SYS
04/08/2004 02:07 43,008 AMDAGP.SYS
04/08/2004 08:00 36,992 amdk6.sys
04/08/2004 08:00 37,376 amdk7.sys
17/08/2001 16:52 12,032 amsint.sys
04/08/2004 08:00 60,800 arp1394.sys
17/08/2001 16:52 26,496 asc.sys
17/08/2001 16:52 22,400 asc3350p.sys
17/08/2001 16:51 14,848 asc3550.sys
04/08/2004 08:00 14,336 asyncmac.sys
03/08/2004 14:59 95,360 atapi.sys
04/08/2004 08:00 59,904 atmarpc.sys
04/08/2004 08:00 31,360 atmepvc.sys
04/08/2004 08:00 55,936 atmlane.sys
04/08/2004 08:00 352,256 atmuni.sys
17/08/2001 16:59 3,072 audstub.sys
09/02/2010 20:40 Avg
25/01/2010 14:59 333,192 avgldx86.sys
25/01/2010 14:59 28,424 avgmfx86.sys
23/02/2006 18:17 32,768 avgntdd.sys
04/07/2005 12:58 14,848 avgntmgr.sys
25/01/2010 14:59 360,584 avgtdix.sys
04/08/2004 08:00 71,552 bridge.sys
14/06/2008 00:10 272,128 bthport.sys
17/08/2001 16:52 13,952 cbidf2k.sys
17/08/2001 16:52 7,680 cd20xrnt.sys
04/08/2004 08:00 18,688 cdaudio.sys
04/08/2004 08:00 63,744 cdfs.sys
04/08/2004 08:00 49,536 cdrom.sys
04/08/2004 08:00 262,528 cinemst2.sys
04/08/2004 08:00 49,664 classpnp.sys
17/08/2001 16:51 6,656 cmdide.sys
17/08/2001 16:52 14,976 cpqarray.sys
04/08/2004 08:00 11,776 cpqdap01.sys
04/08/2004 08:00 36,480 crusoe.sys
17/08/2001 16:52 179,584 dac2w2k.sys
17/08/2001 16:52 14,720 dac960nt.sys
10/08/2004 15:52 disdn
04/08/2004 08:00 36,352 disk.sys
04/08/2004 08:00 14,208 diskdump.sys
04/08/2004 08:00 799,744 dmboot.sys
04/08/2004 08:00 153,344 dmio.sys
04/08/2004 08:00 5,888 dmload.sys
04/08/2004 02:07 52,864 DMusic.sys
17/08/2001 17:07 20,192 dpti2o.sys
04/08/2004 02:08 60,288 drmk.sys
04/08/2004 02:07 2,944 drmkaud.sys
01/12/2004 06:22 87,488 drvmcdb.sys
23/11/2004 05:56 40,480 drvnddm.sys
04/08/2004 08:00 10,496 dxapi.sys
04/08/2004 08:00 71,040 dxg.sys
04/08/2004 08:00 3,328 dxgthk.sys
11/02/2004 00:49 154,112 e100b325.sys
10/02/2010 01:05 etc
04/08/2004 08:00 143,360 fastfat.sys
04/08/2004 08:00 27,392 fdc.sys
04/08/2004 08:00 34,944 fips.sys
04/08/2004 08:00 20,480 flpydisk.sys
21/08/2006 20:14 128,896 fltmgr.sys
04/08/2004 08:00 12,160 fsvga.sys
04/08/2004 08:00 7,936 fs_rec.sys
17/08/2001 16:52 125,056 ftdisk.sys
04/08/2004 08:00 3,440,660 gm.dls
04/08/2004 08:00 646 gmreadme.txt
04/08/2004 08:00 36,224 hidclass.sys
04/08/2004 08:00 24,960 hidparse.sys
17/08/2001 17:02 9,600 hidusb.sys
17/08/2001 17:07 25,952 hpn.sys
17/03/2006 11:33 262,784 http.sys
04/08/2004 02:00 8,192 i2omgmt.sys
04/08/2004 02:00 18,560 i2omp.sys
04/08/2004 08:00 52,736 i8042prt.sys
20/09/2005 10:00 1,302,332 ialmnt5.sys
15/08/2005 12:08 5,888 imagedrv.sys
15/08/2005 12:08 127,488 imagesrv.sys
04/08/2004 08:00 41,856 imapi.sys
17/08/2001 16:52 16,000 ini910u.sys
04/08/2004 01:59 5,504 intelide.sys
04/08/2004 08:00 36,096 intelppm.sys
04/08/2004 08:00 29,056 ip6fw.sys
04/08/2004 08:00 32,896 ipfltdrv.sys
04/08/2004 08:00 20,992 ipinip.sys
30/09/2004 09:28 134,912 ipnat.sys
04/08/2004 08:00 74,752 ipsec.sys
11/02/2004 18:27 19,456 iqvw32.sys
04/08/2004 08:00 11,264 irenum.sys
17/08/2001 16:58 35,840 isapnp.sys
04/08/2004 01:58 24,576 kbdclass.sys
14/06/2006 19:47 172,416 kmixer.sys
04/08/2004 02:15 140,928 ks.sys
04/08/2004 08:00 92,032 ksecdd.sys
04/08/2004 08:00 7,680 mcd.sys
04/08/2004 08:00 63,744 mf.sys
04/08/2004 08:00 4,224 mnmdd.sys
04/08/2004 08:00 30,080 modem.sys
17/08/2001 14:57 16,128 MODEMCSA.sys
04/08/2004 01:58 23,040 mouclass.sys
17/08/2001 16:48 12,160 mouhid.sys
04/08/2004 08:00 42,240 mountmgr.sys
17/08/2001 16:52 17,280 mraid35x.sys
18/12/2007 20:51 179,584 mrxdav.sys
24/10/2008 22:10 453,632 mrxsmb.sys
04/08/2004 08:00 19,072 msfs.sys
04/08/2004 08:00 35,072 msgpc.sys
04/08/2004 01:58 7,552 MSKSSRV.sys
04/08/2004 01:58 5,376 MSPCLOCK.sys
04/08/2004 01:58 4,992 MSPQM.sys
04/08/2004 02:07 15,488 mssmbios.sys
04/08/2004 08:00 107,904 mup.sys
04/08/2004 08:00 182,912 ndis.sys
04/08/2004 08:00 9,600 ndistapi.sys
04/08/2004 08:00 12,928 ndisuio.sys
04/08/2004 08:00 91,776 ndiswan.sys
04/08/2004 08:00 38,016 ndproxy.sys
04/08/2004 08:00 34,560 netbios.sys
04/08/2004 08:00 162,816 netbt.sys
04/08/2004 08:00 61,824 nic1394.sys
04/08/2004 08:00 12,032 nikedrv.sys
04/08/2004 08:00 40,320 nmnt.sys
22/02/2007 11:15 137,216 nmwcd.sys
22/02/2007 11:15 8,320 nmwcdc.sys
22/02/2007 11:15 12,288 nmwcdcj.sys
22/02/2007 11:15 12,288 nmwcdcm.sys
04/08/2004 08:00 30,848 npfs.sys
09/02/2007 22:10 574,464 ntfs.sys
04/08/2004 08:00 2,944 null.sys
04/08/2004 01:29 1,897,408 nv4_mini.sys
04/08/2004 08:00 12,416 nwlnkflt.sys
04/08/2004 08:00 32,512 nwlnkfwd.sys
04/08/2004 08:00 88,448 nwlnkipx.sys
04/08/2004 08:00 63,232 nwlnknb.sys
04/08/2004 08:00 55,936 nwlnkspx.sys
04/08/2004 08:00 3,456 oprghdlr.sys
04/08/2004 08:00 42,496 p3.sys
04/08/2004 08:00 80,128 parport.sys
04/08/2004 08:00 18,688 partmgr.sys
04/08/2004 08:00 6,784 parvdm.sys
04/08/2004 02:07 68,224 pci.sys
17/08/2001 16:51 3,328 pciide.sys
04/08/2004 01:59 25,088 pciidex.sys
04/08/2004 08:00 119,936 pcmcia.sys
28/02/2007 19:20 47,360 pcouffin.sys
17/08/2001 17:07 27,296 perc2.sys
17/08/2001 17:07 5,504 perc2hib.sys
04/08/2004 02:15 145,792 portcls.sys
04/08/2004 08:00 35,328 processr.sys
04/08/2004 08:00 69,120 psched.sys
04/08/2004 08:00 17,792 ptilink.sys
30/01/2007 16:03 36,624 pxhelp20.sys
17/08/2001 16:52 40,320 ql1080.sys
17/08/2001 16:52 33,152 ql10wnt.sys
17/08/2001 16:52 45,312 ql12160.sys
17/08/2001 16:52 40,448 ql1240.sys
17/08/2001 16:52 49,024 ql1280.sys
04/08/2004 08:00 8,832 rasacd.sys
04/08/2004 08:00 51,328 rasl2tp.sys
04/08/2004 08:00 41,472 raspppoe.sys
04/08/2004 08:00 48,384 raspptp.sys
04/08/2004 08:00 16,512 raspti.sys
04/08/2004 08:00 34,432 rawwan.sys
05/05/2006 20:47 174,592 rdbss.sys
04/08/2004 08:00 4,224 rdpcdd.sys
04/08/2004 02:01 196,864 rdpdr.sys
10/06/2005 15:09 139,528 rdpwd.sys
04/08/2004 01:59 57,472 redbook.sys
04/08/2004 08:00 12,032 rio8drv.sys
04/08/2004 08:00 12,032 riodrv.sys
08/05/2008 23:28 202,752 rmcast.sys
04/08/2004 08:00 30,080 rndismp.sys
04/08/2004 08:00 5,888 rootmdm.sys
04/08/2004 08:00 96,256 scsiport.sys
04/08/2004 08:00 67,584 sdbus.sys
13/11/2007 21:25 20,480 secdrv.sys
17/09/2004 17:02 732,928 senfilt.sys
04/08/2004 08:00 15,488 serenum.sys
04/08/2004 08:00 64,896 serial.sys
17/08/2001 14:48 17,664 sermouse.sys
04/08/2004 08:00 11,136 sffdisk.sys
04/08/2004 08:00 10,240 sffp_sd.sys
04/08/2004 08:00 11,392 sfloppy.sys
04/08/2004 02:07 41,088 SISAGP.SYS
04/08/2004 08:00 14,592 smclib.sys
28/01/2005 00:31 260,352 smwdm.sys
04/08/2004 08:00 25,472 sonydcam.sys
17/08/2001 17:07 19,072 sparrow.sys
14/06/2006 19:47 6,400 splitter.sys
14/09/2000 23:23 20,576 spmmd2k.sys
04/08/2004 08:00 73,472 sr.sys
11/12/2008 22:57 333,184 srv.sys
14/07/2004 14:29 5,627 sscdbhk5.sys
30/08/2005 01:47 58,320 ssm_bus.sys
30/08/2005 01:49 6,176 ssm_cm.sys
30/08/2005 01:49 6,176 ssm_cmnt.sys
30/08/2005 01:49 8,336 ssm_mdfl.sys
30/08/2005 01:49 94,000 ssm_mdm.sys
30/08/2005 01:47 5,840 ssm_wh.sys
30/08/2005 01:47 5,840 ssm_whnt.sys
14/07/2004 14:28 23,545 ssrtln.sys
04/08/2004 02:08 48,640 stream.sys
04/08/2004 01:58 4,352 swenum.sys
17/08/2001 17:00 54,272 swmidi.sys
17/08/2001 17:07 16,256 symc810.sys
17/08/2001 17:07 32,640 symc8xx.sys
17/08/2001 17:07 28,384 sym_hi.sys
17/08/2001 17:07 30,688 sym_u3.sys
04/08/2004 02:15 60,800 sysaudio.sys
04/08/2004 08:00 14,976 tape.sys
20/06/2008 21:45 360,320 tcpip.sys
20/06/2008 20:52 225,920 tcpip6.sys
04/08/2004 08:00 18,560 tdi.sys
04/08/2004 08:00 12,040 tdpipe.sys
04/08/2004 08:00 21,896 tdtcp.sys
04/08/2004 04:01 40,840 termdd.sys
04/08/2004 08:00 51,712 tosdvd.sys
17/08/2001 16:51 4,992 toside.sys
04/08/2004 08:00 21,376 tsbvcap.sys
04/08/2004 08:00 12,416 tunmp.sys
04/08/2004 08:00 66,176 udfs.sys
17/08/2001 16:52 36,736 ultra.sys
23/04/2007 21:32 364,160 update.sys
04/08/2004 08:00 12,672 usb8023.sys
03/08/2004 23:07 59,264 USBAUDIO.sys
04/08/2004 08:00 23,808 usbcamd.sys
04/08/2004 08:00 23,936 usbcamd2.sys
03/08/2004 23:08 31,616 usbccgp.sys
04/08/2004 08:00 4,736 usbd.sys
04/08/2004 08:00 26,624 usbehci.sys
04/08/2004 02:08 57,600 usbhub.sys
04/08/2004 08:00 16,000 usbintel.sys
04/08/2004 02:08 142,976 usbport.sys
03/08/2004 22:58 15,104 usbscan.sys
03/08/2004 23:08 26,496 USBSTOR.SYS
04/08/2004 02:08 20,480 usbuhci.sys
04/08/2004 08:00 58,112 vdmindvd.sys
04/08/2004 08:00 20,992 vga.sys
04/08/2004 02:07 42,240 VIAAGP.SYS
04/08/2004 01:59 5,376 viaide.sys
04/08/2004 08:00 79,744 videoprt.sys
04/08/2004 08:00 52,352 volsnap.sys
04/08/2004 08:00 34,560 wanarp.sys
05/02/2002 19:30 28,396 wanatw4.sys
14/06/2006 20:00 82,944 wdmaud.sys
04/08/2004 08:00 4,352 wmilib.sys
11/08/2004 01:45 18,944 wpdusb.sys
04/08/2004 08:00 12,032 ws2ifsl.sys
255 File(s) 22,900,283 bytes

Part 2 of spiderkill.txt:
Directory of C:\Windows\System32\Drivers\Avg

09/02/2010 20:40 .
09/02/2010 20:40 ..
25/01/2010 14:59 6,061,540 avi7.avg
25/01/2010 14:59 113,461 iavichjw.avm
09/02/2010 20:39 55,278,728 incavi.avm
25/01/2010 14:59 142,495 microavi.avg
25/01/2010 14:59 492,629 miniavi.avg
5 File(s) 62,088,853 bytes

Directory of C:\Windows\System32\Drivers\disdn

10/08/2004 15:52 .
10/08/2004 15:52 ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\etc

10/02/2010 01:05 .
10/02/2010 01:05 ..
10/02/2010 01:05 27 hosts
03/12/2007 17:47 27 hosts.20090711-230525.backup
12/07/2009 00:05 316,342 hosts.20090711-233449.backup
12/07/2009 00:34 316,342 hosts.20090712-203707.backup
04/08/2004 08:00 3,683 lmhosts.sam
04/08/2004 08:00 407 networks
04/08/2004 08:00 799 protocol
04/08/2004 08:00 7,116 services
8 File(s) 644,743 bytes

Total Files Listed:
268 File(s) 85,633,879 bytes
11 Dir(s) 33,665,847,296 bytes free


***********************Hidden Drivers********************
Volume in drive C has no label.
Volume Serial Number is 3C53-C1D5

Directory of C:\Windows\System32\Drivers



*********************Processes*******************


PROCESS PID PRIO PATH
smss.exe 568 Normal C:\WINDOWS\System32\smss.exe
csrss.exe 616 Normal C:\WINDOWS\system32\csrss.exe
winlogon.exe 640 High C:\WINDOWS\system32\winlogon.exe
services.exe 684 Normal C:\WINDOWS\system32\services.exe
lsass.exe 696 Normal C:\WINDOWS\system32\lsass.exe
svchost.exe 892 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 940 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1080 Normal C:\WINDOWS\System32\svchost.exe
svchost.exe 1188 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1276 Normal C:\WINDOWS\system32\svchost.exe
avgchsvx.exe 1392 Normal C:\Program Files\AVG\AVG9\avgchsvx.exe
avgrsx.exe 1400 Normal C:\Program Files\AVG\AVG9\avgrsx.exe
spoolsv.exe 1500 Normal C:\WINDOWS\system32\spoolsv.exe
avgcsrvx.exe 1532 Normal C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe 420 Normal C:\WINDOWS\system32\svchost.exe
sched.exe 504 Normal C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
AskService.exe 588 Normal C:\Program Files\AskBarDis\bar\bin\AskService.exe
ASKUpgrade.exe 924 Normal C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
avgwdsvc.exe 1028 Normal C:\Program Files\AVG\AVG9\avgwdsvc.exe
jqs.exe 1252 Idle C:\Program Files\Java\jre6\bin\jqs.exe
svchost.exe 1876 Normal C:\WINDOWS\system32\svchost.exe
issch.exe 124 Normal C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
hkcmd.exe 160 Normal C:\WINDOWS\system32\hkcmd.exe
igfxpers.exe 164 Normal C:\WINDOWS\system32\igfxpers.exe
LaunchApplication.exe 428 Normal C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
realsched.exe 996 Normal C:\Program Files\Common Files\Real\Update_OB\realsched.exe
jusched.exe 1140 Normal C:\Program Files\Java\jre6\bin\jusched.exe
msmsgs.exe 1440 Normal C:\Program Files\Messenger\msmsgs.exe
NMBgMonitor.exe 1372 Normal C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E_S4I3C2.EXE 1424 Normal C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3C2.EXE
NMIndexStoreSvr.exe 2076 Normal C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
ULCDRSvr.exe 2160 Normal C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
avgnsx.exe 2228 Normal C:\Program Files\AVG\AVG9\avgnsx.exe
wanmpsvc.exe 2264 Normal C:\WINDOWS\wanmpsvc.exe
svchost.exe 2380 Normal C:\WINDOWS\system32\svchost.exe
CALMAIN.exe 2952 Normal C:\Program Files\Canon\CAL\CALMAIN.exe
ServiceLayer.exe 3140 Normal C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
alg.exe 3464 Normal C:\WINDOWS\System32\alg.exe
wscntfy.exe 3916 Normal C:\WINDOWS\system32\wscntfy.exe
svchost.exe 3108 Normal C:\WINDOWS\System32\svchost.exe
explorer.exe 1052 Normal C:\WINDOWS\explorer.exe
ctfmon.exe 388 Normal C:\WINDOWS\system32\ctfmon.exe
Azureus.exe 3632 Normal C:\Program Files\Vuze\Azureus.exe
taskmgr.exe 3384 High C:\WINDOWS\system32\taskmgr.exe
iexplore.exe 3248 Normal C:\Program Files\Internet Explorer\iexplore.exe
mplayerc.exe 1584 Normal C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
cmd.exe 4020 Normal C:\WINDOWS\system32\cmd.exe
processes.exe 3728 Normal C:\SpiderKill\SpiderKill\processes.exe

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.
Please close all other applications running on your system.

Please double click GetSystemInfo.exe to open it.

Click the Settings button.



Set it to Maximum



IMPORTANT! Then please click Customize - choose Driver / Ports tab and uncheck Scan Ports.


Click Create Report to run it.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to Kaspersky GSI Parser and click the Submit button.

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.

http://www.getsysteminfo.com/read.php?file=41c938d801788e69a23cd30dd2783da2

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

• Select Start > All Programs > Accessories > System tools > System Restore.
  
• On the dialogue box that appears select Create a Restore Point
  
• Click NEXT
  
• Enter a name e.g. Clean
  
• Click CREATE

You now have a clean restore point, to get rid of the bad ones:

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  
• In the Drop down box that appears select your main drive e.g. C
  
• Click OK
  
• The System will do some calculation and the display a dialogue box with TABS
  
• Select the More Options Tab.
  
• At the bottom will be a system restore box with a CLEANUP button click this
  
• Accept the Warning and select OK again, the program will close and you are done
  

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

sorry, but the problem became so bad the internet didn't work. Had to reinstall the OS. Thanks anyways for all your trouble though!

Very well, then. Thanks for letting me know. Here is some info I normally provide:

===========

Software recommendations

Antivirus/Antispyware

• Microsoft Security Essentials: this is Microsoft's free antivirus/antispyware program. It equips you with protection against viruses, spyware, trojans, rootkits, and worms. It is also light on the computer's performance. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.
  
• AVG Free: this is one of the most powerful, and easiest to use security software. The free version equips you with protection against viruses, spyware, trojans, rootkits, worms, and rogue software. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.

Firewall

• Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
  
• Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  
• PC Tools Firewall Plus: free and excellent firewall.

Note: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

See this page for more info about malware and prevention.

Please leave feedback for The Ultimate Geek TaskForce! by going here