Having a lot of trouble with these three. they are:

Win32:vundo-gen49(Adw)
Win32:Tiny-IF[Trj]
Virtumonde

Have tried removing them with Avast, adaware, trojan remover, vundofix to no avail.

Please download VundoFix.exe to your C:\.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Run Vundofix again.

Post the log located at C:\Vundofix.txt.

Please download ComboFix to the desktop from this link:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)

Please post the log it produces.

Please download and install the latest version of HijackThis v2.0.2:

Download the HijackThis Installer from this link: HijackThis

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

There is some useful info about virtumonde on: http://www.removevirtumonde.com
Check it out

Thanks in advance. Before i post these logfiles, i had another questions. While i was running combofix, i noticed that avast was scanning whatever combofix scanned. Avast found three new viruses as a result. i sent them to avast's virus chest. should i disable avast and run any/all of the programs again? Regardless...

---------------------------
Here's the vundofix logfile
---------------------------

VundoFix V6.5.8

Checking Java version...

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 12:15:35 PM 9/10/2007

Listing files found while scanning....

No infected files were found.

-------------------------
Here's the combofix file
-------------------------

ComboFix 07-09-10.6 - "User" 2007-09-10 12:27:14.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.570 [GMT -6:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\clatrbds.exe
C:\WINDOWS\system32\rtdabtoc.exe
C:\WINDOWS\system32\uyrbrlud.exe
F:\Autorun.inf

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((( Files Created from 2007-08-10 to 2007-09-10 )))))))))))))))))))))))))))))))
.

2007-09-10 12:24 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-10 11:54 113,664 --a------ C:\VundoFix.exe
2007-09-09 23:25 2,009,786 ---hs---- C:\WINDOWS\system32\vwxyb.bak1
2007-09-09 22:22 2,009,786 --a------ C:\WINDOWS\system32\vwxyb.bak1.ren
2007-09-08 12:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-08 12:49 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-08 12:30 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-09-06 15:22 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2007-09-06 15:22 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-09-06 15:22 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2007-09-06 15:22 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2007-09-06 15:22 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-09-06 15:22 <DIR> d-------- C:\Program Files\Trojan Remover
2007-09-06 15:22 <DIR> d-------- C:\DOCUME~1\User\APPLIC~1\Simply Super Software
2007-09-06 15:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Simply Super Software
2007-09-06 11:11 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-09-06 11:10 <DIR> d-------- C:\DOCUME~1\User\.housecall6.6
2007-09-06 10:58 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-09-03 11:32 244,832 --a------ C:\WINDOWS\system32\byxwv.dll
2007-09-03 11:32 2,025,731 --ahs---- C:\WINDOWS\system32\vwxyb.ini.ren
2007-09-03 10:17 <DIR> d-------- C:\Deckard
2007-08-29 20:55 <DIR> d-------- C:\VundoFix Backups
2007-08-28 07:17 <DIR> d-------- C:\DOCUME~1\User\APPLIC~1\Leadertech
2007-08-27 05:14 <DIR> d-------- C:\Program Files\Activision
2007-08-22 01:09 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-17 23:57 <DIR> d-------- C:\DOCUME~1\User\APPLIC~1\My Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-09 1OCUME~1\User\APPLIC~1\uTorrent
2007-09-09 1rogram Files\Transkriber 2.x
2007-09-09 15:25 57 --a------ C:\inCapsFile.dat
2007-09-08 20:30 134540 --a------ C:\Program Files\4482-utorrent.1bad.dmp
2007-09-08 1OCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-08 1rogram Files\Lavasoft
2007-09-07 16:58 139981 --a------ C:\Program Files\4482-utorrent.5f60.dmp
2007-09-06 16:45 219952 --a------ C:\Program Files\utorrent.exe
2007-09-06 1OCUME~1\User\APPLIC~1\Lavasoft
2007-09-05 1rogram Files\InstallShield Installation Information
2007-09-05 1rogram Files\Tracktion2
2007-09-05 0rogram Files\Windows Live Safety Center
2007-08-26 15:05 118863 --a------ C:\Program Files\3360-utorrent.3df5.dmp
2007-08-17 23:38 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-08-17 0rogram Files\Windows Media Connect 2
2007-08-16 05:14 5193 --a------ C:\Program Files\3360-utorrent.debf.dmp
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-06 18:15 33052 --a------ C:\WINDOWS\system32\drivers\scdemu.sys
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-27 16:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-27 16:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-27 16:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-27 16:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-27 15:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-27 15:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-27 15:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-07-21 1rogram Files\REAPER
2007-07-18 15:22 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-07-18 1rogram Files\Radical Games
2007-07-13 21:32 13195 --a------ C:\zguicfgw.dat
2007-07-11 2OCUME~1\User\APPLIC~1\REAPER
2007-07-11 14:37 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-26 00:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 07:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 04:23 1033216 --a------ C:\WINDOWS\explorer.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F4E1F96-E6A2-4DBD-AD9B-65083E6B8D3E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FBFB81C-6C9C-471C-9B11-9A110C4A4197}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E261C26-E190-4912-A347-52AD5EB6457C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD0DC016-1D30-460E-84DD-6FD66175B70C}]
2007-09-03 11:32 244832 --a------ C:\WINDOWS\system32\byxwv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B236C624-237F-480C-A41E-6EEEB64EC741}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7707C23-4921-43DB-BEC3-ED6A6BFA4C5C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C81E5798-D969-4C78-8775-AFF946517867}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [2004-01-19 03:07]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-24 22:10]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-10-24 01:23]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-10-24 01:23]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-08-31 00:50]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 16:03]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 06:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 06:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 06:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 06:00]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 15:48]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 04:48]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
WD Backup Monitor.lnk - C:\Program Files\My Book\WD Backup\uBBMonitor.exe [2006-07-23 13:58:17]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\byxwv

R2 Nsynas32;Nsynas32;C:\WINDOWS\system32\drivers\Nsynas32.sys
R3 ASNDIS5;ASNDIS5 Protocol Driver;\??\C:\WINDOWS\system32\ASNDIS5.SYS
S1 amdtools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\amdtools.sys
S3 AMDPCI;AMDPCI;\??\C:\DOCUME~1\User\LOCALS~1\Temp\Safe To Delete 3_0_5_2\AMDPCI.sys
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;\??\D:\INSTAL~E\Core\BVRPMPR5.SYS
S3 SynasUSB;SynasUSB;C:\WINDOWS\system32\drivers\SynasUSB.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-04 21:53:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-08-27 07:44:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-05-19 07:44:47 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-10 12:33:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-10 12:35:00 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-10 12:34
.
--- E O F ---

and lastly the hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:22 PM, on 9/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/activeg...
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/re...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/User/Desktop/Bulls---_files/topBackground.jpg

--
End of file - 5453 bytes

Please download “Avenger” by swandog46 to your desktop from this link Avenger
1. Click on Avenger.zip to open the file
Extract avenger.exe to your desktop

2. Copy all the text contained in the area between the X"s below to your Clipboard by highlighting it and pressing (Ctrl+C):
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Files to delete:
C:\WINDOWS\system32\vwxyb.bak1
C:\WINDOWS\system32\vwxyb.bak1.ren
C:\WINDOWS\system32\byxwv.dll
C:\WINDOWS\system32\vwxyb.ini.ren

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.
Under "Script file to execute" choose "Input Script Manually".
Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
Paste the text copied to clipboard into this window by pressing (Ctrl+V).
Click Done
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger's actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.

Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode

Download and install AVG Anti-Spyware We will need this later in safe mode

Be sure to update AVG Anti- Spyware

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next, please reboot your computer in Safe Mode by doing the following :

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, a menu with options should appear;

Select the first option, to run Windows in Safe Mode, then press "Enter".

Choose your usual account.

Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

In Safe Mode, run AVG Anti-spyware and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.

AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.

Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).

Post the AVG Reposrt on your desktop please.

Download the latest version of http://java.sun.com/javase/downloads/index.jsp

Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".

Click the "Download" button to the right.

Check the box that says: "Accept License Agreement". The page will refresh.

Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

Close any programs you may have running - especially your web browser.

Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.

Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.

Reboot your computer once all Java components are removed

. Then from your desktop double-click on jre-1_6_2-windowsi586-p.exe to install the newest version.

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, just do a google search for spywareblaster, download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

Let us know how the computer is operating.

ok, here are the logfiles:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\exqofcvc

*******************

Script file located at: \??\C:\csfvqcsc.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\vwxyb.bak1 deleted successfully.
File C:\WINDOWS\system32\vwxyb.bak1.ren deleted successfully.
File C:\WINDOWS\system32\byxwv.dll deleted successfully.
File C:\WINDOWS\system32\vwxyb.ini.ren deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

AVG Anti-Spyware - Scan Report

+ Created at: 6:04:30 PM 9/10/2007

+ Scan result:

C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).

::Report end

...................
The computer is running fine now, no alerts from avast, but i'll guess i'll see how it runs over teh next few days and then post an update.

Is it possible to have too much protection? For example, do I need Avast! if I already have AVG? Adaware if i have spybot? Will there be any conflicts with these programs if i keep them all installed/running?

You only need one antivirus, you decide which one you want as they are both good.

I would uninstall adaware and spybot, they are not as good as spywareblaster.

You should add "Spywareblaster" to your arsenol of antispyware tools, just do a google search for spywareblaster, download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

Make sure you install the newest version of java and be sure to uninstall those older versions as they are exploitable.

Just my two cents.

Actually I would keep Spybot S&D and use the immunize feature and also keep checking for updates at least every 2 weeks.
Another good real-time spyware software is Spyware Terminator. What I do with mine is schedule a scan at 5am daily because I leave my PC on 24/7

My line-up is:
Avast Free (maintenance free...no need for scheduled scans)
Comodo Pro Firewall
Spware Blaster
Spybot S&D
Spyware terminator
Those all work great together and are free for home use.

Some HELP in posting on Cnet plus free progs and instructions Glad to Help!

Everything has been running normal, thanks for all your help!