I just got back from doing a boot scan - it detected datacle.dll in the quarantined folder of ComboFix - I moved the infected file to the avast chest successfully.
I’ll post the logs from ComboFix and HijackThis in my next couple of posts.
OK, this is the ComboFix log. Seems a lot of remnants from old programs I once used is still here, lol. Like my old virus scanner prior to using Avast. :o
ComboFix 08-01-04.1 - kel 2008-01-04 11:14:59.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.184 [GMT 11:00]
Running from: C:\Documents and Settings\kel\Desktop\ComboFix.exe
- Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\datacle.dll
C:\WINDOWS\system32\drivers\eduvublg.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_QCCGOYNY
-------\qccgoyny
((((((((((((((((((((((((( Files Created from 2007-12-04 to 2008-01-04 )))))))))))))))))))))))))))))))
.
2008-01-04 11:14 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-03 23:01 . 2007-01-18 23:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-01-02 00:15 . 2008-01-02 00:17 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-02 00:15 . 2008-01-02 00:15 d-------- C:\Documents and Settings\kel\Application Data\SUPERAntiSpyware.com
2008-01-02 00:15 . 2008-01-02 00:15 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-01 14:01 . 2008-01-01 14:01 d-------- C:\Program Files\Lavasoft
2008-01-01 11:25 . 2008-01-01 11:25 d-------- C:\Documents and Settings\LocalService\Application Data\PIE Service
2008-01-01 11:25 . 2008-01-01 11:25 d-------- C:\Documents and Settings\kel\Application Data\AdwareAlert
2007-12-27 12:30 . 2007-12-27 12:30 d-------- C:\Drivers
2007-12-23 22:15 . 2007-12-23 22:15 d-------- C:\WINDOWS\system32\LogFiles
2007-12-18 14:56 . 2007-12-18 14:56 d-------- C:\Program Files\Alwil Software
2007-12-18 14:56 . 2003-03-19 07:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-12-18 14:56 . 2007-12-05 00:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-18 14:56 . 2004-01-09 20:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-18 14:56 . 2007-12-04 23:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-18 14:56 . 2007-12-05 01:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-18 14:56 . 2007-12-05 01:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-18 14:56 . 2007-12-05 01:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-18 14:56 . 2007-12-05 01:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-18 14:56 . 2007-12-05 01:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-11 16:14 . 2007-12-11 16:14 d-------- C:\Program Files\Windows Journal Viewer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-01 14:01 --------- d-----w C:\Program Files\PestPatrol
2008-01-01 13:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-01 01:02 --------- d-----w C:\Program Files\MSN Messenger
2007-12-25 07:03 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-18 03:41 --------- d-----w C:\Program Files\Scions of Fate
2007-12-17 22:20 --------- d–h–w C:\Documents and Settings\kel\Application Data\ijjigame
2007-11-28 08:01 --------- d-----w C:\Program Files\GetRight
2007-11-27 22:59 --------- d-----w C:\Program Files\SealOnlineUSA
2007-11-27 04:33 65,536 ----a-w C:\WINDOWS\IFinst27.exe
2007-11-24 23:05 --------- d-----w C:\Program Files\Ventrilo
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-08-04 02:06 1667584]
“SUPERAntiSpyware”=“C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2007-06-21 14:06 1318912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“VTTimer”=“VTTimer.exe” [2005-03-08 14:33 53248 C:\WINDOWS\system32\VTTimer.exe]
“VTTrayp”=“VTtrayp.exe” [2005-01-11 18:33 143360 C:\WINDOWS\system32\VTTrayp.exe]
“SoundMan”=“SOUNDMAN.EXE” [2006-01-11 16:08 577536 C:\WINDOWS\soundman.exe]
“RaidTool”=“C:\Program Files\VIA\RAID\raid_tool.exe” [2005-04-22 03:19 589824]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-05 00:00 79224]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^msn_0712_upd262315.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\msn_0712_upd262315.exe
backup=C:\WINDOWS\pss\msn_0712_upd262315.exeCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^kel^Start Menu^Programs^Startup^msn_0712_upd262315.exe]
path=C:\Documents and Settings\kel\Start Menu\Programs\Startup\msn_0712_upd262315.exe
backup=C:\WINDOWS\pss\msn_0712_upd262315.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PestPatrolCL]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 -reboot 1
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
“mnmsrvc”=3 (0x3)
“mcupdmgr.exe”=3 (0x3)
“McTskshd.exe”=2 (0x2)
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys [2005-04-22 03:19]
S3 dump_wmimmc;dump_wmimmc;C:\Program Files\GalaNet\Flyff\GameGuard\dump_wmimmc.sys
.
Contents of the ‘Scheduled Tasks’ folder
“2008-01-01 00:25:38 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job”
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
“2007-01-01 05:42:48 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1159684900.job” - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
.
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 11:22:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
.
Completion time: 2008-01-04 11:29:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-04 00:28:56
HijackThis logfile:
Logfile of HijackThis v1.99.1
Scan saved at 12:31:45 PM, on 1/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\kel\Desktop\hijackthis_199\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.175.37.8:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O4 - HKLM..\Run: [VTTimer] VTTimer.exe
O4 - HKLM..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip..{FF6FDB51-4F32-4154-9445-2F089F303973}: NameServer = 202.154.83.53,218.214.227.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Open a new Notepad session (Do not use a Word Processor or WordPad). Click “Format” and be certain that Word Wrap is not enabled.
Copy and paste all the text in the quote box below into Notepad.
Click File, Save as…, and set the location to your Desktop, and enter (including quotation marks) as the filename: “CFscript.txt” . Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown at the bottom of this post.
File:: C:\WINDOWS\IFinst27.exe
BYW do you have Mcafee still installed?
No, I recently uninstalled it and put Avast on instead. Thats why I was kind of weirded out when I saw it in the logs.
I’ll try your next step. I’ll be back soon.
ComboFix log, after completing the previous step:
ComboFix 08-01-04.1 - kel 2008-01-04 13:28:11.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.256 [GMT 11:00]
Running from: C:\Documents and Settings\kel\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\kel\Desktop\CFscript.txt
- Created a new restore point
FILE
C:\WINDOWS\IFinst27.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\IFinst27.exe
.
((((((((((((((((((((((((( Files Created from 2007-12-04 to 2008-01-04 )))))))))))))))))))))))))))))))
.
2008-01-04 11:14 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-03 23:01 . 2007-01-18 23:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-01-02 00:15 . 2008-01-02 00:17 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-02 00:15 . 2008-01-02 00:15 d-------- C:\Documents and Settings\kel\Application Data\SUPERAntiSpyware.com
2008-01-02 00:15 . 2008-01-02 00:15 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-01 14:01 . 2008-01-01 14:01 d-------- C:\Program Files\Lavasoft
2008-01-01 11:25 . 2008-01-01 11:25 d-------- C:\Documents and Settings\LocalService\Application Data\PIE Service
2008-01-01 11:25 . 2008-01-01 11:25 d-------- C:\Documents and Settings\kel\Application Data\AdwareAlert
2007-12-27 12:30 . 2007-12-27 12:30 d-------- C:\Drivers
2007-12-23 22:15 . 2007-12-23 22:15 d-------- C:\WINDOWS\system32\LogFiles
2007-12-18 14:56 . 2007-12-18 14:56 d-------- C:\Program Files\Alwil Software
2007-12-18 14:56 . 2003-03-19 07:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-12-18 14:56 . 2007-12-05 00:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-18 14:56 . 2004-01-09 20:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-18 14:56 . 2007-12-04 23:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-18 14:56 . 2007-12-05 01:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-18 14:56 . 2007-12-05 01:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-18 14:56 . 2007-12-05 01:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-18 14:56 . 2007-12-05 01:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-18 14:56 . 2007-12-05 01:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-11 16:14 . 2007-12-11 16:14 d-------- C:\Program Files\Windows Journal Viewer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-01 14:01 --------- d-----w C:\Program Files\PestPatrol
2008-01-01 13:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-01 01:02 --------- d-----w C:\Program Files\MSN Messenger
2007-12-25 07:03 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-18 03:41 --------- d-----w C:\Program Files\Scions of Fate
2007-12-17 22:20 --------- d–h–w C:\Documents and Settings\kel\Application Data\ijjigame
2007-11-28 08:01 --------- d-----w C:\Program Files\GetRight
2007-11-27 22:59 --------- d-----w C:\Program Files\SealOnlineUSA
2007-11-24 23:05 --------- d-----w C:\Program Files\Ventrilo
.
((((((((((((((((((((((((((((( snapshot@2008-01-04_11.28.43.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-04 01:24:38 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_628.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-08-04 02:06 1667584]
“SUPERAntiSpyware”=“C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2007-06-21 14:06 1318912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“VTTimer”=“VTTimer.exe” [2005-03-08 14:33 53248 C:\WINDOWS\system32\VTTimer.exe]
“VTTrayp”=“VTtrayp.exe” [2005-01-11 18:33 143360 C:\WINDOWS\system32\VTTrayp.exe]
“SoundMan”=“SOUNDMAN.EXE” [2006-01-11 16:08 577536 C:\WINDOWS\soundman.exe]
“RaidTool”=“C:\Program Files\VIA\RAID\raid_tool.exe” [2005-04-22 03:19 589824]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-05 00:00 79224]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^msn_0712_upd262315.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\msn_0712_upd262315.exe
backup=C:\WINDOWS\pss\msn_0712_upd262315.exeCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^kel^Start Menu^Programs^Startup^msn_0712_upd262315.exe]
path=C:\Documents and Settings\kel\Start Menu\Programs\Startup\msn_0712_upd262315.exe
backup=C:\WINDOWS\pss\msn_0712_upd262315.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PestPatrolCL]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 -reboot 1
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
“mnmsrvc”=3 (0x3)
“mcupdmgr.exe”=3 (0x3)
“McTskshd.exe”=2 (0x2)
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys [2005-04-22 03:19]
.
Contents of the ‘Scheduled Tasks’ folder
“2008-01-01 00:25:38 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job”
- C:\Program Files\AdwareAlert\AdwareAlert.exe
- C:\Program Files\AdwareAlert
“2007-01-01 05:42:48 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1159684900.job” - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
.
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 13:33:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
.
Completion time: 2008-01-04 13:34:34
ComboFix-quarantined-files.txt 2008-01-04 02:33:39
ComboFix2.txt 2008-01-04 00:29:00
Well, well, well, I’d say you are good to go. 
Click start, run, copy and paste this line into the box
combofix /u
HJT can be uninstall by clicking the misc tools button, slide the slider down, click uninstall.
Create a new restore point
You must be logged on to an administrator account
Go to Start - All Programs - Accessories - System Tools - System Restore.
Click Create a restore point, and then click Next.
In the text box labeled Restore Point Description, type a name for this restore point , click create
Remove old restore points
Disk Cleanup
- Go to Start - All Programs - Accessories - system tools. Launch the Disk Cleanup tool and let it run. When it finishes a box with tabs will appear, select the more options tab. On this tab you will find a section for System Restore. If you press the Clean Up button for that section, Windows will delete all restore points except for the most recent one.
This clean up utility can be used from time to time. When first run it’s in demo mode to show what it will remove, review it, then rerun in real mode
It looks like you may have been using windows firewall. It doesn’t provide outbound protection. A third party firewall will.
A discussion on free firewalls can be found here.
http://forum.avast.com/index.php?topic=30808.0
A part of avast seems to be missing, possibly because of the remnants of mcafee. To resolve this I suggest you go to this link and download the mcafee removal tool
http://service.mcafee.com/FAQSearch.aspx?lc=4105&sg=TS&pt=1
Also I suggest you down load both the newest version of avast (the key you have can be re-used) and the avast uninstall utility from
http://avast.com/eng/programs.html
Save them to your destop and physically disconnect from the internet.
Uninstall avast via add/remove
boot
run the avast uninstall utility
boot
run the mcafee tool
boot
install avast
boot
Just completed all of that, and it appears that my computer’s clear of all viruses and a lot less laggy from cleaning up stuff.
I really appreciate all the help all you guys have given me - for a bit I actually thought my compie was going to require a reinstall just to get rid of the thing.
Thank you so much! 
And good luck to you other guys who have the same problem - I hope you guys can remove the virus as well.
You’re welcome.