Well it seems not much hope for your computer, a reformat may be the way to go here. We cannot fix what we cannot see and scans are needed to help fix your computer.

One last try:



Download Silent runners.Vbs post the log it creates please
http://www.silentrunners.org/sr_scriptuse.html click yes to the suplimentry searchs
Wait until there is a All Done message !!, Then open and post the log next to it.
Your antivirus script protection might interfear or alert, please allow it to run after a bit box will say done.

Here is my latest AVG log, it STILL won't let me quarentine them! My comp is getting worse, it's really really slow and it's still freezing. am getting worried.

\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP127\A0069816.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP127\A0069846.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP127\A0070048.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP127\A0071047.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP128\A0072049.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP128\A0072062.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP128\A0073062.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP128\A0073092.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP128\A0073115.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP128\A0074113.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP128\A0075113.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP129\A0075345.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP129\A0075397.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP130\A0076398.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP130\A0077398.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP130\A0077409.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP130\A0078407.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP130\A0078418.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP130\A0079418.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP130\A0079595.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP131\A0080596.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP131\A0080691.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP131\A0080786.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP132\A0080846.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP132\A0081846.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP132\A0082846.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP132\A0083844.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP132\A0084844.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP132\A0085844.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP132\A0085855.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP132\A0086853.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP132\A0087855.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP132\A0087899.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP133\A0087985.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP134\A0088258.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP134\A0088313.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP134\A0088396.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP134\A0088439.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP135\A0088695.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP135\A0088730.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP136\A0088821.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP137\A0089012.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP137\A0089943.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP137\A0090944.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP137\A0091946.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP137\A0092008.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP137\A0092016.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP137\A0092026.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP137\A0093025.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP137\A0094026.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP137\A0094117.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP139\A0094151.exe -> Downloader.Agent.uj : No action taken.
C:\System Volume Information\_restore{EE0963E8-26A9-4891-8035-F1C7EEA77B15}\RP139\A0095151.exe -> Downloader.Agent.uj : No action taken.

::Report end

Wil give this a shot! Thankyou!

those trojans showing in latest AVG scan looks like from the wareout trojan, so...

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/file...Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log.


Also...


Please go to hijackthis.exe and right click on it and then click on rename and rename it to foolyou.exe then press enter
and post a new log from the newly renamed hijackthis.exe. Sometimes malware hides from hijackthis.exe.

Here is the fixware log

Fixwareout
Last edited 12/06/2006
Post this report in the forums please
...
Prerun check
[HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
...
...
Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}653AF3BC3BA5-462B-0224-A5E0-8B1CA536{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}2F83FCAC24D0-94D9-E094-A311-B3CAB05E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\pjrmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\0mdm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\1mdm
...
Random Runs removed from HKLM
...
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...

»»»»»
Search five digit cs, dm kd and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal

Other suspects.

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.
...
Postrun check
[HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""

Here is my hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 22:39:51, on 20/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\blueyonder\PCguard\fws.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Veoh\VeohClientService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\blueyonder\PCguard\Rps.exe
C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\A\Desktop\foolyou.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} -
C:\Program Files\blueyonder\PCguard\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} -
C:\Program Files\blueyonder\PCguard\FBHR.dll
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows
Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper -
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar -
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [PCguard] "C:\Program
Files\blueyonder\PCguard\Rps.exe"
O4 - HKLM\..\Run: [Motive SmartBridge]
C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
/STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN
Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program
Files\blueyonder IST\bin\blueyonder-istconfig.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program
Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. -
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. -
C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies -
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. -
C:\Program Files\blueyonder\PCguard\fws.exe
O23 - Service: Veoh Client Service - Veoh Networks, Inc. - C:\Program
Files\Veoh\VeohClientService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
C:\WINDOWS\system32\ZoneLabs\vsmon.exe



AND here is my newest FIXWARE
Fixwareout
Last edited 12/06/2006
Post this report in the forums please
...
Prerun check
[HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon]

...
...
Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}653AF3BC3BA5-462B-0224-A5E0-8B1CA536{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\}2F83FCAC24D0-94D9-E094-A311-B3CAB05E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\pjrmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\0mdm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\1mdm
...

Random Runs removed from HKLM
...
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE
OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...

»»»»»
Search five digit cs, dm kd and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal

Other suspects.

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.
...
Postrun check
[HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon]
"system"=""

...

I know this is going to sound crazy, but I can't find the silentrunners log. I have checked my documents and documents and settings an d I can't find it.

Unzip it to the desktop and double-click on it.
Silent Runners will ask if you want to skip the supplementary search.
Please select 'No' to include them.
The program will take longer to run, but will give us more information.

If you get any kind of warning message about scripts, please choose to allow the script to run.

When the scan is finished, a message will pop up and a logfile will have been created on the desktop.
The logfile is named 'Startup Programs' by default and will be located where the program is.

Please post the entire contents of this logfile for me to see.