I am having problems like I've never seen before. Memory access violations, weird things popping up when Windows starts up, my avast! has become corrupted and asks if it's ok to open everytime I start Windows, the avast! Mail Scanner is constantly scanning mail being sent out to all kinds of hostnames. I fear everything on my computer has been compromised.

I've tried all programs listed in other threads about Virtumonde to no avail. I ran S&D in Safe Mode and it found nothing. I just installed ZoneAlarm to try to stop these outgoing emails, which I think has worked. Here are my Kaspersky and HJT logs, which as you can see, basically every executable on my computer has been compromised.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2007-09-18 10:51
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 18/09/2007
Kaspersky Anti-Virus database records: 420148
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 55114
Number of viruses found: 3
Number of infected objects: 2377
Number of suspicious objects: 548
Duration of the scan process: 01:01:18

Infected Object Name / Virus Name / Last Action
C:\AVSVideoTools\Manager\AVSVTManager.exe Infected: Virus.Win32.Virut.q skipped
C:\AVSVideoTools\SmartConverter\AVSSmartConverter-orig.exe Infected: Virus.Win32.Virut.q skipped
C:\AVSVideoTools\SmartConverter\AVSSmartConverter.exe Infected: Virus.Win32.Virut.q skipped
C:\AVSVideoTools\VideoConverter\AVSVideoConverter4-orig.exe Infected: Virus.Win32.Virut.q skipped
C:\AVSVideoTools\VideoConverter\AVSVideoConverter4.exe Infected: Virus.Win32.Virut.q skipped
C:\AVSVideoTools\VideoConverter\CaptureWizard.exe Infected: Virus.Win32.Virut.q skipped
C:\AVSVideoTools\VideoConverter\Registration.exe Infected: Virus.Win32.Virut.q skipped
C:\Azureus\jre\bin\javacpl.exe Infected: Virus.Win32.Virut.q skipped
C:\Azureus\jre\bin\javaw.exe Infected: Virus.Win32.Virut.q skipped
C:\Azureus\jre\bin\keytool.exe Infected: Virus.Win32.Virut.q skipped
C:\Azureus\jre\bin\kinit.exe Infected: Virus.Win32.Virut.q skipped
C:\Azureus\jre\bin\klist.exe Infected: Virus.Win32.Virut.q skipped
C:\Azureus\jre\bin\ktab.exe Infected: Virus.Win32.Virut.q skipped
C:\Azureus\jre\bin\orbd.exe Infected: Virus.Win32.Virut.q skipped
C:\Azureus\jre\bin\pack200.exe Infected: Virus.Win32.Virut.q skipped
C:\Azureus\jre\bin\policytool.exe Infected: Virus.Win32.Virut.q skipped
C:\Azureus\jre\bin\rmid.exe Infected: Virus.Win32.Virut.q skipped
C:\Azureus\jre\bin\rmiregistry.exe Infected: Virus.Win32.Virut.q skipped
C:\Azureus\jre\bin\servertool.exe Infected: Virus.Win32.Virut.q skipped
C:\Azureus\jre\bin\unpack200.exe Infected: Virus.Win32.Virut.q skipped
C:\check_LSA7.txt Object is locked skipped
C:\ConvertXtoDVD\lang\Lang_Editor.exe Infected: Virus.Win32.Virut.q skipped
C:\DiscCreator\DiscCreator.exe Infected: Virus.Win32.Virut.q skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-09182007-030500.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Matthew\Application Data\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe Infected: Virus.Win32.Virut.q skipped
C:\Documents and Settings\Matthew\Application Data\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Utility.exe1_D27BDB5D3B4C44F0A648BD00B0E79B39.exe Suspicious: Type_Win32 skipped
C:\Documents and Settings\Matthew\Application Data\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Utility.exe2_D27BDB5D3B4C44F0A648BD00B0E79B39.exe Infected: Virus.Win32.Virut.q skipped
C:\Documents and Settings\Matthew\Application Data\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Utility.exe_D27BDB5D3B4C44F0A648BD00B0E79B39.exe Infected: Virus.Win32.Virut.q skipped
C:\Documents and Settings\Matthew\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\Matthew\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Matthew\Desktop\Europa.Universalis.3-RELOADED\New Folder\autoplay.exe Infected: Virus.Win32.Virut.q skipped
C:\Documents and Settings\Matthew\Desktop\Europa.Universalis.3-RELOADED\New Folder\Setup.exe Infected: Virus.Win32.Virut.q skipped
C:\Documents and Settings\Matthew\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\Application Data\AOL OCP\AIM\Storage\data\i3lacksun\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{010CD007-5539-4970-B442-7CE2DCF369ED} Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{1CF62812-409A-4BE0-873F-8F0D3A572C6D} Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\History\History.IE5\MSHist012007091820070919\index.dat Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\Temp\~DF8E82.tmp Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\Temp\~DF9428.tmp Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Matthew\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Matthew\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\hbwpb.exe Object is locked skipped
C:\hxvaqsbo.exe Object is locked skipped
C:\mIRC\mirc.exe Infected: Virus.Win32.Virut.q skipped
C:\NetAlyzer\NetAlyzer.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Adobe\Acrobat 6.0\Reader\AdobeUpdateManager.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\Printme\ConsoleApp.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Adobe\Acrobat 6.0\Reader\Updater\acroaum.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Alwil Software\Avast4\aswRegSvr.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Common Files\Ahead\Lib\NeroScoutOptions.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Common Files\Ahead\Lib\NeroSearchAdvanced.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe Suspicious: Type_Win32 skipped
C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Common Files\Ahead\RemoteControl\NeroRemoteCtrlHandler.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Common Files\AVSMedia\ActiveX\Repair.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Common Files\AVSMedia\MobileUploader\Uploader.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe Suspicious: Type_Win32 skipped
C:\Program Files\Creative\MediaSource5\CTMALitU.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Creative\MediaSource5\CTMetAcU.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Creative\MediaSource5\CTQSWizu.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Creative\MediaSource5\CTSUAppu.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Creative\MediaSource5\startMSu.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Creative\Product Registration\English\InetReg.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Creative\Shared Files\CDAsvc.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Creative\Shared Files\CTRegSvr.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Creative\Shared Files\CTRegSvu.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe Suspicious: Type_Win32 skipped
C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\MdSwtchu.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Creative\Sound Blaster X-Fi\Diagnostics\diagnos3.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Creative\Sound Blaster X-Fi\Program\setup.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Creative\Sound Blaster X-Fi\Program\support\amd64\ctzapxx.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Creative\Sound Blaster X-Fi\Program\support\i386\ctzapxx.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Creative\Sound Blaster X-Fi\Program\wdm\common\i386\oalinst.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Creative\Support\System Information\CTSI.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\CyberLink\CDS\CDSVersion.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\CyberLink\DVD Suite\OLRSubmission\OLRStateCheck.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\CyberLink\DVD Suite\OLRSubmission\OLRSubmission.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\CyberLink\DVD Suite\PowerStarter.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\CyberLink\PowerDVD\CLDMA.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\CyberLink\PowerDVD\cltest.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\CyberLink\PowerDVD\ddtester.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\CyberLink\PowerDVD\dvdrgn.exe Suspicious: Type_Win32 skipped
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe Suspicious: Type_Win32 skipped
C:\Program Files\CyberLink\PowerProducer\CLDMA.exe Suspicious: Type_Win32 skipped
C:\Program Files\CyberLink\PowerProducer\CLDrvChk.exe Suspicious: Type_Win32 skipped
C:\Program Files\CyberLink\PowerProducer\Producer.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\CyberLink\Shared Files\richvideoinstall.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\CyberLink\Shared Files\richvideouninstall.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Gigabyte\ET5\ET5SC.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Gigabyte\VGA Utility Manager\Utility.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Gigabyte\VGA Utility Manager\VTuner.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Grisoft\AVG7\avgamsvr.exe Suspicious: Type_Win32 skipped
C:\Program Files\Grisoft\AVG7\avgcc.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Grisoft\AVG7\avgdiag.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Grisoft\AVG7\avginet.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Grisoft\AVG7\avgrssvc.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Grisoft\AVG7\avgupdln.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Grisoft\AVG7\avgupsvc.exe Suspicious: Type_Win32 skipped
C:\Program Files\Grisoft\AVG7\avgvv.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Grisoft\AVG7\avgw.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Grisoft\AVG7\setup.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\InstallShield Installation Information\{E0AD4033-D89B-11D7-97C2-00055D0CA761}\Setup.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe Suspicious: Type_Win32 skipped
C:\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Internet Explorer\Connection Wizard\icwrmind.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Internet Explorer\Connection Wizard\icwtutor.exe Suspicious: Type_Win32 skipped
C:\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe Suspicious: Type_Win32 skipped
C:\Program Files\Internet Explorer\Connection Wizard\isignup.exe Suspicious: Type_Win32 skipped
C:\Program Files\Internet Explorer\iedw.exe Suspicious: Type_Win32 skipped
C:\Program Files\Internet Explorer\iexplore.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Movie Maker\moviemk.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\MSN\MSNCoreFiles\copymar.exe Suspicious: Type_Win32 skipped
C:\Program Files\MSN\MSNCoreFiles\msn6.exe Suspicious: Type_Win32 skipped
C:\Program Files\MSN\MSNCoreFiles\Setup\msnunin.exe Suspicious: Type_Win32 skipped
C:\Program Files\MSN\MSNCoreFiles\update.exe Suspicious: Type_Win32 skipped
C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\MSN Gaming Zone\Windows\zClientm.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Nero\Nero 7\Core\nero.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Nero\Nero 7\Core\NeroCmd.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Nero\Nero 7\Nero BackItUp\BackItUp.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe Suspicious: Type_Win32 skipped
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBSFtp.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\NetMeeting\cb32.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\NetMeeting\conf.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Outlook Express\msimn.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Outlook Express\setup50.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Outlook Express\wab.exe Suspicious: Type_Win32 skipped
C:\Program Files\Paradox Interactive\Europa Universalis III\eu3.exe Suspicious: Type_Win32 skipped
C:\Program Files\Paradox Interactive\Europa Universalis III\movies\binkplay.exe Object is locked skipped
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Windows Media Connect 2\wmccds.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Windows Media Connect 2\WMCCFG.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Windows Media Player\dlimport.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Windows Media Player\migrate.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Windows Media Player\mplayer2.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Windows Media Player\setup_wm.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Windows Media Player\wmdbexport.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Windows Media Player\wmlaunch.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Windows Media Player\wmpenc.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Windows Media Player\wmplayer.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Windows Media Player\wmpnetwk.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Windows Media Player\wmpnscfg.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Windows Media Player\wmpshare.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Windows Media Player\wmsetsdk.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Windows NT\Accessories\wordpad.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Windows NT\dialer.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Windows NT\hypertrm.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\Windows NT\Pinball\pinball.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\WinRAR\RarExtLoader.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\WinRAR\Uninstall.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\WinRAR\UnRAR.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\WinRAR\WinRAR.exe Infected: Virus.Win32.Virut.q skipped

C:\Program Files\World of Warcraft\BackgroundDownloader.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\World of Warcraft\WoW-2.1.0.6729-to-2.1.1.6739-enUS-downloader.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\World of Warcraft\WoW-2.1.2.6803-to-2.1.3.6898-enUS-downloader.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\World of Warcraft\WoW.exe Infected: Virus.Win32.Virut.q skipped
C:\Program Files\World of Warcraft\WowError.exe Infected: Virus.Win32.Virut.q skipped
C:\Steam\steamapps\blacksun420\counter-strike\hl.exe Infected: Virus.Win32.Virut.q skipped
C:\Steam\steamapps\blacksun420\counter-strike\hlds.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP10\A0000226.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP10\A0000229.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP10\A0000231.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP10\A0000233.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP10\A0000243.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP10\A0000244.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP10\A0000245.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP11\A0000253.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP11\A0000256.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP11\A0000258.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP11\A0000260.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP11\A0000271.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP11\A0000272.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP11\A0000275.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP12\A0000284.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP12\A0000287.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP12\A0000293.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP13\A0000324.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP13\A0000326.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP13\A0000332.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP13\A0000337.exe Object is locked skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP13\A0000340.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP13\A0000342.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP13\A0000344.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP13\A0000345.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP13\A0000353.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP13\A0000354.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP13\A0000370.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP13\A0000378.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP13\A0000379.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP14\A0000396.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP14\A0000397.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP14\A0000402.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP14\A0000404.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP14\A0000409.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP14\A0000411.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP14\A0000415.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP14\A0000416.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP14\A0000417.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP14\A0000420.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP15\A0000449.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP15\A0000453.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP15\A0000459.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP15\A0000462.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP15\A0000464.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP15\A0000466.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP15\A0000479.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP15\A0000483.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP15\A0000484.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP15\A0000491.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP15\A0000492.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP15\A0000513.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP15\A0000515.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP15\A0000517.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP15\A0000519.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP15\A0000521.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP15\A0000535.exe Infected: Virus.Win32.Virut.q skipped
C:\System Volume Information\_restore{ED7422BF-BA14-4145-8421-78A845D2DB7E}\RP15\A0000542.exe Infected: Virus.Win32.Virut.q skipped

Finishing the rest of the log will take forever, and about 20 more replies. Over 350000 characters in the log, like I said, basically the whole computer is infected. Here is the HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12, on 2007-09-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\DU Meter\DUMeter.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AIM6\aim6.exe
C:\Spybot - Search & Destroy\TeaTimer.exe
C:\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\mattrey.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\SoftwareDistribution\Download\d378d94379aa314a2f8a03df7faef1bc\update\update.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mamma.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {18422613-8B63-4218-979C-A3DA6A252F2D} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {77C484EE-35F5-4F43-BF30-F5FAD4912C22} - (no file)
O2 - BHO: (no name) - {7E6F5CC6-D04F-46F8-89FE-B7277840A1BF} - C:\WINDOWS\system32\efcdbab.dll
O2 - BHO: (no name) - {E8F4422E-B64A-4421-B1CA-19C0FD43A186} - C:\WINDOWS\system32\jkhfe.dll
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\ETcall.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DU Meter] C:\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189833557390
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: efcdbab - C:\WINDOWS\SYSTEM32\efcdbab.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 6495 bytes

Hi and welcome to the forums,

I don't usually start replies out like this but I'm afraid I have some nasty news.

Level with me.... ran a keygen?
Can you tell me the site? (don't put the http:\\ or www)

Myself & several other researchers are interested in knowing who all is hosting these nasty keygens so appropiate action can be taken.

The keygen itself isn't infected with virut but it opens some backdoors and installs downloaders. This is what calls home to download/install the virus and other nasties. (including your Vundo)
You must have noticed there was no "keygen".

You have a polymorphic file infecting virus. I imagine you guessed the file infecting part. Polymorphic means it changes so to make detection more difficult and cleaning more difficult because the malicious code is constantly changing.

It is a varient of this one:

http://vil.nai.com/vil/content/v_143034.htm

I tested out this virus and nothing yet can clean it up because there is too much file corruption.
The virus puts itself throught the whole file and it is very difficult to remove pieces and parts of a file & still leave it functional.
Virus scanners will simply tell you it cant be cleaned and will delete the file.

I suggest the first thing you do is back up whatever documents, pictures and music files you have that you want before doing anythying else to CDs or DVDs or other media such as flash drive with no exes/screensavers on it.

Don't run your Avast boot scanner yet because there is a good chance the computer will not boot if you do.

Please don't back up any exe files or screensavers. All these will be infected and you run a risk of getting infected again if you use them anywhere else.

You have recovery CDs? or complete backup image of the system? Recovery partition on the computer?

Hate to say so but it looks like a format is ahead.

Once you do a clean install or recovery install and before you use any of your backups I advise you to run a full scan of your backups before restoring them to your computer.
I would use your own scanner and an online one to be sure.

Let me know what resorces you have available and I'll help out the best I know how.

Regards,

Blender

Just got done with a format and reinstall. No big deal as this OS was only about two days old, so nothing of any real importance. Avast started doing boot time scans everytime I would restart the machine, and each time the error windows and warnings would get worse. It reached a point earlier where Windows just wouldn't load, so I just went ahead and zapped everything.

As to where this came from, yes I did run a keygen. As I said earlier this was a new OS and I was reinstalling programs I had used previously. I'm pretty sure it came from a keygen that was included in a torrent file for UltraISO.

The keygen actually worked, but shortly after my avast started going crazy and everything went downhill. I'm not sure if that was the point where I got it or not. Would I have had to run an .exe for it to get into my system? Or could it have gotten into my system by merely downloading the infected file and not running it?

I guess avast didn't catch it until it was too late, are there any other programs I can run that will detect it and warn me or stop the virus before it can bury itself again?

Thanks for help :bigthumb:

Hi,

Good to hear you are up & running again.

The keygen you ran may have come with one or more downloaders.
It likely installed Vundo and most likely installed a backdoor.
Having this backdoor open --whoever was on the other end of it could have downloaded and ran the infector.
In this case the keygen worked but it was likely a self extracting exe packed with the rest of the baddies.
Hard to say... mabye the keygen itself was infected.
Much of the time files infected with this virus still work but they can also infect other systems.

Yesterday Avast didn't detect this particular varient. I sent it out to every AV comapny I could find as well as several other researchers.
I'm pretty sure by today most are detecting it and should be able to stop its execution.

As you found out keygens are dangerous. I don't advise running them.
Half the time people uploading cracks and such don't even know they are infected.
mis-configured p2p programs can cause suto-sharing of infected files too.

In general I don't recommend running p2p programs of any kind.
Leaves too many holes open on the system and can lead to malware infections.
Mis-configured p2p programs can also lead to you sharing personal documents and such too.

See here for more info:

http://spywarewarrior.com/viewtopic.php?t=26216&sid=81e62eb6fe99a5bad157cee792b31b7f

If you must use p2p...here is some info:
http://forums.spybot.info/showthread.php?t=282

One can usually find free alterneative programs that will do whatever the program is you are trying to crack.

iso creator:
http://www.portablefreeware.com/?id=10

If you want to make ISOs from CDs:
http://www.dubaron.com/cd2iso/

Several other useful tools on that page that will likely fill most people's needs.

Better get a firewall installed if you don't have one yet.
XP firewall is OK for incomming attacks only and not outgoing.
having outgoing protection you can at least block unknown programs from "calling home" and help stop further infection.

Several decent firewall and other prevention programs (most free) are listed here with other tips to help protect yourself:

http://forums.spybot.info/showthread.php?t=279

http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spywareinfo.com/index.php?showtopic=100662&st=0&p=549685&#entry549685

Take care & surf safe!