Hey i had virtumonde, but i rigorously clean my system with AVG free edition and SpyBot however viruses, trojans and other spyware continue to appear on my computer. Ive followed advice of the other posts and ran Combo fix and got this log:

ComboFix 08-09-03.06 - Tendai 2008-09-04 21:21:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.645 [GMT 1:00]
Running from: C:\Documents and Settings\Tendai\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Tendai\Local Settings\Temporary Internet Files\sph264.dll
C:\Documents and Settings\Tendai\Local Settings\Temporary Internet Files\spmpeg4.dll
C:\Documents and Settings\Tendai\Local Settings\Temporary Internet Files\sptheo.dll
C:\Documents and Settings\Tendai\Local Settings\Temporary Internet Files\StreamPlug.dll
C:\WINDOWS\BMebcf39f5.txt
C:\WINDOWS\BMebcf39f5.xml
C:\WINDOWS\system32\aetjui.dll
C:\WINDOWS\system32\bIPoYcdd.ini
C:\WINDOWS\system32\bIPoYcdd.ini2
C:\WINDOWS\system32\gbmsskjo.ini
C:\WINDOWS\system32\gnymmgfw.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ojkssmbg.dll
C:\WINDOWS\system32\qlnppyqi.dll
C:\WINDOWS\system32\vygsnrlx.ini

.
((((((((((((((((((((((((( Files Created from 2008-08-04 to 2008-09-04 )))))))))))))))))))))))))))))))
.

2008-09-04 11:32 . 2008-09-04 12:07 1,452 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-04 11:26 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-09-04 11:26 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-09-04 11:26 . 2008-09-02 23:58 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-04 11:26 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-09-04 11:26 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-09-04 11:26 . 2008-08-28 22:36 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-09-04 11:26 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-09-04 11:26 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-09-04 11:26 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-09-04 11:26 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-09-03 21:26 . 2008-09-03 21:26 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-03 21:26 . 2008-09-03 21:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-02 20:27 . 2008-09-04 19:02 211 --a------ C:\WINDOWS\wininit.ini
2008-09-02 19:42 . 2008-09-04 20:50 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-02 19:35 . 2008-09-03 08:05 <DIR> d-------- C:\Program Files\VirtualDJ
2008-09-02 16:29 . 2008-09-02 16:29 <DIR> d--h----- C:\WINDOWS\PIF
2008-08-26 19:58 . 2008-08-26 19:58 <DIR> d-------- C:\Program Files\VSTplugins
2008-08-26 19:58 . 2008-08-26 19:58 <DIR> d-------- C:\Documents and Settings\Tendai\Application Data\Publish Providers
2008-08-26 18:44 . 2008-08-26 18:44 <DIR> d-------- C:\Documents and Settings\Tendai\Application Data\Sony
2008-08-26 18:43 . 2008-08-26 18:43 <DIR> d-------- C:\Program Files\Sony Setup
2008-08-26 18:43 . 2008-08-26 18:43 <DIR> d-------- C:\Program Files\Sony
2008-08-26 17:37 . 2008-08-26 17:37 <DIR> d-------- C:\Documents and Settings\Tendai\Application Data\vlc
2008-08-26 17:36 . 2008-08-26 17:36 <DIR> d-------- C:\Program Files\VideoLAN
2008-08-26 16:09 . 2008-09-04 19:59 <DIR> d-------- C:\Program Files\mIRC
2008-08-26 16:09 . 2008-09-04 21:11 <DIR> d-------- C:\Documents and Settings\Tendai\Application Data\mIRC
2008-08-25 22:40 . 2008-08-26 08:46 616 --a------ C:\WINDOWS\eReg.dat
2008-08-25 22:32 . 2008-08-25 22:32 <DIR> d-------- C:\Program Files\EA Games
2008-08-20 03:00 . 2008-08-20 03:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-08-14 09:06 . 2008-04-11 20:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-14 08:06 . 2008-05-01 15:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-08 08:44 . 2008-08-08 08:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
2008-08-08 00:09 . 2008-08-08 00:09 <DIR> d-------- C:\Program Files\Microsoft Games
2008-08-08 00:04 . 2008-08-08 00:04 <DIR> d-------- C:\Program Files\MagicISO
2008-08-07 00:36 . 2008-08-07 09:35 <DIR> d-------- C:\Documents and Settings\Tendai\Contacts
2008-08-07 00:32 . 2008-08-07 00:32 <DIR> d-------- C:\Program Files\MSN Messenger

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-04 20:11 --------- d-----w C:\Documents and Settings\Tendai\Application Data\uTorrent
2008-09-04 19:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-04 19:38 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-03 20:26 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-02 18:46 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-26 07:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-19 15:42 --------- d-----w C:\Program Files\Garena
2008-08-07 23:07 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-07 13:13 --------- d-----w C:\Program Files\Warcraft III
2008-07-20 16:25 --------- d-----w C:\Documents and Settings\Tendai\Application Data\Ventrilo
2008-07-19 19:10 --------- d-----w C:\Documents and Settings\Tendai\Application Data\InstallShield
2008-07-19 19:02 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-07-19 18:57 --------- d-----w C:\Program Files\S3
2008-07-19 18:27 --------- dc-h--w C:\Documents and Settings\All Users\Application Data\{BB55CB49-6330-4B53-B9A7-7ACBC2E8F14F}
2008-07-19 18:27 --------- d-----w C:\Program Files\XPC Tools
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 21:08 --------- d-----w C:\Documents and Settings\Tendai\Application Data\DivX
2008-07-18 17:13 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-07-18 17:13 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-07-18 17:06 --------- d-----w C:\Program Files\DAEMON Tools Toolbar
2008-07-18 17:03 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-07-18 17:03 --------- d-----w C:\Documents and Settings\Tendai\Application Data\DAEMON Tools
2008-07-18 11:07 --------- d-----w C:\Program Files\Guild Wars
2008-07-18 09:39 --------- d-----w C:\Program Files\Ventrilo
2008-07-18 08:05 --------- d-----w C:\Program Files\Cedelia
2008-07-18 06:15 --------- d-----w C:\Documents and Settings\Tendai\Application Data\LimeWire
2008-07-18 06:06 --------- d-----w C:\Program Files\uTorrent
2008-07-17 21:00 --------- d-----w C:\Program Files\DivX
2008-07-17 20:41 --------- d-----w C:\Program Files\Java
2008-07-17 20:40 --------- d-----w C:\Program Files\Common Files\Java
2008-07-17 20:37 --------- d-----w C:\Program Files\LimeWire
2008-07-17 18:34 --------- d-----w C:\Program Files\QuickTime
2008-07-17 18:34 --------- d-----w C:\Program Files\iTunes
2008-07-17 18:34 --------- d-----w C:\Program Files\iPod
2008-07-17 18:34 --------- d-----w C:\Program Files\Bonjour
2008-07-17 18:34 --------- d-----w C:\Documents and Settings\Tendai\Application Data\Apple Computer
2008-07-17 18:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-17 18:33 --------- d-----w C:\Program Files\Common Files\Apple
2008-07-17 18:33 --------- d-----w C:\Program Files\Apple Software Update
2008-07-17 18:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-07-17 14:52 --------- d-----w C:\Documents and Settings\Tendai\Application Data\AVGTOOLBAR
2008-07-17 14:49 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-17 14:49 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-07-17 14:49 --------- d-----w C:\Program Files\AVG
2008-07-17 14:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-07-17 13:59 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-10 08:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-18 17:52 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-06-11 00:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-06-11 00:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-06-11 00:07 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-06-11 00:07 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-06-11 00:07 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-06-11 00:04 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-06-11 00:04 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-17 490952]
"DriverUpdaterPro"="C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe" [2008-06-26 2294272]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-02 1235736]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"C-Media Mixer"="Mixer.exe" [2002-10-15 C:\WINDOWS\mixer.exe]
"VTTimer"="VTTimer.exe" [2005-03-08 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-11-01 C:\WINDOWS\system32\VTTrayp.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll aetjui.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Garena\\Garena.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"C:\\Program Files\\EA Games\\Command and Conquer Generals\\patchget.dat"=
"C:\\Program Files\\mIRC\\mirc.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-02 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-02 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-02 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-17 76040]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{D3F9A038-2323-456E-954D-3561DE1514E2} - C:\WINDOWS\system32\ddcYoPIb.dll
HKLM-Run-e8fc0a69 - C:\WINDOWS\system32\wfgmmyng.dll
HKLM-Run-BMebcf39f5 - C:\WINDOWS\system32\tkyhvxtv.dll
ShellExecuteHooks-{D6AEEADC-7733-4AA6-9CC3-2A0415F73416} - C:\WINDOWS\system32\opnmJApP.dll
Notify-opnmJApP - opnmJApP.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Tendai\Application Data\Mozilla\Firefox\Profiles\hx0zscyx.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPStreamPlug.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-04 21:23:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-09-04 21:26:09 - machine was rebooted [Tenken]
ComboFix-quarantined-files.txt 2008-09-04 20:26:06

Pre-Run: 171,138,965,504 bytes free
Post-Run: 171,124,305,920 bytes free

223 --- E O F --- 2008-08-27 02:00:33


thank you :D

Tenken
--------------------------------
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
Do NOT run 'fixes' before helpers have analyzed the HJT log (http://forums.spybot.info/showthread.php?t=16806)
File Sharing, otherwise known as Peer To Peer. (P2P) (http://forums.spybot.info/showthread.php?t=282)
Particularly post #4, http://forums.spybot.info/showpost.php?p=218503&postcount=4

Hello Tenken

Welcome to Safer Networking.

Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
That said, All advice given by anyone volunteering here, is taken at own risk.
While best efforts are made to assist in removing infections safely, unexpected stuff can happen.



If you run Combofix on your own, this forum, myself and sUbs will not be responsible if your disable your system, its a very powerful tool that should be run with supervision, its not a general all purpose cleaning tool




We have noticed that many people seeking help from us are coming with infections contracted from the use of P2P programs.

Because of this, we changed our malware forum's policy on the use of P2P file sharing programs.


If your helper detects the presence of such programs on your computer he/she will ask you to remove them. Help will be withdrawn should you not agree to their removal.
If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programs, volunteer analysts will refuse their help.


We do not ask you to do this without reason.


P2P (File Sharing ) programs form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P program is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program.

Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.

This article from InfoWorld illustrates the dangers of a poorly configured P2P program.
http://www.infoworld.com/article/07/09/06/...ID-theft_1.html (http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html)

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

C:\\Program Files\\uTorrent <--- Uninstall this via the Add Remove Programs in the Control Panel and then post a Hijackthis log.



Download Trendmicros Hijackthis (http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe) to your desktop.

Double click it to install
Follow the prompts and by default it will install in C:\Program Files\Trendmicro\Hijackthis\Highjackthis.exe
Open HJT Scan and Save a Log File, it will open in Notepad
Go to Format and make sure Wordwrap is Unchecked
Go to Edit> Select All.....Edit > Copy and Paste the new log into this thread by using the Post Reply and not start a New Thread.

DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.