[spykat]

Dear Forum,

It appears that I have been invaded by multiple trojans, droppers, etc.
I first noticed something was wrong when I booted up, and just as the Windows screen was coming on, it would reboot..over and over.
I got out my Windows 2000 (yeah, I know) install CD and used the "Rescue" console. This allowed me to at least boot up completely.

Soon, however, my Avast antivirus popped up with a virus warning.
Ran Avast in Safe Mode -- quarantined suspect files then rebooted.
Still infected.
In succession,in Safe Mode ran: Spybot S&D, Malwarebytes Anti-malware, a-squared Free, and SuperAntiSpyware. While MANY malware items were discovered and deleted/quarantined, they seemed to come back upon the next boot-up.

Other observances:

* Avast notified me of a possible infection of SVCHOST.exe.
I was afraid to delete or quarantine it however.
I have three occurrences of this file on my system:
C:\WINNT: 1,141 kb, altered 10/22/2009 11:39AM
C:\WINNT\system32: 7 kb altered 12/07/1999 5:00AM
C:\WINNT\system32\dllcache: 27 kb altered 12/07/1999 5:00AM
The first, larger, recently altered one gives me some concern.

* 9129837.exe in Task Manager; can't be killed.

* Upon running CCleaner:
There are usually entries in the
C:\WINNT\TEMP directory that either can't be removed, or replicate themselves instantly.
While not always the same files, here are the latest two:
C:\WINNT\TEMP\mta13187.dll
C:\WINNT\TEMP\nea3F.tmp
I have also seen a.tmp, b.tmp, etc in this location.

* Attempting to open some programs will bring up a "Windows Installer" window. Presumably, these programs, having been on my computer for some time are already fully installed. Not sure if this is malware related, or another problem (ugh).

* Some internet sites "Can Not be found" -- specifically antivirus sites, and even the "Windows Update" site. Being blocked my some nasty trojan perhaps?

OK, now for some data.
Here is my HijackThis Log [NOTE:Updated on 10/23 to reflect additional scan done with Spybot S&D (log attached) ]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:30 AM, on 10/23/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\FastNetSrv.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINNT\Explorer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\GhostWall\ghostwall.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINNT\system32\msiexec.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\E.tmp
C:\WINNT\system32\svchost.exe
C:\WINNT\svchost.exe
C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE
C:\WINNT\svchust.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\WBEM\WinMgmt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINNT\System32\userinit.exe,C:\WINNT\System32\drivers\smss.exe
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://D%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5Cgoogle.src "); (C:\Documents and Settings\RICK\Application Data\Mozilla\Profiles\default\tq59upyp.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\Msdxm.ocx
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GhostWall] "C:\Program Files\GhostWall\ghostwall.exe" -minimize
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Policies\Explorer\Run: [exec] C:\WINNT\fonts\services.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\FlashUtil10b.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Use webcow on this Page - C:\Program Files\WebCow\wcie.iemenu.htm
O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2005\spy.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Use webcow on this &Selection - C:\Program Files\WebCow\wcie.iemenu2.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O15 - Trusted Zone: www.bayareascene.net
O15 - Trusted Zone: http://www.bayareascene.net
O15 - Trusted Zone: *.calhawaiianhoa.org
O15 - Trusted Zone: *.disqus.com
O15 - Trusted Zone: googleads.g.doubleclick.net
O15 - Trusted Zone: www.fremontasbaseball.com
O15 - Trusted Zone: www.goodwillsv.org
O15 - Trusted Zone: www.lincolnavenuewillowglen.com
O15 - Trusted Zone: *.linkshare.com
O15 - Trusted Zone: *.linksynergy.com
O15 - Trusted Zone: http://www.pandasoftware.com
O15 - Trusted Zone: http://www.rickshrum.com
O15 - Trusted Zone: *.sanjosecellphones.com
O15 - Trusted Zone: www.staples.com
O15 - Trusted Zone: *.viator.com
O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: pmod11 - C:\WINNT\SYSTEM32\pmod11.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Express Accounts (ExpressAccountsService) - Unknown owner - C:\Program Files\NCH Software\ExpressAccounts\expressaccounts.exe (file missing)
O23 - Service: Express Invoice (ExpressInvoiceService) - NCH Software - C:\Program Files\NCH Software\ExpressInvoice\expressinvoice.exe
O23 - Service: fastnetsrv Service (fastnetsrv) - Netopsystems A - C:\WINNT\system32\FastNetSrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Net Login (NetLogin) - Unknown owner - C:\WINNT\svchost.exe
O23 - Service: Net_Login - Unknown owner - C:\WINNT\svchust.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINNT\System32\TuneUpDefragService.exe

--
End of file - 8434 bytes

---
Here are the results on 2 SUPERAntiSpyware Scans:
1)
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/22/2009 at 03:21 AM

Application Version : 4.29.1002

Core Rules Database Version : 4144
Trace Rules Database Version: 2075

Scan type : Custom Scan
Total Scan Time : 00:05:37

Memory items scanned : 341
Memory threats detected : 2
Registry items scanned : 7439
Registry threats detected : 1
File items scanned : 3
File threats detected : 2

Trojan.Agent/Gen-WIWOW64
C:\WINNT\SYSTEM32\WMDTC.EXE
C:\WINNT\SYSTEM32\WMDTC.EXE

Trojan.Downloader-Gen/Win
C:\WINNT\9129837.EXE
C:\WINNT\9129837.EXE
[ttool] C:\WINNT\9129837.EXE
--
2)
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/22/2009 at 11:24 AM

Application Version : 4.29.1002

Core Rules Database Version : 4144
Trace Rules Database Version: 2075

Scan type : Complete Scan
Total Scan Time : 01:44:33

Memory items scanned : 205
Memory threats detected : 0
Registry items scanned : 7472
Registry threats detected : 6
File items scanned : 32160
File threats detected : 7

Trojan.Dropper/Sys-NV
HKLM\System\ControlSet001\Services\Nwsapagent
C:\WINNT\SYSTEM32\NWSAPV32.DLL
HKLM\System\ControlSet001\Enum\Root\LEGACY_Nwsapagent
HKLM\System\ControlSet002\Services\Nwsapagent
HKLM\System\ControlSet002\Enum\Root\LEGACY_Nwsapagent
HKLM\System\CurrentControlSet\Services\Nwsapagent
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_Nwsapagent
C:\WINNT\SYSTEM32\IPRIPV32.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Default User.WINNT\Cookies\system@content.yieldmanager[1].txt

Trojan.Agent/Gen-NumTemp
C:\WINNT\SYSTEM32\9.TMP

Trojan.Agent/Gen-Dropper[Temp]
C:\WINNT\SYSTEM32\C.TMP

Trojan.Agent/Gen-Pher[ProQuota]
C:\WINNT\SYSTEM32\DLLCACHE\PROQUOTA.EXE

Trojan.Dropper/Win-NV
C:\WINNT\SV1.EXE
---
If useful, and you are familiar with this, here are the results of a "Rooter" malware finder scan:

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows 2000 . (5.0.2195) Service Pack 4
[32_bits] - x86 Family 15 Model 2 Stepping 4, GenuineIntel
.
Error OpenService (wscsvc) : 1060
[SharedAccess] STOPPED (state:1) : Windows Firewall -> Disabled !
.
Internet Explorer 6.0.2800.1106
Mozilla Firefox 3.5.3 (en-US)
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:111 Go - Free:51 Go )
D:\ [Fixed-NTFS] .. ( Total:19 Go - Free:7 Go )
E:\ [CD_Rom]
F:\ [CD_Rom]
.
Scan : 16:56.19
Path : C:\Rooter$\Rooter.exe
User : Rick ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (8)
______ \SystemRoot\System32\smss.exe (152)
______ \??\C:\WINNT\system32\csrss.exe (180)
______ \??\C:\WINNT\system32\winlogon.exe (200)
______ C:\WINNT\system32\services.exe (228)
______ C:\WINNT\system32\lsass.exe (240)
______ C:\WINNT\system32\svchost.exe (404)
______ C:\WINNT\system32\spoolsv.exe (424)
______ C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (488)
______ C:\Program Files\Alwil Software\Avast4\ashServ.exe (504)
______ C:\WINNT\system32\svchost.exe (528)
______ C:\WINNT\System32\svchost.exe (552)
______ C:\WINNT\system32\FastNetSrv.exe (564)
______ C:\WINNT\system32\hidserv.exe (600)
______ C:\WINNT\system32\MSTask.exe (640)
______ C:\WINNT\system32\stisvc.exe (760)
______ C:\Program Files\UPHClean\uphclean.exe (796)
______ C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (212)
______ C:\WINNT\Explorer.exe (1016)
______ C:\Program Files\Analog Devices\SoundMAX\Smtray.exe (1140)
______ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (1148)
______ C:\Program Files\GhostWall\ghostwall.exe (1184)
______ C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb05.exe (1192)
______ C:\WINNT\system32\msiexec.exe (1220)
______ C:\WINNT\system32\svchost.exe (1296)
______ C:\WINNT\svchost.exe (1496)
______ C:\WINNT\svchust.exe (1120)
______ C:\WINNT\9129837.exe (1520)
______ C:\Program Files\Internet Explorer\iexplore.exe (2612)
______ C:\Program Files\Mozilla Firefox\firefox.exe (4396)
______ C:\WINNT\system32\NOTEPAD.EXE (4552)
______ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (4720)
______ C:\WINNT\System32\notepad.exe (4792)
______ C:\WINNT\System32\notepad.exe (4824)
______ C:\Program Files\a-squared Free\a2service.exe (5440)
______ C:\Program Files\CCleaner\ccleaner.exe (5496)
______ C:\Program Files\Internet Explorer\IEXPLORE.EXE (5556)
______ C:\Program Files\Trend Micro\HijackThis\HijackThis.exe (5692)
______ C:\WINNT\System32\WBEM\WinMgmt.exe (5672)
______ C:\WINNT\system32\NOTEPAD.EXE (5820)
______ C:\Rooter$\Rooter.exe (4532)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
----------------------\\ Scheduled Tasks
.
C:\WINNT\Tasks\AppleSoftwareUpdate.job
C:\WINNT\Tasks\desktop.ini
C:\WINNT\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
C:\WINNT\System32\fhhkj.bak1
C:\WINNT\System32\fhhkj.bak2
C:\WINNT\System32\fhhkj.tmp
C:\WINNT\System32\fhhkj.bak1
C:\WINNT\System32\fhhkj.bak2
C:\WINNT\System32\fhhkj.tmp
==> Vundo <==
.
C:\DOCUME~1\RICKPR~1.000\My Documents\Downloads\Metadata\_crack_ ppt2flash pro 4.1 1 by CLONECD (Unreleased).zip.xml
C:\DOCUME~1\RICKPR~1.000\My Documents\Downloads\Metadata\_crack_ ppt2flash pro 4.1 1 by CLONECD (Unreleased).zip.xml
==> Cracks & Keygens <==
.
----------------------\\ Scan completed at 16:56.40
.
C:\Rooter$\Rooter_5.txt - (22/10/2009 | 16:56.40).c
---
I am running a PC with 1 Gig of RAM, on Windows 2000, Service Pack 4.
Please inform me of any other information you need.

I realize I have provided a lot of information, but hopefully, it will assist you in diagnosing this thing.

While I realize I am not alone in this boat, if I were to lose my system, I would be in big trouble.

Any help would be kindly appreciated.

Thanks,
Rick

UPDATE, 10/23:
I did another scan with Spybot S&D.
In order to save space, I included the log of the results as an attachment.

[spykat]

Seems I can't edit my orig. message, so I will post it here.
Am including MalwareBytes Log. I did NOT delete any of the malware it found (I chickened out!):
--
Malwarebytes' Anti-Malware 1.41
Database version: 2981
Windows 5.0.2195 Service Pack 4

10/23/2009 6:31:34 PM
malwarebytesLog).txt

Scan type: Quick Scan
Objects scanned: 6370
Time elapsed: 24 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINNT\system32\Irmonex.dll (Trojan.Proxy) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\irmon (Trojan.Proxy) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\irmon (Trojan.Proxy) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\irmon (Trojan.Proxy) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINNT\system32\Irmonex.dll (Trojan.Proxy) -> No action taken.
c:\WINNT\system32\daqdrv.sys (Backdoor.Bot) -> No action taken.
--

Here is the scan findings from Root Repeal:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/10/23 18:11
Program Version: Version 1.3.5.0
Windows Version: Windows 2000 SP4
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINNT\System32\Drivers\dump_atapi.sys
Address: 0xBE6D5000 Size: 86016 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINNT\System32\Drivers\dump_WMILIB.SYS
Address: 0xEB5E5000 Size: 4096 File Visible: No Signed: -
Status: -

Name: RecAgent.sys
Image Path: RecAgent.sys
Address: 0xEB418000 Size: 16384 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINNT\System32\drivers\rootrepeal.sys
Address: 0xBCFE6000 Size: 49152 File Visible: No Signed: -
Status: -

Name: uphcleanhlp.sys
Image Path: C:\WINNT\System32\Drivers\uphcleanhlp.sys
Address: 0xBD366000 Size: 12288 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\Documents and Settings\Rick.PROJECT-X.000\My Documents\MAXX-8~1.TIF:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

==EOF==

---
Should also note, at one point, my system lost track of where notepad.exe was located. I heard reference to the QAZ Trojan causing this, altho I did not find any references to any registry entries, as recounted on this page:
http://www.pchell.com/virus/qaz.shtml

Once again, thank you.

[spykat]

Not being impatient or anything, but since I believe I may have the very nasty Virut infection, I was wondering if it may still be some time before anyone can look into my case.
If so, can someone please confirm that is indeed the case?

Thanks for your time.

[spykat]

Hello,

While no one here is under any obligation to help those who come looking for assistance, if you are going to go to the trouble of making such an offer, it should be followed up on.

Awhile back, I laid out a severe malware problem I was experiencing (see above).
As you can see, I included an abundance of data to assist the mods here toward analyzing my situation.
I waited...and waited...then waited some more without anyone taking up my case.
Finally, I said the heck with it and saved what I could of my files, reformatted my HD, then reinstalled my OS.

As it turned out, I had the Evil Virut infection, so I likely would have had to have wiped everything out and reinstalled it anyway.
It just would have been nice to have had someone here follow thru and tell me that.
Just sayin'...