My computer was infected with antivirus xp 2008, which I now believe I have gotten rid of (Hopefully all of it). I was still having some problems such as trying to go to a website and being jumped to another unrelated site. I have performed a variety of spyware scans including SuperAntispyware, Spybot, Malwarebyte's Anti-malware, as well as Windows live system scan which revealed the following trojans: Trojan:win32/Busky.EC , Trojan:Win32/Tibs.J , Trojan:Win32/Vundo.gen!H , and Trojan:win32/Vundo.gen!R I then ran symantec's fix vundo which states that it removed 1 virus. I have Trend Micro Internet Security on my computer but am worried that it has also been affected because It keeps saying that my "unauthorized change Prevention Service has been shut down" I have limited experience with computers so I am in desperate need of help with these problems!!!

CCRN396

Download and scan with Dr.Web CureIt. Follow the instructions here for performing a scan in "safe mode".
-- Post the log in your next reply and let me know how your computer is running.

Also post the last scan results from MBAM.
Launch MBAM.
Click the Logs Tab at the top.
mbam-log-7-18-2008(09-52-04).txt should show in the list. <- your dates will be different from this exampe
Click on the log name to highlight it.
Go to the bottom and click on Open.
The log should automatically open in notepad as a text file.
Go to Edit and choose Select all.
Go back to Edit and choose Copy or right-click on the highlighted text and choose copy from there.
Come back to this thread, click Add Reply, then right-click and choose Paste.

Thank You quietman7 for your help! So far I have not encountered any more problems with my computer since running Dr.Web CureIt. Here are the results of the log:

css4[1];C:\Documents and Settings\Heidi\Local Settings\Temporary Internet Files\Content.IE5\X4FUBN10;Trojan.Virtumod.based.21;Deleted.;

Here is the results of the last MBAM Scan:

Malwarebytes' Anti-Malware 1.21
Database version: 966
Windows 5.1.2600 Service Pack 2

11:03:10 PM 7/20/2008
mbam-log-7-20-2008 (23-03-09).txt

Scan type: Quick Scan
Objects scanned: 1
Time elapsed: 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Here is the MBAM Scan prior to the above one:

Malwarebytes' Anti-Malware 1.21
Database version: 966
Windows 5.1.2600 Service Pack 2

7:27:12 PM 7/19/2008
mbam-log-7-19-2008 (19-27-12).txt

Scan type: Quick Scan
Objects scanned: 54645
Time elapsed: 14 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcjrtj0el9n (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhcjrtj0el9n (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008 (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk (Rogue.AntivirusXP) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcnrtj0el9n.exe (Trojan.FakeAlert) -> Delete on reboot.

That's good news.

However, your MBAM log indicates you are using an older version of MBAM with an outdated database. Please download the most current version of MBAM from here, remove the old and then install the new one. If you encounter any problems while downloading the updates, manually download the updates and just double-click on mbam-rules.exe to install.

After performing a new scan, don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

Should I perfrom the scan in normal mode or in safe mode?

Normal mode please.

Thanks again!! That was a good call..

Malwarebytes' Anti-Malware 1.22
Database version: 984
Windows 5.1.2600 Service Pack 2

6:03:26 PM 7/23/2008
mbam-log-7-23-2008 (18-03-26).txt

Scan type: Full Scan (C:\|)
Objects scanned: 140305
Time elapsed: 1 hour(s), 49 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

All was fine until this eve when I couldn't install my windows update and then I was prevented from accessing certain sites such as this one and then lost my internet access completely. I performed a system scan using my antivirus program Trend internet security which I believe removed a bunch of spyware. I rebboted only to find that my antivirus program was claiming that my firewall was disabled. Just when I thought I was getting somewhere?!!

What firewall are you using? Did you confirm if the firewall was actually disabled?

How was your Internet access after performing the scan and removing more spyware?

Okay,
I'm using Trend Micro Internet Security. I've recently made some changes to secure my computer and I'm not sure if I'm trying to do too much at once and changed something I shouldn't have? The only way I could access the internet was to shut off Trend's Firewall and to turn on Windows Firewall. I ran a diagnostics on my Internet connection (before shutting off Trend's firewall) and it stated to check my firewall settings & that windows can't connect to internet using HTTP,HTTPS, or FTP. It also told me to check my port settings.
My Trend Internet security Icon is what alerted me that my firewall was disabled. When I opened the main screen I believe it was alerting me that it was off, but when I went to the firewall settings, everything was as I had set (ON.).