BleepingComputer.com: Virus Cornucopia on Office Computer

I had so much success with my personal computer with the help of some pretty amazing people here that I thought I would try to help my boss out as well. I work for a small construction company and our sole computer is and has been infected with a SLEW of things since I began in his employ. I'd like to clean it up for him, but I don't even know where to start. As this is a business computer, the files are clearly important and used daily... but it's in pretty bad shape. From dropping internet connections, to google rerouting, to recovery, to pop ups, you name it...

Thanks so much for taking the time to read this.

P.S. I have taken all the steps required per instructions, but will refrain from posting the DDS log until it's requested.

This post has been edited by Christie23: 28 June 2011 - 09:38 AM

first of all you need to download malwarebytes antimalware which is found here
however if you cannot get to the site on your infected computer you will need a cd or flash drive and you will need to put the installer on the cd or the flash drive after thats done install malwarebytes antimalware and update it then do a quick scan with it then post the log it gives you here

Ok... scan results here. Should I remove these?

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6967

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19088

6/28/2011 11:43:01 AM
mbam-log-2011-06-28 (11-42-44).txt

Scan type: Quick scan
Objects scanned: 163396
Time elapsed: 4 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 1
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 3
Files Infected: 21

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\Users\Owner\AppData\Local\usisulej.dll (Trojan.Hiloti.Gen) -> No action taken.
c:\Users\Owner\AppData\Local\KBDapi.dll (Trojan.Hiloti) -> No action taken.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Xvudo (Trojan.Hiloti.Gen) -> Value: Xvudo -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ysovupavidi (Trojan.Hiloti) -> Value: Ysovupavidi -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\agent.exe (Trojan.FraudPack) -> Value: agent.exe -> No action taken.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\Program Files\PCenter\pc.exe) Good: (Explorer.exe) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

Folders Infected:
c:\programdata\13856344 (Rogue.Multiple) -> No action taken.
c:\program files\anti-virus professional (Rogue.AntiVirusProfessional) -> No action taken.
c:\program files\anti-virus professional\logs (Rogue.AntiVirusProfessional) -> No action taken.

Files Infected:
c:\Users\Owner\AppData\Local\usisulej.dll (Trojan.Hiloti.Gen) -> No action taken.
c:\Users\Owner\AppData\Local\KBDapi.dll (Trojan.Hiloti) -> No action taken.
c:\Users\Owner\AppData\Local\Temp\Low\0.46113687947928017.bat (Trojan.DroopTroop) -> No action taken.
c:\Users\Owner\AppData\Local\Temp\Low\odn.exe (Trojan.Agent) -> No action taken.
c:\Users\Owner\AppData\Local\Temp\Low\ooo.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Owner\AppData\Local\Temp\Low\dml3h-update2 .exe (Trojan.Hiloti) -> No action taken.
c:\Users\Owner\AppData\Local\Temp\Low\dwv.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\Owner\AppData\Local\Temp\Low\fqaogcefhj.exe (Trojan.Hiloti) -> No action taken.
c:\Users\Owner\AppData\Local\Temp\Low\cocuweblrd.exe (Trojan.Agent.Gen) -> No action taken.
c:\Users\Owner\AppData\Local\Temp\Low\xhvqgonvsc.exe (Rogue.SecurityTool) -> No action taken.
c:\Users\Owner\AppData\Local\Temp\Low\jxshvtoeoi.exe (Trojan.FakeAlert.Gen) -> No action taken.
c:\Users\Owner\local settings\application data\KBDapi.dll (Trojan.Hiloti) -> No action taken.
c:\Users\Owner\local settings\application data\usisulej.dll (Trojan.Hiloti.Gen) -> No action taken.
c:\Users\Owner\Desktop\PCenter.lnk (Rogue.PrivacyCenter) -> No action taken.
c:\programdata\13856344\pc13856344ins (Rogue.Multiple) -> No action taken.
c:\program files\anti-virus professional\anti-virus professional.exe (Rogue.AntiVirusProfessional) -> No action taken.
c:\program files\anti-virus professional\noadware4_021709.na (Rogue.AntiVirusProfessional) -> No action taken.
c:\program files\anti-virus professional\nutilities.dll (Rogue.AntiVirusProfessional) -> No action taken.
c:\program files\anti-virus professional\unins000.dat (Rogue.AntiVirusProfessional) -> No action taken.
c:\program files\anti-virus professional\unins000.exe (Rogue.AntiVirusProfessional) -> No action taken.
c:\program files\anti-virus professional\uninstldll.dll (Rogue.AntiVirusProfessional) -> No action taken.

remove them then reboot

Done and ready for the next step.

Thanks for your help.

This post has been edited by Christie23: 28 June 2011 - 12:01 PM

install firefox its way more safer then ie and also the rogue may have changed your settings on the internet so that it connects to a proxy that does not exist if so then you need to change it to no proxy or system settings proxy

edit:my proxy settings are use system proxy settings on firefox

This post has been edited by firemaster1337: 28 June 2011 - 12:23 PM