1) Some programs won't open (HJT runs, runscanner runs, Ccleaner runs, malware bytes won't install, spyware won't install, tried running combofix but it wouldn't run either. Firefox will open but I'm hesitant to open it for very long (I'm typing this on the second PC). That is my first problem. I don't know if changing the file names on spybot will help or not, but I didn't try.
2) IExplore.exe keeps opening at random intervals. I can kill the process, but it's obviously running on its own.
3) userinit.exe is a different filesize and has a new modified date (119kb and right when the infection happened). I checked it vs the second PC to notice the problem but I'm very hesitant to start messing with system files so I came to you guys to hopefully get some advice.
4) There is a file with the name __c00F3D91.dat which is undeletable and identifies as a winlogon notify issue in hjt. It is also undeletable in safe mode on the administrator account.
5)ntdll64.dll located in doc&settings/user/local settings/temp alog with a .tmp file. Neither could be deleted in safe mode on a separate account.
6) Windows firewall says it is being controlled by group settings and refuses to turn on. I had it off when the infection occured and read in one of your many readme/FAQ stickies that I should turn it on.
I'm running windows XP pro sp2 but I'm certain the problem is that I haven't updated in ages so that's a new priority for me (like most in my position, I assume). I'm not sure what to do right now, but I hope somebody here does =) Thanks for reading!
edit: oh and thanks for the great site! very great thing you're doing here.
Edited by omgitswill, 19 February 2009 - 07:03 PM.