No change yet.
But then iexplorer.exe starts up again a minute later and I'm back to moving at a snail's pace.
Please download and run Processexplorer
http://technet.microsoft.com/en-us/sysinte...s/bb896653.aspx
Under file and save as, create a log and post here
copy and paste into a reply
Process PID CPU Description Company Name
System Idle Process 0 63.97
Interrupts n/a Hardware Interrupts
DPCs n/a 1.47 Deferred Procedure Calls
System 4 0.74
smss.exe 896 Windows NT Session Manager Microsoft Corporation
csrss.exe 952 Client Server Runtime Process Microsoft Corporation
winlogon.exe 976 Windows NT Logon Application Microsoft Corporation
services.exe 1020 0.76 Services and Controller app Microsoft Corporation
svchost.exe 1212 Generic Host Process for Win32 Services Microsoft Corporation
wmiprvse.exe 3652 WMI Microsoft Corporation
NMIndexStoreSvr.exe 5108 Nero Home Nero AG
BTSTAC~1.EXE 4212 Bluetooth Stack COM Server Broadcom Corporation.
iexplore.exe 6248 Internet Explorer Microsoft Corporation
iexplore.exe 6180 Internet Explorer Microsoft Corporation
svchost.exe 1284 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1324 Generic Host Process for Win32 Services Microsoft Corporation
wscntfy.exe 3664 Windows Security Center Notification App Microsoft Corporation
svchost.exe 1448 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1460 1.52 Generic Host Process for Win32 Services Microsoft Corporation
CCSETMGR.EXE 1684 Symantec Settings Manager Service Symantec Corporation
CCEVTMGR.EXE 1956 Symantec Event Manager Service Symantec Corporation
CCPROXY.EXE 2044 Symantec Network Proxy Service Symantec Corporation
PIFSvc.exe 160 LiveUpdate Notice Service Symantec Corporation
SNDSrvc.exe 232 Network Driver Service Symantec Corporation
SPBBCSvc.exe 288 SPBBC Service Symantec Corporation
symlcsvc.exe 304
spoolsv.exe 768 Spooler SubSystem App Microsoft Corporation
msdtc.exe 1168 MS DTC console program Microsoft Corporation
AluSchedulerSvc.exe 1348 Automatic LiveUpdate Scheduler Service Symantec Corporation
mDNSResponder.exe 1376 Bonjour Service Apple Computer, Inc.
btwdins.exe 1408 Bluetooth Support Server Broadcom Corporation.
svchost.exe 1544 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1640 Generic Host Process for Win32 Services Microsoft Corporation
jqs.exe 1696 Java Quick Starter Service Sun Microsystems, Inc.
LSSrvc.exe 1812 Hewlett-Packard Company
MemeoBackgroundService.exe 2128 MemeoBackgroundService Memeo
svchost.exe 2280 Generic Host Process for Win32 Services Microsoft Corporation
NSCSRVCE.EXE 2292 Norton Security Console Norton Protection Center Service Symantec Corporation
svchost.exe 2328 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 2436 Generic Host Process for Win32 Services Microsoft Corporation
ViewpointService.exe 2548 ViewMgr Viewpoint Corporation
VongoService.exe 2600 Vongo Download Manager Starz Entertainment Group LLC
mqsvc.exe 2632 Message Queuing Service Microsoft Corporation
hpqwmiex.exe 2664 hpqwmiex Module Hewlett-Packard Development Company, L.P.
wmpnetwk.exe 2868 Windows Media Player Network Sharing Service Microsoft Corporation
mqtgsvc.exe 3484 Windows NT MSMQ Trigger Service Microsoft Corporation
svchost.exe 3796 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 3804 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 3812 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 2740 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 4636 Generic Host Process for Win32 Services Microsoft Corporation
NMIndexingService.exe 4732 Nero Home Nero AG
NAVAPSVC.EXE 2532 Norton AntiVirus Auto-Protect Service Symantec Corporation
svchost.exe 492 Generic Host Process for Win32 Services Microsoft Corporation
lsass.exe 1040 LSA Shell (Export Version) Microsoft Corporation
taskmgr.exe 5908 Windows TaskManager Microsoft Corporation
explorer.exe 7236 Windows Explorer Microsoft Corporation
SUPERANTISPYWARE.EXE 7376 6.06 SUPERAntiSpyware Application SUPERAntiSpyware.com
HP Wireless Assistant.exe 2196 HP Wireless Assistant Module Hewlett-Packard Development Company, L.P.
jusched.exe 2464 Java Platform SE binary Sun Microsystems, Inc.
igfxtray.exe 2744 igfxTray Module Intel Corporation
hkcmd.exe 2808 hkcmd Module Intel Corporation
igfxpers.exe 2972 persistence Module Intel Corporation
CCAPP.EXE 3120 Symantec User Session Symantec Corporation
SynTPEnh.exe 3140 Synaptics TouchPad Enhancements Synaptics, Inc.
hpwuSchd2.exe 3348 Hewlett-Packard Product Assistant Hewlett-Packard Co.
issch.exe 3452 InstallShield Update Service Scheduler Macrovision Corporation
QLBCTRL.exe 3588 QLB Controller Hewlett-Packard Development Company, L.P.
GrooveMonitor.exe 4288 GrooveMonitor Utility Microsoft Corporation
aim.exe 4404 AOL Instant Messenger America Online, Inc.
NMBgMonitor.exe 4476 Nero Home Nero AG
ctfmon.exe 4516 CTF Loader Microsoft Corporation
wmpnscfg.exe 4632 Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation
TeaTimer.exe 4684 1.52 System settings protector Safer-Networking Ltd.
BTTray.exe 5256 Bluetooth Tray Application Broadcom Corporation.
hpqtra08.exe 5384 1.52 HP Digital Imaging Monitor Hewlett-Packard Co.
hpqste08.exe 5272 HP CUE Status Root Hewlett-Packard Co.
MemeoAutoSync.exe 5092 Memeo AutoSync Memeo Inc.
MemeoBackup.exe 5212 Memeo AutoBackup Client Memeo Inc.
hpqimzone.exe 4788 HP Photosmart Premier Hewlett-Packard Development Company, L.P.
firefox.exe 4400 3.03 Firefox Mozilla Corporation
WinRAR.exe 1916 WinRAR archiver Alexander Roshal
i_view32.exe 8016 IrfanView Irfan Skiljan
WinRAR.exe 7988 WinRAR archiver Alexander Roshal
i_view32.exe 6648 IrfanView Irfan Skiljan
i_view32.exe 6280 IrfanView Irfan Skiljan
i_view32.exe 1476 IrfanView Irfan Skiljan
WinRAR.exe 5568 WinRAR archiver Alexander Roshal
procexp.exe 4528 5.30 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
i_view32.exe 5120 IrfanView Irfan Skiljan
notepad.exe 6336 Notepad Microsoft Corporation
notepad.exe 7648 Notepad Microsoft Corporation
i_view32.exe 5768 IrfanView Irfan Skiljan
WINWORD.EXE 4284 Microsoft Office Word Microsoft Corporation
i_view32.exe 7504 IrfanView Irfan Skiljan
i_view32.exe 6936 IrfanView Irfan Skiljan
notepad.exe 7500 Notepad Microsoft Corporation
Also post that SAS log of the original infection and a new one done as specified below
New oneSUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 07/14/2009 at 07:28 PM
Application Version : 4.26.1006
Core Rules Database Version : 3988
Trace Rules Database Version: 1928
Scan type : Complete Scan
Total Scan Time : 02:29:35
Memory items scanned : 274
Memory threats detected : 0
Registry items scanned : 8250
Registry threats detected : 2
File items scanned : 210617
File threats detected : 12
Adware.Tracking Cookie
C:\Documents and Settings\test\Cookies\test@questionmarket[2].txt
C:\Documents and Settings\test\Cookies\test@revsci[1].txt
C:\Documents and Settings\test\Cookies\test@advertising[2].txt
C:\Documents and Settings\test\Cookies\test@atdmt[2].txt
C:\Documents and Settings\test\Cookies\test@insightexpressai[1].txt
C:\Documents and Settings\test\Cookies\test@realmedia[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@ads.bridgetrack[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@atdmt[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@bs.serving-sys[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@msnaccountservices.112.2o7[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@msnportal.112.2o7[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@serving-sys[2].txt
Trojan.Unknown Origin
HKLM\Software\AGProtect
HKLM\Software\AGProtect#Cfg
____________________
Old onesSUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 07/12/2009 at 01:54 AM
Application Version : 4.26.1006
Core Rules Database Version : 3657
Trace Rules Database Version: 1638
Scan type : Complete Scan
Total Scan Time : 04:42:32
Memory items scanned : 926
Memory threats detected : 0
Registry items scanned : 8185
Registry threats detected : 0
File items scanned : 24769
File threats detected : 33
Adware.Tracking Cookie
C:\Documents and Settings\test\Cookies\test@msnaccountservices.112.2o7[1].txt
C:\Documents and Settings\test\Cookies\test@questionmarket[2].txt
C:\Documents and Settings\test\Cookies\test@ads.netrition[1].txt
C:\Documents and Settings\test\Cookies\test@c7.zedo[1].txt
C:\Documents and Settings\test\Cookies\test@adbrite[1].txt
C:\Documents and Settings\test\Cookies\test@msnportal.112.2o7[1].txt
C:\Documents and Settings\test\Cookies\test@revsci[2].txt
C:\Documents and Settings\test\Cookies\test@kontera[2].txt
C:\Documents and Settings\test\Cookies\test@apmebf[1].txt
C:\Documents and Settings\test\Cookies\test@interclick[2].txt
C:\Documents and Settings\test\Cookies\test@mediafire[2].txt
C:\Documents and Settings\test\Cookies\test@findarticles[1].txt
C:\Documents and Settings\test\Cookies\test@media6degrees[1].txt
C:\Documents and Settings\test\Cookies\test@mediaplex[1].txt
C:\Documents and Settings\test\Cookies\test@doubleclick[1].txt
C:\Documents and Settings\test\Cookies\test@2o7[1].txt
C:\Documents and Settings\test\Cookies\test@advertising[1].txt
C:\Documents and Settings\test\Cookies\test@a1.interclick[2].txt
C:\Documents and Settings\test\Cookies\test@atdmt[1].txt
C:\Documents and Settings\test\Cookies\test@ad.yieldmanager[1].txt
C:\Documents and Settings\test\Cookies\test@content.yieldmanager[1].txt
C:\Documents and Settings\test\Cookies\test@insightexpressai[1].txt
C:\Documents and Settings\test\Cookies\test@adlegend[2].txt
C:\Documents and Settings\test\Cookies\test@content.yieldmanager.edgesuite[1].txt
C:\Documents and Settings\test\Cookies\test@counter.hitslink[1].txt
C:\Documents and Settings\test\Cookies\test@ads.bridgetrack[1].txt
C:\Documents and Settings\test\Cookies\test@zedo[2].txt
C:\Documents and Settings\test\Cookies\test@safeway.112.2o7[1].txt
C:\Documents and Settings\test\Cookies\test@specificclick[1].txt
C:\Documents and Settings\test\Cookies\test@trafficmp[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt
C:\Documents and Settings\test\Local Settings\Temp\Cookies\test@atdmt[1].txt
Trojan.Downloader-LoaderAdv
C:\DOCUMENTS AND SETTINGS\TEST\TEMPORARY INTERNET FILES\CONTENT.IE5\KR3V69L2\LOADERADV563[1].EXE
__________________________
SUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 07/12/2009 at 03:54 AM
Application Version : 4.26.1006
Core Rules Database Version : 3988
Trace Rules Database Version: 1928
Scan type : Quick Scan
Total Scan Time : 00:21:16
Memory items scanned : 797
Memory threats detected : 1
Registry items scanned : 133
Registry threats detected : 1
File items scanned : 0
File threats detected : 2
Trojan.Agent/Gen-Reader_S
C:\WINDOWS\SYSTEM32\READER_S.EXE
C:\WINDOWS\SYSTEM32\READER_S.EXE
Trojan.Unclassified-PQLMQ/AVP
[12CFG515-K641-55SF-N66P] C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\PQLMQ.EXE
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\PQLMQ.EXE