I am now using conjuntely SuperAntispyware and Avast.
From the SuperAntispyware quarantine :
- AdAware tracking cookies (I think they were uninfluential...)
- trojan Vundo-Variant/F (I guess that was the problem)
From the Avast Chest:
5 occurences of WIN32.AGENT-LVW everyone with a different filename: es bkffaa.exe, pjctda.exe, etc.
Hope it helps
The avast detections (file names) certainly look like randomly generated names associated with Vundo, add to that the SAS detection of a Vundo variant, I would say there is another more specific tool should you run.
Vundo Fix Tool - Aliases - WinFixer / Virtumonde / Msevents / Trojan.vundo.
Here are the cleansing instructions for Virtumonde:
http://www.bleepingcomputer.com/forums/topic18610.html Download
VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
When VundoFix re-opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the
Scan for Vundo button." when VundoFix appears at reboot.
A log will be produced which you can post in your next response.
Below is an example of a Vundo infection, though there are many different filenames.
O2 - BHO: (no name) - {EFCB1D95-FFF6-47BB-B6C9-61A523F04322} - C:\WINDOWS\system32\vturr.dll[/b]O20 - Winlogon Notify: vturr - C:\WINDOWS\system32\vturr.dll[/b]
- VirtumundoBegone (if VundoFix does not work) -
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe