'fected Tosh

You have evidence of a Ramnit infection. Please go here and run a scan:
eSet Online Scan.

I will look at your logs as you do this.

 

Please double-click the RootRepeal.exe previously downloaded.

* Select File then Scan
* On the Select Drives form select drive C by "ticking" the box for drive C and click OK
* When the scan is complete - highlight each of the following file(s) (one at a time if more then one is listed) by left clicking it. Then use right mouse click and select the Wipe File option only for each file.
C:\gslqirjd.exe
C:\Program Files\xmtexrap\gslqirjd.exe
C:\Documents and Settings\Keith\Start Menu\Programs\Startup\gslqirjd.exe

* After Wiping all files, immediately reboot your pc!

After reboot, download/install/update and run the scanning tools you couldn't run!

Now download The Avenger by Swandog469, and save it to your Desktop.

* Extract+ avenger.exe from the Zip file and save it to your desktop

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix, exit HJT.

Now copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

* Run avenger.exe by double-clicking on it.
* -Do not change any check box options!!
* Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

* Now click the Execute button.
* Click Yes to the prompt to confirm you want to execute.
* Click Yes to the Reboot now? question that will appear when Avenger finishes running.
* Your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  
  Code:

  :filefind
  midimap.dll*
  srsvc.dll*
  wscntfy.exe*
  ctfmon.exe*
  regsvc.dll*
  schedsvc.dll*
  

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:
* System look log
* C:\ComboFix.txt
* C:\MGlogs.zip

 

Actually since we already know it is a Ramnit infection, it may not be worth running this. Especially since newer forms of the infection seem to block it anyway. My suggestion would be to download and run a full scan ( not a quick scan ) with Microsoft Security Essentials. In a recent thread, it appears to have worked successfully. That does not mean it is guaranteed to succeed here, but it is worth a try.


http://www.microsoft.com/security/pc-security/mse.aspx

 

Probably the best course of action.