Malware Removal Assistance Please

Hi, new member. Need help. Have read and followed the Guide, but only after thinking I had removed the problems. History before following the Guide :
I noted that my router was showing too much traffic when it should be quiet. Installed Colasoft Capsa 7 and found hundreds of emails pouring out of my machine. On 27 Aug I used Avira, TSS Killer, HijackThis and other tools to clean up. They noted a TR/Agent.78248.4 & NUIGG.SYS problem. Quarantined NUIGG.SYS but returns in C:\Windows\system32\drivers every restart. My XP Professional won't boot into safe mode (Blue Screen), so moved hard drive with C: to another PC as a seconardy drive and attempted clean up from there. NUIGG.SYS removed on other PC and various other finds. On returning drive to original PC all appears OK, no unexpected emails, no NUIGG.SYS and machine seems to behave OK.
Decided time to virtualise PC using VMWare (recommended by a friend) and re-install machine, dipping back into VM when I need to use a particular application. I noted that the VMware executable fails to run unless I rename the executable first (later fails in installation though). This raised my suspicion that the problems I had had, may not be fully resolved. Hence, I have read and followed the Guide. All went well except ComboFix.
ComboFix failed - Error: "Installation Failed" dialog and hidec.exe "Not enough quota is available to process this cmd".

I would be grateful for any guidance to sort my PC out.

Regards

Paul

 

Tim

I have run CCleaner as per Step 3 of the Guide against all user accounts.
Issue remaining is that I can't run the VMWare executable without renaming it, and then when I rename it fails part way through installation. I suspect that something is parsing my executable name at launch and blocking it.

Regards

Paul

 

Thanks for spotting the admin rights (I wish I had noticed that :-o). Running SAS and MBAM. Will attach findings as recommended.
Paul

 

Tim

Ran SAS and MBAM from first of several other user accounts. 5 tracking cookies only. While MBAM running was away from machine for some hours. returned to see no errors but found PC running really slow. I found FixCamera.exe to be hogging CPU in both of two logged in accounts. Using Task Manager I ended both to enable use of PC. Used AntiVir and MBAM to directly scan the c:\Windows\FixCamera.exe file - each reported it OK. Tried Prevx but can't get it to load from start menu.
While this was going on AntiVir popped up warning that c:\MGTools.exe had the TR/DropAgent cyeu Trojan, so I quarantined it.
Any suggestions on what to do next?
Paul

 

Thanks for help so far. I completed running MBAM and SAS for all users on the machine. No new findings other than a few tracking cookies.

I have run the machine over the past days and all seems well. I have taken a full XP Backup to a removable HD.

Today I noticed in the Start->Programs menu an application highlighted (as in a new installation). I have not willingly installed anything today. The program is called 'GBalpha NDSMovie Converter V1.00'. Very suspicious.
What do you recommend I do?
Paul

 

Tim

I'm wary. If I haven't downloaded it, what did? Is it related to the virus problems I had? It doesn't have its own uninstall (and if it had would I trust it), should I use Add or Remove Programs or some other tool to uninstall?

Paul

 

It appears in Add or Remove Programs. The Start->Programs entry is only the program, no uninstaller is listed there. CCleaner - Tools lists it and offers Run Uninstaller, Rename Entry and Delete Entry. Does Right click in Start-Programs on this new highlighted entry uninstall it or just remove the link to it?
I think I'd like to remove it, but wouldn't want to use any code associated with it to uninstall it; rather use a method that doesn't involve using its code. I can imagine that if it is malicious then its author might set up uninstall code to cause more mischief.

 

Tim
All complete as per recommendation.
I'll look out for any recurrence.
Thanks
Paul