Need help have some kind of rogue virus

[chrislg]

I have some virus that is blocking me from opening any kind of file, it gives me this message:
"Application cannot be executed. The file  **** is infected......."
When i restart my computer the virus takes like acouple of seconds to start working so i can open quikly open one thing.
I tried to do a system restore and back track my computer to the start of this month and it seemed to have worked but now the virus is back and giving me the same message "Application cannot be executed. The file  **** is infected......."
I seem to have a similar case to this person http://www.computerhope.com/forum/index.php?topic=95177.0

I downloaded the Rkill.com thing and ran it and it gave me this log in a notepad:
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Chris on 21/07/2010 at 21:48:38.


Processes terminated by Rkill or while it was running:


C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Documents and Settings\NetworkService\Local Settings\Application Data\ndvrrecik\emavcqitssd.exe
C:\Documents and Settings\Chris\My Documents\Downloads\rkill.com


Rkill completed on 21/07/2010  at 21:48:41.

i have no idea what this means.
Im using windows xp and ive tried to run in safe mode but it didnt work and i use avg antivirus
I really appreciate anyone that is willing to help me thanks

[Dr Jay]

Hello, and welcome to Computer Hope.

Please note the following information about the malware forum:

• Only the Malware Specialist Team is allowed to give advice on removing malware from your computer.
  
• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  
• Please do not attach logs or post them in Quote/Code boxes unless requested.
  
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
• If you have already asked for help somewhere, please post the link to the topic you were helped.
• We try our best to reply quickly, but for any reason we do not reply in two days, reply to this topic with the word BUMP
  
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

[chrislg]

Ok, i used mbam and seemed to removed the virus i think i have all the logs if you want me to post them but ever since i removed the virus whenver i open inter explorer or mozilla firefox it wont load any websites at all and mozilla firefox is giving me this message:

The proxy server is refusing connections
     
Firefox is configured to use a proxy server that is refusing connections.

    *   Check the proxy settings to make sure that they are correct.

    *   Contact your network administrator to make sure the proxy server is
          working.

can someone please help if you need me to post hijack or mbam log i can
thanks

[Dr Jay]

Check for proxy server

Please start Internet Explorer, and when the program is open, click on the Tools menu and then select Internet Options.

• Now click on the Connections tab and then the Lan Settings button
  
• Under the Proxy Server section, please make sure the checkbox labeled Use a proxy server for your LAN is unchecked. Then press the OK button to close this screen. Then press the Apply button and then the OK button to close the Internet Options screen.

Then, try ComboFix again.

[chrislg]

DragoMaster Jay thanks heaps i think the problem is fixed after combofix ran and restarted trhe computer and wrote the log my inter explorer and firefox started working/ Should i have you check my computer though because i kinda didnt follow anyones proffesional opinion i just downloaded mbam,super antispyware free edition and avg and just ran them to delete the virus i had. but if you think all is ok i thank you very much <3

[Dr Jay]

Most of the time, when you have originally detected the malware issue, it means the computer is infected by malware of some sort. Antivirus scanners may not show a sign of the malware still being there, which could be a sign of a rootkit.

Whenever rootkit scanners, and antivirus software scan for the rootkit, it gets as close to the system kernel as possible. If the rootkit is beyond that point, it will not be detected.

So, the idea is, is when you post to a forum that you need help removing malware, it is best to stay with the helper, to ensure your computer is clean. However, it is up to you to continue or not.

===========

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.