Slow web browsing, some pages wont load.

Vista blocked the installation as it cannot verify the publisher. any way around this

 

Try opening a new IE window by right clicking the IE icon and selecting Run as Administrator, then use that window to access the online scanner.

 

No still doesnt like it

 

Add the Kaspersky site to your Trusted zone, then configure the security settings for the Trusted Zone to allow unsigned ActiveX controls. Post back if you need specifics for accomplishing that.

 

Cheers got it working, not looking good. It has found viruses and 44 infected objects. and its only 60% through.

 

Here is the kaspersky report.


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2008-01-23 10:51
Operating System: Microsoft Windows Vista, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 22/01/2008
Kaspersky Anti-Virus database records: 526417
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
B:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
W:\

Scan Statistics:
Total number of scanned objects: 297334
Number of viruses found: 13
Number of infected objects: 116
Number of suspicious objects: 0
Duration of the scan process: 05:12:48

Infected Object Name / Virus Name / Last Action
B:\1806976868db329cdd\update\update.exe Object is locked skipped
B:\1806976868db329cdd\update\updspapi.dll Object is locked skipped
B:\aaede39948722b7ba5770e\%temp%dd_msxml_retMSI.txt Object is locked skipped
B:\Downloads\120654.exe.part/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.OneStep.c skipped
B:\Downloads\120654.exe.part/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.Relevant.a skipped
B:\Downloads\120654.exe.part/WISE0020.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
B:\Downloads\120654.exe.part WiseSFX: infected - 3 skipped
B:\Downloads\120654.exe.part WiseSFXDropper: infected - 3 skipped
B:\Downloads\180340(2).exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.OneStep.c skipped
B:\Downloads\180340(2).exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.Relevant.a skipped
B:\Downloads\180340(2).exe/WISE0020.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
B:\Downloads\180340(2).exe WiseSFX: infected - 3 skipped
B:\Downloads\180340(2).exe WiseSFXDropper: infected - 3 skipped
B:\Downloads\180436.exe.part/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.OneStep.c skipped
B:\Downloads\180436.exe.part/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.Relevant.a skipped
B:\Downloads\180436.exe.part/WISE0020.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
B:\Downloads\180436.exe.part WiseSFX: infected - 3 skipped
B:\Downloads\180436.exe.part WiseSFXDropper: infected - 3 skipped
B:\Downloads\backups\backup-20080114-202623-306.dll Infected: not-a-virus:AdWare.Win32.Vapsup.ts skipped
B:\Downloads\codecdvi1224(2).exe/data0001 Infected: Trojan.Win32.DNSChanger.amh skipped
B:\Downloads\codecdvi1224(2).exe NSIS: infected - 1 skipped
B:\Downloads\codecdvi1224.exe/data0001 Infected: Trojan.Win32.DNSChanger.amh skipped
B:\Downloads\codecdvi1224.exe NSIS: infected - 1 skipped
B:\Downloads\FlyCodec(2).exe/stream/Script Infected: Trojan-Downloader.Win32.Zlob.fjg skipped
B:\Downloads\FlyCodec(2).exe/stream/data0003 Infected: Trojan-Downloader.Win32.Zlob.fii skipped
B:\Downloads\FlyCodec(2).exe/stream Infected: Trojan-Downloader.Win32.Zlob.fii skipped
B:\Downloads\FlyCodec(2).exe NSIS: infected - 3 skipped
B:\Downloads\FlyCodec.exe/stream/Script Infected: Trojan-Downloader.Win32.Zlob.fjg skipped
B:\Downloads\FlyCodec.exe/stream/data0003 Infected: Trojan-Downloader.Win32.Zlob.fii skipped
B:\Downloads\FlyCodec.exe/stream Infected: Trojan-Downloader.Win32.Zlob.fii skipped
B:\Downloads\FlyCodec.exe NSIS: infected - 3 skipped
B:\Downloads\WebfettiSetup2.3.50.10.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
B:\Downloads\WebfettiSetup2.3.50.10.exe CAB: infected - 1 skipped
B:\e00b3415c67557c686\update\update.exe Object is locked skipped
B:\e00b3415c67557c686\update\updspapi.dll Object is locked skipped
B:\e00b3415c67557c686\update\wpdinstallutil.dll Object is locked skipped
B:\RECYCLER\S-1-5-21-823518204-1604221776-725345543-1003\Dh3.part/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.OneStep.c skipped
B:\RECYCLER\S-1-5-21-823518204-1604221776-725345543-1003\Dh3.part/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.Relevant.a skipped
B:\RECYCLER\S-1-5-21-823518204-1604221776-725345543-1003\Dh3.part/WISE0020.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
B:\RECYCLER\S-1-5-21-823518204-1604221776-725345543-1003\Dh3.part WiseSFX: infected - 3 skipped
B:\RECYCLER\S-1-5-21-823518204-1604221776-725345543-1003\Dh3.part WiseSFXDropper: infected - 3 skipped
B:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\$Recycle.Bin\S-1-5-21-1093758781-1072984351-2990523209-1000\$R0NJX6O.XviD-LOL\Heroes.S03E01.HDTV.XviD-LOL.r23/winzix.exe/file01 Infected: not-a-virus:FraudTool.Win32.WinZix.b skipped
C:\$Recycle.Bin\S-1-5-21-1093758781-1072984351-2990523209-1000\$R0NJX6O.XviD-LOL\Heroes.S03E01.HDTV.XviD-LOL.r23/winzix.exe/file02 Infected: not-a-virus:FraudTool.Win32.WinZix.a skipped
C:\$Recycle.Bin\S-1-5-21-1093758781-1072984351-2990523209-1000\$R0NJX6O.XviD-LOL\Heroes.S03E01.HDTV.XviD-LOL.r23/winzix.exe/file14 Infected: Trojan.Win32.Obfuscated.en skipped
C:\$Recycle.Bin\S-1-5-21-1093758781-1072984351-2990523209-1000\$R0NJX6O.XviD-LOL\Heroes.S03E01.HDTV.XviD-LOL.r23/winzix.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\$Recycle.Bin\S-1-5-21-1093758781-1072984351-2990523209-1000\$R0NJX6O.XviD-LOL\Heroes.S03E01.HDTV.XviD-LOL.r23 RAR: infected - 4 skipped
C:\Deckard\System Scanner\20080115212225\backup\Users\URHOME~1\AppData\Local\Temp\BIT3DEC.tmp/stream Infected: not-a-virus:AdWare.Win32.Vapsup.tz skipped
C:\Deckard\System Scanner\20080115212225\backup\Users\URHOME~1\AppData\Local\Temp\BIT3DEC.tmp NSIS: infected - 1 skipped
C:\Deckard\System Scanner\20080115212225\backup\Users\URHOME~1\AppData\Local\Temp\BITBAE6.tmp/stream Infected: not-a-virus:AdWare.Win32.Vapsup.tz skipped
C:\Deckard\System Scanner\20080115212225\backup\Users\URHOME~1\AppData\Local\Temp\BITBAE6.tmp NSIS: infected - 1 skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf Object is locked skipped
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked skipped
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf Object is locked skipped
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked skipped
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked skipped
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked skipped
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked skipped
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf Object is locked skipped
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked skipped
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_114.trc Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.179.Crwl Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.179.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.ci Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wsb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001B.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy154.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf1A53.tmp Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf1A54.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds Object is locked skipped
C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-074300.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Users\U R HOME\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\U R HOME\AppData\Local\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Users\U R HOME\AppData\Local\Microsoft\Outlook\archive.pst Object is locked skipped
C:\Users\U R HOME\AppData\Local\Microsoft\Outlook\Outlook1.pst Object is locked skipped
C:\Users\U R HOME\AppData\Local\Microsoft\Outlook\~archive.pst.tmp Object is locked skipped
C:\Users\U R HOME\AppData\Local\Microsoft\Outlook\~Outlook1.pst.tmp Object is locked skipped
C:\Users\U R HOME\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db Object is locked skipped
C:\Users\U R HOME\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db Object is locked skipped
C:\Users\U R HOME\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db Object is locked skipped
C:\Users\U R HOME\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db Object is locked skipped
C:\Users\U R HOME\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db Object is locked skipped
C:\Users\U R HOME\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db Object is locked skipped
C:\Users\U R HOME\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\U R HOME\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\U R HOME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\U R HOME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{62235F46-C711-4E96-97CA-A5229BA873D3}.tmp Object is locked skipped
C:\Users\U R HOME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{76E82868-EABA-4D98-8DDF-A27D1C22A64A}.tmp Object is locked skipped
C:\Users\U R HOME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{9A672549-B1EA-4BE8-A48D-0AB595A2C82F}.tmp Object is locked skipped
C:\Users\U R HOME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{9C2CE252-4F4E-47A8-9EC7-A98E3700CAA4}.tmp Object is locked skipped
C:\Users\U R HOME\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\U R HOME\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\U R HOME\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\U R HOME\AppData\Local\Microsoft\Windows\UsrClass.dat{b7c4819c-3284-11dc-be27-001a9282413f}.TM.blf Object is locked skipped
C:\Users\U R HOME\AppData\Local\Microsoft\Windows\UsrClass.dat{b7c4819c-3284-11dc-be27-001a9282413f}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\U R HOME\AppData\Local\Microsoft\Windows\UsrClass.dat{b7c4819c-3284-11dc-be27-001a9282413f}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\U R HOME\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\U R HOME\AppData\Roaming\Microsoft\Outlook\Outlook.NK2 Object is locked skipped
C:\Users\U R HOME\AppData\Roaming\Microsoft\Outlook\Outlook~1.srs Object is locked skipped
C:\Users\U R HOME\AppData\Roaming\Microsoft\Templates\NormalEmail.dotm Object is locked skipped
C:\Users\U R HOME\AppData\Roaming\Microsoft\Virtual PC\Options.xml Object is locked skipped
C:\Users\U R HOME\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\U R HOME\NTUSER.DAT Object is locked skipped
C:\Users\U R HOME\ntuser.dat.LOG1 Object is locked skipped
C:\Users\U R HOME\ntuser.dat.LOG2 Object is locked skipped
C:\Users\U R HOME\NTUSER.DAT{837ed6d9-8f03-11dc-93cd-001a9282413f}.TM.blf Object is locked skipped
C:\Users\U R HOME\NTUSER.DAT{837ed6d9-8f03-11dc-93cd-001a9282413f}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\U R HOME\NTUSER.DAT{837ed6d9-8f03-11dc-93cd-001a9282413f}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\bthservsdp.dat Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{c328fee9-6a85-11db-9fbd-cf3689cba3de}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{c328fee9-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{c328fee9-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{837ed6d1-8f03-11dc-93cd-001a9282413f}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{837ed6d1-8f03-11dc-93cd-001a9282413f}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{837ed6d1-8f03-11dc-93cd-001a9282413f}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\SoftwareDistribution\EventCache\{5FB75778-34D1-4878-87E6-06D9FF36D10F}.bin Object is locked skipped
C:\Windows\SoftwareDistribution\EventCache\{B8ED2B4B-7F2F-4094-9AAA-25E1F737BFB3}.bin Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\SQM\SQMLogger_2008-1-22-11-0-6_0.etl Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmadv.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmarn.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmbbx.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmbfl.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmcth.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmcxl.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmcyu.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmdam.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmdan.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmdbd.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmezx.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmfzj.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmhbj.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmhdc.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmhmu.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmhsz.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmhxs.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmixg.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmiyw.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmkfs.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmkom.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmkry.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmlhw.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmlut.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmmbt.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmmko.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmmnj.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmmsm.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmmwp.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmmxl.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmnwb.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmocx.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmopg.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmown.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmpbo.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmpeo.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmpud.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmpvi.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmqhu.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmqlo.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmqnp.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmqox.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmqqp.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmrhl.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmris.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmrox.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmrpd.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmsjt.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmsqr.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmssq.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmstz.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmswh.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmswr.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmsyy.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmtko.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmtou.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmtzp.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmufj.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmukx.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmupj.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmuwg.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmvtn.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmwfj.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmwkq.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmwyx.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmxdl.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmxpn.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmxpr.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmxvh.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmxyi.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmzhd.exe Infected: Trojan.Win32.DNSChanger.apo skipped
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmznr.exe Infected: Trojan.Win32.DNSChanger.apo skipped
D:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\XP backup Object is locked skipped

Scan process completed.

 

Here's the results of the scan, stripped down a bit. Infection name in red. Infected files that need to be deleted are bolded.

B:\Downloads\120654.exe.part/WISE0016.BIN --> Win32.OneStep.c
B:\Downloads\120654.exe.part/WISE0019.BIN --> Win32.Relevant.a
B:\Downloads\120654.exe.part/WISE0020.BIN --> AdTool.Win32.WhenU.a
B:\Downloads\180340(2).exe/WISE0016.BIN --> Win32.OneStep.c
B:\Downloads\180340(2).exe/WISE0019.BIN --> Win32.Relevant.a
B:\Downloads\180340(2).exe/WISE0020.BIN --> AdTool.Win32.WhenU.a
B:\Downloads\180436.exe.part/WISE0016.BIN --> Win32.OneStep.c
B:\Downloads\180436.exe.part/WISE0019.BIN --> Win32.Relevant.a
B:\Downloads\180436.exe.part/WISE0020.BIN --> AdTool.Win32.WhenU.a
B:\Downloads\backups\backup-20080114-202623-306.dll --> Win32.Vapsup.ts
B:\Downloads\codecdvi1224(2).exe/data0001 --> Trojan.Win32.DNSChanger.amh
B:\Downloads\codecdvi1224.exe/data0001 --> Trojan.Win32.DNSChanger.amh
B:\Downloads\FlyCodec(2).exe/stream/Script --> Trojan-Downloader.Win32.Zlob.fjg
B:\Downloads\FlyCodec(2).exe/stream/data0003 --> Trojan-Downloader.Win32.Zlob.fii
B:\Downloads\FlyCodec(2).exe/stream --> Trojan-Downloader.Win32.Zlob.fii
B:\Downloads\FlyCodec.exe/stream/Script --> Trojan-Downloader.Win32.Zlob.fjg
B:\Downloads\FlyCodec.exe/stream/data0003 --> Trojan-Downloader.Win32.Zlob.fii
B:\Downloads\FlyCodec.exe/stream --> Trojan-Downloader.Win32.Zlob.fii
B:\Downloads\WebfettiSetup2.3.50.10.exe/mwsSetup.CommonCodebase.exe --> AdTool.Win32.MyWebSearch.au
B:\RECYCLER\S-1-5-21-823518204-1604221776-725345543-1003\Dh3.part/WISE0016.BIN --> Win32.OneStep.c
B:\RECYCLER\S-1-5-21-823518204-1604221776-725345543-1003\Dh3.part/WISE0019.BIN --> Win32.Relevant.a
B:\RECYCLER\S-1-5-21-823518204-1604221776-725345543-1003\Dh3.part/WISE0020.BIN --> AdTool.Win32.WhenU.a
C:\$Recycle.Bin\S-1-5-21-1093758781-1072984351-2990523209-1000\$R0NJX6O.XviD-LOL\Heroes.S03E01.HDTV.XviD-LOL.r23/winzix.exe/file01 --> FraudTool.Win32.WinZix.b
C:\$Recycle.Bin\S-1-5-21-1093758781-1072984351-2990523209-1000\$R0NJX6O.XviD-LOL\Heroes.S03E01.HDTV.XviD-LOL.r23/winzix.exe/file02 --> FraudTool.Win32.WinZix.a
C:\$Recycle.Bin\S-1-5-21-1093758781-1072984351-2990523209-1000\$R0NJX6O.XviD-LOL\Heroes.S03E01.HDTV.XviD-LOL.r23/winzix.exe/file14 --> Trojan.Win32.Obfuscated.en
C:\$Recycle.Bin\S-1-5-21-1093758781-1072984351-2990523209-1000\$R0NJX6O.XviD-LOL\Heroes.S03E01.HDTV.XviD-LOL.r23/winzix.exe --> Trojan.Win32.Obfuscated.en
C:\Deckard\System Scanner\20080115212225\backup\Users\URHOME~1\AppData\Local\Temp\BIT3DEC.tmp/stream --> Win32.Vapsup.tz
C:\Deckard\System Scanner\20080115212225\backup\Users\URHOME~1\AppData\Local\Temp\BITBAE6.tmp/stream --> Win32.Vapsup.tz
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmadv.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmarn.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmbbx.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmbfl.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmcth.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmcxl.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmcyu.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmdam.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmdan.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmdbd.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmezx.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmfzj.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmhbj.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmhdc.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmhmu.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmhsz.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmhxs.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmixg.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmiyw.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmkfs.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmkom.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmkry.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmlhw.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmlut.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmmbt.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmmko.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmmnj.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmmsm.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmmwp.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmmxl.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmnwb.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmocx.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmopg.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmown.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmpbo.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmpeo.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmpud.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmpvi.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmqhu.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmqlo.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmqnp.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmqox.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmqqp.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmrhl.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmris.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmrox.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmrpd.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmsjt.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmsqr.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmssq.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmstz.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmswh.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmswr.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmsyy.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmtko.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmtou.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmtzp.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmufj.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmukx.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmupj.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmuwg.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmvtn.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmwfj.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmwkq.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmwyx.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmxdl.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmxpn.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmxpr.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmxvh.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmxyi.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmzhd.exe --> Trojan.Win32.DNSChanger.apo
C:\_OTMoveIt\MovedFiles\01222008_161620\Windows\system32\dmznr.exe --> Trojan.Win32.DNSChanger.apo



The files in the RECYCLER path are infected files within the XP Recycle bin.
The files in the $Recycle.Bin are infected files within the Vista Recycle bin.
The files within the Deckard folder and _OTMoveIt folder are files already quarantined.


Lets clean up. Delete the bolded files/folders in the list below.

B:\Downloads\120654.exe.part
B:\Downloads\180340(2).exe
B:\Downloads\180436.exe.part
B:\Downloads\backups\backup-20080114-202623-306.dll
B:\Downloads\codecdvi1224(2).exe
B:\Downloads\codecdvi1224.exe
B:\Downloads\FlyCodec(2).exe
B:\Downloads\FlyCodec.exe
B:\Downloads\WebfettiSetup2.3.50.10.exe
C:\Deckard
C:\ComboFix if present
C:\_OTMoveIt
ComboFix.exe on the desktop
OTMoveIt2.exe on the desktop



Download ATF Cleaner by Atribune and save it to your Desktop.

• Right click ATF-Cleaner.exe and select Run as Administrator
• Check the boxes to the left of:
  
  
  • Windows Temp
  • Current User Temp
  • All Users Temp
  • Temporary Internet Files
  • Java Cache
  • Recycle bin
  
  
• The rest are optional - if you want it to remove everything check "Select All ".
• Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.

Reboot


Let me know how your computer is running.

 

I have just removed the infected files and run the cleaner followed by a reboot. You have helped me remove a lot of stuff that wasn't meant to be on my system and for that i thank yo so much. Unfortunately im still having the same problem, i can load most sites but i still cant get access to pages like facebook, yahoo, panda security and other ones too. I will run the online scanner agian, and see if it picks up anything.

Do you think that the malware/spyware has changed settings, that would cause this? Do the sites im trying to look at have something in common, and where do i go from here?

Thanks

 

The Panda scan is not yet Vista compatible (I forgot), which would explain why that won't load.

Try deleting your cookies. Note: you will have to login again on sites that normally would 'remember you' and allow you to automatically login upon return.

You can also try resetting the IE web settings. Open Internet Options and select the Programs tab, then click Reset Web Settings. Homepage is optional. Close all open browser windows then re-open and see if you can access Yahoo and facebook.

 

I will give that a go, just waiting for kaspersky to finish. It has found 3 more viruses. I read through your last post again and noticed that you talked about the recycling bin in XP. I didnt delete any files in there, should i have?

 

Yes, and I meant to tell you that but forgot. Sorry. Copy ATF Cleaner to the XP desktop and run it there too.

 

Now this gets tricky for me, I dual boot Vista and XP as well as running vista and then XP in a virtual machine Two screens two OS's. I also used to have XP on this hard drive. Is it the recycling bin in the Virtual machine(which was scanned in the earlier post), or the old XP recycling bin left on the hard drive when it was removed. If it is the later i cant see it when i open "my computer" but i can when i run Acronis disk director suite.

 

B:\RECYCLER

If you can browse that folder, it will contain possibly multiple folders named similar to below.

S-1-5-21-1295278829-1743530848-3263025546-500

Open each of those and delete it contents. Otherwise, it's whatever operating system you have installed on drive B: (which is usually a reserved drive letter for a second floppy drive)

 

I cant see the folder called B:\RECYCLER when i open "my computer" and navigate to B:\. Could it be hidden? I also tried to delete files called

1806976868db329cdd and
aaede39948722b7ba5770e and
e00b3415c67557c686 and

But vista told me i didnt have permission to perform this action. I have no other accounts so if i dont have permission who does, Bill gates? Vista loads straight up with no login so i assumed i was the admin.

 

Yes, Recycler will be a hidden folder. Is B:\ where you have XP installed?

1806976868db329cdd and
aaede39948722b7ba5770e and
e00b3415c67557c686

Are those in C: ? Probably folders created by Windows update, and should probably be left alone.

You do have an Admin account, but Vista has what's known as UAC, and it helps prevent changes to the system unless Run as Administrator is selected. Recommend you either do a bit of research on Google and/or Microsoft website RE: UAC (User Access Control) to become more familiar with what you can and can't do, how to do various tasks UAC inhibits, etc.

 

B:\ is a drive i use to store my information on. I ran into a lot of trouble when vista first came out and i found myself re-installing it as well as XP and ubuntu. I then decided to get a new drive now C: and partition it with vista on one and XP one the other. this saves me having to hunt around looking for photo's videos and documents when i want to re-install.

I also dont use UAC i turned it off a while ago. When i get this problem fixed im going to turn it back on on surf the net on the virtual machine so i dont get this problem agian.

summing up XP and vista used to be on B: and i think that those folders were left behind when i re-installed them on c:

these files are on B:
1806976868db329cdd and
aaede39948722b7ba5770e and
e00b3415c67557c686

 

Hello agian.

Still havent managed to find a way to remove the recycler folder on B: I can see in other programs but just cant find a way to see it in my computer or even in DOS.

With the webpages not loading and vista not being able to update, should i continue in this thread or move to the vista thread. You have talked me through removing a lot of nasty stuff, again thanks for your hard work.

 

Open Computer (My Computer in XP) and right click the B: drive, then select Properties. Click Disk Cleanup. When it poulates and opens the Disk Cleanup options dialog, make sure the Recycle bin is selected and click OK. Rescan just the B: drive with Kaspersky and see if those Recycler files are still present.

RE: Vista updates ......... is it Automatic Updates that fail? Does it even alert you when updates are available? Have you tried updating directly from the Windows Update website? If so, what happens?

Make sure you clear Temporary Internet Files AND Cookies, via Internet Options in the Control Panel, whilst all IE windows are closed, then see if Yahoo, Facebook, etc are accessible. Describe the exact behavior if they are not.

 

Ok finally managed to run disk clean up.

The automatic update shows me that there is an update, i then ask it to download but after about 10 mins it gives me an error (80072F78) windows cant update. i have tried to run it from MS online, but it runs an app that opens the update center in vista. Its not like XP. i have tried to obtain this update that should fix this problem but of course i cant load the web page. http://www.download.windowsupdate.co...uthrootstl.cab

The behavior of the web sites: I try to open a web page, after a few mins it will display a blank screen and at the bottom say its "DONE" or it will display just some of the text that should be on the page but in some weird format, with no options, like being able to use hyper links, or display images. I can sometimes even crash the browser and uses a lot of resources. Yahoo takes over 10 mins to load and i can click on some links but not the link that takes me to my email. Facebook and many other sites dont show anything except "Waiting for http:// "anything ".com

I have cleared the internet cookies and temp folders but Kaspersky still picked up the 3 viruses in B: recycler. here is the report.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2008-01-26 21:07
Operating System: Microsoft Windows Vista, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/01/2008
Kaspersky Anti-Virus database records: 533104
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Folders:
B:\

Scan Statistics:
Total number of scanned objects: 35458
Number of viruses found: 3
Number of infected objects: 5
Number of suspicious objects: 0
Duration of the scan process: 00:46:31

Infected Object Name / Virus Name / Last Action
B:\1806976868db329cdd\update\update.exe Object is locked skipped
B:\1806976868db329cdd\update\updspapi.dll Object is locked skipped
B:\aaede39948722b7ba5770e\%temp%dd_msxml_retMSI.txt Object is locked skipped
B:\e00b3415c67557c686\update\update.exe Object is locked skipped
B:\e00b3415c67557c686\update\updspapi.dll Object is locked skipped
B:\e00b3415c67557c686\update\wpdinstallutil.dll Object is locked skipped
B:\RECYCLER\S-1-5-21-823518204-1604221776-725345543-1003\Dh3.part/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.OneStep.c skipped
B:\RECYCLER\S-1-5-21-823518204-1604221776-725345543-1003\Dh3.part/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.Relevant.a skipped
B:\RECYCLER\S-1-5-21-823518204-1604221776-725345543-1003\Dh3.part/WISE0020.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
B:\RECYCLER\S-1-5-21-823518204-1604221776-725345543-1003\Dh3.part WiseSFX: infected - 3 skipped
B:\RECYCLER\S-1-5-21-823518204-1604221776-725345543-1003\Dh3.part WiseSFXDropper: infected - 3 skipped
B:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.


This is what face book looks like when it loads after 25 min, I can click on the links that i have marked with a (*) but they too take a while to load and dont display correctly.


Email: Password: Remember me
Forgot Password? *
Tour*

Already a Member? (Login)*

Facebook is a social utility that connects
you with the people around you.
Everyone can use Facebook —

(upload photos)* or (publish notes)* • get the (latest news)* from your friends • post videos on your profile • tag your friends • use (privacy settings)* to control who sees your info • (join a network)* to see people who live, study, or work around you

(Find your friends)*
or Search by name:
(More Search Options »)*
Facebook © 2008
Advertisers*
Businesses*
Developers*
About Facebook*
Terms*
Privacy*
Help*

 

Haven't forgotten you, rymac. I'm still doing some research and trying to determine what steps to take next. Hang in there!