Solved Clicked on something I shouldn't have, Douh!!!

[Resolved]Clicked on something I shouldn't have, Douh!!!

I need help, I don't know what I thinking but I click on something to load drivers and I knew I ******* up soon as I did it. I have lost some rights under one of my profile too include the task manager being disabled. I believe my browser has been hijack because I pop ups galore under my main profile. Also my computer keeps telling me my microsoft updates have been turn off but they have not

Computer is a IBM A50 Thinkcenter 8148, 1.25G RAM, P4 3.0 Ghz

Deckard's System Scanner v20071014.68
Run by taylorw on 2008-05-14 10:40:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
50: 2008-05-14 17:41:01 UTC - RP814 - Deckard's System Scanner Restore Point
49: 2008-05-14 06:48:56 UTC - RP813 - Last known good configuration
48: 2008-05-14 06:48:50 UTC - RP812 - Installed SUPERAntiSpyware Free Edition
47: 2008-05-14 06:48:50 UTC - RP811 - System Checkpoint
46: 2008-05-14 06:48:50 UTC - RP810 - System Checkpoint


-- First Restore Point --
1: 2008-05-14 06:48:39 UTC - RP765 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-14 10:42:25
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DWRCS.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Network Associates\VirusScan\shstat.exe
C:\WINDOWS\system32\DWRCST.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Documents and Settings\taylorw.TAYLORWXPP\Desktop\Temp\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {240A2128-ACD4-4124-87AF-527124CAAC38} - C:\WINDOWS\system32\yayyVllm.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar4.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar4.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe "
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe "
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [e82ad0c0] rundll32.exe "C:\WINDOWS\system32\sqitybfl.dll ",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] ~ "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM (file missing)
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM (file missing)
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing)
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} () - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} () - http://download.abacast.com/download/files/abasetup163.cab
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: yayyVllm - C:\WINDOWS\system32\yayyVllm.dll
O21 - SSODL: mpfanvqg - {313BB4A7-EC40-4561-801E-AD62F24D1358} - C:\WINDOWS\mpfanvqg.dll (file missing)
O21 - SSODL: vbksrofa - {76201CFD-AE02-4A85-BAAB-B7A78637F32C} - C:\WINDOWS\vbksrofa.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\system32\DWRCS.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O24 - Desktop Component 0: - http://www.scifi.com/battlestar/images/gallery/season02/large/pic_01.jpg

--
End of file - 16416 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R2 SVKP - c:\windows\system32\svkp.sys <Not Verified; AntiCracking; SVKP driver for NT>
R3 axvdkbus - c:\windows\system32\drivers\axvdkbus.sys
R3 axvodka - c:\windows\system32\drivers\axvodka.sys
R3 ElbyDelay - c:\windows\system32\drivers\elbydelay.sys <Not Verified; Elaborate Bytes AG; CDRTools>

S3 EGATHDRV (IBM Access Support) - c:\windows\downloaded program files\egathdrv.sys (file missing)
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 SbcpHid - c:\windows\system32\drivers\sbcphid.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 DWMRCS (DameWare Mini Remote Control) - c:\windows\system32\dwrcs.exe -service <Not Verified; DameWare Development LLC; DameWare Development DWRCS>
R2 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-09 11:25:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-14 and 2008-05-14 -----------------------------

2008-05-14 08:03:09 90304 --a------ C:\WINDOWS\system32\sqitybfl.dll
2008-05-14 08:02:17 1073925 --ahs---- C:\WINDOWS\system32\edLSAJjl.ini2
2008-05-14 00:56:00 0 d-------- C:\Documents and Settings\willie\Application Data\TmpRecentIcons
2008-05-13 23:48:29 1320 --ahs---- C:\WINDOWS\system32\JTuDgfii.ini2
2008-05-13 23:47:12 0 d-------- C:\Documents and Settings\willie\Application Data\SUPERAntiSpyware.com
2008-05-13 23:46:39 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-13 23:17:42 28800 --a------ C:\WINDOWS\system32\yayyVllm.dll
2008-05-13 23:17:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
2008-05-09 14:26:25 0 d-------- C:\Program Files\Recover My Files
2008-05-06 16:03:51 102400 --a------ C:\WINDOWS\system32\tsccvid.dll <Not Verified; TechSmith Corporation; TechSmith Screen Capture Codec>
2008-05-06 15:42:00 131072 --a------ C:\WINDOWS\system32\dzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading ZIP DLL>
2008-05-06 15:42:00 110592 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2008-05-06 15:41:54 0 d-------- C:\Program Files\Windows Media Bonus Pack for Windows XP
2008-05-06 15:26:21 0 d-------- C:\Program Files\Orban
2008-05-02 13:01:14 0 d-------- C:\Documents and Settings\willie\Application Data\Mozilla
2008-04-30 16:40:14 0 d-------- C:\Program Files\Verizon
2008-04-30 09:06:21 0 d-------- C:\Documents and Settings\willie\Contacts
2008-04-25 13:16:15 0 dr-h----- C:\Documents and Settings\willie\Recent
2008-04-25 10:17:18 0 d-------- C:\Documents and Settings\willie\Application Data\Newsbin
2008-04-24 13:10:52 0 d-------- C:\Documents and Settings\willie\Application Data\AdobeUM


-- Find3M Report ---------------------------------------------------------------

2008-05-14 09:01:05 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-13 23:46:39 0 d-------- C:\Program Files\Common Files
2008-04-25 13:14:39 0 d-------- C:\Program Files\Warcraft III
2008-04-21 21:55:12 0 d-------- C:\Documents and Settings\taylorw.TAYLORWXPP\Application Data\SUPERAntiSpyware.com
2008-04-18 22:36:56 0 d-------- C:\Program Files\nbpro
2008-04-18 21:17:03 0 d-------- C:\Documents and Settings\taylorw.TAYLORWXPP\Application Data\Newsbin
2008-03-31 19:43:33 0 d-------- C:\Program Files\SweetIM
2008-03-20 22:48:46 1158 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{240A2128-ACD4-4124-87AF-527124CAAC38}]
05/13/2008 11:17 PM 28800 --a------ C:\WINDOWS\system32\yayyVllm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
03/27/2008 02:12 PM 1164600 --a------ C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847} "= C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [03/27/2008 02:12 PM 1164600]

[-HKEY_CLASSES_ROOT\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE "= "C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [09/29/2003 07:10 AM]
"McAfeeUpdaterUI "= "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [09/18/2003 03:01 AM]
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [07/01/2004 12:02 PM]
"HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [07/01/2004 11:58 AM]
"ISUSPM Startup "= "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [08/09/2004 06:03 AM]
"NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"Acrobat Assistant 7.0 "= "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [01/12/2006 08:52 PM]
"HP Software Update "= "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [06/25/2003 11:24 AM]
"HP Component Manager "= "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [10/23/2003 07:51 PM]
"HPDJ Taskbar Utility "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [12/17/2002 03:27 PM]
"@ "=" " []
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [09/26/2007 02:42 PM]
"ISUSScheduler "= "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [06/10/2005 10:44 AM]
"SweetIM "= "C:\Program Files\SweetIM\Messenger\SweetIM.exe" [03/27/2008 07:31 PM]
"e82ad0c0 "= "C:\WINDOWS\system32\sqitybfl.dll" [05/14/2008 08:03 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM]
"googletalk "= "C:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 02:22 PM]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/09/2007 08:06 PM]
"Yahoo! Pager "= "~C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" []
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"MySpaceIM "= "C:\Program Files\MySpace\IM\MySpaceIM.exe" [02/01/2008 01:32 PM]
"WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM "=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe [8/22/2006 3:39:52 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 1:15:54 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr "=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{240A2128-ACD4-4124-87AF-527124CAAC38} "= C:\WINDOWS\system32\yayyVllm.dll [05/13/2008 11:17 PM 28800]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"mpfanvqg "= {313BB4A7-EC40-4561-801E-AD62F24D1358} - C:\WINDOWS\mpfanvqg.dll [ ]
"vbksrofa "= {76201CFD-AE02-4A85-BAAB-B7A78637F32C} - C:\WINDOWS\vbksrofa.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayyVllm]
yayyVllm.dll 05/13/2008 11:17 PM 28800 C:\WINDOWS\system32\yayyVllm.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages "= msv1_0 C:\WINDOWS\system32\ljJASLde

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "




-- End of Deckard's System Scanner: finished at 2008-05-14 10:52:57 ------------

 

Hi taylorwn

Please do this.

Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1

Now close all windows other than HiJackThis, then click Fix Checked.

Close HJT.


Download ComboFix from Here to your Desktop.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• Vista users right click Combofix.exe and select Run As Administrator.
• When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Note - ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note - Combofix makes some changes when run to prevent autorun/autoplay of ALL CDs, floppies and USB devices, to assist with malware removal & increase security. If this is an issue or makes it difficult for you to use those devices, please ask how to reset it.


Thanks
Geri

 

Log file results

Thanks Geri, it always a pleasure working with you. I ran HiJackThis in scan only mode but it did not should the entry:

[O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1]

So I went into the Registry and manually removed the item, I can't believe I missed that, I had previously went through the registry, event logs, Local policies, and services searching for something of that nature. Anyway, I ran DSS and I have posted the log file below.

One more thing, I could have swore I had the system restore enabled before this happened

ComboFix 08-05-12.1 - taylorw 2008-05-14 15:57:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.580 [GMT -7:00]
Running from: C:\Documents and Settings\taylorw.TAYLORWXPP\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Chaz\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\willie\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\aybLRqss.ini
C:\WINDOWS\system32\aybLRqss.ini2
C:\WINDOWS\system32\edLSAJjl.ini
C:\WINDOWS\system32\edLSAJjl.ini2
C:\WINDOWS\system32\euepvnde.ini
C:\WINDOWS\system32\JTuDgfii.ini
C:\WINDOWS\system32\JTuDgfii.ini2
C:\WINDOWS\system32\lfbytiqs.ini
C:\WINDOWS\system32\tAISvGgh.ini
C:\WINDOWS\system32\tAISvGgh.ini2
C:\WINDOWS\system32\txhsjhet.ini
C:\WINDOWS\system32\xhrxxutg.ini

.
((((((((((((((((((((((((( Files Created from 2008-04-14 to 2008-05-14 )))))))))))))))))))))))))))))))
.

2008-05-14 15:48 . 2008-05-14 15:48 318,848 --a------ C:\WINDOWS\system32\hgGvSIAt.dll
2008-05-14 15:48 . 2008-05-14 15:48 90,240 --a------ C:\WINDOWS\system32\ednvpeue.dll
2008-05-14 15:16 . 2008-05-14 15:16 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-14 11:13 . 2008-05-14 11:13 318,848 --a------ C:\WINDOWS\system32\ssqRLbya.dll
2008-05-14 00:56 . 2008-05-14 00:56 <DIR> d-------- C:\Documents and Settings\willie\Application Data\TmpRecentIcons
2008-05-13 23:47 . 2008-05-13 23:47 <DIR> d-------- C:\Documents and Settings\willie\Application Data\SUPERAntiSpyware.com
2008-05-13 23:46 . 2008-05-13 23:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-13 23:39 . 2008-05-13 23:39 <DIR> d-------- C:\Deckard
2008-05-13 23:17 . 2008-05-13 23:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
2008-05-13 23:17 . 2008-05-13 23:17 28,800 --a------ C:\WINDOWS\system32\yayyVllm.dll
2008-05-09 14:26 . 2008-05-09 14:28 <DIR> d-------- C:\Program Files\Recover My Files
2008-05-06 16:03 . 2005-06-15 03:00 102,400 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-05-06 16:00 . 2008-05-06 16:00 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-05-06 16:00 . 2008-05-06 16:00 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-05-06 15:42 . 2001-11-30 19:05 131,072 --a------ C:\WINDOWS\system32\dzip32.dll
2008-05-06 15:42 . 2001-11-30 19:05 110,592 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-05-06 15:41 . 2008-05-06 15:42 <DIR> d-------- C:\Program Files\Windows Media Bonus Pack for Windows XP
2008-05-06 15:26 . 2008-05-06 15:26 <DIR> d-------- C:\Program Files\Orban
2008-04-30 16:40 . 2008-04-30 16:40 <DIR> d-------- C:\Program Files\Verizon
2008-04-30 09:06 . 2008-04-30 14:53 <DIR> d-------- C:\Documents and Settings\willie\Contacts
2008-04-25 10:17 . 2008-04-25 10:22 <DIR> d-------- C:\Documents and Settings\willie\Application Data\Newsbin
2008-04-24 13:10 . 2008-04-24 13:10 <DIR> d-------- C:\Documents and Settings\willie\Application Data\AdobeUM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-14 20:12 --------- d-----w C:\Documents and Settings\taylorw.TAYLORWXPP\Application Data\SUPERAntiSpyware.com
2008-05-14 16:01 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-05-10 21:29 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-25 20:14 --------- d-----w C:\Program Files\Warcraft III
2008-04-19 05:36 --------- d-----w C:\Program Files\nbpro
2008-04-19 04:17 --------- d-----w C:\Documents and Settings\taylorw.TAYLORWXPP\Application Data\Newsbin
2008-04-17 16:44 --------- d-----w C:\Documents and Settings\willie\Application Data\Yahoo!
2008-04-01 02:43 --------- d-----w C:\Program Files\SweetIM
2008-04-01 02:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\SweetIM
2008-03-22 22:09 --------- d-----w C:\Documents and Settings\Chaz\Application Data\MySpace
2008-03-15 02:18 --------- d-----w C:\Documents and Settings\willie\Application Data\MySpace
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{240A2128-ACD4-4124-87AF-527124CAAC38}]
2008-05-13 23:17 28800 --a------ C:\WINDOWS\system32\yayyVllm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{33AA4094-623D-4436-8EDF-BC8B8763D96A}]
2008-05-14 11:13 318848 --a------ C:\WINDOWS\system32\ssqRLbya.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43D6BA2B-728B-4B97-98B5-9E3C416283E8}]
2008-05-14 15:48 318848 --a------ C:\WINDOWS\system32\hgGvSIAt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-03-27 14:12 1164600 --a------ C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847} "= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 14:12 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847} "= C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-03-27 14:12 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"googletalk "= "C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 14:22 3739648]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-09 20:06 68856]
"Yahoo! Pager "= "~C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [ ]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"MySpaceIM "= "C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 13:32 8699904]
"WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE "= "C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2003-09-29 07:10 81990]
"McAfeeUpdaterUI "= "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2003-09-18 03:01 135251]
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [2004-07-01 12:02 155648]
"HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [2004-07-01 11:58 118784]
"ISUSPM Startup "= "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 06:03 221184]
"NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"Acrobat Assistant 7.0 "= "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52 483328]
"HP Software Update "= "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24 49152]
"HP Component Manager "= "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 19:51 233472]
"HPDJ Taskbar Utility "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-17 15:27 188416]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]
"ISUSScheduler "= "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2005-06-10 10:44 81920]
"SweetIM "= "C:\Program Files\SweetIM\Messenger\SweetIM.exe" [2008-03-27 19:31 111928]
"e82ad0c0 "= "C:\WINDOWS\system32\ednvpeue.dll" [2008-05-14 15:48 90240]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM "= "C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 13:32 8699904]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe [2006-08-22 15:39:52 25214]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 01:15:54 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{240A2128-ACD4-4124-87AF-527124CAAC38} "= C:\WINDOWS\system32\yayyVllm.dll [2008-05-13 23:17 28800]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"mpfanvqg "= {313BB4A7-EC40-4561-801E-AD62F24D1358} - C:\WINDOWS\mpfanvqg.dll [ ]
"vbksrofa "= {76201CFD-AE02-4A85-BAAB-B7A78637F32C} - C:\WINDOWS\vbksrofa.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayyVllm]
yayyVllm.dll 2008-05-13 23:17 28800 C:\WINDOWS\system32\yayyVllm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM "= mobilev.acm
"VIDC.IV41 "= ir41_32.dll
"vidc.ir32 "= C:\WINDOWS\system32\ir32_32.dll
"vidc.ir31 "= C:\WINDOWS\system32\ir32_32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Program Files\\LimeWire\\LimeWire.exe "=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe "=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe "=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe "=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe "=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"C:\\Program Files\\Abacast\\Abaclient.exe "=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe "=
"C:\\Program Files\\Warcraft III\\War3.exe "=
"C:\\Program Files\\iTunes\\iTunes.exe "=
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"C:\\WINDOWS\\system32\\mmc.exe "=
"C:\\Program Files\\Skype\\Phone\\Skype.exe "=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"C:\\Program Files\\MSN Messenger\\livecall.exe "=
"C:\\Program Files\\Messenger\\msmsgs.exe "=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe "=

R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2006-03-30 17:17]
R3 axvdkbus;axvdkbus;C:\WINDOWS\system32\DRIVERS\axvdkbus.sys [2003-02-25 20:43]
R3 axvodka;axvodka;C:\WINDOWS\system32\DRIVERS\axvodka.sys [2003-03-10 02:10]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-09 18:25:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-14 16:26:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\yayyVllm.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\ednvpeue.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-05-14 16:33:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-14 23:33:05

Pre-Run: 85,067,956,224 bytes free
Post-Run: 84,991,016,960 bytes free

196 --- E O F --- 2008-04-12 15:16:34

 

Hi taylorwn

Please do the following.

Now download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

Double click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select 'Perform Quick Scan', then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Post the entire report in your next reply along with a fresh HijackThis log. Let me know what issues still exist.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Please post the MBAM log.

Thanks
Geri

 

Everything appears to be running ok so far. Here are the two logs.

Malwarebytes' Anti-Malware 1.12
Database version: 752

Scan type: Quick Scan
Objects scanned: 45385
Time elapsed: 5 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 13
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\mxvtrmuq.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\hgGvSIAt.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\yayyVllm.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99dabb3e-aa62-4287-9871-96c20ec6d345} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{99dabb3e-aa62-4287-9871-96c20ec6d345} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{240a2128-acd4-4124-87af-527124caac38} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{240a2128-acd4-4124-87af-527124caac38} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayyvllm (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pvnsmfor.besx (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e82ad0c0 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{240a2128-acd4-4124-87af-527124caac38} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\mpfanvqg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\vbksrofa (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggvsiat -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggvsiat -> Delete on reboot.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008 (Rogue.MalWarrior) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\mxvtrmuq.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\hgGvSIAt.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\tAISvGgh.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\tAISvGgh.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qumrtvxm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqRLbya.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aybLRqss.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aybLRqss.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe (Rogue.MalWarrior) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayyVllm.dll (Trojan.Vundo) -> Delete on reboot.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:04:35 AM, on 5/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe "
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe "
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] ~ "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup163.cab
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O24 - Desktop Component 0: (no name) - http://www.scifi.com/battlestar/images/gallery/season02/large/pic_01.jpg

--
End of file - 13614 bytes

 

Hi taylorwn
OK Great.
I'm really starting to like MBAM

If it did not reboot your computer please do so.

Now do this please.

If you don't have ATF Cleaner please download it.
If you have it please run it.

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Now lets get a on-line scan.

Please do an online scan with Kaspersky WebScanner

Click on "Accept" If your pop "“up blocker blocks the ActiveX download, allow it, click on "Accept" again

You will be prompted to install an ActiveX component from Kaspersky, Click Yes or Install.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended (if available otherwise Standard)
  • Scan Options:
  • Scan Archives
    Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This will start the program and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

Please post the Kaspersky results.

Thanks
Geri

 

Kaspersky WebScanner Log

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, May 15, 2008 3:33:09 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/05/2008
Kaspersky Anti-Virus database records: 775984
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
T:\

Scan Statistics:
Total number of scanned objects: 96013
Number of viruses found: 11
Number of infected objects: 39
Number of suspicious objects: 0
Duration of the scan process: 01:43:16

Infected Object Name / Virus Name / Last Action
C:\Data$\newsbincrack.zip/newsbincrack/nbproldr.exe Infected: not-a-virus:RiskTool.Win32.Patcher.a skipped
C:\Data$\newsbincrack.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_WILLIET-IBM.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_WILLIET-IBM.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\taylorw\My Documents\Data\all_files4.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.q skipped
C:\Documents and Settings\taylorw\My Documents\Data\all_files4.exe/data0005 Infected: Trojan-Downloader.Win32.Agent.ec skipped
C:\Documents and Settings\taylorw\My Documents\Data\all_files4.exe/data0007 Infected: not-a-virus:AdWare.Win32.EZula skipped
C:\Documents and Settings\taylorw\My Documents\Data\all_files4.exe/data0008 Infected: Trojan-Downloader.Win32.Apropo.v skipped
C:\Documents and Settings\taylorw\My Documents\Data\all_files4.exe/data0009 Infected: Trojan.Win32.Qhost.ap skipped
C:\Documents and Settings\taylorw\My Documents\Data\all_files4.exe NSIS: infected - 5 skipped
C:\Documents and Settings\taylorw\My Documents\Data\Data\all_files4.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.q skipped
C:\Documents and Settings\taylorw\My Documents\Data\Data\all_files4.exe/data0005 Infected: Trojan-Downloader.Win32.Agent.ec skipped
C:\Documents and Settings\taylorw\My Documents\Data\Data\all_files4.exe/data0007 Infected: not-a-virus:AdWare.Win32.EZula skipped
C:\Documents and Settings\taylorw\My Documents\Data\Data\all_files4.exe/data0008 Infected: Trojan-Downloader.Win32.Apropo.v skipped
C:\Documents and Settings\taylorw\My Documents\Data\Data\all_files4.exe/data0009 Infected: Trojan.Win32.Qhost.ap skipped
C:\Documents and Settings\taylorw\My Documents\Data\Data\all_files4.exe NSIS: infected - 5 skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Application Data\MySpace\IM\Logs\MySpaceIM-20080515-095914.log Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Application Data\MySpace\IM\SkypeCache\myspace#3aslickwillieishere\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Application Data\MySpace\IM\SkypeCache\myspace#3aslickwillieishere\index2.dat Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Application Data\MySpace\IM\SkypeCache\myspace#3aslickwillieishere\profile256.dbb Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Application Data\MySpace\IM\SkypeCache\myspace#3aslickwillieishere\user1024.dbb Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Application Data\MySpace\IM\SkypeCache\myspace#3aslickwillieishere\user256.dbb Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Desktop\Thumbnail\incredimail_install.exe Infected: not-a-virusownloader.Win32.ImLoader.h skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Desktop\Thumbnail\Jewel Quest - FULL craked.rar/[auto - bitorrent] Construction Destruction ValuSoft [found on PeerAnia.com].exe Infected: not-a-virus:AdWare.Win32.Trymedia.a skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Desktop\Thumbnail\Jewel Quest - FULL craked.rar RAR: infected - 1 skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Desktop\Thumbnail\Jewel Quest\[auto - bitorrent] Construction Destruction ValuSoft [found on PeerAnia.com].exe Infected: not-a-virus:AdWare.Win32.Trymedia.a skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\IM\Identities\{7DBDFCF3-2735-41BD-A811-A2C8C78285BB}\Message Store\Attachments\BUY_GREAT_MALENLARGER.HTML Infected: Trojan.JS.Redirector.b skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\IM\Identities\{7DBDFCF3-2735-41BD-A811-A2C8C78285BB}\Message Store\Attachments\BUY_YOURSPERMCOUNT.HTML Infected: Trojan.JS.Redirector.b skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\Microsoft\Outlook\MS Exchange SettingsMSN-00000004.pst/MSN/EBay/27 Apr 2005 21:54 from aw-confirm@ebay.com:Question for item #57.eml Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\Microsoft\Outlook\MS Exchange SettingsMSN-00000004.pst/MSN/EBay/13 Apr 2005 17:38 from aw-confirm@ebay.com:Question about shippi.eml Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\Microsoft\Outlook\MS Exchange SettingsMSN-00000004.pst/MSN/EBay/12 Apr 2005 01:18 from aw-confirm@ebay.com:Question for item #57.eml Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\Microsoft\Outlook\MS Exchange SettingsMSN-00000004.pst MailMSMaill: infected - 3 skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\History\History.IE5\MSHist012008051520080516\index.dat Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Temp\~DF954D.tmp Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Temp\~DFC1FB.tmp Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\My Documents\Data\all_files4.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.q skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\My Documents\Data\all_files4.exe/data0005 Infected: Trojan-Downloader.Win32.Agent.ec skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\My Documents\Data\all_files4.exe/data0007 Infected: not-a-virus:AdWare.Win32.EZula skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\My Documents\Data\all_files4.exe/data0008 Infected: Trojan-Downloader.Win32.Apropo.v skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\My Documents\Data\all_files4.exe/data0009 Infected: Trojan.Win32.Qhost.ap skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\My Documents\Data\all_files4.exe NSIS: infected - 5 skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\My Documents\Data\Data\all_files4.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.q skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\My Documents\Data\Data\all_files4.exe/data0005 Infected: Trojan-Downloader.Win32.Agent.ec skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\My Documents\Data\Data\all_files4.exe/data0007 Infected: not-a-virus:AdWare.Win32.EZula skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\My Documents\Data\Data\all_files4.exe/data0008 Infected: Trojan-Downloader.Win32.Apropo.v skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\My Documents\Data\Data\all_files4.exe/data0009 Infected: Trojan.Win32.Qhost.ap skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\My Documents\Data\Data\all_files4.exe NSIS: infected - 5 skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\NtUser.dat.LOG Object is locked skipped
C:\Downlaods\incredimail_install.exe Infected: not-a-virusownloader.Win32.ImLoader.h skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe Infected: not-a-virusownloader.Win32.ImLoader.h skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{AB81AAE5-4755-4180-B4F9-6C7017F8FD6F}\RP813\A0072858.exe Infected: Trojan.Win32.Vapsup.fed skipped
C:\System Volume Information\_restore{AB81AAE5-4755-4180-B4F9-6C7017F8FD6F}\RP816\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\pfirewall.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{796CB5A8-2E9F-4CF0-BF32-CAA47B0009BF}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

 

Hi taylorwn

Open Microsoft Outlook find and delete these.
MSN EBay 12 Apr 2005 01:18 from aw-confirm@ebay.com:Question for item #57.eml
MSN EBay 13 Apr 2005 17:38 from aw-confirm@ebay.com:Question about shippi.eml
MSN EBay 27 Apr 2005 21:54 from aw-confirm@ebay.com:Question for item #57.eml

Then empty your deleted items folder.

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  Code:

  C:\Data$\newsbincrack.zip
  C:\Documents and Settings\taylorw\My Documents\Data\all_files4.exe 	
  C:\Documents and Settings\taylorw\My Documents\Data\Data\all_files4.exe 	
  C:\Documents and Settings\taylorw.TAYLORWXPP\Desktop\Thumbnail\incredimail_install.exe 	
  C:\Documents and Settings\taylorw.TAYLORWXPP\Desktop\Thumbnail\Jewel Quest - FULL craked.rar
  C:\Documents and Settings\taylorw.TAYLORWXPP\Desktop\Thumbnail\Jewel Quest\[auto - bitorrent] Construction Destruction ValuSoft [found on PeerAnia.com].exe 	
  C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\IM\Identities\{7DBDFCF3-2735-41BD-A811-A2C8C78285BB}\Message Store\Attachments\BUY_GREAT_MALENLARGER.HTML 	
  C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\IM\Identities\{7DBDFCF3-2735-41BD-A811-A2C8C78285BB}\Message Store\Attachments\BUY_YOURSPERMCOUNT.HTML 	
  C:\Documents and Settings\taylorw.TAYLORWXPP\My Documents\Data\all_files4.exe 	
  C:\Documents and Settings\taylorw.TAYLORWXPP\My Documents\Data\Data\all_files4.exe 	
  C:\Downlaods\incredimail_install.exe 	
  C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe 
  

• Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to Move " window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt2

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


I see you have P2P software ( Limewire, BitTorrent uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at Windowsbbs Virus and Spyware removal.


Please run another Kaspersky scan and post the new log a long with the OTMoveIt2 log.

Thanks
Geri

 

I forgot Limewire was on my computer, it has been removed along with a few items that I forgot about or had been installed by my kid. Question, you highlighted uTorrent in red. I cannot find that or even have any idea what that is.

I will post the Kaspersky scan soon as it is completed but, I want to be sure to move any other items.


C:\Data$\newsbincrack.zip moved successfully.
C:\Documents and Settings\taylorw\My Documents\Data\all_files4.exe moved successfully.
C:\Documents and Settings\taylorw\My Documents\Data\Data\all_files4.exe moved successfully.
C:\Documents and Settings\taylorw.TAYLORWXPP\Desktop\Thumbnail\incredimail_install.exe moved successfully.
File/Folder C:\Documents and Settings\taylorw.TAYLORWXPP\Desktop\Thumbnail\Jewel Quest - FULL craked.rar not found.
< C:\Documents and Settings\taylorw.TAYLORWXPP\Desktop\Thumbnail\Jewel Quest\[auto - bitorrent] Construction Destruction ValuSoft [found on PeerAnia.com].exe >
C:\Documents and Settings\taylorw.TAYLORWXPP\Desktop\Thumbnail\Jewel Quest\[auto - bitorrent] Construction Destruction ValuSoft [found on PeerAnia.com].exe moved successfully.
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\IM\Identities\{7DBDFCF3-2735-41BD-A811-A2C8C78285BB}\Message Store\Attachments\BUY_GREAT_MALENLARGER.HTML moved successfully.
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\IM\Identities\{7DBDFCF3-2735-41BD-A811-A2C8C78285BB}\Message Store\Attachments\BUY_YOURSPERMCOUNT.HTML moved successfully.
C:\Documents and Settings\taylorw.TAYLORWXPP\My Documents\Data\all_files4.exe moved successfully.
C:\Documents and Settings\taylorw.TAYLORWXPP\My Documents\Data\Data\all_files4.exe moved successfully.
C:\Downlaods\incredimail_install.exe moved successfully.
C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05162008_101517

 

uTorrent ??? Doen't rint a bell

I forgot Limewire was on my computer, it has been removed along with a few items that I forgot about or had been installed by my kid. Question, you highlighted uTorrent in red. I cannot find that or even have any idea what that is.

I will post the Kaspersky scan soon as it is completed but, I want to be sure to move any other items.


C:\Data$\newsbincrack.zip moved successfully.
C:\Documents and Settings\taylorw\My Documents\Data\all_files4.exe moved successfully.
C:\Documents and Settings\taylorw\My Documents\Data\Data\all_files4.exe moved successfully.
C:\Documents and Settings\taylorw.TAYLORWXPP\Desktop\Thumbnail\incredimail_install.exe moved successfully.
File/Folder C:\Documents and Settings\taylorw.TAYLORWXPP\Desktop\Thumbnail\Jewel Quest - FULL craked.rar not found.
< C:\Documents and Settings\taylorw.TAYLORWXPP\Desktop\Thumbnail\Jewel Quest\[auto - bitorrent] Construction Destruction ValuSoft [found on PeerAnia.com].exe >
C:\Documents and Settings\taylorw.TAYLORWXPP\Desktop\Thumbnail\Jewel Quest\[auto - bitorrent] Construction Destruction ValuSoft [found on PeerAnia.com].exe moved successfully.
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\IM\Identities\{7DBDFCF3-2735-41BD-A811-A2C8C78285BB}\Message Store\Attachments\BUY_GREAT_MALENLARGER.HTML moved successfully.
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\IM\Identities\{7DBDFCF3-2735-41BD-A811-A2C8C78285BB}\Message Store\Attachments\BUY_YOURSPERMCOUNT.HTML moved successfully.
C:\Documents and Settings\taylorw.TAYLORWXPP\My Documents\Data\all_files4.exe moved successfully.
C:\Documents and Settings\taylorw.TAYLORWXPP\My Documents\Data\Data\all_files4.exe moved successfully.
C:\Downlaods\incredimail_install.exe moved successfully.
C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05162008_101517

 

Kaspersky WebScanner Log #2

Looks worst than before??

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, May 16, 2008 12:55:53 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/05/2008
Kaspersky Anti-Virus database records: 778500
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
T:\

Scan Statistics:
Total number of scanned objects: 95171
Number of viruses found: 12
Number of infected objects: 42
Number of suspicious objects: 0
Duration of the scan process: 01:46:00

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_WILLIET-IBM.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_WILLIET-IBM.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Application Data\Mozilla\Firefox\Profiles\t95xuu20.default\cert8.db Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Application Data\Mozilla\Firefox\Profiles\t95xuu20.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Application Data\Mozilla\Firefox\Profiles\t95xuu20.default\history.dat Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Application Data\Mozilla\Firefox\Profiles\t95xuu20.default\key3.db Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Application Data\Mozilla\Firefox\Profiles\t95xuu20.default\parent.lock Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Application Data\Mozilla\Firefox\Profiles\t95xuu20.default\search.sqlite Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Application Data\Mozilla\Firefox\Profiles\t95xuu20.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Desktop\Thumbnail\Jewel Quest - FULL craked.rar/[auto - bitorrent] Construction Destruction ValuSoft [found on PeerAnia.com].exe Infected: not-a-virus:AdWare.Win32.Trymedia.a skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Desktop\Thumbnail\Jewel Quest - FULL craked.rar RAR: infected - 1 skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\Microsoft\Outlook\MS Exchange SettingsMSN-00000004.pst/MSN/EBay/27 Apr 2005 21:54 from aw-confirm@ebay.com:Question for item #57.eml Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\Microsoft\Outlook\MS Exchange SettingsMSN-00000004.pst/MSN/EBay/13 Apr 2005 17:38 from aw-confirm@ebay.com:Question about shippi.eml Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\Microsoft\Outlook\MS Exchange SettingsMSN-00000004.pst/MSN/EBay/12 Apr 2005 01:18 from aw-confirm@ebay.com:Question for item #57.eml Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\Microsoft\Outlook\MS Exchange SettingsMSN-00000004.pst MailMSMaill: infected - 3 skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\Mozilla\Firefox\Profiles\t95xuu20.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\Mozilla\Firefox\Profiles\t95xuu20.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\Mozilla\Firefox\Profiles\t95xuu20.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\Mozilla\Firefox\Profiles\t95xuu20.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\History\History.IE5\MSHist012008051620080517\index.dat Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Temp\~DF6F3.tmp Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\NtUser.dat.LOG Object is locked skipped
C:\Documents and Settings\willie\ntuser.dat Object is locked skipped
C:\Documents and Settings\willie\NtUser.dat.LOG Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{AB81AAE5-4755-4180-B4F9-6C7017F8FD6F}\RP813\A0072858.exe Infected: Trojan.Win32.Vapsup.fed skipped
C:\System Volume Information\_restore{AB81AAE5-4755-4180-B4F9-6C7017F8FD6F}\RP815\A0074080.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.rrh skipped
C:\System Volume Information\_restore{AB81AAE5-4755-4180-B4F9-6C7017F8FD6F}\RP815\A0074081.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.rrh skipped
C:\System Volume Information\_restore{AB81AAE5-4755-4180-B4F9-6C7017F8FD6F}\RP816\A0074161.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.rrh skipped
C:\System Volume Information\_restore{AB81AAE5-4755-4180-B4F9-6C7017F8FD6F}\RP820\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\pfirewall.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{3496D715-F034-4AEA-81F6-A9A8CAA2BE46}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Data$\newsbincrack.zip/newsbincrack/nbproldr.exe Infected: not-a-virus:RiskTool.Win32.Patcher.a skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Data$\newsbincrack.zip ZIP: infected - 1 skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw\My Documents\Data\all_files4.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.q skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw\My Documents\Data\all_files4.exe/data0005 Infected: Trojan-Downloader.Win32.Agent.ec skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw\My Documents\Data\all_files4.exe/data0007 Infected: not-a-virus:AdWare.Win32.EZula skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw\My Documents\Data\all_files4.exe/data0008 Infected: Trojan-Downloader.Win32.Apropo.v skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw\My Documents\Data\all_files4.exe/data0009 Infected: Trojan.Win32.Qhost.ap skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw\My Documents\Data\all_files4.exe NSIS: infected - 5 skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw\My Documents\Data\Data\all_files4.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.q skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw\My Documents\Data\Data\all_files4.exe/data0005 Infected: Trojan-Downloader.Win32.Agent.ec skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw\My Documents\Data\Data\all_files4.exe/data0007 Infected: not-a-virus:AdWare.Win32.EZula skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw\My Documents\Data\Data\all_files4.exe/data0008 Infected: Trojan-Downloader.Win32.Apropo.v skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw\My Documents\Data\Data\all_files4.exe/data0009 Infected: Trojan.Win32.Qhost.ap skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw\My Documents\Data\Data\all_files4.exe NSIS: infected - 5 skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw.TAYLORWXPP\Desktop\Thumbnail\incredimail_install.exe Infected: not-a-virusownloader.Win32.ImLoader.h skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw.TAYLORWXPP\Desktop\Thumbnail\Jewel Quest\[auto - bitorrent] Construction Destruction ValuSoft [found on PeerAnia.com].exe Infected: not-a-virus:AdWare.Win32.Trymedia.a skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\IM\Identities\{7DBDFCF3-2735-41BD-A811-A2C8C78285BB}\Message Store\Attachments\BUY_GREAT_MALENLARGER.HTML Infected: Trojan.JS.Redirector.b skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\IM\Identities\{7DBDFCF3-2735-41BD-A811-A2C8C78285BB}\Message Store\Attachments\BUY_YOURSPERMCOUNT.HTML Infected: Trojan.JS.Redirector.b skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw.TAYLORWXPP\My Documents\Data\all_files4.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.q skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw.TAYLORWXPP\My Documents\Data\all_files4.exe/data0005 Infected: Trojan-Downloader.Win32.Agent.ec skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw.TAYLORWXPP\My Documents\Data\all_files4.exe/data0007 Infected: not-a-virus:AdWare.Win32.EZula skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw.TAYLORWXPP\My Documents\Data\all_files4.exe/data0008 Infected: Trojan-Downloader.Win32.Apropo.v skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw.TAYLORWXPP\My Documents\Data\all_files4.exe/data0009 Infected: Trojan.Win32.Qhost.ap skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw.TAYLORWXPP\My Documents\Data\all_files4.exe NSIS: infected - 5 skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw.TAYLORWXPP\My Documents\Data\Data\all_files4.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.q skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw.TAYLORWXPP\My Documents\Data\Data\all_files4.exe/data0005 Infected: Trojan-Downloader.Win32.Agent.ec skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw.TAYLORWXPP\My Documents\Data\Data\all_files4.exe/data0007 Infected: not-a-virus:AdWare.Win32.EZula skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw.TAYLORWXPP\My Documents\Data\Data\all_files4.exe/data0008 Infected: Trojan-Downloader.Win32.Apropo.v skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw.TAYLORWXPP\My Documents\Data\Data\all_files4.exe/data0009 Infected: Trojan.Win32.Qhost.ap skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw.TAYLORWXPP\My Documents\Data\Data\all_files4.exe NSIS: infected - 5 skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Downlaods\incredimail_install.exe Infected: not-a-virusownloader.Win32.ImLoader.h skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Program Files\IncrediMail\bin\IncrediMail_Install.exe Infected: not-a-virusownloader.Win32.ImLoader.h skipped

Scan process completed.

 

Hi
Could you not find these? They need to be deleted.
Open Microsoft Outlook find and delete these.
MSN EBay 12 Apr 2005 01:18 from aw-confirm@ebay.com:Question for item #57.eml
MSN EBay 13 Apr 2005 17:38 from aw-confirm@ebay.com:Question about shippi.eml
MSN EBay 27 Apr 2005 21:54 from aw-confirm@ebay.com:Question for item #57.eml

I seen this on the P2P
auto - bitorrent
So I asumed it is uTorrent

These need to be deleted.

C:\Documents and Settings\taylorw.TAYLORWXPP\Desktop\Thumbnail\Jewel Quest - FULL craked.rar

C:\Documents and Settings\taylorw.TAYLORWXPP\Desktop\Thumbnail\Jewel Quest\[auto - bitorrent] Construction Destruction ValuSoft

Let me know if you found and deleted them.

Thanks
Geri

 

Sorry Geri, thought I did delete them I have now totally emptied the ebay folder to make sure and deleted the Thumbnail folder. I did not need this stuff anyway. I will now run a new scan.

 

Kaspersky Online Scanner Report #3

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, May 16, 2008 5:42:32 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/05/2008
Kaspersky Anti-Virus database records: 779486
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
T:\

Scan Statistics:
Total number of scanned objects: 95383
Number of viruses found: 11
Number of infected objects: 36
Number of suspicious objects: 0
Duration of the scan process: 01:59:44

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_WILLIET-IBM.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_WILLIET-IBM.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Application Data\Microsoft\Outlook\MS Exchange Settings.srs Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Application Data\MySpace\IM\Logs\MySpaceIM-20080516-153526.log Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Application Data\MySpace\IM\SkypeCache\myspace#3aslickwillieishere\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Application Data\MySpace\IM\SkypeCache\myspace#3aslickwillieishere\index2.dat Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Application Data\MySpace\IM\SkypeCache\myspace#3aslickwillieishere\profile256.dbb Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Application Data\MySpace\IM\SkypeCache\myspace#3aslickwillieishere\user1024.dbb Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Application Data\MySpace\IM\SkypeCache\myspace#3aslickwillieishere\user256.dbb Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Application Data\Sun\Java\Deployment\log\plugin150_11.trace Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\Microsoft\Outlook\archive.pst Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\Microsoft\Outlook\mailbox.pst Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\Microsoft\Outlook\MS Exchange SettingsMSN-00000004.pst Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\History\History.IE5\MSHist012008051620080517\index.dat Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Temp\hsperfdata_taylorw\3816 Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Temp\~DF2A99.tmp Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Temp\~DF528E.tmp Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Temp\~DFAD19.tmp Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Temp\~DFC52A.tmp Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\NtUser.dat.LOG Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{AB81AAE5-4755-4180-B4F9-6C7017F8FD6F}\RP813\A0072858.exe Infected: Trojan.Win32.Vapsup.fed skipped
C:\System Volume Information\_restore{AB81AAE5-4755-4180-B4F9-6C7017F8FD6F}\RP815\A0074080.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.rrh skipped
C:\System Volume Information\_restore{AB81AAE5-4755-4180-B4F9-6C7017F8FD6F}\RP815\A0074081.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.rrh skipped
C:\System Volume Information\_restore{AB81AAE5-4755-4180-B4F9-6C7017F8FD6F}\RP816\A0074161.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.rrh skipped
C:\System Volume Information\_restore{AB81AAE5-4755-4180-B4F9-6C7017F8FD6F}\RP820\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\pfirewall.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{34F5E9C6-64F4-4422-9FC1-9E462EAF8770}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\spool\PRINTERS\FP00000.SHD Object is locked skipped
C:\WINDOWS\system32\spool\PRINTERS\FP00000.SPL Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Data$\newsbincrack.zip/newsbincrack/nbproldr.exe Infected: not-a-virus:RiskTool.Win32.Patcher.a skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Data$\newsbincrack.zip ZIP: infected - 1 skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw\My Documents\Data\all_files4.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.q skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw\My Documents\Data\all_files4.exe/data0005 Infected: Trojan-Downloader.Win32.Agent.ec skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw\My Documents\Data\all_files4.exe/data0007 Infected: not-a-virus:AdWare.Win32.EZula skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw\My Documents\Data\all_files4.exe/data0008 Infected: Trojan-Downloader.Win32.Apropo.v skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw\My Documents\Data\all_files4.exe/data0009 Infected: Trojan.Win32.Qhost.ap skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw\My Documents\Data\all_files4.exe NSIS: infected - 5 skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw\My Documents\Data\Data\all_files4.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.q skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw\My Documents\Data\Data\all_files4.exe/data0005 Infected: Trojan-Downloader.Win32.Agent.ec skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw\My Documents\Data\Data\all_files4.exe/data0007 Infected: not-a-virus:AdWare.Win32.EZula skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw\My Documents\Data\Data\all_files4.exe/data0008 Infected: Trojan-Downloader.Win32.Apropo.v skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw\My Documents\Data\Data\all_files4.exe/data0009 Infected: Trojan.Win32.Qhost.ap skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw\My Documents\Data\Data\all_files4.exe NSIS: infected - 5 skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw.TAYLORWXPP\Desktop\Thumbnail\incredimail_install.exe Infected: not-a-virusownloader.Win32.ImLoader.h skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw.TAYLORWXPP\Desktop\Thumbnail\Jewel Quest\[auto - bitorrent] Construction Destruction ValuSoft [found on PeerAnia.com].exe Infected: not-a-virus:AdWare.Win32.Trymedia.a skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\IM\Identities\{7DBDFCF3-2735-41BD-A811-A2C8C78285BB}\Message Store\Attachments\BUY_GREAT_MALENLARGER.HTML Infected: Trojan.JS.Redirector.b skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\IM\Identities\{7DBDFCF3-2735-41BD-A811-A2C8C78285BB}\Message Store\Attachments\BUY_YOURSPERMCOUNT.HTML Infected: Trojan.JS.Redirector.b skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw.TAYLORWXPP\My Documents\Data\all_files4.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.q skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw.TAYLORWXPP\My Documents\Data\all_files4.exe/data0005 Infected: Trojan-Downloader.Win32.Agent.ec skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw.TAYLORWXPP\My Documents\Data\all_files4.exe/data0007 Infected: not-a-virus:AdWare.Win32.EZula skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw.TAYLORWXPP\My Documents\Data\all_files4.exe/data0008 Infected: Trojan-Downloader.Win32.Apropo.v skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw.TAYLORWXPP\My Documents\Data\all_files4.exe/data0009 Infected: Trojan.Win32.Qhost.ap skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw.TAYLORWXPP\My Documents\Data\all_files4.exe NSIS: infected - 5 skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw.TAYLORWXPP\My Documents\Data\Data\all_files4.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.q skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw.TAYLORWXPP\My Documents\Data\Data\all_files4.exe/data0005 Infected: Trojan-Downloader.Win32.Agent.ec skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw.TAYLORWXPP\My Documents\Data\Data\all_files4.exe/data0007 Infected: not-a-virus:AdWare.Win32.EZula skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw.TAYLORWXPP\My Documents\Data\Data\all_files4.exe/data0008 Infected: Trojan-Downloader.Win32.Apropo.v skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw.TAYLORWXPP\My Documents\Data\Data\all_files4.exe/data0009 Infected: Trojan.Win32.Qhost.ap skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Documents and Settings\taylorw.TAYLORWXPP\My Documents\Data\Data\all_files4.exe NSIS: infected - 5 skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Downlaods\incredimail_install.exe Infected: not-a-virusownloader.Win32.ImLoader.h skipped
C:\_OTMoveIt\MovedFiles\05162008_101517\Program Files\IncrediMail\bin\IncrediMail_Install.exe Infected: not-a-virusownloader.Win32.ImLoader.h skipped

Scan process completed.

 

Hi taylorwn
OK, That looks much better.

Do you know what this is?
C:\Documents and Settings\taylorw.TAYLORWXPP\Application Data\MySpace\IM\SkypeCache\myspace#3aslickwillieishere\

If you know that it is OK then that's not a problem. I just can't find any info on it.
If you don't or are not sure what it is then you should clear out your Skype Cache.


Now do this.

• Please double-click OTMoveIt2.exe to run it.
• Click on the CleanUp! button. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.
• This step removes the files, folders, and shortcuts created by the tools I had you download and run.

We need to turn off and on system restore. There are infections in it and by using system restore you would reinfect yourself.

You must be logged in as an Administrator to do this. If you are not logged in as an Administrator, the System Restore tab will not be displayed.
Turning off System Restore will clear out all previous restore points.

To turn off Windows XP System Restore:
NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:
1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives. "
5. Click Apply, and then click OK
6. Make a new restore point.
7. Click Start, All Programs, Accessories, System Tools, System Restore.
Choose Create a restore point and clicked Next, Under “Type a description for your restore point…”put a name in the box,. Click Create. In the next window click Close.

Run AtF Cleaner again.

Now run a Kaspersky scan again and make sure you get this,

Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0

If it shows anything else then post the Kaspersky log.

Let me know.

Thanks
Geri

 

Log is clean

Thanks Geri, it looks good

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, May 18, 2008 2:45:15 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/05/2008
Kaspersky Anti-Virus database records: 782591
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
T:\

Scan Statistics:
Total number of scanned objects: 90586
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:39:11

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_WILLIET-IBM.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_WILLIET-IBM.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Application Data\Microsoft\Outlook\MS Exchange Settings.srs Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Application Data\Mozilla\Firefox\Profiles\t95xuu20.default\cert8.db Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Application Data\Mozilla\Firefox\Profiles\t95xuu20.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Application Data\Mozilla\Firefox\Profiles\t95xuu20.default\history.dat Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Application Data\Mozilla\Firefox\Profiles\t95xuu20.default\key3.db Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Application Data\Mozilla\Firefox\Profiles\t95xuu20.default\parent.lock Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Application Data\Mozilla\Firefox\Profiles\t95xuu20.default\search.sqlite Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Application Data\Mozilla\Firefox\Profiles\t95xuu20.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Application Data\MySpace\IM\Logs\MySpaceIM-20080518-003837.log Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Application Data\MySpace\IM\SkypeCache\myspace#3aslickwillieishere\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Application Data\MySpace\IM\SkypeCache\myspace#3aslickwillieishere\index2.dat Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Application Data\MySpace\IM\SkypeCache\myspace#3aslickwillieishere\profile256.dbb Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Application Data\MySpace\IM\SkypeCache\myspace#3aslickwillieishere\user1024.dbb Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Application Data\MySpace\IM\SkypeCache\myspace#3aslickwillieishere\user256.dbb Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\Microsoft\Outlook\archive.pst Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\Microsoft\Outlook\mailbox.pst Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\Microsoft\Outlook\MS Exchange SettingsMSN-00000004.pst Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\Mozilla\Firefox\Profiles\t95xuu20.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\Mozilla\Firefox\Profiles\t95xuu20.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\Mozilla\Firefox\Profiles\t95xuu20.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Application Data\Mozilla\Firefox\Profiles\t95xuu20.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\History\History.IE5\MSHist012008051820080519\index.dat Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Temp\~DF49A9.tmp Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Temp\~DFF645.tmp Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\taylorw.TAYLORWXPP\NtUser.dat.LOG Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{AB81AAE5-4755-4180-B4F9-6C7017F8FD6F}\RP2\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\pfirewall.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{9D02A2FF-D072-489C-A77B-B85B539E285B}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

 

Hi taylorwn
OK Great.
You're welcome, glad to have helped.

Please look at this link for some preventive recommendations, It could keep you from ending up back here to the Spyware and Virus Removal Forums.
http://www.windowsbbs.com/showthread.php?t=67958

I'll mark this one resolved.

Surf Safely
Geri