Solved Rogue Anti Virus Program

I have thrown out those files which you told me to in the last post, here is the Kaspersky scan, this would frighten a man to death it still says I have 9 viruses in 27 objects?

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, November 21, 2007 2:09:16 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 21/11/2007
Kaspersky Anti-Virus database records: 462476
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 65613
Number of viruses found: 9
Number of infected objects: 27
Number of suspicious objects: 0
Duration of the scan process: 01:08:14

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\xpupdate.exe.ren Infected: not-virus:Hoax.Win32.Renos.hx skipped
C:\WINDOWS\xpupdate.exe Infected: not-virus:Hoax.Win32.Renos.hx skipped
C:\WINXP\system32\config\system.LOG Object is locked skipped
C:\WINXP\system32\config\software.LOG Object is locked skipped
C:\WINXP\system32\config\default.LOG Object is locked skipped
C:\WINXP\system32\config\SECURITY Object is locked skipped
C:\WINXP\system32\config\SAM Object is locked skipped
C:\WINXP\system32\config\SAM.LOG Object is locked skipped
C:\WINXP\system32\config\SECURITY.LOG Object is locked skipped
C:\WINXP\system32\config\AppEvent.Evt Object is locked skipped
C:\WINXP\system32\config\SecEvent.Evt Object is locked skipped
C:\WINXP\system32\config\SysEvent.Evt Object is locked skipped
C:\WINXP\system32\config\SYSTEM Object is locked skipped
C:\WINXP\system32\config\SOFTWARE Object is locked skipped
C:\WINXP\system32\config\DEFAULT Object is locked skipped
C:\WINXP\system32\config\Internet.evt Object is locked skipped
C:\WINXP\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINXP\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINXP\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINXP\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINXP\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINXP\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINXP\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINXP\system32\h323log.txt Object is locked skipped
C:\WINXP\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINXP\system32\drvhag.dll.ren Infected: Trojan.Win32.Dialer.qn skipped
C:\WINXP\Debug\PASSWD.LOG Object is locked skipped
C:\WINXP\Sti_Trace.log Object is locked skipped
C:\WINXP\wiaservc.log Object is locked skipped
C:\WINXP\wiadebug.log Object is locked skipped
C:\WINXP\WindowsUpdate.log Object is locked skipped
C:\WINXP\SchedLgU.Txt Object is locked skipped
C:\WINXP\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINXP\SoftwareDistribution\EventCache\{F625CA84-6DC5-44A5-A514-A731D412A317}.bin Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\_hphtra07.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF945B.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF4DFA.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF7F5A.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFB3A4.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFF127.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFC5.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF6591.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\JET2CAC.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\JETF696.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\JET2424.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\JET2F50.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\JET5278.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\JET2CC1.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012007112120071122\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{2FE8ABA5-81E5-4292-9EC9-D70603DF47C7}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{2FE8ABA5-81E5-4292-9EC9-D70603DF47C7}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{2FE8ABA5-81E5-4292-9EC9-D70603DF47C7}\Microsoft\Outlook Express\Inbox (1).dbx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{2FE8ABA5-81E5-4292-9EC9-D70603DF47C7}\Microsoft\Outlook Express\Sent Items.dbx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{2FE8ABA5-81E5-4292-9EC9-D70603DF47C7}\Microsoft\Outlook Express\CA Anti-Spam.dbx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Qurb4\Express\{2FE8ABA5-81E5-4292-9EC9-D70603DF47C7}\searchmeta.qdb Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Qurb4\Express\whitelist.qdb Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Qurb4\Express\mta.qdb Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Qurb4\Express\stat_classifier.qdb Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Qurb4\Express\msginfo.qdb Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Transfered Files\Mail Bomber\setup.exe/data0002 Infected: Email-Flooder.Win32.MailBomber.91.c skipped
C:\Documents and Settings\Owner\My Documents\Transfered Files\Mail Bomber\setup.exe Inno: infected - 1 skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\CallingID\CallingID.mdb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\CallingID\CIDLight.mdb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\CallingID\CallingID.ldb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\CallingID\CIDLight.ldb Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\SolarWinds\Free Tools\TFTP-Server.exe Infected: not-a-virus:Server-FTP.Win32.Tftp.500 skipped
C:\Program Files\CA\SharedComponents\PPRT\logs\2007-11-21.csv Object is locked skipped
C:\System Volume Information\_restore{7474C5A1-F7D9-4180-9E98-5B78748AF2C8}\RP1\A0000068.DLL Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{7474C5A1-F7D9-4180-9E98-5B78748AF2C8}\RP2\A0004255.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{7474C5A1-F7D9-4180-9E98-5B78748AF2C8}\RP5\A0004915.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{7474C5A1-F7D9-4180-9E98-5B78748AF2C8}\RP5\A0004927.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{7474C5A1-F7D9-4180-9E98-5B78748AF2C8}\RP5\A0005153.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.arf skipped
C:\System Volume Information\_restore{7474C5A1-F7D9-4180-9E98-5B78748AF2C8}\RP5\A0005154.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{7474C5A1-F7D9-4180-9E98-5B78748AF2C8}\RP5\A0005158.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{7474C5A1-F7D9-4180-9E98-5B78748AF2C8}\RP5\A0005160.dll Infected: Trojan.Win32.Inject.kq skipped
C:\System Volume Information\_restore{7474C5A1-F7D9-4180-9E98-5B78748AF2C8}\RP5\A0005226.exe Infected: not-virus:Hoax.Win32.Renos.hx skipped
C:\System Volume Information\_restore{7474C5A1-F7D9-4180-9E98-5B78748AF2C8}\RP5\A0005229.exe Infected: not-a-virusownloader.Win32.WinFixer.au skipped
C:\System Volume Information\_restore{7474C5A1-F7D9-4180-9E98-5B78748AF2C8}\RP5\A0005230.exe Infected: not-a-virusownloader.Win32.WinFixer.au skipped
C:\System Volume Information\_restore{7474C5A1-F7D9-4180-9E98-5B78748AF2C8}\RP6\change.log Object is locked skipped
C:\Recycled\Dc2.ren Infected: not-virus:Hoax.Win32.Renos.hx skipped
C:\Recycled\Dc3.exe Infected: not-virus:Hoax.Win32.Renos.hx skipped
C:\Recycled\Dc5\setup.exe/data0002 Infected: Email-Flooder.Win32.MailBomber.91.c skipped
C:\Recycled\Dc5\setup.exe Inno: infected - 1 skipped
C:\VundoFix Backups\hggdaax.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.arf skipped
C:\VundoFix Backups\hvbmisyi.dll.bad Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\VundoFix Backups\pjktfdnv.dll.bad Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\VundoFix Backups\xxywwwt.dll.bad Infected: Trojan.Win32.Inject.kq skipped
C:\SDFix\backups\backups.zip/backups/svchost.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\SDFix\backups\backups.zip ZIP: infected - 1 skipped
C:\itouch_crash_info.txt Object is locked skipped

Scan process completed.

 

This is what shows as infected, in addition to system restore points. If you followed my last set of instructions AFTER running the scan, or late in the scan, then you are done after deleting the bolded one below.

C:\WINDOWS\xpupdate.exe.ren
C:\WINDOWS\xpupdate.exe
C:\WINXP\system32\drvhag.dll.ren
C:\Documents and Settings\Owner\My Documents\Transfered Files\Mail Bomber\setup.exe
C:\Recycled\Dc2.ren
C:\Recycled\Dc3.exe
C:\Recycled\Dc5\setup.exe
C:\VundoFix Backups\hggdaax.dll.bad
C:\VundoFix Backups\hvbmisyi.dll.bad
C:\VundoFix Backups\pjktfdnv.dll.bad
C:\VundoFix Backups\xxywwwt.dll.bad
C:\SDFix\backups\backups.zip ZIP

 

Yes, I did not delete those things until 72% through the scan.
Noah, thank you so much for all your help over the last couple of days, the only word I can think of to describe you is GENIUS!
Regards, John

 

Glad I could help, John. You're most welcome.