Hi I am new to the forum
I have Windows XP and I don’t know how to check what package I have

I have been reading through other threads about how to deal with the viruses on my computer and it has been really helpful. I have the most current avast and norton(expired). I actually hate my norton and refused to update it when it expired 2 years ago. I wonder if half of my problems come from norton to begin with. I wish I could remove it myself. I try to turn it off everytime I turn on my computer, but it’s sneaky. So far I have downloaded Super Anti Spyware free edition, Malwarebytes Anti malware, a-squared free, lavasoft adware- can’t get this one to work, and Hijackthis.

I run scans from all these programs almost everyday, except Hijckthis, and they always find new viruses. I follow the protocol to quarantine them and or remove them. But still the next day there are 19 more viruses on my new scans!

Recently I haven’t been able to check my email and some other sites because they just stall out. I am even afraid to do my banking online!

On a scale from 1-10 I am at a 5 level in knowledge about computers. My head is spinning with all this new information about my computer, so I thought I could post a Hijackthis log here and somebody might have recommendations. Any help will be much appreciated

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:59:53 AM, on 11/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forecast.weather.gov/MapClick.php?CityName=Grand+Marais&state=MN&site=DLH&textField1=47.7552&textField2=-90.3448
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: (no name) - {048AF281-8F1A-44B4-92A4-2768A916F2EB} - C:\WINDOWS\system32\advpac.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {79B322D3-9CE9-404F-AADE-8597DB9120E0} - C:\WINDOWS\system32\advpac.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C46D79F0-F9AE-4686-9BF1-22E2996499A3} - C:\WINDOWS\system32\advpac.dll
O2 - BHO: (no name) - {CBFF58CA-5D2F-4B5C-BC59-E5769785CAF8} - C:\WINDOWS\system32\advpac.dll
O2 - BHO: (no name) - {CE5E29F3-5AFA-4B6F-B4FA-EDE664067BD3} - C:\WINDOWS\system32\advpac.dll
O2 - BHO: (no name) - {daa9d22a-d902-44c3-93a2-3b1c8295a8be} - C:\WINDOWS\system32\dagenoja.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {EEF8105E-48ED-4970-BA12-11E72BEC05E0} - (no file)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [IntelZeroConfig] “C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe”
O4 - HKLM..\Run: [IntelWireless] “C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” /tf Intel PROSet/Wireless
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM..\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM..\Run: [jamideleha] Rundll32.exe “C:\WINDOWS\system32\hupetetu.dll”,s
O4 - HKLM..\Run: [301d09c2] rundll32.exe “C:\WINDOWS\system32\kamisiho.dll”,b
O4 - HKLM..\Run: [CPM332e3a5e] Rundll32.exe “c:\windows\system32\wudiyopi.dll”,a
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19..\Run: [jamideleha] Rundll32.exe “C:\WINDOWS\system32\hupetetu.dll”,s (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20..\Run: [jamideleha] Rundll32.exe “C:\WINDOWS\system32\hupetetu.dll”,s (User ‘NETWORK SERVICE’)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra ‘Tools’ menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\fujewipe.dll c:\windows\system32\fagesefa.dll c:\windows\system32\gonihuha.dll c:\windows\system32\namuzoka.dll c:\windows\system32\nanulote.dll c:\windows\system32\jinuyeju.dll c:\windows\system32\wudiyopi.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: c005288A - c005288A.mat (file missing)
O20 - Winlogon Notify: sys32 - sys32.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

–
End of file - 10989 bytes

Run a scan with DrWeb CureIT! and Kaspersky Virus removal Tool

You’ll need to fully remove Symantec before avast! works properly.

1. Uninstall avast! from Add/Remove Programs and reboot,
2. Run the Symantec removal tool and reboot,
3. Reinstall avast!

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039

Run a boot time scan with avast!

Update all your anti-malware programs and run scans.

Post a fresh log.

I hope you are not squeamish as we shed some blood

First lets remove Norton as it may hinder us

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Anything with Norton or Symantec

Please note any other programs that you dont recognize in that list in your next response

Then donload and run the Norton removal tool from http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039

Having done that

Please download the OTMoveIt3 by OldTimer.

[*] Save it to your desktop.
[*] Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
[*]Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

 :Processes
Explorer.EXE

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{048AF281-8F1A-44B4-92A4-2768A916F2EB}]
[-HKEY_CLASSES_ROOT\CLSID\{048AF281-8F1A-44B4-92A4-2768A916F2EB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79B322D3-9CE9-404F-AADE-8597DB9120E0}]
[-HKEY_CLASSES_ROOT\CLSID\{79B322D3-9CE9-404F-AADE-8597DB9120E0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C46D79F0-F9AE-4686-9BF1-22E2996499A3}]
[-HKEY_CLASSES_ROOT\CLSID\{C46D79F0-F9AE-4686-9BF1-22E2996499A3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CBFF58CA-5D2F-4B5C-BC59-E5769785CAF8}]
[-HKEY_CLASSES_ROOT\CLSID\{CBFF58CA-5D2F-4B5C-BC59-E5769785CAF8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE5E29F3-5AFA-4B6F-B4FA-EDE664067BD3}]
[-HKEY_CLASSES_ROOT\CLSID\{CE5E29F3-5AFA-4B6F-B4FA-EDE664067BD3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{daa9d22a-d902-44c3-93a2-3b1c8295a8be}]
[-HKEY_CLASSES_ROOT\CLSID\{daa9d22a-d902-44c3-93a2-3b1c8295a8be}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEF8105E-48ED-4970-BA12-11E72BEC05E0}]
[-HKEY_CLASSES_ROOT\CLSID\{EEF8105E-48ED-4970-BA12-11E72BEC05E0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"jamideleha"=-
"301d09c2"=-
"CPM332e3a5e"=-
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"jamideleha"=-
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"jamideleha"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\c005288A]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sys32]

:Files
C:\WINDOWS\system32\advpac.dll
C:\WINDOWS\system32\dagenoja.dll 
C:\WINDOWS\system32\hupetetu.dll
C:\WINDOWS\system32\kamisiho.dll
c:\windows\system32\wudiyopi.dll
c:\windows\system32\fagesefa.dll 
c:\windows\system32\gonihuha.dll
c:\windows\system32\namuzoka.dll
c:\windows\system32\nanulote.dll
c:\windows\system32\jinuyeju.dll 
c:\windows\system32\wudiyopi.dll
c:\c005288A.mat /s
C:\windows\system\system32.dll 
C:\windows\system\sys32.dll 
C:\WINDOWS\System32\Taskmgr.bat
C:\WINDOWS\System32\Firewall.bat

:Commands
[purity]
[emptytemp]

[*] Return to OTMoveIt3, right click in the “Paste Instructions for Items to be Moved” window (under the yellow bar) and choose Paste.

[*]Click the red Moveit! button.
[*]Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
[*]Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

FINALLY FOR NOW

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

[*]Double click on ComboFix.exe & follow the prompts.

[*]As part of it’s process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it’s strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures.

http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Ooops cross post

Ok I have removed Norton with the removal tool.

What do you mean by “Ooops cross post”?

Here are the programs I didn’t know what they are, I know it’s a big list. It’s possible I need some of these but I just don’t know what they are.
Documentation & Support Launcher
Games, Music, Photo Launcher
High Definition Audio Driver Package
Microsoft.NET Framework 1.1
Microsoft Compression Client Package 1.0 Windows XP
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-mode driver framework feature package 1.0
Quick Set
Quick Time

I am now going to download OTMoveIt3 by OldTimer and then post my progress
Thanks

Posting something in this topic intended for another topic.

I am running into a problem ???

After I copy and paste into OTMoveit3 and click move it, it becomes non responsive. Then when it becomes responsive it will not allow me to copy from the results area. When I click on anything it beeps at me. I hit ctrl-alt-delete and tried to end task on it and it told me “The system cannot cannot end this program because it is waiting for a response from you” What response do I need to give it?

Should I still follow what you said in my post or was this a mistake? I am confused :-\

ok somehow it worked and here is my post from the notepad

========== PROCESSES ==========
Process Explorer.EXE killed successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{048AF281-8F1A-44B4-92A4-2768A916F2EB}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID{048AF281-8F1A-44B4-92A4-2768A916F2EB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{79B322D3-9CE9-404F-AADE-8597DB9120E0}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID{79B322D3-9CE9-404F-AADE-8597DB9120E0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{C46D79F0-F9AE-4686-9BF1-22E2996499A3}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID{C46D79F0-F9AE-4686-9BF1-22E2996499A3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{CBFF58CA-5D2F-4B5C-BC59-E5769785CAF8}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID{CBFF58CA-5D2F-4B5C-BC59-E5769785CAF8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{CE5E29F3-5AFA-4B6F-B4FA-EDE664067BD3}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID{CE5E29F3-5AFA-4B6F-B4FA-EDE664067BD3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{daa9d22a-d902-44c3-93a2-3b1c8295a8be}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID{daa9d22a-d902-44c3-93a2-3b1c8295a8be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{EEF8105E-48ED-4970-BA12-11E72BEC05E0}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID{EEF8105E-48ED-4970-BA12-11E72BEC05E0}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jamideleha not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\301d09c2 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CPM332e3a5e not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jamideleha not found.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jamideleha not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\c005288A\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sys32\ not found.
========== FILES ==========
File/Folder C:\WINDOWS\system32\advpac.dll not found.
File/Folder C:\WINDOWS\system32\dagenoja.dll not found.
File/Folder C:\WINDOWS\system32\hupetetu.dll not found.
File/Folder C:\WINDOWS\system32\kamisiho.dll not found.
File/Folder c:\windows\system32\wudiyopi.dll not found.
File/Folder c:\windows\system32\fagesefa.dll not found.
File/Folder c:\windows\system32\gonihuha.dll not found.
File/Folder c:\windows\system32\namuzoka.dll not found.
File/Folder c:\windows\system32\nanulote.dll not found.
File/Folder c:\windows\system32\jinuyeju.dll not found.
File/Folder c:\windows\system32\wudiyopi.dll not found.
File/Folder c:\c005288A.mat not found.
File/Folder C:\windows\system\system32.dll not found.
File/Folder C:\windows\system\sys32.dll not found.
File/Folder C:\WINDOWS\System32\Taskmgr.bat not found.
File/Folder C:\WINDOWS\System32\Firewall.bat not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\cory\LOCALS~1\Temp\etilqs_LRSnjEyF8y5WebdkjT6c scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\cory\LOCALS~1\Temp\etilqs_LRSnjEyF8y5WebdkjT6c-journal scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\cory\LOCALS~1\Temp\etilqs_YXsz6aF80ygGDFHmfi7l scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Temporary Internet Files folder emptied.
User’s Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_3ac.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_88.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\cory\Local Settings\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\OfflineCache\index.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\cory\Local Settings\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\Cache_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\cory\Local Settings\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\Cache_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\cory\Local Settings\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\Cache_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\cory\Local Settings\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\Cache_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\cory\Local Settings\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\cory\Local Settings\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11292008_104753

Files moved on Reboot…
File C:\DOCUME~1\cory\LOCALS~1\Temp\etilqs_LRSnjEyF8y5WebdkjT6c not found!
File C:\DOCUME~1\cory\LOCALS~1\Temp\etilqs_LRSnjEyF8y5WebdkjT6c-journal not found!
File C:\DOCUME~1\cory\LOCALS~1\Temp\etilqs_YXsz6aF80ygGDFHmfi7l not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_3ac.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_88.dat moved successfully.
C:\Documents and Settings\cory\Local Settings\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\OfflineCache\index.sqlite moved successfully.
C:\Documents and Settings\cory\Local Settings\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\Cache_CACHE_001_ moved successfully.
C:\Documents and Settings\cory\Local Settings\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\Cache_CACHE_002_ moved successfully.
C:\Documents and Settings\cory\Local Settings\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\Cache_CACHE_003_ moved successfully.
C:\Documents and Settings\cory\Local Settings\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\Cache_CACHE_MAP_ moved successfully.
C:\Documents and Settings\cory\Local Settings\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\cory\Local Settings\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\XUL.mfl moved successfully.

Alright I did everything you said. I hope you meant it for me cause I took you advice.

Here is the combo fix report

ComboFix 08-11-28.03 - cory 2008-11-29 12:07:04.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.601 [GMT -6:00]
Running from: c:\documents and settings\cory\Desktop\ComboFix.exe

• Created a new restore point
  .

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\temp\fCOe
c:\windows\IE4 Error Log.txt
c:\windows\system32\amipuwuz.ini
c:\windows\system32\exytjfai.ini
c:\windows\system32\ijunomun.ini
c:\windows\system32\inagwmwf.ini
c:\windows\system32\inagwmwf.ini2
c:\windows\system32\inagwmwf.tmp
c:\windows\system32\ipanolet.ini
c:\windows\system32\ohisimak.ini
c:\windows\system32\oiuhrxvs.ini
c:\windows\system32\ovoposoh.ini
c:\windows\system32\rwtujnlq.ini
c:\windows\system32\ugevijaw.ini
c:\windows\system32\xoanetbl.ini
c:\windows\Tasks\gvoolcsj.job

----- BITS: Possible infected sites -----

hxxp://77.74.48.101
hxxp://kakoitodomen.com
.
((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-29 )))))))))))))))))))))))))))))))
.

2008-11-29 10:36 . 2008-11-29 10:36 d-------- C:_OTMoveIt
2008-11-23 10:41 . 2008-11-23 10:41 d-------- c:\program files\Trend Micro
2008-11-22 15:58 . 2008-11-22 15:58 2,098 —hs---- c:\windows\system32\jeribejo.exe
2008-11-22 09:14 . 2008-11-22 09:46 d-------- c:\program files\a-squared Free
2008-11-22 08:47 . 2008-11-22 08:47 d-------- c:\program files\Malwarebytes’ Anti-Malware
2008-11-22 08:47 . 2008-11-22 08:47 d-------- c:\documents and settings\cory\Application Data\Malwarebytes
2008-11-22 08:47 . 2008-11-22 08:47 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-22 08:47 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-22 08:47 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-21 20:22 . 2008-11-25 08:48 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-21 20:22 . 2008-11-21 20:22 1,409 --a------ c:\windows\QTFont.for
2008-11-21 18:43 . 2008-11-21 18:43 2,098 —hs---- c:\windows\system32\zobumava.exe
2008-11-21 10:55 . 2008-11-21 10:55 d-------- c:\program files\SUPERAntiSpyware
2008-11-21 10:55 . 2008-11-21 10:55 d-------- c:\documents and settings\cory\Application Data\SUPERAntiSpyware.com
2008-11-21 10:55 . 2008-11-21 10:55 d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-21 10:31 . 2008-11-21 10:31 d-------- c:\program files\Lavasoft
2008-11-21 10:31 . 2008-11-21 10:32 d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-21 10:30 . 2008-11-21 10:53 d-------- c:\program files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 16:14 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-29 16:13 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-11-29 15:27 --------- d-----w c:\documents and settings\cory\Application Data\Move Networks
2008-11-02 18:21 --------- d-----w c:\documents and settings\cory\Application Data\AdobeUM
2008-10-26 15:31 --------- d-----w c:\program files\Java
2008-10-26 14:56 --------- d-----w c:\program files\Microsoft SQL Server
2008-10-24 00:37 --------- d–h–w c:\program files\InstallShield Installation Information
2008-10-24 00:36 --------- d-----w c:\documents and settings\All Users\Application Data\GTek
2008-10-24 00:29 --------- d-----w c:\program files\Dell
2008-10-24 00:07 --------- d-----w c:\program files\Alwil Software
2008-10-22 22:20 --------- d-----w c:\documents and settings\cory\Application Data\Image Zone Express
2008-10-21 16:09 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2004-08-04 15360]
“SUPERAntiSpyware”=“c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2008-11-17 1805552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2008-11-18 81000]
“IntelZeroConfig”=“c:\program files\Intel\Wireless\bin\ZCfgSvc.exe” [2005-12-28 667718]
“IntelWireless”=“c:\program files\Intel\Wireless\Bin\ifrmewrk.exe” [2005-12-28 602182]
“igfxhkcmd”=“c:\windows\system32\hkcmd.exe” [2005-12-13 77824]
“dla”=“c:\windows\system32\dla\tfswctrl.exe” [2004-12-06 127035]
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe” [2006-03-08 761947]
“igfxtray”=“c:\windows\system32\igfxtray.exe” [2005-12-13 98304]
“igfxpers”=“c:\windows\system32\igfxpers.exe” [2005-12-13 118784]
“MSConfig”=“c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe” [2005-09-26 169984]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “c:\program files\SUPERAntiSpyware\SASSEH.DLL” [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon]
2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Norton GoBack.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Norton GoBack.lnk
backup=c:\windows\pss\Norton GoBack.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^REALTEK USB Wireless LAN Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\REALTEK USB Wireless LAN Utility.lnk
backup=c:\windows\pss\REALTEK USB Wireless LAN Utility.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^cory^Start Menu^Programs^Startup^Deewoo.lnk]
path=c:\documents and settings\cory\Start Menu\Programs\Startup\Deewoo.lnk
backup=c:\windows\pss\Deewoo.lnkStartup

[HKLM~\startupfolder\C:^Documents and Settings^cory^Start Menu^Programs^Startup^TA_Start.lnk]
path=c:\documents and settings\cory\Start Menu\Programs\Startup\TA_Start.lnk
backup=c:\windows\pss\TA_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
–a------ 2006-04-06 13:58 1032192 c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
–a------ 2007-03-15 10:09 460784 c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTransferAgent]
–a------ 2007-11-13 15:46 135168 c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-12-09 19:29 49152 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
–a------ 2005-05-11 22:12 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
–a------ 2005-06-10 09:44 249856 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
–a------ 2005-06-10 09:44 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
–a------ 2007-07-31 17:44 271672 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
–a------ 2005-07-12 18:05 1117184 c:\program files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2004-04-11 19:15 290816 c:\program files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
–a------ 2007-06-29 05:24 286720 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
–a------ 2008-10-26 09:31 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
–a------ 2006-03-24 15:30 282624 c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
“ccSetMgr”=2 (0x2)
“ccEvtMgr”=2 (0x2)
“navapsvc”=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusDisableNotify”=dword:00000001
“UpdatesDisableNotify”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“c:\Program Files\Messenger\msmsgs.exe”=
“c:\Program Files\iTunes\iTunes.exe”=
“c:\WINDOWS\system32\spoolsv.exe”=
“c:\WINDOWS\system32\wbem\wmiprvse.exe”=
“c:\Program Files\Intel\Wireless\Bin\RegSrvc.exe”=
“c:\Program Files\Alwil Software\Avast4\ashServ.exe”=
“c:\Program Files\Intel\Wireless\Bin\EvtEng.exe”=
“c:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”=
“c:\Program Files\Dell\QuickSet\NicConfigSvc.exe”=
“c:\Program Files\Alwil Software\Avast4\ashWebSv.exe”=
“c:\WINDOWS\system32\services.exe”=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-23 110160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-10-23 20560]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys [2007-10-22 38144]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2007-10-22 235648]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{e5d97260-a82d-11dc-ade8-00400c0001b2}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{fcdf3a3e-2029-11dd-8b42-0015c519cb40}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.

• • • • ORPHANS REMOVED - - - -

BHO-{F8A1E83A-ABA9-43C1-A444-CFF08C68C343} - c:\windows\system32\advpac.dll
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-ExploreUpdSched - c:\windows\system32\owintldm.exe
MSConfigStartUp-Gool - c:\documents and settings\cory\Application Data\Gool\Gool.exe
MSConfigStartUp-jamideleha - c:\windows\system32\namubave.dll
MSConfigStartUp-ModemOnHold - c:\program files\NetWaiting\netWaiting.exe
MSConfigStartUp-WinUpdater - c:\program files\WinUpdater\update.exe
MSConfigStartUp-{D0-09-96-6D-ZN} - c:\windows\system32\ksdsrngj.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\cory\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://forecast.weather.gov/MapClick.php?CityName=Ely&state=MN&site=DLH&textField1=47.9057&textField2=-91.8506
FF -: plugin - c:\documents and settings\cory\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF -: plugin - c:\program files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-29 12:09:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

.
--------------------- DLLs Loaded Under Running Processes ---------------------

• • • • • • • ‘winlogon.exe’(820)
              c:\program files\SUPERAntiSpyware\SASWINLO.dll
              .
              ------------------------ Other Running Processes ------------------------
              .
              c:\program files\Intel\Wireless\Bin\EvtEng.exe
              c:\program files\Intel\Wireless\Bin\S24EvMon.exe
              c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
              c:\program files\Lavasoft\Ad-Aware\aawservice.exe
              c:\program files\Alwil Software\Avast4\aswUpdSv.exe
              c:\program files\Alwil Software\Avast4\ashServ.exe
              c:\program files\a-squared Free\a2service.exe
              c:\program files\Java\jre6\bin\jqs.exe
              c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
              c:\program files\Alwil Software\Avast4\ashDisp.exe
              c:\windows\system32\igfxsrvc.exe
              c:\program files\Dell\QuickSet\NicConfigSvc.exe
              c:\program files\Intel\Wireless\Bin\RegSrvc.exe
              c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
              c:\windows\system32\msiexec.exe
              c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
              .

.
Completion time: 2008-11-29 12:13:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-29 18:12:34

Pre-Run: 14,889,799,680 bytes free
Post-Run: 14,772,617,216 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS=“Microsoft Windows XP Home Edition” /noexecute=optin /fastdetect

232 — E O F — 2008-11-29 18:13:22

What I meant was that I had posted at the same time as FWF, and yes the instruction were for you. OTMoveit ran and cleared the files before it locked which is good, Combofix took a few more and I will now take the rest

[*] Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
[*]Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Files
c:\windows\system32\jeribejo.exe
c:\windows\system32\zobumava.exe
c:\documents and settings\cory\Start Menu\Programs\Startup\TA_Start.lnk
c:\windows\pss\TA_Start.lnkStartup

:Commands
[purity]
[emptytemp]

[*] Return to OTMoveIt3, right click in the “Paste Instructions for Items to be Moved” window (under the yellow bar) and choose Paste.

[*]Click the red Moveit! button.
[*]Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
[*]Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

FOLLOWED BY

Please download Malwarebytes’ Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
[*]Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select “Perform Quick Scan”, then click Scan.
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Here it is from OTMoveIt3
========== FILES ==========
c:\windows\system32\jeribejo.exe moved successfully.
c:\windows\system32\zobumava.exe moved successfully.
File/Folder c:\documents and settings\cory\Start Menu\Programs\Startup\TA_Start.lnk not found.
c:\windows\pss\TA_Start.lnkStartup moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\cory\LOCALS~1\Temp\etilqs_3KUgCO8PvwZCqv3Ir2eb scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Temporary Internet Files folder emptied.
User’s Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_168.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_b4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\cory\Local Settings\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\Cache_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\cory\Local Settings\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\Cache_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\cory\Local Settings\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\Cache_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\cory\Local Settings\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\Cache_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\cory\Local Settings\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\cory\Local Settings\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11292008_133106

Files moved on Reboot…
File C:\DOCUME~1\cory\LOCALS~1\Temp\etilqs_3KUgCO8PvwZCqv3Ir2eb not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_168.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_b4.dat not found!
C:\Documents and Settings\cory\Local Settings\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\Cache_CACHE_001_ moved successfully.
C:\Documents and Settings\cory\Local Settings\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\Cache_CACHE_002_ moved successfully.
C:\Documents and Settings\cory\Local Settings\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\Cache_CACHE_003_ moved successfully.
C:\Documents and Settings\cory\Local Settings\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\Cache_CACHE_MAP_ moved successfully.
C:\Documents and Settings\cory\Local Settings\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\cory\Local Settings\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\XUL.mfl moved successfully.

I already had this program so I went through with the updates and ran the scan, this is the first time I have not had anything detected! Wow
Malwarebytes’ Anti-Malware 1.30
Database version: 1435
Windows 5.1.2600 Service Pack 2

11/29/2008 1:42:37 PM
mbam-log-2008-11-29 (13-42-37).txt

Scan type: Quick Scan
Objects scanned: 47714
Time elapsed: 3 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

How is it running now ?

It seems to running just fine. I can now check my email again Thanks

I did run a scan from Super Anti Spyware and it still found one virus Trojan.Fake-Alert/Trace
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/29/2008 at 01:57 PM

Application Version : 4.22.1014

Core Rules Database Version : 3656
Trace Rules Database Version: 1637

Scan type : Quick Scan
Total Scan Time : 00:08:54

Memory items scanned : 391
Memory threats detected : 0
Registry items scanned : 496
Registry threats detected : 1
File items scanned : 7698
File threats detected : 0

Trojan.Fake-Alert/Trace
HKU\S-1-5-21-2384359559-3007230444-2654340096-1007\SOFTWARE\Microsoft\fias4013

This trojan.fake alert one always shows up!

I also ran a-squared free and it found 14 infected files.

a-squared Free - Version 3.5
Last update: 11/29/2008 2:09:27 PM

Scan settings:

Objects: Memory, Traces, Cookies
Scan archives: On
Heuristics: On
ADS Scan: On

Scan start: 11/29/2008 2:10:44 PM

Key: HKEY_USERS\S-1-5-21-2384359559-3007230444-2654340096-1007\software\kazaa detected: Trace.Registry.KaZaA!A2
C:\Documents and Settings\cory\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\cookies.sqlite:1227757557734375 detected: Trace.TrackingCookie.zedo!A2
C:\Documents and Settings\cory\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\cookies.sqlite:1227757558000000 detected: Trace.TrackingCookie.zedo!A2
C:\Documents and Settings\cory\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\cookies.sqlite:1227803042078125 detected: Trace.TrackingCookie.ru4!A2
C:\Documents and Settings\cory\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\cookies.sqlite:1227803042078126 detected: Trace.TrackingCookie.ru4!A2
C:\Documents and Settings\cory\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\cookies.sqlite:1227803043046875 detected: Trace.TrackingCookie.ru4!A2
C:\Documents and Settings\cory\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\cookies.sqlite:1227816032953125 detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\cory\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\cookies.sqlite:1227816032968751 detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\cory\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\cookies.sqlite:1227816032968756 detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\cory\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\cookies.sqlite:1227816740062500 detected: Trace.TrackingCookie.webtrends!A2
C:\Documents and Settings\cory\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\cookies.sqlite:1227816741812500 detected: Trace.TrackingCookie.webtrends!A2
C:\Documents and Settings\cory\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\cookies.sqlite:1227816755328125 detected: Trace.TrackingCookie.webtrends!A2
C:\Documents and Settings\cory\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\cookies.sqlite:1227816770546875 detected: Trace.TrackingCookie.webtrends!A2
C:\Documents and Settings\cory\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\cookies.sqlite:1227818263531250 detected: Trace.TrackingCookie.webtrends!A2
C:\Documents and Settings\cory\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\cookies.sqlite:1227972268062503 detected: Trace.TrackingCookie.cms!A2

Scanned

Files: 1627
Traces: 549823
Cookies: 928
Processes: 41

Found

Files: 0
Traces: 1
Cookies: 14
Processes: 0
Registry keys: 0

Scan end: 11/29/2008 2:12:41 PM
Scan time: 0:01:57

C:\Documents and Settings\cory\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\cookies.sqlite:1227972268062503 Quarantined Trace.TrackingCookie.cms!A2
C:\Documents and Settings\cory\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\cookies.sqlite:1227816740062500 Quarantined Trace.TrackingCookie.webtrends!A2
C:\Documents and Settings\cory\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\cookies.sqlite:1227816741812500 Quarantined Trace.TrackingCookie.webtrends!A2
C:\Documents and Settings\cory\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\cookies.sqlite:1227816755328125 Quarantined Trace.TrackingCookie.webtrends!A2
C:\Documents and Settings\cory\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\cookies.sqlite:1227816770546875 Quarantined Trace.TrackingCookie.webtrends!A2
C:\Documents and Settings\cory\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\cookies.sqlite:1227818263531250 Quarantined Trace.TrackingCookie.webtrends!A2
C:\Documents and Settings\cory\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\cookies.sqlite:1227816032953125 Quarantined Trace.TrackingCookie.com!A2
C:\Documents and Settings\cory\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\cookies.sqlite:1227816032968751 Quarantined Trace.TrackingCookie.com!A2
C:\Documents and Settings\cory\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\cookies.sqlite:1227816032968756 Quarantined Trace.TrackingCookie.com!A2
C:\Documents and Settings\cory\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\cookies.sqlite:1227803042078125 Quarantined Trace.TrackingCookie.ru4!A2
C:\Documents and Settings\cory\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\cookies.sqlite:1227803042078126 Quarantined Trace.TrackingCookie.ru4!A2
C:\Documents and Settings\cory\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\cookies.sqlite:1227803043046875 Quarantined Trace.TrackingCookie.ru4!A2
C:\Documents and Settings\cory\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\cookies.sqlite:1227757557734375 Quarantined Trace.TrackingCookie.zedo!A2
C:\Documents and Settings\cory\Application Data\Mozilla\Firefox\Profiles\y3xq8h9h.default\cookies.sqlite:1227757558000000 Quarantined Trace.TrackingCookie.zedo!A2
Key: HKEY_USERS\S-1-5-21-2384359559-3007230444-2654340096-1007\software\kazaa Quarantined Trace.Registry.KaZaA!A2

Quarantined

Files: 0
Traces: 1
Cookies: 14

In my opinion cookies should not be reported as they are mainly harmless text files that can not do anything

Apart from that just two orphan registry entries so you look good to go

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so…Download and run this small programme and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

[*]Click Start.
[*]Open My Computer.
[*]Select the Tools menu and click Folder Options.
[*]Select the View Tab.
[*]Under the Hidden files and folders heading select Do not show hidden files and folders.
[]Click Yes to confirm.
[]Click OK.

Please download JavaRa to your desktop and unzip it to its own folder

[*]Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
[*]Accept any prompts.
[*]Open JavaRa.exe again and select Search For Updates.
[*]Select Update Using Sun Java’s Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

XP
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

[*]Select Start > All Programs > Accessories > System tools > System Restore.
[*]On the dialogue box that appears select Create a Restore Point
[*]Click NEXT
[*]Enter a name e.g. Clean
[*]Click CREATE

You now have a clean restore point, to get rid of the bad ones:

[*]Select Start > All Programs > Accessories > System tools > Disk Cleanup.
[*]In the Drop down box that appears select your main drive e.g. C
[*]Click OK
[*]The System will do some calculation and the display a dialogue box with TABS
[*]Select the More Options Tab.
[*]At the bottom will be a system restore box with a CLEANUP button click this
[*]Accept the Warning and select OK again, the program will close and you are done

.
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
[]SpywareBlaster to help prevent spyware from installing in the first place.
[]SuperAntispyware Run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit
[]Secunia Software inspector To check your programme update status
[]Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe

Thank You ;D

My pleasure keep safe

Disable your system restore thing then delete them

What are you talking about ?