That’s the same log we had before. If you can’t find it, you can’t find it. 8)
I amended the combofix script to include the other folder. Thanks for reminding me about it, it’s not in the log. We are having look at the contents of those two folders with the current script. Don’t be alarmed if your desktop disappears, it will come back.
Bad news, I ran Combo-Fix like you said by dragging the CFScript notepad on it. On that little blue box that comes up when it’s running it didn’t say it was scanning any particular error. When my computer rebooted a combo-fix log didn’t come up and combo-fix didn’t open. BIASFREEDEFAULT and Tool Eggs Less City still exist in ProgramData and theres another thing that is in there too now that I didn’t really notice before, It’s ezsid.dat I don’t know if that is anything to worry about either but I was just wondering if you’d maybe heard of it before. Also just wanted to make sure you know that most of the viruses found in BIASFREEDEFAULT and Tool Eggs Less City are in the avast virus chest. Ok that being said here’s a new hijackthis log.
Hi bodomchild & “oldman”,
PsExec is a light weight Telnet program that is used by Backdoor Trojans. It
can be installed remotely through an open/unsecure NetBios connection. You can
disable the service and remove the file, but if your machine has been open to a
backdoor, there is no telling what they may have done. The only safe fix is to
wipe the disk and reinstall.
J.A. Coutts
Systems Engineer
MantaNet/TravPro
COVERT ANALYSIS OF: PSEXESVC.EXE
RELATIONSHIP ANALYSIS OF: PSEXESVC.EXE
ACTIVITY ANALYSIS OF: PSEXESVC.EXE
PROPAGATION ANALYSIS OF: PSEXESVC.EXE
polonus
Ok let’s use a different tool. It’s possible we can’t run the script on vista.
Remember, you will have to right click Otmoveit2.exe to run it, as administrator.
Please download
OTMoveIt2 by OldTimer.
Save it to your desktop.
Please double-click OTMoveIt2.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
C:\ProgramData\WindowPlayPlay.43lqtgw
C:\ProgramData\IDOL SEEK LOUD.w9q45
C:\delete.bat
C:\ProgramData\BIASFREEDEFAULT
C:\ProgramData\Tool Eggs Less City
Return to OTMoveIt2, right click in the “Paste List of Files/Folders to be Moved” window (under the light blue bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
NOTE: If OTMOVEITE reboots, before you can get the ruslts they can be found here
C:_OTMoveIt\MovedFiles**_.log
Then (again it will have to be run with right click, run as administrator)
Please download Deckard’s System Scanner (DSS) and save it to your Desktop.
[*]Close all other windows before proceeding.
[*]Double-click on dss.exe and follow the prompts.
[*]When it has finished, dss will open two Notepads main.txt and extra.txt – please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Ok let's use a different tool. It's possible we can't run the script on vista.Remember, you will have to right click Otmoveit2.exe to run it, as administrator.
Please download
OTMoveIt2 by OldTimer.Save it to your desktop.
Please double-click OTMoveIt2.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
C:\ProgramData\WindowPlayPlay.43lqtgw
C:\ProgramData\IDOL SEEK LOUD.w9q45
C:\delete.bat
C:\ProgramData\BIASFREEDEFAULT
C:\ProgramData\Tool Eggs Less CityReturn to OTMoveIt2, right click in the “Paste List of Files/Folders to be Moved” window (under the light blue bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
NOTE: If OTMOVEITE reboots, before you can get the ruslts they can be found here
C:_OTMoveIt\MovedFiles**_.logThen (again it will have to be run with right click, run as administrator)
Please download Deckard’s System Scanner (DSS) and save it to your Desktop.
* Close all other windows before proceeding. * Double-click on dss.exe and follow the prompts. * When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.</blockquote>I plan on doing that shortly, but first I gotta ask something. Both my moms and my email and myspace passwords were stolen sometime this week and seeing how this is a relatively new computer and there’s really not much on it I think I might take polonus’ advice and just go out and by windows xp(I don’t like vista anyways), wipe, and reinstall windows. I don’t like dealing with this stuff and I have no idea how we got infected unless it was through email cause the only other thing this computer is used for is Warcraft. I guess we’ll just have to stop sending/receiving emails too(except for important stuff) and even then if we get infected again its good to know we have that just in case. Sorry if I’m not making much sense I’m in a hurry. Anyways I might just do that since this computer isn’t used for anything important and theres nothing irreplaceable except for a few photos which we have backed up on a disc. So if you could just tell me what I need to do this and instructions on how to do this that will be great. thanks for all your help.
If you can find a retail copy of XP, you can just format the Harddrive and install xp.
How you got infected is hard to say. It could have been a email, a driveby, even a game site.
If you lost passwords already, I’d suggest you get on a clean machine and change all passwords to any site you log onto on the internet.
I’m going to look into getting XP within the next week or so. Where do you think the best place to get it would be? Best Buy? Anyways maybe you can go into a little more detail on how to properly wipe my hard drive then. Anyway I’m almost completely sure that it was an email that caused all of this because my mom likes to email a lot with friends and theres no telling what might have gotten into one along the way… And besides this site my mother or I are ever on are myspace and occasionally the official WoW site and something tells me thats nothing to worry about lol. Anyway I think this is the best way, because like you and many others have said even if we do get rid of the sources there’s no telling what other files may have become corrupt. I’ll post back here as soon as I get Windows XP. Edit: Also one more thing, what is a driveby?
Any big box store should be comparable in price. Some online site might be worth checking out also. I don’t know whiich ones might be available where you are. Here it’s tigerdirect and Ncix that are two popular ones.
A driveby is just malware floating around looking for a place to land. If it finds an opening, in it comes.
Sorry I missed your other question. The xp disk will give you the option to format.
I Bought XP today at a local PC shop and formatted my hard drive. Everything is good now, especially considering I payed under 100$. I’m going to be extra cautious about monitoring the activity of my PC. I just have two questions. What do you recommend I use as far as virus protection, or is Avast enough? My other question is how do I completely remove all the viewpoint files from my computer that came with XP? Thanks for all your help oldman.
Good price. Viewpoint with xp? I know it comes with Aol. Anyway here’s the instructions.
Viewpoint Manager
Viewpoint Media Player
Viewpoint Toolbar
5) Close the Add/Remove Programs and Control Panel
6) Restart your computer
Warning: If you install AOL © Instant Messenger, Adobe Atmosphere plugin, or another program that requires Viewpoint, it will download and install again.
You should have a couple of of antispyware programs. One resident and one on demand. For on demand, I suggest superantispyware , get the free version. For resident, check out some posts in the General Topics forums, lots of good free ones discussed there.
While you are there…
If you are using windows firewall, please note that it doesn’t provide outbound protection. A third party firewall will.
A discussion on free firewalls can be found here.
http://forum.avast.com/index.php?topic=30808.0
or
http://forum.avast.com/index.php?topic=33530.0
Get yourself to windows update ASAP, I’m sure your install is out of date.
And one more after you get your windows patches
Check if you have insecure applications with Secunia Software Inspector[color=blue]
Sorry I couldn’t help you save your Vista install. 
Oh, that must be what it is. My mother uses aol IM. The only thing I saw under add/remove program was the viewpoint media player. Well I didn’t know what viewpoint was there for and I remembered you recommending me removing it before. It’s not a big problem though right? And yeah, I don’t use windows firewall or defender at all it’s just annoying. I’ll get right to downloading superantispyware, and I’ll look into a third party firewall. Also I’m updating windows right now, I was missing a lot of drivers and such. Lastly don’t even worry about that I hated vista anyways it had a lot of bugs and just kinda sucked I’m glad to be using XP, and I know you did everything you could to help me so thanks a lot! Edit: Sorry that wasn’t you who said to uninstal viewpoint 
Sorry double post. Is there any firewall that you personally like or suggest?
Personal Firewall Tests & Results. Firewall rating:
http://www.matousec.com/projects/windows-personal-firewall-analysis/results.php
About the leak tests limitations: http://forum.avast.com/index.php?topic=29259.msg247460#msg247460
Freeware firewalls:
http://www.firewallleaktester.com/tests_overview.php
http://www.thefreecountry.com/security/firewalls.shtml
For XP, Comodo.
For Vista, PCTools.
Sorry. i missed your rely. Tech’s suggestions are based on first hand experience. I’ve only used my present firewall and very briefly zone alarm, which isn’t very configurable in the free version. Go with Tech or read some of the comments in the links I posted.