[joeshcosmo]

There are 4 files in c:\windows that start with "uvqx.xcv" but all have a different number of "x"s following them. For example there's "c:\windows\uvqx.xcvxx" along with 3 other similar files, should I delete them all?

One thing that I think is strange though is when I reboot I keep getting this Outlook Express message saying "to free up disk space, Outlook Express can compact messages. This may take up to a few minutes." but I never, and I dont think I have ever, used Outlook Express on this computer. I think it first started poping up before I used ComboFix. What do you make of that? I've been cancling out of it but should I just push OK?

[evilfantasy]

Something isn't right. Those files may be the problem.

Download DrWeb CureIt & save it to your desktop. Scan with DrWeb-CureIt as follows:

• Double-click on drweb-cureit.exe and then click Start
• An information notice will appear, click OK.
• This starts a short scan that will scan the files currently running in memory.
• If you get a prompt to buy the full version just exit out of the window. The scanner will still work without buying the full version
• If or when something is found, click the Yes button when it asks you if you want to cure it.

• Once the short scan has finished, Click Settings > Change Settings
• Under the Scanning tab UNcheck Heuristic analysis and click OK
• Back at the main window, select the Complete scan button and then click the Green Arrow Start Scanning button on the right and the scan will start.
• Click Yes to all if it asks if you want to cure/move any file(s).
• When the scan is done.
• In the Dr.Web CureIt menu on top left, click File and choose Save report list.
• Save the DrWeb.csv report to your Desktop.
• Exit Dr.Web Cureit.
• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

* After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
* Copy and paste that log in the next reply

[joeshcosmo]

When I go to exit it says "The list of detected threats contains objects to which no actions were applied. It is recommended to neutralize them before closing the application." Should I do something about them before I exit?

[evilfantasy]

You need to cure or move any file that is found to b ea threat.

[joeshcosmo]

Well I did it, but I saved the log before I cured and moved the files that were not automatically taken care of. I don't know if that matters or not but here's the log anyway:

11 Coldplay - The Escapist [Hidden Track].mp3;C:\Documents and Settings\Joel\My Documents\Azureus Downloads\Coldplay - Viva La Vida [2008][CD+Cov]320Kbps;Trojan.WMALoader;Cured.;
uvqx.xvc.bac_a00408;C:\Documents and Settings\Josh\.housecall6.6\Quarantine;Trojan.AuxS py.14;Deleted.;
uvqx.xvc.bac_a05288;C:\Documents and Settings\Josh\.housecall6.6\Quarantine;Trojan.AuxS py.14;Deleted.;
MotVNC.exe\data009;C:\Program Files\2Wire\sst\VNC\MotVNC.exe;Program.RemoteAdmin ;;
MotVNC.exe;C:\Program Files\2Wire\sst\VNC;Archive contains infected objects;Moved.;
Dc13.exe\SDFix\apps\Process.exe;C:\RECYCLER\S-1-5-21-3341472764-4124067143-2392060954-1008\Dc13.exe;Tool.Prockill;;
Dc13.exe;C:\RECYCLER\S-1-5-21-3341472764-4124067143-2392060954-1008;Archive contains infected objects;Moved.;
Process.exe;C:\SDFix\apps;Tool.Prockill;;
A0002348.exe\data009;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP4\A0002348.exe;Program.RemoteAdmin ;;
A0002348.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP4;Archive contains infected objects;Moved.;
A0002349.exe\SDFix\apps\Process.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP4\A0002349.exe;Tool.Prockill;;
A0002349.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP4;Archive contains infected objects;Moved.;

[evilfantasy]

Please download FileFind by Atribune

• Unzip the file and save it to your desktop.
• Double-click on FileFind.exe

• In the box labeled "Enter the directory to search" type C:\
  • (note if your default Windows boot drive is not drive C, substitute your drive letter).
• In the box labeled "Enter the file to search" typeuvqx.xvc
• Click on the Find button
• Once the utility has found the files click on Export. This will save a text file to your C:\ drive (or your default Windows drive) as Export.txt.

Add the C:\Export.txt log to your next message.

[joeshcosmo]

It didn't find any files.

[evilfantasy]

OK I think we got it all then.

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself safe On The Web for tips and free tools to keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.