[Bobadrift]

I've removed the items specified in the HijackThis list and run the NVT Malware removal tool twice. The second time I ran it in safe mode. Both times I end up with a blue screen and a kernal error.
Any idea why this would occur?

[Bobadrift]

I decided to follow a previous instruction you gave and I was able to run ComboFix.
Here is the ComboFix log:
ComboFix 09-04-04.01 - C Boba 2009-04-09 22:35:07.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.729 [GMT -7:00]
Running from: c:\documents and settings\C Boba\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\C Boba\Application Data\inst.exe
c:\windows\daoqcqk.qkn
c:\windows\system32\drivers\UACqrpjcodd.sys
c:\windows\system32\UACduggoypf.dll
c:\windows\system32\UACetopadpx.log
c:\windows\system32\UACgodncbhf.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACjtlsvsdw.dll
c:\windows\system32\UAClhvgppcn.dll
c:\windows\system32\UACojnpsitu.dat
c:\windows\system32\UACqhkeybil.log
c:\windows\system32\UACtbumnoye.db
c:\windows\system32\UACvafwkyys.dll
c:\windows\system32\UACwubmjecy.dll
c:\windows\system32\UACxytuaxqx.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_NTNDIS
-------\Service_ntndis


((((((((((((((((((((((((( Files Created from 2009-03-10 to 2009-04-10 )))))))))))))))))))))))))))))))
.

2009-04-09 18:23 . 2009-04-09 18:23 <DIR> d-------- c:\program files\NVT Malware Remover Tool
2009-04-08 20:03 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix
2009-04-08 00:40 . 2009-04-08 00:40 <DIR> d-------- c:\program files\CCleaner
2009-04-06 22:42 . 2009-04-07 18:37 <DIR> d-------- c:\program files\Windows Live Safety Center
2009-04-05 02:06 . 2009-04-09 21:21 1,896,749 --a------ c:\windows\system32\uactmp.db
2009-03-29 04:32 . 2009-03-29 04:31 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-29 04:32 . 2009-03-29 04:31 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-28 11:07 . 2009-03-28 11:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Azureus
2009-03-28 11:00 . 2009-03-28 11:00 <DIR> d-------- c:\program files\Vuze
2009-03-24 02:03 . 2009-03-24 02:03 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-21 14:12 . 2009-03-21 14:12 <DIR> d-------- c:\program files\Seagate
2009-03-21 14:12 . 2009-03-21 14:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Seagate
2009-03-21 14:10 . 2009-03-21 14:10 <DIR> d--hs---- c:\windows\ftpcache
2009-03-11 18:26 . 2009-01-09 12:19 1,089,593 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-03-10 20:08 . 2009-03-10 20:08 <DIR> d-------- c:\windows\system32\XPSViewer
2009-03-10 20:08 . 2009-03-10 20:08 <DIR> d-------- c:\program files\MSBuild
2009-03-10 20:07 . 2009-03-10 20:07 <DIR> d-------- c:\program files\Reference Assemblies
2009-03-10 20:06 . 2009-03-10 20:07 <DIR> d-------- C:\49a4f92c2395e7cc8d47
2009-03-10 20:06 . 2008-07-06 05:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-03-10 20:06 . 2008-07-06 05:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-03-10 20:06 . 2008-07-06 03:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesv c.exe
2009-03-10 20:06 . 2008-07-06 05:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-03-10 20:06 . 2008-07-06 05:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-10 20:06 . 2008-07-06 05:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-03-10 20:06 . 2008-07-06 05:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintpr oc.dll
2009-03-10 20:05 . 2009-03-10 21:30 <DIR> d-------- c:\windows\SxsCaPendDel
2009-03-10 00:15 . 2009-03-10 00:15 <DIR> d-------- c:\program files\Boilsoft Video Joiner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-04-10 05:34 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-04-09 05:55 --------- d--h--w c:\documents and settings\C Boba\Application Data\Move Networks
2009-04-08 07:57 --------- d-----w c:\program files\Java
2009-04-04 21:57 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-01 02:35 --------- d-----w c:\documents and settings\C Boba\Application Data\Azureus
2009-03-28 20:31 --------- d-----w c:\program files\Common Files\aolshare
2009-03-24 09:05 --------- d-----w c:\program files\Lavasoft
2009-03-24 09:01 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-21 21:13 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-26 04:58 --------- d-----w c:\program files\Common Files\AOL
2008-12-03 08:14 40,792 ----a-w c:\documents and settings\C Boba\Application Data\GDIPFONTCACHEV1.DAT
2007-10-27 18:26 47,360 ----a-w c:\documents and settings\C Boba\Application Data\pcouffin.sys
2004-08-04 12:00 1,273,451 --sh--r c:\windows\system32\pdvhnugkmx.exe
2008-12-03 04:57 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008120220081 203\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-07-29 282624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-08 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-08 77824]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2005-06-08 114688]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 151552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-15 761947]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-07-22 401408]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-07-22 385024]
"HostManager"="c:\program files\Common Files\AOL\1131164868\ee\AOLSoftware.exe" [2008-06-24 41824]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-07-29 282624]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-29 148888]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-10 c:\windows\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 c:\windows\agrsmmsg.exe]
"TFncKy"="TFncKy.exe" [BU]
"TPSMain"="TPSMain.exe" [2005-05-31 c:\windows\system32\TPSMain.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\IOGEAR\Bluetooth Software\BTTray.exe [2005-05-31 577597]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-11-04 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^C Boba^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\C Boba\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2008-06-24 11:34 41824 c:\program files\Common Files\AOL\1131164868\EE\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-06-14 16:24 278528 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2008-04-13 17:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-07-29 21:00 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
--a------ 2005-04-26 17:13 122880 c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
--a------ 2005-11-23 17:32 352256 c:\program files\TOSHIBA\TOSHIBA Applet\THotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-03-09 21:13 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
--a------ 2005-11-10 11:24 73728 c:\program files\TOSHIBA\Tvs\TvsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL TopSpeedMonitor"=3 (0x3)
"AOL ACS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1131164868\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\1131164868\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1131164868\\EE\\aim6.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService .exe [2008-10-28 156968]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-02-15 24652]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
HKU-Default-Run-Windows xyzhSox2 Server - c:\windows\system32\xyzhSox2.exe
SharedTaskScheduler-{2acf3add-34a1-4f2f-99cf-cc69785d1e90} - (no file)
MSConfigStartUp-AOLSPScheduler - c:\program files\Common Files\AOL\1131164868\ee\services\sscAntiSpywarePlu gin\ver1_10_3_1\AOLSP Scheduler.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Send To &Bluetooth - c:\program files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: turbotax.com
FF - ProfilePath - c:\documents and settings\C Boba\Application Data\Mozilla\Firefox\Profiles\dmp293ia.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\documents and settings\C Boba\Application Data\Mozilla\Firefox\Profiles\dmp293ia.default\ext ensions\moveplayer@movenetworks.com\platform\WINNT _x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\Microsoft Silverlight\npctrl.1.0.20926.0.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

************************************************** ************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-09 22:51:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\IOGEAR\Bluetooth Software\bin\btwdins.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\windows\system32\TPSBattM.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
.
************************************************** ************************
.
Completion time: 2009-04-09 22:57:57 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-10 05:57:51

Pre-Run: 56,218,484,736 bytes free
Post-Run: 56,365,953,024 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect

232 --- E O F --- 2009-03-12 07:48:29

[evilfantasy]

Quote:

Originally Posted by Bobadrift

Both times I end up with a blue screen and a kernal error.
Any idea why this would occur?

It was trying to remove a rootkit and having trouble but ComboFix got it so it did a good job and removed whatever was blocking ComboFix from running.

Use the Kaspersky Lab Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.

• Click on SCAN NOW
• Click Accept.
• The program will then begin downloading the latest definition files.
• Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
• The scan will take a while, so be patient and let it finish.

When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As

• Next, in the Save as prompt, Save in area, select: Desktop.
• In the File name area use KScan, or something similar.
• In Save as type: click the drop arrow and select: Text file [*.txt]
• Then, click: Save

Copy and paste the Kaspersky Online Scanner Report in your next reply.

Note for Internet Explorer 7 and 8 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

If needed, this animation will guide you through the process.

---

Also let me know how the computer is running now.

.

[Bobadrift]

I ran the online scanner and here is the report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, April 10, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, April 10, 2009 09:38:28
Records in database: 2030992
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 76963
Threat name: 2
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 01:57:44


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Infected: Trojan-Downloader.BAT.Small.e 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACduggoyp f.dll.vir Infected: Packed.Win32.Tdss.f 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACjtlsvsd w.dll.vir Infected: Packed.Win32.Tdss.f 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UAClhvgppc n.dll.vir Infected: Packed.Win32.Tdss.f 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACvafwkyy s.dll.vir Infected: Packed.Win32.Tdss.f 1

The selected area was scanned.


The laptop so far is running much better than before.

[evilfantasy]

Download the OTMoveIt3 by OldTimer

Note: If you are running on Vista, right-click on OTMoveIt3.exe and choose Run As Administrator.

* Save it to your Desktop.
* Double-click OTMoveIt3.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code:

:Processes
explorer.exe

:files
C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACduggoyp  f.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACjtlsvsd  w.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\UAClhvgppc  n.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACvafwkyy  s.dll.vir

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

* Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes.

[Bobadrift]

Results from OTMoveit3:
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls moved successfully.
File/Folder C:\Qoobox\Quarantine\C\WINDOWS\system32\UACduggoyp f.dll.vir not found.
File/Folder C:\Qoobox\Quarantine\C\WINDOWS\system32\UACjtlsvsd w.dll.vir not found.
File/Folder C:\Qoobox\Quarantine\C\WINDOWS\system32\UAClhvgppc n.dll.vir not found.
File/Folder C:\Qoobox\Quarantine\C\WINDOWS\system32\UACvafwkyy s.dll.vir not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\CB~1\LOCALS~1\Temp\etilqs_yETgAHduNort 8VkGGNdh scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\C Boba\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\mcmsc_PTYo6OyUEreEQyL scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_Q3HNpu8y80WJrpL scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_vSq0AU2NFIP9BmT scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_YbVhR5sEnHTfbNh scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_248.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\WFV268.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\C Boba\Local Settings\Application Data\Mozilla\Firefox\Profiles\dmp293ia.default\Cac he\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\C Boba\Local Settings\Application Data\Mozilla\Firefox\Profiles\dmp293ia.default\Cac he\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\C Boba\Local Settings\Application Data\Mozilla\Firefox\Profiles\dmp293ia.default\Cac he\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\C Boba\Local Settings\Application Data\Mozilla\Firefox\Profiles\dmp293ia.default\Cac he\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\C Boba\Local Settings\Application Data\Mozilla\Firefox\Profiles\dmp293ia.default\url classifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\C Boba\Local Settings\Application Data\Mozilla\Firefox\Profiles\dmp293ia.default\XUL .mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04102009_181213

Files moved on Reboot...
File C:\DOCUME~1\CHRISB~1\LOCALS~1\Temp\etilqs_yETgAHdu Nort8VkGGNdh not found!
File C:\WINDOWS\temp\mcmsc_PTYo6OyUEreEQyL not found!
File C:\WINDOWS\temp\mcmsc_Q3HNpu8y80WJrpL not found!
File C:\WINDOWS\temp\mcmsc_vSq0AU2NFIP9BmT not found!
File C:\WINDOWS\temp\mcmsc_YbVhR5sEnHTfbNh not found!
File C:\WINDOWS\temp\Perflib_Perfdata_248.dat not found!
File C:\WINDOWS\temp\WFV268.tmp not found!
C:\Documents and Settings\C Boba\Local Settings\Application Data\Mozilla\Firefox\Profiles\dmp293ia.default\Cac he\_CACHE_001_ moved successfully.
C:\Documents and Settings\C Boba\Local Settings\Application Data\Mozilla\Firefox\Profiles\dmp293ia.default\Cac he\_CACHE_002_ moved successfully.
C:\Documents and Settings\C Boba\Local Settings\Application Data\Mozilla\Firefox\Profiles\dmp293ia.default\Cac he\_CACHE_003_ moved successfully.
C:\Documents and Settings\C Boba\Local Settings\Application Data\Mozilla\Firefox\Profiles\dmp293ia.default\Cac he\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\C Boba\Local Settings\Application Data\Mozilla\Firefox\Profiles\dmp293ia.default\url classifier3.sqlite moved successfully.
C:\Documents and Settings\C Boba\Local Settings\Application Data\Mozilla\Firefox\Profiles\dmp293ia.default\XUL .mfl moved successfully.

[evilfantasy]

• Click START then RUN
• Now type Combofix /u in the runbox
• Make sure there's a space between Combofix and /u
• Then hit Enter.

The above procedure will:

• Delete:
  • ComboFix and its associated files and folders.
  • VundoFix backups, if present
  • The C:\Deckard folder, if present
  • The C:_OtMoveIt folder, if present
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.

----------

1. Double click OTMoveIt3.exe to launch it.
Vista users right click and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt3 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)

• When finished exit out of OTMoveIt3

----------

How is the computer running now?

[Bobadrift]

I've done the procedures and the laptop is running fine. Takes a while to load, but it seems to do that ever since I installed McAfee antivirus and firewall.

[evilfantasy]

Doing some of the below steps might help with the speed issue. Security Suites can slow down a computer. I usually prefer using lightweight free software. Many are just as good as any paid solution.

Use the Secunia Software Inspector to check for out of date software.
Out of date software has security vulnerabilities that malware can exploit.

• Click Start Now
• Check the box next to Enable thorough system inspection.
• Click Start
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

----------

Go to Microsoft Windows Update and get all critical updates.

----------

I would also recommend that you Defrag the computer. There may be a lot of fragmented sections on the drive after cleaning the malware.

You can use the built in Windows Defrag or a faster FREE program. Defraggler is very effective and easy to use. Be sure to clean out temp files and restart the computer just before using this.

----------

Make sure all of your security programs are up to date and run scans with them regularly.

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself safe On The Web for tips and free tools to keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

[Bobadrift]

I'll take a look at those programs. They just might be better than what I currently have. Thanks for the help as well.