Virus Concern

Hi. I'm concerned that I still may have a virus on my PC. There are no signs although I did open an attachment in a UPS email. I know now that this was a big mistake and that the attachment was a Trojan virus. I would very much appreciate help with this problem.
I'm running Windows Vista. Thank You

[Malware Removal Specialist]

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

Hi Jay and thanks for replying. I've attempted to download combofix but keep running into files that have to be quarantined. I believe that the files are recognized by the AVG Anti- Virus program.  I've quarantined four files so far and don't know how many more will be recognized?
So I stopped, until you give me further instructions. So far the files involved are;

C:\32788R22FWJFW\EXPLORE.EXE
C;\USERS\JOAN\COMBOFIX.EXE
C:\USERS\JOAN\APPDATA\LOCAL\MICROSOFT WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\L1Z9QPYT\COMBOFIX(1)EXE
C:\USERS\JOAN\APPDATA\LOCAL\MICROSOFT\TEMPORARY INTERNET FILES\CONTENT.IE5\L1ZPQPYT\COMBOFIX(2)EXE

This is Joan's PC and she is the Administrator but it's still saying permission is required in order for me to download Combofix to the desktop. But as you now know I never got that far.

Hi Jay. Sorry, I forgot to exit the AVG Anti -Virus before I tried to download Combofix. Now, I shut down the Resident Shield in AVG but it's still telling me that files need to be quarantined. Do you have any idea how I can completely shut down AVG 9.0 temporarily? Also as I said earlier I'm told that I need permission to install Combofix on desktop. I also tried to just run the program but it won't let me do that either.

[Malware Removal Specialist]

Please reboot to Safe Mode with Networking (tap the F8 key just before Windows starts to load and select the Safe Mode with Networking option from the menu).

Then, please try the download and run again.

Hi Jay. I got the PC into safe mode and after some fooling around (with the warnings)popping up(and being told that some files were not downloaded) after reboot I finally got to the beginning of the ComboFix program only to be told; Incompatible OS. ComboFix only works for workstations with Windows 2000 and XP.

[Malware Removal Specialist]

Odd.

Please download the Kaspersky AVP Tool from Kaspersky-labs.com.

• Save it to your desktop. 
• Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).
  
• Double click the setup file to run it.
• Click Next to continue.
• It will by default install it to your desktop folder.Click Next.
• Hit ok at the prompt for scanning in Safe Mode.
• It will then open a box There will be a tab that says Automatic scan.
• Under Automatic scan make sure these are checked:
• System Memory
• Startup Objects
• Disk Boot Sectors.
• My Computer.
• Also any other drives (Removable that you may have)

After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

• Then click on Scan at the to right hand Corner.
• It will automatically Neutralize any objects found.
• If some objects are left un-neutralized then click the button that says Neutralize all
• If it says it cannot be Neutralized then chooose The delete option when prompted.
• After that is done click on the reports button at the bottom and save it to file name it Kas.
  
• Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.[/list]

Hi Jay. I got up to(Under Automaticscan make sure that these are checked:)

I find (Hidden startup objects)
         (Disk boot sectors)
         (Computer)
         (my Email)
         (Documents)
         (Acer C:)
         (Data D:)
         (DVD RW Drive E:)
         (Removable Disk F:)
         (Removable Disk G:)

Note: (System Memory) does not appear.





 

[Malware Removal Specialist]

Ok. Some options you may not be able to set. Just get all the options as possible, then run the scan, please.

Hi Jay and sorry about this ,but didn't know what esle to do? Program ran for over 3 hrs. Hung up at 99%. Waited another 1/2 hr. and nothing. Stopped scan and seen nothing about Neutralizing or anything like that. Hit report and it shows the complete report. But no save options. Only options on report page are as follows
                                          (top of page) Autoscan -   Do Not Group -   Important events
                                        (Bottom of page)  Help                  -                      Close

So what I did was simply select the untreated and detected files and pasted them here. The deleted I did not copy. Please tell me what to do next.

Autoscan: completed 27 minutes ago   (events: 172, objects: 593774, time: 03:35:38)   
08/02/2010 5:59:52 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\Local Settings\Temp\EF22.tmp   Postponed   
08/02/2010 5:59:52 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\Local Settings\Temp\E996.tmp   Postponed   
08/02/2010 5:59:52 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\Local Settings\Temp\CBD0.tmp   Postponed   
08/02/2010 5:59:52 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\Local Settings\Temp\41CE.tmp   Postponed   
08/02/2010 5:59:52 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\Local Settings\Temp\B0F7.tmp   Postponed   
08/02/2010 5:59:52 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\Local Settings\Temp\AB2C.tmp   Postponed   
08/02/2010 5:59:52 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\Local Settings\Temp\6F82.tmp   Postponed   
08/02/2010 5:59:52 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\Local Settings\Temp\4656.tmp   Postponed   
08/02/2010 5:59:52 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\Local Settings\Temp\2F93.tmp   Postponed   
08/02/2010 5:49:33 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\AppData\Local\Temp\E996.tmp   Postponed   
08/02/2010 5:49:33 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\AppData\Local\Temp\EF22.tmp   Postponed   
08/02/2010 5:49:33 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\AppData\Local\Temp\41CE.tmp   Postponed   
08/02/2010 5:49:33 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\AppData\Local\Temp\CBD0.tmp   Postponed   
08/02/2010 5:49:33 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\AppData\Local\Temp\B0F7.tmp   Postponed   
08/02/2010 5:49:33 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\AppData\Local\Temp\AB2C.tmp   Postponed   
08/02/2010 5:49:33 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\AppData\Local\Temp\6F82.tmp   Postponed   
08/02/2010 5:49:33 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\AppData\Local\Temp\4656.tmp   Postponed   
08/02/2010 5:49:33 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\AppData\Local\Temp\2F93.tmp   Postponed   
08/02/2010 5:27:08 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\Local Settings\Temp\E996.tmp   Postponed   
08/02/2010 5:27:08 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\Local Settings\Temp\EF22.tmp   Postponed   
08/02/2010 5:27:08 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\Local Settings\Temp\41CE.tmp   Postponed   
08/02/2010 5:27:08 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\Local Settings\Temp\CBD0.tmp   Postponed   
08/02/2010 5:27:08 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\Local Settings\Temp\B0F7.tmp   Postponed   
08/02/2010 5:27:08 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\Local Settings\Temp\AB2C.tmp   Postponed   
08/02/2010 5:27:08 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\Local Settings\Temp\6F82.tmp   Postponed   
08/02/2010 5:27:08 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\Local Settings\Temp\4656.tmp   Postponed   
08/02/2010 5:27:08 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\Local Settings\Temp\2F93.tmp   Postponed   
08/02/2010 5:19:22 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\E996.tmp   Postponed   
08/02/2010 5:19:22 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\EF22.tmp   Postponed   
08/02/2010 5:19:22 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\CBD0.tmp   Postponed   
08/02/2010 5:19:22 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\B0F7.tmp   Postponed   
08/02/2010 5:19:22 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\4656.tmp   Postponed   
08/02/2010 5:19:22 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\6F82.tmp   Postponed   
08/02/2010 5:19:22 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\AB2C.tmp   Postponed   
08/02/2010 5:19:22 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\41CE.tmp   Postponed   
08/02/2010 5:19:22 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\2F93.tmp   Postponed   
08/02/2010 4:47:20 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\Local Settings\Temp\E996.tmp   Postponed   
08/02/2010 4:47:20 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\Local Settings\Temp\EF22.tmp   Postponed   
08/02/2010 4:47:20 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\Local Settings\Temp\CBD0.tmp   Postponed   
08/02/2010 4:47:20 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\Local Settings\Temp\B0F7.tmp   Postponed   
08/02/2010 4:47:20 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\Local Settings\Temp\6F82.tmp   Postponed   
08/02/2010 4:47:20 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\Local Settings\Temp\4656.tmp   Postponed   
08/02/2010 4:47:20 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\Local Settings\Temp\AB2C.tmp   Postponed   
08/02/2010 4:47:20 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\Local Settings\Temp\41CE.tmp   Postponed   
08/02/2010 4:47:20 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\Local Settings\Temp\2F93.tmp   Postponed   
08/02/2010 4:39:37 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\AppData\Local\Temp\E996.tmp   Postponed   
08/02/2010 4:39:37 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\AppData\Local\Temp\EF22.tmp   Postponed   
08/02/2010 4:39:37 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\AppData\Local\Temp\CBD0.tmp   Postponed   
08/02/2010 4:39:37 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\AppData\Local\Temp\B0F7.tmp   Postponed   
08/02/2010 4:39:37 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\AppData\Local\Temp\AB2C.tmp   Postponed   
08/02/2010 4:39:37 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\AppData\Local\Temp\6F82.tmp   Postponed   
08/02/2010 4:39:37 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\AppData\Local\Temp\4656.tmp   Postponed   
08/02/2010 4:39:37 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\AppData\Local\Temp\2F93.tmp   Postponed   
08/02/2010 4:39:37 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\AppData\Local\Temp\41CE.tmp   Postponed   
08/02/2010 4:23:05 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\Local Settings\Temp\EF22.tmp   Postponed   
08/02/2010 4:23:05 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\Local Settings\Temp\E996.tmp   Postponed   
08/02/2010 4:23:05 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\Local Settings\Temp\CBD0.tmp   Postponed   
08/02/2010 4:23:04 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\Local Settings\Temp\AB2C.tmp   Postponed   
08/02/2010 4:23:04 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\Local Settings\Temp\B0F7.tmp   Postponed   
08/02/2010 4:23:04 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\Local Settings\Temp\6F82.tmp   Postponed   
08/02/2010 4:23:04 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\Local Settings\Temp\4656.tmp   Postponed   
08/02/2010 4:23:04 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\Local Settings\Temp\2F93.tmp   Postponed   
08/02/2010 4:23:04 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\Local Settings\Temp\41CE.tmp   Postponed   
08/02/2010 4:14:56 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\E996.tmp   Postponed   
08/02/2010 4:14:56 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\EF22.tmp   Postponed   
08/02/2010 4:14:56 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\CBD0.tmp   Postponed   
08/02/2010 4:14:56 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\B0F7.tmp   Postponed   
08/02/2010 4:14:55 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\AB2C.tmp   Postponed   
08/02/2010 4:14:55 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\2F93.tmp   Postponed   
08/02/2010 4:14:55 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\41CE.tmp   Postponed   
08/02/2010 4:14:55 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\6F82.tmp   Postponed   
08/02/2010 4:14:55 PM   Untreated   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\4656.tmp   Postponed   
08/02/2010 6:18:58 PM   Untreated   Virus   HEUR:Trojan.Win32.Generic   High   Probably   C:\Windows\Temp\8d6da910-7d80-4966-95a6-c8d4475d3ee5.tmp   Postponed   
08/02/2010 6:18:58 PM   Untreated   Virus   HEUR:Trojan.Win32.Generic   High   Probably   C:\Windows\Temp\7b68f1d6-5a2a-4200-b6c5-357c91824d82.tmp   Postponed   
08/02/2010 4:57:02 PM   Untreated   Virus   HEUR:Trojan.Win32.Generic   High   Probably   C:\Windows\Temp\8d6da910-7d80-4966-95a6-c8d4475d3ee5.tmp   Postponed   
08/02/2010 4:57:02 PM   Untreated   Virus   HEUR:Trojan.Win32.Generic   High   Probably   C:\Windows\Temp\7b68f1d6-5a2a-4200-b6c5-357c91824d82.tmp   Postponed   
08/02/2010 4:06:10 PM   Task started                     
08/02/2010 7:41:48 PM   Task completed                     
08/02/2010 7:41:48 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\EF22.tmp      
08/02/2010 7:41:48 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\E996.tmp      
08/02/2010 7:41:48 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\CBD0.tmp      
08/02/2010 7:41:48 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\B0F7.tmp      
08/02/2010 7:41:48 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\AB2C.tmp      
08/02/2010 7:41:48 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\6F82.tmp      
08/02/2010 7:41:48 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\4656.tmp      
08/02/2010 7:41:11 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\41CE.tmp      
08/02/2010 7:16:06 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\2F93.tmp      
08/02/2010 5:59:52 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\Local Settings\Temp\EF22.tmp      
08/02/2010 5:59:52 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\Local Settings\Temp\E996.tmp      
08/02/2010 5:59:52 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\Local Settings\Temp\CBD0.tmp      
08/02/2010 5:59:52 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\Local Settings\Temp\41CE.tmp      
08/02/2010 5:59:52 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\Local Settings\Temp\B0F7.tmp      
08/02/2010 5:59:52 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\Local Settings\Temp\AB2C.tmp      
08/02/2010 5:59:52 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\Local Settings\Temp\6F82.tmp      
08/02/2010 5:59:52 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\Local Settings\Temp\4656.tmp      
08/02/2010 5:59:52 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\Local Settings\Temp\2F93.tmp      
08/02/2010 5:49:33 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\AppData\Local\Temp\E996.tmp      
08/02/2010 5:49:33 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\AppData\Local\Temp\EF22.tmp      
08/02/2010 5:49:33 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\AppData\Local\Temp\41CE.tmp      
08/02/2010 5:49:33 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\AppData\Local\Temp\CBD0.tmp      
08/02/2010 5:49:33 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\AppData\Local\Temp\B0F7.tmp      
08/02/2010 5:49:33 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\AppData\Local\Temp\AB2C.tmp      
08/02/2010 5:49:33 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\AppData\Local\Temp\6F82.tmp      
08/02/2010 5:49:33 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\AppData\Local\Temp\4656.tmp      
08/02/2010 5:49:33 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\AppData\Local\Temp\2F93.tmp      
08/02/2010 5:27:08 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\Local Settings\Temp\E996.tmp      
08/02/2010 5:27:08 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\Local Settings\Temp\EF22.tmp      
08/02/2010 5:27:08 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\Local Settings\Temp\41CE.tmp      
08/02/2010 5:27:08 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\Local Settings\Temp\CBD0.tmp      
08/02/2010 5:27:08 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\Local Settings\Temp\B0F7.tmp      
08/02/2010 5:27:08 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\Local Settings\Temp\AB2C.tmp      
08/02/2010 5:27:08 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\Local Settings\Temp\6F82.tmp      
08/02/2010 5:27:08 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\Local Settings\Temp\4656.tmp      
08/02/2010 5:27:08 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\Local Settings\Temp\2F93.tmp      
08/02/2010 5:19:22 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\E996.tmp      
08/02/2010 5:19:22 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\EF22.tmp      
08/02/2010 5:19:22 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\CBD0.tmp      
08/02/2010 5:19:22 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\B0F7.tmp      
08/02/2010 5:19:22 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\4656.tmp      
08/02/2010 5:19:22 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\6F82.tmp      
08/02/2010 5:19:22 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\AB2C.tmp      
08/02/2010 5:19:22 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\41CE.tmp      
08/02/2010 5:19:22 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\2F93.tmp      
08/02/2010 4:47:20 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\Local Settings\Temp\E996.tmp      
08/02/2010 4:47:20 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\Local Settings\Temp\EF22.tmp      
08/02/2010 4:47:20 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\Local Settings\Temp\CBD0.tmp      
08/02/2010 4:47:20 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\Local Settings\Temp\B0F7.tmp      
08/02/2010 4:47:20 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\Local Settings\Temp\6F82.tmp      
08/02/2010 4:47:20 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\Local Settings\Temp\4656.tmp      
08/02/2010 4:47:20 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\Local Settings\Temp\AB2C.tmp      
08/02/2010 4:47:20 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\Local Settings\Temp\41CE.tmp      
08/02/2010 4:47:20 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\Local Settings\Temp\2F93.tmp      
08/02/2010 4:39:37 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\AppData\Local\Temp\E996.tmp      
08/02/2010 4:39:37 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\AppData\Local\Temp\EF22.tmp      
08/02/2010 4:39:37 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\AppData\Local\Temp\CBD0.tmp      
08/02/2010 4:39:37 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\AppData\Local\Temp\B0F7.tmp      
08/02/2010 4:39:37 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\AppData\Local\Temp\AB2C.tmp      
08/02/2010 4:39:37 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\AppData\Local\Temp\6F82.tmp      
08/02/2010 4:39:37 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\AppData\Local\Temp\4656.tmp      
08/02/2010 4:39:37 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\AppData\Local\Temp\2F93.tmp      
08/02/2010 4:39:37 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Users\Joan\AppData\Local\Temp\41CE.tmp      
08/02/2010 4:23:05 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\Local Settings\Temp\EF22.tmp      
08/02/2010 4:23:05 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\Local Settings\Temp\E996.tmp      
08/02/2010 4:23:05 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\Local Settings\Temp\CBD0.tmp      
08/02/2010 4:23:04 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\Local Settings\Temp\AB2C.tmp      
08/02/2010 4:23:04 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\Local Settings\Temp\B0F7.tmp      
08/02/2010 4:23:04 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\Local Settings\Temp\6F82.tmp      
08/02/2010 4:23:04 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\Local Settings\Temp\4656.tmp      
08/02/2010 4:23:04 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\Local Settings\Temp\2F93.tmp      
08/02/2010 4:23:04 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\Local Settings\Temp\41CE.tmp      
08/02/2010 4:14:56 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\E996.tmp      
08/02/2010 4:14:56 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\EF22.tmp      
08/02/2010 4:14:56 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\CBD0.tmp      
08/02/2010 4:14:56 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\B0F7.tmp      
08/02/2010 4:14:55 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\AB2C.tmp      
08/02/2010 4:14:55 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\41CE.tmp      
08/02/2010 4:14:55 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\6F82.tmp      
08/02/2010 4:14:55 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\4656.tmp      
08/02/2010 4:14:55 PM   Detected   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\2F93.tmp      
08/02/2010 6:18:58 PM   Detected   Virus   HEUR:Trojan.Win32.Generic   High   Probably   C:\Windows\Temp\8d6da910-7d80-4966-95a6-c8d4475d3ee5.tmp      
08/02/2010 6:18:58 PM   Detected   Virus   HEUR:Trojan.Win32.Generic   High   Probably   C:\Windows\Temp\7b68f1d6-5a2a-4200-b6c5-357c91824d82.tmp      
08/02/2010 4:57:02 PM   Detected   Virus   HEUR:Trojan.Win32.Generic   High   Probably   C:\Windows\Temp\8d6da910-7d80-4966-95a6-c8d4475d3ee5.tmp      
08/02/2010 4:57:02 PM   Detected   Virus   HEUR:Trojan.Win32.Generic   High   Probably   C:\Windows\Temp\7b68f1d6-5a2a-4200-b6c5-357c91824d82.tmp      
08/02/2010 7:41:48 PM   Deleted   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\EF22.tmp      
08/02/2010 7:41:48 PM   Deleted   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\E996.tmp      
08/02/2010 7:41:48 PM   Deleted   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\CBD0.tmp      
08/02/2010 7:41:48 PM   Deleted   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\B0F7.tmp      
08/02/2010 7:41:48 PM   Deleted   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\AB2C.tmp      
08/02/2010 7:41:48 PM   Deleted   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\6F82.tmp      
08/02/2010 7:41:48 PM   Deleted   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\4656.tmp      
08/02/2010 7:41:48 PM   Deleted   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\41CE.tmp      
08/02/2010 7:41:11 PM   Deleted   Trojans   Packed.Win32.Krap.an   High   Exact   C:\Documents and Settings\Joan\AppData\Local\Temp\2F93.tmp      

[Malware Removal Specialist]

Please do a scan with Kaspersky Online Scanner

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run.
• Once the scan is complete, click on View scan report
  
• Now, click on the Save Report as button.
  
• Save the file to your desktop.
• Copy and paste that information in your next post.

Hi Jay. File as requested. Thanks


KASPERSKY ONLINE SCANNER 7.0: scan report 
Tuesday, February 9, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 64-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, February 09, 2010 16:22:33
Records in database: 3455832
 
 
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
 
Scan area My Computer
C:\
D:\
E:\
F:\
G:\ 
 
Scan statistics
Objects scanned 152515
Threats found 0
Infected objects found 0
Suspicious objects found 0
Scan duration 01:36:00

No threats found. Scanned area is clean.
Selected area has been scanned.

[Malware Removal Specialist]

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

• Select Start > All Programs > Accessories > System tools > System Restore.
  
• On the dialogue box that appears select Create a Restore Point
  
• Click NEXT
  
• Enter a name e.g. Clean
• Click CREATE

You now have a clean restore point, to get rid of the bad ones:

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  
• In the Drop down box that appears select your main drive e.g. C
• Click OK
  
• The System will do some calculation and the display a dialogue box with TABS
  
• Select the More Options Tab.
  
• At the bottom will be a system restore box with a CLEANUP button click this
  
• Accept the Warning and select OK again, the program will close and you are done
  

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Security Check as requested

Results of screen317's Security Check version 0.99.1    
 Windows Vista  (UAC is enabled)
 Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Enabled! 
 AVG 9.0     
 WMIC entry does not exist for antivirus; attempting automatic update.
``````````````````````````````
Anti-malware/Other Utilities Check:
 Ad-Aware
 SUPERAntiSpyware Free Edition   
 Java(TM) 6 Update 18 
 Java Auto Updater   
 Out of date Java installed!
 Adobe Flash Player 10 
Adobe Reader 9
``````````````````````````````
Process Check: 
objlist.exe by Laurent
 Ad-Aware AAWService.exe 
 Ad-Aware AAWTray.exe is disabled!
``````````````````````````````
DNS Vulnerability Check:
 GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

[Malware Removal Specialist]

Please consider updating to Windows Vista Service Packs 1 & 2.
Windows Vista Service Packs 1 & 2 contain all the updates released since the first release plus support for new types of hardware and emerging hardware standards.
It is now available via Windows Update or as a standalone installation here.

===

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Firewall

• Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
  
• Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  
• PC Tools Firewall Plus: free and excellent firewall.

AntiSpyware

• SpywareBlaster
  SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  
• Spybot - Search & Destroy.
  Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).
  

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft.  To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

See this page for more info about malware and prevention.

Hi Jay. I will most certainly update this PC and unload and make sure that the programs that you suggested are used. I can't thank you enough for your patience ,diligence and expertise in these virus matters. Without your help I don't know where I would have gone or what else I would have done? Sure hope that I don't have to bother you again for a long, long time. This was a terrible situation for me but you made it a very learning experience, and I think that you made this whole situation as easy for me as you possibly could have.

Thank you, thank you ,thank you, overthehill

[Malware Removal Specialist]

You're welcome.