Windefence32

[shelf life]

Looks like we arent making much progress. lets try this based on the malwarebytes log. First you can create a reg file to use then boot into safe mode. there are some files you well be looking for in safe that you might want to copy/paste into notepad so you can read it in safe mode
Also check MBAM for any updates to run in safe mode.

to help show all files view this link:
http://www.bleepingcomputer.com/tuto...torial151.html

Next we will make a reg file to use:
First back up the registry:

Go to start and type in regedit in the search window. Windows registry will open.
In the left hand pane click on HKEY CURRENT USER then on Software so its highlighted. Now at the top go to file>export. Name it bckup.reg and save it to your desktop

copy whats below in the code box into notepad

Code:

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\SOFTWARE\SlysBitch] 
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windefence32]

At the top go to File>save as> and change 'Save as type' to all files
You can name it fixit.reg
and save it to your desktop

Now right click on the fixit.reg on your desktop and select merge and yes if prompted.

Next:
Time to boot into safe mode and try and find some files to manually delete, we will use the MBAM list: Navigate to each of these and see if you can find and delete any of these .exe

C:\Users\Mimi\AppData\Local\Temp\xxxyyyzzz.dat
C:\Users\Mimi\AppData\Local\Temp\MSN.abc
C:\Users\Mimi\AppData\Roaming\WinDefence\windefence32.exe
C:\Users\Mimi\AppData\Local\Temp\SlyFly.exe
C:\Users\Mimi\AppData\Local\Temp\SamFly.exe
C:\Users\Mimi\AppData\Roaming\logs.dat
C:\Users\Mimi\AppData\Local\Temp\UuU.uUu
C:\Users\Mimi\AppData\Local\Temp\XxX.xXx
C:\Users\Mimi\AppData\Roaming\addons.dat

If you go to start and type in the search window: %temp%
you may find them faster. Just get what you can.
Most likely if there is something else 'protecting' them they will be there on re-boot. That seems to be why MBAM isnt removing them.
Try running MBAM in safe mode also after or before the above.

[Pinstripes]

I ran MalwareBytes in Safe Mode and it found and deleted the same things. I ran it again after rebooting and it found nothing. My question now is, how do I know for sure that I've gotten everything? Oh, and here's the log of the initial safe mode scan:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4108

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

5/25/2010 1:02:35 PM
mbam-log-2010-05-25 (13-02-35).txt

Scan type: Full scan (C:\|)
Objects scanned: 313090
Time elapsed: 30 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\SlysBitch (Bifrose.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Mimi\AppData\Local\Temp\xxxyyyzzz.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Mimi\AppData\Local\Temp\MSN.abc (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Mimi\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
C:\Users\Mimi\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Mimi\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.

[shelf life]

how do I know for sure that I've gotten everything?

MBAM is a excellent malware remover. Have you noticed anything before that is not there now? What tipped you off that you had malware. Most malware usually produces signs, did you notice any and are they gone now?
You could try a on line scan ( a different one than ESET) or another Malware scanner like SuperantiSpyware, not sure about 64bit support for it.

F-secure scan:
http://support.f-secure.com/enu/home/ols.shtml

uses Internet Explorer only

click on the "start scanning button" near bottom of page.
click to accept/install the ActiveX applet
"accept" the License Agreement, click "full system scan"
Once the download of files completes,the scan will begin automatically.
The scan may take some time to finish.
When the scan completes, click the Automatic cleaning (recommended) button.

Panda ActiveScan

http://www.pandasoftware.com/products/activescan.htm

* Once you are on the Panda site click the Scan your PC button
* A new window will open...click the Check Now button
* Enter your Country
* Enter your State/Province
* Enter your e-mail address and click send (use a fake e-mail)
* Select either Home User or Company
* Click the big Scan Now button
* If it wants to install an ActiveX component allow it
* It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
* When download is complete, click on My Computer to start the scan
* When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

[Pinstripes]

The problem is that I didn't experience any symptoms. The worm was on my aunt's computer and I networked to it without realizing it was infected. It never really affected my performance much but it was a real performance-killer on the source computer.

I will try one of your suggested scanners.

[Pinstripes]

I ran F-Secure and all it found was a couple tracking cookies. So I guess I'm clean?

2 malware found
TrackingCookie.Atdmt (spyware)

* System (Disinfected)

TrackingCookie.Atwola (spyware)

* System (Disinfected)

Statistics
Scanned:

* Files: 93469
* System: 6119
* Not scanned: 445

Actions:

* Disinfected: 2
* Renamed: 0
* Deleted: 0
* Not cleaned: 0
* Submitted: 0

[shelf life]

Well that looks encouraging .
There is one more tool you can run. MS malicious software removal tool. It is actually downloaded via Windows updates automatically. Its updated monthly(?) and runs once after downloading in the background. I dont think it would alert you unless it found something on your machine. It only targets and removes certain malware.
You can invoke it by typing mrt in the run window on the start menu. I think its all good on your machine the mrt was a after thought really, up to you if you want to run it.

http://www.microsoft.com/security/ma...e/default.aspx