I first ran spybot, and could delete everything except for this crypt.spambot.qk, which had 30 entries. When I tried to remove it I got the blue screen.

I followed the procedures in "before you post"
When I ran spybot in safe mode it removed some of the entries, and said it might be able to remove more if it ran again upon restart, so I did that. Then there were only 18 entries, but I still got the blue screen when I tried to fix the problem.

Here are my logs:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, September 28, 2007 9:56:57 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 28/09/2007
Kaspersky Anti-Virus database records: 424378
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 47455
Number of viruses found: 4
Number of infected objects: 123
Number of suspicious objects: 0
Duration of the scan process: 02:00:53

Infected Object Name / Virus Name / Last Action
C:\aol.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\aolboot.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\aolupdates.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\auupdate.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\binboot.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kc7b5v0j.default\cert8.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kc7b5v0j.default\history.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kc7b5v0j.default\key3.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kc7b5v0j.default\parent.lock Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kc7b5v0j.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kc7b5v0j.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\kc7b5v0j.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\kc7b5v0j.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\kc7b5v0j.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\kc7b5v0j.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6FWDYNUT\B[1].exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6FWDYNUT\three[1].exe Infected: Trojan.Win32.Agent.ame skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6FWDYNUT\three[2].exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6FWDYNUT\three[3].exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GDIJOTQR\B[1].exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GDIJOTQR\F[1].exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I5YH6PID\pew[1].exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I5YH6PID\three[1].exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I5YH6PID\three[2].exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I5YH6PID\three[3].exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I5YH6PID\three[4].exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I5YH6PID\three[5].exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O1EFOPE9\dum[1].exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O1EFOPE9\three[1].exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3923AC4B-E5D1-4BCD-A500-62AD134214F5}\RP399\A0026878.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{3923AC4B-E5D1-4BCD-A500-62AD134214F5}\RP404\A0027376.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{3923AC4B-E5D1-4BCD-A500-62AD134214F5}\RP405\A0027406.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{3923AC4B-E5D1-4BCD-A500-62AD134214F5}\RP407\A0027485.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{3923AC4B-E5D1-4BCD-A500-62AD134214F5}\RP414\A0027843.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{3923AC4B-E5D1-4BCD-A500-62AD134214F5}\RP450\A0034071.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{3923AC4B-E5D1-4BCD-A500-62AD134214F5}\RP451\A0035051.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{3923AC4B-E5D1-4BCD-A500-62AD134214F5}\RP464\change.log Object is locked skipped
C:\updatewin.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{99DD4C86-411A-44B4-8A1F-8207DEBC7ADC}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\aefekxurdj.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\afwie.exe Infected: Trojan.Win32.Agent.ame skipped
C:\WINDOWS\system32\ajneik.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\aw.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\bbbw.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\blzp.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\bztqotaooeib.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\c.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\cdmvwgk.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\cgbkoqiielq.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\cij.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\cklbkdmsy.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\daoumzbdda.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\dbaaivcsn.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\ddenabdb.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\dkbbe.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\dlbrva.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\dllcache\aolsvc.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\WINDOWS\system32\dupgescg.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\ebsqdln.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\emrzrwiaw.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\esuq.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\fbr.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\fjkhjuwmg.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\fldig.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\fswryineft.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\fvdg.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\fyvsk.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\fz.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\g.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\gmismeppdt.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\godjdvxsspmq.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\gvfb.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\harfrqhgixb.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\hb.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\hdairmfs.exe Infected: Trojan.Win32.Agent.ame skipped
C:\WINDOWS\system32\hdztselbq.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\heeuv.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\hiwoesa.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\id.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\ifthfjyxgb.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\igqdhaqlz.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\iho.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\jbfww.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\jd.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\jjdt.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\jteruuaosxzc.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\jtxi.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\kcfo.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\kfi.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\kycbnqbs.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\lj.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\lmevtx.exe Infected: Trojan.Win32.Agent.ame skipped
C:\WINDOWS\system32\lnrzx.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\lxaqqkbmewf.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\mktos.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\ms.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\n.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\ndjvcno.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\ndqt.exe_tobedeleted Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\nuewuhfdfq.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\orjqb.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\pdovqnrp.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\pjdlqkkipe.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\pwczrs.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\qavh.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\qgqohtnzsy.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\qlwuwfqps.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\qmwdubvxj.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\rxvvxeowedm.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\sguwhqprme.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\soqgqfey.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\sxrozsy.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\tapuwp.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\tgjozbjpdy.exe Infected: Trojan.Win32.Agent.ame skipped
C:\WINDOWS\system32\tkkupgcve.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\tkpu.exe Infected: Trojan.Win32.Agent.ame skipped
C:\WINDOWS\system32\uo.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\uqopvqplgzgf.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\utrwwgareuad.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\venumz.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\vhajvns.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\vqrqrppflac.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\vtrr.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\vvvemom.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\w.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\wawpn.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wcpqaht.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\wmpwakh.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\xfnss.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\xugzkyeoup.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\xumuqkgtfhty.exe Infected: Trojan.Win32.Agent.ame skipped
C:\WINDOWS\system32\xwwqngyuav.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\yg.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\system32\zos.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WinXPupdate.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped

Scan process completed.


I'll continue with the HJT in the next post.

Logfile of HijackThis v1.99.1
Scan saved at 11:08:06 AM, on 9/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\kfi.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\dllcache\aolsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [hdairmfs] C:\WINDOWS\system32\hdairmfs.exe
O4 - HKLM\..\Run: [xumuqkgtfhty] C:\WINDOWS\system32\xumuqkgtfhty.exe
O4 - HKLM\..\Run: [hdztselbq] C:\WINDOWS\system32\hdztselbq.exe
O4 - HKLM\..\Run: [dkbbe] C:\WINDOWS\system32\dkbbe.exe
O4 - HKLM\..\Run: [pdovqnrp] C:\WINDOWS\system32\pdovqnrp.exe
O4 - HKLM\..\Run: [lj] C:\WINDOWS\system32\lj.exe
O4 - HKLM\..\Run: [godjdvxsspmq] C:\WINDOWS\system32\godjdvxsspmq.exe
O4 - HKLM\..\Run: [id] C:\WINDOWS\system32\id.exe
O4 - HKLM\..\Run: [hiwoesa] C:\WINDOWS\system32\hiwoesa.exe
O4 - HKLM\..\Run: [fyvsk] C:\WINDOWS\system32\fyvsk.exe
O4 - HKLM\..\Run: [w] C:\WINDOWS\system32\w.exe
O4 - HKLM\..\Run: [orjqb] C:\WINDOWS\system32\orjqb.exe
O4 - HKLM\..\Run: [daoumzbdda] C:\WINDOWS\system32\daoumzbdda.exe
O4 - HKLM\..\Run: [n] C:\WINDOWS\system32\n.exe
O4 - HKLM\..\Run: [kfi] C:\WINDOWS\system32\kfi.exe
O4 - HKLM\..\Run: [qlwuwfqps] C:\WINDOWS\system32\qlwuwfqps.exe
O4 - HKLM\..\Run: [heeuv] C:\WINDOWS\system32\heeuv.exe
O4 - HKLM\..\Run: [pjdlqkkipe] C:\WINDOWS\system32\pjdlqkkipe.exe
O4 - HKLM\..\Run: [bbbw] C:\WINDOWS\system32\bbbw.exe
O4 - HKLM\..\Run: [vqrqrppflac] C:\WINDOWS\system32\vqrqrppflac.exe
O4 - HKLM\..\Run: [jd] C:\WINDOWS\system32\jd.exe
O4 - HKLM\..\Run: [fldig] C:\WINDOWS\system32\fldig.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [qgqohtnzsy] C:\WINDOWS\system32\qgqohtnzsy.exe
O4 - HKLM\..\Run: [fjkhjuwmg] C:\WINDOWS\system32\fjkhjuwmg.exe
O4 - HKLM\..\Run: [tapuwp] C:\WINDOWS\system32\tapuwp.exe
O4 - HKLM\..\Run: [dupgescg] C:\WINDOWS\system32\dupgescg.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156049998777
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: AOL Client Service (Run-AOL_Service) - Unknown owner - C:\WINDOWS\System32\dllcache\aolsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Print Spooler Service (uaaab6ucbeaayvud) - Unknown owner - C:\WINDOWS\system32\n.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe


Any help would be very very much appreciated! Thank you!

Hello calabre7 and welcome to the Forums :)

You have a real malware party up and runnin'


One or more of the identified infections is a backdoor trojan :sick:

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? (http://www.dslreports.com/faq/10451)
When Should I Format, How Should I Reinstall (http://www.dslreports.com/faq/10063)

I can help you in the cleaning if you don't want to reformat but there is a possibility that we can't get you 100% clean.

Please let us know what you have decided to do in your next post:bigthumb:

I decided to reformat just to be safe. This isn't my first time having to do this. I have PC-Cillin and I run Spybot and AdAware on a regular basis. Is there something I'm doing wrong that seems to make me a target to this kind of thing, or do I just have bad luck?

Thanks for your help!

Hi :)

I respect your decision to do a complete reformat.

I'll give some "stay clean" hints :)



Please follow these simple steps in order to keep your computer clean and secure:
Clear your system restore (http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx)
This will clear the system restore folders from possible malware that was left behind during the cleaning process.

Use ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1)
Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.

Use Ad-Aware (http://www.bleepingcomputer.com/forums/?showtutorial=48)
Download and install Ad-Aware. Update it and scan your computer regularly with it.

Use AVG Anti-Spyware (http://www.ewido.net/en/)
Download and install AVG Anti-Spyware. Update it and scan your computer regularly with it.

Use Spybot S&D (http://www.bleepingcomputer.com/forums/?showtutorial=43)
Download and install Spybot S&D. Update it and scan your computer regularly with it.

Install SpywareBlaster (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
SpywareBlaster will prevent spyware from being installed.

Install MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm)
This prevents your computer from connecting to harmful sites.

Use Firefox browser (http://www.mozilla.org)
Firefox is faster and more secure browser than Internet Explorer.

Keep your systen up-to-date (http://windowsupdate.microsoft.com)
Visit Windows Update regularly. How to enable Automatic Updates? (http://www.bleepingcomputer.com/tutorials/tutorial35.html)

Keep your antivirus (http://forum.malwareremoval.com/viewtopic.php?p=53#53) and firewall (http://forum.malwareremoval.com/viewtopic.php?p=56#56) up-to-date
Scan your computer regularly with you antivirus software.

Read this article by TonyKlein (http://forums.spybot.info/showthread.php?t=279)
So how did I get infected in the first place?

Stand Up and Be Counted ! (http://www.malwarecomplaints.info/index.php)
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.


Stay clean and be safe ;)