Hi, here are the OTMI3, KASPERSKY, and HJT logs files. Thanks again for your help.
========== FILES ==========
File move failed. C:\WINDOWS\E33BACF5D7F5484239F87E124060FE70.exe scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\SYSTEM32\acebbbaac.dll
C:\WINDOWS\SYSTEM32\acebbbaac.dll NOT unregistered.
File move failed. C:\WINDOWS\SYSTEM32\acebbbaac.dll scheduled to be moved on reboot.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acebbbaac\\ deleted successfully.
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01202009_043811
Files moved on Reboot...
File C:\WINDOWS\E33BACF5D7F5484239F87E124060FE70.exe not found!
LoadLibrary failed for C:\WINDOWS\SYSTEM32\acebbbaac.dll
C:\WINDOWS\SYSTEM32\acebbbaac.dll NOT unregistered.
File move failed. C:\WINDOWS\SYSTEM32\acebbbaac.dll scheduled to be moved on reboot.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, January 20, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, January 21, 2009 01:01:14
Records in database: 1656517
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
Scan statistics:
Files scanned: 92651
Threat name: 15
Infected objects: 29
Suspicious objects: 0
Duration of the scan: 02:29:24
File name / Threat name / Threats count
C:\Documents and Settings\Susan Micheletti\Local Settings\Temporary Internet Files\Content.IE5\IOE1EFNQ\u740[1].msg Infected: not-a-virus:AdWare.Win32.BHO.fav 1
C:\Qoobox\Quarantine\C\Documents and Settings\Susan Micheletti\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-77d2cd4a.vir Infected: Exploit.Java.Gimsh.b 1
C:\Qoobox\Quarantine\C\Documents and Settings\Susan Micheletti\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-5f674187.vir Infected: Exploit.Java.Gimsh.b 1
C:\Qoobox\Quarantine\C\Documents and Settings\Susan Micheletti\Application Data\Sun\Java\Deployment\cache\6.0\52\1c9644b4-376d89e1.vir Infected: Exploit.Java.Gimsh.b 1
C:\Qoobox\Quarantine\C\Program Files\AWS\WeatherBug\Install\WxBugSetup60b6.04.0.9b.EXE.vir Infected: not-a-virus:AdWare.Win32.MyWay.j 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.v 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.p 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ab 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\3.bin\F3BROVLY.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.at 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\3.bin\F3HTMLMU.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\3.bin\F3POPSWT.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.an 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\3.bin\F3REPROX.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.v 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\3.bin\M3SKIN.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ad 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\3.bin\MWSOEPLG.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ab 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\3.bin\MWSOESTB.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\3.bin\NPMYWEBS.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.i 1
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.l 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0XRM558A\u521[1].exe.vir Infected: not-a-virus:AdWare.Win32.BHO.fav 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\firugoti.dll.vir Infected: Trojan.Win32.Agent.bfdf 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\_acebbbaac_.dll.zip Infected: Worm.Win32.AutoRun.raz 3
C:\quarantine\acebbbaac.dll Infected: Worm.Win32.AutoRun.raz 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP10\A0001787.EXE Infected: not-a-virus:AdWare.Win32.MyWay.j 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0003926.exe Infected: Trojan.Win32.Qhost.kng 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0003927.exe Infected: Trojan.Win32.Qhost.kng 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0003928.exe Infected: Trojan.Win32.Qhost.kng 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000019.dll Infected: Trojan.Win32.Agent.bfdf 1
The selected area was scanned.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:41, on 2009-01-20
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Susan Micheletti\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DDSMEkl - {2502BBD0-D73B-11DD-B4EC-CEBF56D89593} - C:\WINDOWS\system32\vumer.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 8\PostUpdate.exe" 1014021 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk.disabled
O4 - Global Startup: Kodak software updater.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) -
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} (YbUploadFavsCtl Class) - http://us.bookmarks.yahoo.com/YbConvFav.CAB
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47...familyfeud.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - Winlogon Notify: acebbbaac - C:\WINDOWS\system32\acebbbaac.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Unknown owner - C:\WINDOWS\system32\LEXBCES.EXE (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O24 - Desktop Component 0: (no name) - http://img.photobucket.com/albums/v4.../11_7_104v.gif
--
End of file - 9609 bytes