Still stuck with malware. I've completed all the steps again but housecall says I have 50 bad files detected that can't be cleaned. Here's it's log
Results:
We have detected 50 infected file(s) with 50 virus(es) on your computer: 0 virus(es) cleaned, 50 virus(es) uncleanable, 0 virus(es) deleted, 0 virus(es) undeletable, 0 virus(es) passed.
Detected File Associated Virus Name Action taken
C:\WINDOWS\system32\ipsa32.exe TROJ_AGENT.MP Uncleanable
C:\WINDOWS\system32\sdkjw.exe TROJ_AGENT.MP Uncleanable
C:\WINDOWS\system32\d3ah32.exe TROJ_AGENT.MP Uncleanable
C:\WINDOWS\system32\addix32.exe TROJ_AGENT.MP Uncleanable
C:\WINDOWS\system32\winqs.exe TROJ_AGENT.MP Uncleanable
C:\WINDOWS\system32\d3rn.exe TROJ_AGENT.MQ Uncleanable
C:\WINDOWS\Downloaded Program Files\InstallationsAssistent.ocx TROJ_SMALL.RZ Uncleanable
C:\WINDOWS\uloaio.dat TROJ_AGENT.ALL Uncleanable
C:\WINDOWS\jyethi.dat TROJ_AGENT.MP Uncleanable
C:\WINDOWS\crpybs.txt TROJ_AGENT.MQ Uncleanable
C:\WINDOWS\hlnfzk.dat TROJ_AGENT.ALL Uncleanable
C:\WINDOWS\fgrxlq.txt TROJ_AGENT.ALL Uncleanable
C:\WINDOWS\mltisw.dat TROJ_AGENT.MQ Uncleanable
C:\WINDOWS\jxsfde.dat TROJ_AGENT.MP Uncleanable
C:\WINDOWS\atlfd.exe TROJ_AGENT.MQ Uncleanable
C:\WINDOWS\xsfdee.dat TROJ_AGENT.MP Uncleanable
C:\WINDOWS\byktfo.dat TROJ_AGENT.MQ Uncleanable
C:\WINDOWS\addzp32.exe TROJ_AGENT.ALL Uncleanable
C:\WINDOWS\syswo32.exe TROJ_AGENT.ALL Uncleanable
C:\WINDOWS\addpo.exe TROJ_AGENT.MP Uncleanable
C:\WINDOWS\addse.exe TROJ_AGENT.RK Uncleanable
C:\WINDOWS\xqkfio.dat TROJ_AGENT.MQ Uncleanable
C:\WINDOWS\ntfd32.exe TROJ_AGENT.MP Uncleanable
C:\WINDOWS\sysrd.exe TROJ_AGENT.MP Uncleanable
C:\WINDOWS\mfchq.exe TROJ_AGENT.MP Uncleanable
C:\WINDOWS\gswfkz.dat TROJ_AGENT.MQ Uncleanable
C:\WINDOWS\clzbun.txt TROJ_AGENT.MP Uncleanable
C:\WINDOWS\ukvpek.log TROJ_AGENT.MP Uncleanable
C:\WINDOWS\nlfcyv.dat TROJ_AGENT.MQ Uncleanable
C:\WINDOWS\d3pb32.exe TROJ_AGENT.MP Uncleanable
C:\WINDOWS\lafsli.dat TROJ_AGENT.MQ Uncleanable
C:\WINDOWS\rmookv.txt TROJ_AGENT.MP Uncleanable
C:\WINDOWS\knytmy.txt TROJ_AGENT.MQ Uncleanable
C:\WINDOWS\crdz32.exe TROJ_AGENT.MP Uncleanable
C:\WINDOWS\umsgwx.txt TROJ_AGENT.MQ Uncleanable
C:\WINDOWS\vvnrhj.dat TROJ_AGENT.MQ Uncleanable
C:\WINDOWS\winhy32.exe TROJ_AGENT.MP Uncleanable
C:\WINDOWS\apipp32.exe TROJ_AGENT.MP Uncleanable
C:\WINDOWS\javaxc32.exe TROJ_AGENT.MP Uncleanable
C:\WINDOWS\bpnzuf.log TROJ_AGENT.MP Uncleanable
C:\WINDOWS\uqfeop.log TROJ_AGENT.MQ Uncleanable
C:\WINDOWS\owlwvt.txt TROJ_AGENT.MP Uncleanable
C:\WINDOWS\hxvbpe.txt TROJ_AGENT.MQ Uncleanable
C:\WINDOWS\addlt32.exe TROJ_AGENT.MP Uncleanable
C:\WINDOWS\crkt32.exe TROJ_AGENT.MQ Uncleanable
C:\WINDOWS\wsodjm.txt TROJ_AGENT.MP Uncleanable
C:\WINDOWS\ptzqlw.txt TROJ_AGENT.MQ Uncleanable
C:\WINDOWS\atlpz.exe TROJ_AGENT.MP Uncleanable
C:\Documents and Settings\Brents\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-78a21404-59fc898e.zip (Dummy.class) JAVA_BYTEVER.B Uncleanable
C:\Documents and Settings\Brents\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-53fa37b1-412784f7.zip (Dummy.class) JAVA_BYTEVER.B Uncleanable
HERE IS THE HIJACK THIS LOG: BUT FIRST>>>(again there were some files in safe mode that were close to what you wanted me to delete but not exact. FOR EXAMPLE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
res://C:\WINDOWS\system32\kthhx.dll/sp.html#44768 was there but one portion did not match...INSTEAD OF kthhx.dd it says qmlts.dll and there are
others close but not exact too.
Should I have deleted them anyway?????)
Logfile of HijackThis v1.99.1
Scan saved at 10:20:28 AM, on 3/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Brents\Desktop\HijackThis.exe
C:\WINDOWS\system32\wscntfy.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\qmlts.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\qmlts.dll/sp.html#44768
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.bourque.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\qmlts.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\qmlts.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\qmlts.dll/sp.html#44768
R3 - Default URLSearchHook is missing
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall-bet...all/xscan60.cabO16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) -
http://www.20x2p.com...78336/enter.cabO16 - DPF: {4E52618E-546D-11D5-90EE-00D0B7484CA6} (NPAgent Class) -
https://client.manul...tAggregator.CABO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://spaces.msn.co...ad/MsnPUpld.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.syma...n/bin/cabsa.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pDownloader.cabO16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) -
http://install.cheat...nsAssistent.ocxO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Brents\Local Settings\Temporary Internet Files\Content.IE5\CDEZCPER\CWShredder[1].exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Hope you can helpme further...Thanks for all of this.