Also getting messages that say to scan the hard disk, which I did not do. Messages say "hard drive clusters partly damaged; segment load failure".
I ran Malware and it said the following "hkey_local_machine\software\microsoft\windows\current version\policies\system\disable task manager (PUM:hijack.taskmanager). It quaranteed and deleted it.
Malware also said file infected: c:\\documentsandsettings\admin\localsettings\temp\0.10065340141216073.exe (trojan.dropper) it quaranteed and deleted this.
I ran spybot and it found:
win32agent.bkr trojansC-05
microsoft.windows.security.firewallopenports
Spybot removed these.
I then ran rkill.
Then ran the tdsskiller, but it did not find any threats.
I tried to run the GMER, but got the following:
Type ?
Name: c/documents/adminlocals/~1temp\mbr.sys
Value: The system cannot find the file specified
DDS File:
.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 8.0.6001.18702
Run by ADMIN at 2:05:47 on 2012-01-29
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2759 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCou2.dll
uURLSearchHooks: FCToolbarURLSearchHook Class: {da879c19-9088-418b-a63a-2e6fb294eaf0} - c:\program files\aadvantage eshoppingsm toolbar\Helper.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCou2.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AAdvantage eShoppingSM Toolbar BHO: {5712a6bb-b6c8-4e52-a152-1ba741c9a6a2} - c:\program files\aadvantage eshoppingsm toolbar\Toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCou2.dll
TB: AAdvantage eShoppingSM Toolbar: {85741f1d-ed47-4dcf-9109-07d10213c4d0} - c:\program files\aadvantage eshoppingsm toolbar\Toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [KndCLIWLJesl.exe] c:\documents and settings\all users\application data\KndCLIWLJesl.exe
mRunServices: [Dynamichplnchap1001] c:\docume~1\admin\locals~1\temp\exe.exe
mRunServices: [Wed1Album] c:\program files\nova development\photo explosion deluxe\project category\matching sets\weddings\albumwed128253.exe
mRunServices: [UpdaterProduct1.0.0.2] c:\program files\common files\nova development\shared\updaternova.exe
mRunServices: [Digireadreader] c:\program files\adobe\adobe photoshop cs2\plug-ins\digimarc\imagebridgetmdigisnep.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\hpsimp~1.lnk - c:\documents and settings\admin\application data\hp simplesave application\StartHelper.exe
uPolicies-explorer: NoDesktop = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: ebay.com
Trusted Zone: facebook.com\www
Trusted Zone: google.com\www
Trusted Zone: hotmail.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: live.com
Trusted Zone: live.com\*.mail
Trusted Zone: msn.com
Trusted Zone: passport.com
Trusted Zone: windowslivehelp.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://allstate.webex.com/client/T27L10NSP11EP14/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
S0 cerc6;cerc6; [x]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
S2 BackupService;BackupService;c:\documents and settings\admin\application data\hp simplesave application\uUACTokenSvc.exe [2010-11-26 83512]
S2 File Backup;File Backup Service;c:\program files\starfield\offSyncService.exe [2010-7-16 1310960]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-5 136176]
S2 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]
S2 sprtsvc_quickcare;SupportSoft Sprocket Service (quickcare);c:\program files\qwest\quickcare\bin\sprtsvc.exe [2010-12-26 206120]
S2 tgsrvc_quickcare;SupportSoft Repair Service (quickcare);c:\program files\qwest\quickcare\bin\tgsrvc.exe [2010-12-26 185640]
S2 VZWConfigService;VZW Config Service;c:\program files\novatel wireless\lte support\VZWMSConfig.exe [2011-2-11 139776]
S3 egxfilter;egxfilter;c:\windows\system32\drivers\egxfilter.sys [2010-9-5 93568]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-5 136176]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-12-25 30576]
S3 NWRmNet_022;Novatel Wireless MiFi 4510 RmNet Network Adapter;c:\windows\system32\drivers\NWRmNet_022.sys [2011-3-1 243712]
S3 NWUSBModem_022;Novatel Wireless Verizon MiFi LTE USB Modem Driver;c:\windows\system32\drivers\nwusbmdm_022.sys [2011-3-1 176384]
S3 NWUSBPort_022;Novatel Wireless Verizon MiFi LTE USB Status Port Driver;c:\windows\system32\drivers\nwusbser_022.sys [2011-3-1 176384]
S3 NWUSBPort2_022;Novatel Wireless Verizon MiFi LTE USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2_022.sys [2011-3-1 176384]
S3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:\windows\system32\drivers\PTDCWWAN.sys [2011-3-18 114704]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]
.
=============== Created Last 30 ================
.
2012-01-29 03:40:02 435968 ---ha-w- c:\documents and settings\all users\application data\KndCLIWLJesl.exe
2012-01-28 16:34:04 6557240 ---ha-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1b857718-6ab6-49a1-98c7-c5cc86679d5d}\mpengine.dll
.
==================== Find3M ====================
.
2012-01-04 09:26:22 236576 ---h--w- c:\windows\system32\MpSigStub.exe
2011-12-20 19:40:00 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57:19 293376 ---ha-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ---ha-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ---ha-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ---ha-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ---ha-w- c:\windows\system32\schannel.dll
2011-11-04 19:20:51 916992 ---ha-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ---h--w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ---h--w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ---h--w- c:\windows\system32\html.iec
2011-11-03 15:28:36 386048 ---ha-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:36 1292288 ---ha-w- c:\windows\system32\quartz.dll
2011-11-01 16:07:10 1288704 ---ha-w- c:\windows\system32\ole32.dll
.
============= FINISH: 2:07:21.67 ===============
I still get a bunch of boxes that pop up and say the following:
"delayed writed failed", "failed to save all components to the file system 321100000668. The file is corrupted or unreadable".
Also getting messages that say to scan the hard disk, which I did not do. Messages say "hard drive clusters partly damaged; segment load failure".
there are also RAM errors, etc.