bad news--the viruse is not gone
while i was writing the last post the computer started to freeze so i though something was wrong so i downloaded Malwarebytes' Anti-Malware and did a scan
Malwarebytes' Anti-Malware 1.40
Database version: 2664
Windows 5.1.2600 Service Pack 2
20/08/2009 15:59:00
mbam-log-2009-08-20 (15-59-00).txt
Scan type: Quick Scan
Objects scanned: 84640
Time elapsed: 2 minute(s), 19 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
but for extra security i downloaded Dr.Web CureIt and i went into save mode to do a scan and when the screen started i was confront with a screen asking me to login to my account or the Administor account (i didnt created this account, i am thinking it is same one from before) this confused me becuase I deleted everything inculding user account and the evidence is that my old useraccount doesnt exist---
so after a while i logged into the administor account and , i went to my computer and then i clicked (D)date drive and then i clicked Documents and Settings and then my user account and then desktop and then i copied and pasted the Dr.Web CureIt prgram into the Administor accounts desktop and i run the program, it did the Express scan but found nothing, after that i click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok. and then i started the full scan after and hour it finished and it found only one virus,
here are the results from that scan
=============================================================================
Dr.Web Scanner for Windows v5.00.4 (5.00.4.06300)
© Doctor Web, Ltd., 1992-2009
Log generated on: 2009-08-20, 16:49:08 [mohamedomar][Administrator]
Command line: "D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\k6l5j.exe" /lng /ini:setup_XP.ini
Operating system: Windows XP Home Edition x86 (Build 2600), Service Pack 2
=============================================================================
DwShield started
Engine version: 5.00 (5.00.0.12182)
Engine API version: 2.02
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\322167a9 - 3187 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\b59bcd1f - 8546 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\2caf0597 - 7640 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\9916d0d7 - 6071 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\dd1d4d76 - 4983 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\4d191578 - 2139 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\9b07970f - 3732 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\c3af34f7 - 6424 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\71010a75 - 5242 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\5583c4ee - 2770 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\2d04d01e - 2685 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\ad3ee346 - 3327 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\49cb81e9 - 4697 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\1c24ef2c - 2792 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\6d22f015 - 5841 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\8238e06e - 2260 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\0fee677a - 4796 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\3ab7145f - 5098 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\a406ab47 - 4891 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\8178b5eb - 5033 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\296b5e0c - 3254 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\7cc0dc2f - 5206 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\135baa8c - 7585 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\2228ea7c - 5298 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\29c6b204 - 5947 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\586d6b80 - 6039 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\17501ec7 - 5309 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\8a7cbd8f - 3511 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\7fcdd5ce - 2495 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\b475f821 - 4565 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\494b7bcc - 4467 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\fdc5fb44 - 5196 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\080a6ab2 - 2359 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\e870fe7c - 1938 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\e9f5aa7a - 3335 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\b4036f19 - 3185 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\453c8427 - 1468 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\29ed5ad9 - 280 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\6cdb0fdc - 567 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\5edb2b5a - 1194 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\115e1337 - 423328 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\a79d210b - 145 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\443e4f67 - 665 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\7e1e76fa - 626 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\c6073dec - 126 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\2713430b - 712 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\9c15af91 - 925 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\8b37c5c6 - 840 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\53314c84 - 3316 virus records
[Virus database] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\f4a51ee1 - 19303 virus records
Total virus records: 615338
[Self-checking] D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\k6l5j.exe
Key file: D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\setup.key
License key number: 0010867178
Registered to: A User
License key activates on: 2009-06-03
License key expires on: 2009-12-04
Process in memory: System:4 - OK
Process in memory: \SystemRoot\System32\smss.exe:128 - OK
Process in memory: \??\C:\WINDOWS\system32\csrss.exe:180 - OK
Process in memory: \??\C:\WINDOWS\system32\winlogon.exe:204 - OK
Process in memory: C:\WINDOWS\system32\services.exe:248 - OK
Process in memory: C:\WINDOWS\system32\lsass.exe:260 - OK
Process in memory: C:\WINDOWS\system32\svchost.exe:408 - OK
Process in memory: C:\WINDOWS\system32\svchost.exe:468 - OK
Process in memory: C:\WINDOWS\system32\svchost.exe:544 - OK
Process in memory: C:\WINDOWS\Explorer.EXE:800 - OK
Process in memory: D:\Documents and Settings\Administrator\Desktop\9tujear2.exe:1416 - OK
Process in memory: D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\7a8a48.exe:1424 - OK
Process in memory: D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\k6l5j.exe:1448 - OK
[Memory scanning] No viruses found
Master Boot Record HDD1 - OK
Active OS/2 or WinNT Boot Sector HDD1 - OK
OS/2 or WinNT Boot Sector HDD1 - OK
[Scan path] c:\apps\emailchecker\ech.exe
c:\apps\emailchecker\ech.exe - OK
[Scan path] c:\apps\hidservice\hidservice.exe
c:\apps\hidservice\hidservice.exe - OK
[Scan path] c:\apps\powercinema\kernel\tv\clcapsvc.exe
c:\apps\powercinema\kernel\tv\clcapsvc.exe - OK
[Scan path] c:\apps\powercinema\kernel\tv\clsched.exe
c:\apps\powercinema\kernel\tv\clsched.exe - OK
[Scan path] c:\apps\powercinema\pcmservice.exe
c:\apps\powercinema\pcmservice.exe - OK
[Scan path] c:\apps\recordnow\shlext.dll
c:\apps\recordnow\shlext.dll - OK
[Scan path] c:\apps\smp\pcsetup.exe
c:\apps\smp\pcsetup.exe - OK
[Scan path] c:\ati technologies\ati control panel\atiptaxx.exe
c:\ati technologies\ati control panel\atiptaxx.exe - OK
[Scan path] c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll - OK
[Scan path] c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll
c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll - OK
[Scan path] c:\program files\common files\aol\acs\aolacsd.exe
c:\program files\common files\aol\acs\aolacsd.exe - OK
[Scan path] c:\program files\common files\microsoft shared\information retrieval\msitss.dll
c:\program files\common files\microsoft shared\information retrieval\msitss.dll - OK
[Scan path] c:\program files\common files\microsoft shared\speech\sapi.cpl
c:\program files\common files\microsoft shared\speech\sapi.cpl - OK
[Scan path] c:\program files\common files\system\ole db\oledb32.dll
c:\program files\common files\system\ole db\oledb32.dll - OK
[Scan path] c:\program files\common files\ulead systems\autodetector\monitor.exe
c:\program files\common files\ulead systems\autodetector\monitor.exe - OK
[Scan path] c:\program files\common files\ulead systems\dvd\ulcdrsvr.exe
c:\program files\common files\ulead systems\dvd\ulcdrsvr.exe - OK
[Scan path] c:\program files\common files\ulead systems\mpeg\mpegacm.acm
c:\program files\common files\ulead systems\mpeg\mpegacm.acm - OK
[Scan path] c:\program files\common files\ulead systems\mpeg\ulmp3acm.acm
c:\program files\common files\ulead systems\mpeg\ulmp3acm.acm - OK
[Scan path] c:\program files\common files\ulead systems\vio\dvacm.acm
c:\program files\common files\ulead systems\vio\dvacm.acm - OK
[Scan path] c:\program files\cyberlink\shared files\clml_ntservice\clmlserver.exe
c:\program files\cyberlink\shared files\clml_ntservice\clmlserver.exe - OK
[Scan path] c:\program files\java\jre1.5.0_02\bin\jusched.exe
c:\program files\java\jre1.5.0_02\bin\jusched.exe - OK
[Scan path] c:\program files\java\jre1.5.0_02\bin\npjpi150_02.dll
c:\program files\java\jre1.5.0_02\bin\npjpi150_02.dll - OK
[Scan path] c:\program files\malwarebytes' anti-malware\mbamgui.exe
c:\program files\malwarebytes' anti-malware\mbamgui.exe - OK
[Scan path] c:\program files\messenger\msmsgs.exe
c:\program files\messenger\msmsgs.exe - OK
[Scan path] c:\program files\outlook express\setup50.exe
c:\program files\outlook express\setup50.exe - OK
[Scan path] c:\program files\outlook express\wabfind.dll
c:\program files\outlook express\wabfind.dll - OK
[Scan path] c:\program files\real\realplayer\rpshell.dll
c:\program files\real\realplayer\rpshell.dll - OK
[Scan path] c:\program files\symantec\liveupdate\ndetect.exe
c:\program files\symantec\liveupdate\ndetect.exe - OK
[Scan path] c:\program files\symantec\liveupdate\s32lucp1.cpl
c:\program files\symantec\liveupdate\s32lucp1.cpl - OK
[Scan path] c:\windows\apppatch\acgenral.dll
c:\windows\apppatch\acgenral.dll - OK
[Scan path] c:\windows\explorer.exe
c:\windows\explorer.exe - OK
Edited by badboykiller1990, 20 August 2009 - 05:35 PM.