Cleaning up AIM Virus, etc.

I apologize for having to seek help, but I am battling some malware here that is much more tech-savvy than I.

Just for background, I contracted a strain of the AIM virus sometime over the last few weeks. My partner frequently forgets to sign off her aim, and the night before last, it randomly sent virus-infected links to everyone on her buddy list. I do not have the link, as everyone either contracted the virus or closed the window. However, it was something like "should I post this on Myspace?" with a link that appeared to be to a myspace image.

That said, I am afraid there are many other things amiss. Before coming to this forum, I had run Ewido, Webroot Spysweeper, and per the advice of a freind, disabled system restore. I do have an expired version of Norton also, but it is of little use.

I read and performed all steps in the "read me first before asking for support". Given that I already had system restore disabled, I re-enabled it.

I am incredibly unsure that everything has been fixed. I still have strange exe files in my root directory, and a very suspicious "try aol free for 50 days" on both my desktop and start menu. I say it is suspicious, because the icon just doesnt look right. I know that sounds stupid, but if you saw it you would know what I meant.

In any case, I am posting a HJT log, an activescan log, and adaware log.

FYI:

Microsoft Antispyware Detected:

Yazzle Sudoku (deleted)

EDonkey 2000 (deleted)

Spybot S&D Detected:

NewDotNet (not fixed)

Windows Security Center.AntivirusDisableNotify (fixed)

Windows Security Center.AntivirusOverride (fixed)

Windows Security Center.FirewallDisableNotify (fixed)

Windows Security Center.FirewallOverride (fixed)

Windows Security Center.SP2Update (fixed)

Windows Security Center.UpdateDisableNotify (fixed)

Microsoft Windows Malicious Software Removal Tool detected nothing

I hope someone can help me, as I am at my wits end. Thank you in advance.

 

Sorry, I forgot to attach the Bitdefender log, so here it is.

 

I am so sorry. This is my first go at this sort of thing, I thought that was the log. Ill go ahead and do that now, and post the actual log.

 

Again, thank you so much for helping me out here. I did the bitdefender scan again in safe mode, and this was the only thing that came up when it said "click here to view report". I am afraid that it is the same thing as last time. If so, please tell me what I am doing wrong. I will complete the other steps and let you know what happens.

 

By the way, I looked for the files you asked about for the Verizon Toolbar, and they do appear to be missing. I wouldnt have noticed a phroblem though, since I dont use IE anymore. I switched to Firefox, and just log in from the webpage.

Also, that is what came up, and it was an html page, that i saved as txt (per the instructions).

Okay, on to steps in message 6.

 

Okay. I have finished the steps in message 6, and the new HJT log is attached.

When I went into services.msc, I found lsass, but it was already stopped, however, I disabled it. Removing it with HJT appeared to work.

When I ran HJT again (per instructions), the entry you said might be gone (O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\windows\scvhost.exe (file missing)) was indeed gone.

Also, when booted into safe mode, i was able to delete the party poker folder and drsmartload.dat, however, scvhost.exe was missing. About scvhost.exe, this was something that was detected with the aforementioned ewido scan, and possibly that is why the entry was missing (it is also no longer in my processes).

I was able to complete all steps without any issues, excepting those I just mentioned. Although the comp appears to be working better, I still have a couple exe files in C:\ that I am unsure of. they are:

5050.exe
ys5050.exe

They both were created around the time I started having problems. Are they legit?

 

I was able to delete those two files. I was just unsure about whether or not it was alright to do so.

I do have the paid version of SpySweeper (provided by my job), and it is good till October. Unfortunately, I am a very low budget student and have not been able to renew my Norton AV subscription.

What should I keep? As of right now, i have:

An expired (definitions have not been updated since i think april of last year) Norton AV. Should I just uninstall it? The definitions are so out of date that it is practically useless.

In addition to that, I have the 15 day trial of Ewido, Spybot S&D, Microsoft AF, Windows MSRT, and Ad-Aware SE installed per the sticky thread. Should I delete some of these? If so, which ones? Should I get rid of HJT as well?

Im sorry, I know I dont have the most up-to-date machine and with all these things running, it is slower than molasses on a cold winter day.

Also, as soon as I am able to back-up my system, I am going to download the Windows XP SP2 (I am currently running SP1). Unfortunately, the recovery discs that were made on this computer were stolen, so I am not sure how to do that without losing everything.

I am not sure how to uninstall the Verizon Toolbar, as the only entry for Verizon that appears in the "Add/Delete Programs" is the entire Verizon Online Program.

Oh, and I discovered the culprit for the AOL icon actually was legitimately AOL. Those bastards will give you junk every chance they get. I am just going to delete the "AOD" folder from the Programs file (saw that on another thread).

In any case, thank you so much. I am so glad you guys are around. I wish I had known about you last month when I nearly shot myself over a nasty SpySheriff infection on my work machine.

Again, THANK YOU!

 

I am so sorry for being a bother, but I found this txt file in my C:\. What the hell is it?

d.txt

Im afraid to open it, but I know it wasnt there before all this crap started.