Just getting started

Hi,
I have used your site before with great success but it has been awhile. Just printed out all of the preliminary procedure stuff and will start through that tomorrow evening. In the meantime, I would simply like to know if I am in the right place to solve the following problems (may be related?):
1. virus "W32/Downloader.ABKP", infected file is c:\windows\system32\kbdopy.dll, which could not be deleted.
2. constant popups for WinAntiVirus
Please let me know if this is the place to get this stuff resolved and I will start in on the cleanup procedure. Thanks very much.
Keith

 

Ok, I just performed every step of the READ & RUN ME FIRST chronicles. With every scan there were viruses and spyware detected and removed. Do not appear now to be having the problem with the WinAntiVirus popups and just ran a virus scan and nothing is showing up. SO I think the problems that I was seeing have been rectified; HOWEVER, according to one/some of the attached logs there was some spyware or malware that was identified but was not deleted. So the log files are attached. Let me know what I should do from here. Also, exactly when do I do the STEP 1 Disable System Restore? Now, or wait to see if there will be further cleanup? Thanks for all of the help.
Keith

 

And here is one more log file.

 

I will do exactly as you say when I get home tonight. Reading this at work right now. Thank you.

 

Did everything tonight per the instructions. The latest HJT log file is attached. Things seem to be operating ok. Did a virus scan and nothing showed up. There are a few things, however, that bother me. Don't know if these are related or not.

1. Last night several times when I shut down the PC to restart it a message came up that said "end program explorer.exe". I didnt think too much of it because it looked windows related. Tonight when I shut down to reboot a message came up saying "end program freedom.exe". That worries me. What would be running called freedom.exe that needs to be ended before shutting down?

2. My company uses a web based time collection system that employees use to enter their time charges. When I accessed this last night, and also now this evening I immediately get an error message and the application does not run. The error message that comes up is in the attached file "error message.txt". Behind the error message box is a "500 Internal Server Error" and a "404 Not Found" and associated text. I have copied and pasted all of that as well into the attached "error message.txt". Today I was able to access this web based application from my work pc with no problems.

Thanks for anything further you can do for me.

 

Ok. Will do. Thanks for all of your help.

 

I'm sorry, I just have one more question about something that looks suspicious. We just noticed yesterday this file "thumbs.db" that appears to be floating around. We delete it and then it appears somewhere else. I just did a search on it and it appears in two places:

c:/documents and settings/keith/.housecall/resource/images/hackercheck

and

c:/documents and settings/keith/.housecall/resource/images/infection-finding

WHAT IS THIS?????? It looks suspicious.

 

Cool. Thanks!!!!!!!!!!!!!!!