Please help with infected CPU.

[jholland1964]

Ok, couple of these stubborn guys till hanging around.

Reboot to Safe Mode.
Open windows exporer, go to tools, folder options,view, remove the check from "hide protected operating system files"

Then go to "C" drive.
First go to the \WINDOWS\SYSTEM32\ folder. Open it and Delete this one;GB9
Still in the SYSTEM32 folder look for this and Delete.
vMW10a

Next go BACK to just the "C" drive and scroll through the folders there and you should see a folder named RECYCLER (this probably will be slightly grayed but you will be able to open it. Double Click to open it. You will see what looks like an icon of the recycle bin with a series of numbers something like these S-1-5-21-471350330-3503833887-209929650-1008 next to it.
Right Click that Recycle Bin Icon there and Choose Empty Recycle Bin.

Reboot to Normal mode and run one more, HOPEFULLY the last, Online Kaspersky scan and post that log here. If you can do all this with your fingers crossed then do so...
Judy

[eaglecarr]

Judy,

I followed your instructions, and the check box for "hide protected operating system files" was already unchecked. I still could not find either of those files under C:\windows\system32.

I did go to recycler and emptied it our under windows explorer and it said it removed two files. (sorry I dont know what they where.)

Do you want me to go ahead and run kaspersky?

[jholland1964]

Yes, run Kaspersky once more.

[eaglecarr]

Judy,

I ran kaspersky this morning and after it finished I looked at the report and saw where I had made a mistake in trying to remove the two files. I saw that it was a directory folder GB9 and VMW10a, so I went into safe mode and removed these folders and emptied the recycle bin. I am in the process of rebooting and re running kaspersky. I hope I did the right thing

below is the first kaspersky log I ran this morning.

[jholland1964]

Great! Will anxiously await the new Kaspersky!

[eaglecarr]

o.k. here is new kaspersky.

[jholland1964]

Ok, looks like it worked this time .

But you will have to reset your Sytem Restore again to hopefully, finally, and for the last time get rid of these pests!

The logs do look clean now, with the exception of this most recent restore point.

You have some unnecessary starts like
Adobe Reader Speed Launcher
Adobe Photo Downloader
TkBellExe...Real Player auto update
MSMSGS...this is Windows Messenger NOT MSN Messenger, which also is starting unnecessarily
DellSupport
Yahoo! Pager
MySpaceIM
Yahoo! Desktop Search System Tray
Microsoft Office
ALL of the above can be run manually to keep the drain off of system resources.

these should be controlled with Mike Lin's StartUP Control Panel
rather than msconfig. Also some good tips HERE on controlling XP Services.

Also you DO need to install SpywareBlaster
Install, update and enable everything including restricted sites portion.
I would also recommend using Immunize feature on SpyBot too.

[eaglecarr]

Judy,

Thank you so much for yours and everyone else that help me on this time spent. I have learned alot and hope to better protect the computers in my office from becoming corrupt. Any other suggestions that i might follow to prevent this from happening again? I really think the way you volunteer your time to help people is a very uncommon trait of kindness and I deeply appreciate it. I wish I could show you my gratitude by sending you a gift.

Thanks again.

[jholland1964]

No gifts necessary. I love doing this stuff.
How to stay safe? Follow the recommendations I gave above and....

Watch what is downloaded , thoroughly investigate everything you download and don't take one rave review as gospel. If something claims to be the perfect "all for one" program...don't believe it.

Virtually everything infecting this computer was a Trojan or Trojan related;

Trojan horse is a program that installs malicious software while under the guise of doing something else. Though not limited in their payload, Trojan horses are more notorious for installing backdoor programs which allow unauthorized non permissible remote access to the victim's machine by unwanted parties - normally with malicious intentions. Unlike a computer virus, a Trojan horse does not propagate by inserting its code into other computer files. The term is derived from the classical myth of the Trojan Horse. Like the mythical Trojan Horse, the malicious code is hidden in a computer program or other computer file which may appear to be useful, interesting, or at the very least harmless to an unsuspecting user. When this computer program or file is executed by the unsuspecting user, the malicious code is also executed resulting in the set up or installation of the malicious Trojan horse program.

Also, download ONLY from a reputable site. That is not to say you cannot get a trojan from a reputable site but chances are slimmer.

Watch where you surf, don't have unnecessary IM programs running all the time, keep anti-virus, java, firewall and security programs updated, run anti-virus and security programs at the very least weekly, keep temp files cleaned up, no P2P stuff, that is a biggy in my book for causing infection...who is this nice person willing to "share" this $100 game with you for nothing....and WHY?