I have a problem that I've determined from reading some previous threads, is a virus. I have thousands of POS Temp Files on my C drive that I cannot delete and my C drive has a red X on it. I downloaded the Hijackthis software and ran a scan. The follwing is the result of that scan. Log file is as follows:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:47:29 PM, on 3/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Documents and Settings\Bianca\Desktop\spider.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Easy SpyRemover\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\tuvvt.exe
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [Windows Updater Servc] C:\WINDOWS\system32\xpuupdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [e8385dc6] rundll32.exe "C:\WINDOWS\system32\xnwuyyeh.dll",b
O4 - HKLM\..\Run: [BMeb0b6e5a] Rundll32.exe "C:\WINDOWS\system32\kptcodbn.dll",s
O4 - HKLM\..\Run: [Easy SpyRemover] D:\Easy SpyRemover\EasySpyRemover.exe /smart
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Dominoes - http://download2.games.yahoo.com/games/clients/y/dot9_x.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component 0: (no name) - http://psc.disney.go.com/disneychannel/hannahmontana/downloads/icons/96x96_mylie.gif
O24 - Desktop Component 1: (no name) - http://psc.disney.go.com/disneychannel/hannahmontana/downloads/friends_wallpaper/1024x768_friends.jpg
O24 - Desktop Component 2: (no name) - http://us.news1.yimg.com/us.yimg.com/p/rids/20060329/i/r3991129608.jpg
O24 - Desktop Component 3: (no name) - http://www.bulldogevent.homestead.com/files/bullytude1.jpg

--

Can Someone Help? I would appreciate any assistance anyone could provide.

End of file - 4809 bytes

if you had read the announcement at the top of the page you would have seen to post hijackthis logs in spyware and other nasties forum .pleas do so ,as that is where most of the log readers help out . follow this link .
http://www.daniweb.com/forums/forum64.html

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.