JAYoung

I picked this infection up while looking at HEALTH websites last night (of all places!) I know a thing or two about computers but, anymore, that's about it so I may need to be spoon fed some info.

I have
Windows XP (w/SP 2 last night, now updated to SP3 today)
Trend Micro PC-cillin

PC-cillin kept picking up on virus that needed to be deleted (couldn't be cleaned) I don't remember the name. I deleted it through PC-cillin probably 10 times. (kept coming back)

I have read several threads on this site in regards to the issue but get to the point where my issue might be specific to my computer so here are all the details I can think of.

What I did as soon as this happened:
-Deleted malware protector shortcut
-Removed malware protector using add/remove programs
-Performed a complete scan using PC-Cillin
-Still had the blue desktop with the "Warning! Spyware detected on your computer! Install an antivirus or spyware remover to clean your computer."
-Googled Malware Protector and did the following upon another site's generic instructions:
-Installed and ran SmitFraudFix in safe mode.
-Manually deleted all files from C:\Windows\Temp
-Was instructed to go to c:\Documents and Settings\[listed user]\Local Settings\Temp, click Edit, click Select All, press Delete but I don't have a "Local Settings" folder under any of my user names....

-Still had the blue desktop with the "Warning! Spyware blah blah blah"
- Ran my old Cleanup program at some point
-Found you guys and went through your 5 Steps Before Contacting Us process:
-Step 1: Successfully Completed (kept WildTangent)
-Step 2: Was unable to run Panda ActiveScan: "Sorry, updating is incomplete due to an error...". MS Firewall was disabled but I was unable to shut down my PC-cillin because it wants a password that I don't remember ever creating (spent 30 minutes trying every password I could come up with)
-Step 3: Successfully Completed
-Step 4: Successfully Completed. Updated from SP 2 to SP 3
-Step 5: DSS creates a new system restore point...I'm not sure I should do this at this point so I just downloaded and ran Hijack This and have the results saved.

Have tried to change my desktop to the way it was before but the themes seem to be missing some components (like wallpaper). Either way, when I restart I come back to the annoying blue screen and Warning! message in the middle.

Also just noticed that my clock is set to military (24hr) time. Was definitely not like that before. Haven't tried to change that yet. Who knows what else is going on behind my back.

Also noticed at the beginning of this process last night I kept getting an error "Can not find script file "C:\Documents and Settings\Jeannette\Local Settings\Temp\.tt18.tmp.vbs" every time I restarted. At some point it went away. (I think after I ran SmitfraudFix). It seems like every time I've had a virus scare, something goes into that directory but, when I look for it, "Local Settings" is not there.

Also learned in the process that my PC-cillin is "expired" though it still runs and updates so I'm not sure what paying the $80 would do for me??

Your help is greatly appreciated. If you are all volunteers, is there a way to make a donation to your site?

PS. The "Can not find script file "C:\Documents and Settings\[user]\Local Settings\Temp\.tt18.tmp.vbs" error message is back

And it is still resetting my home page to msn...

UPDATE:

Today I got another message from PC-cillin same as before that the infected file is C:\windows\system32\blphctc1j0e9ft.scr

and the virus is: TROJ PAKES.BFZ