Ok, im sorry for not reading what I was supposed to do.
Here is the remade part with the logs.
I know how to remove some bad trojans/viruses/malware/etc..
Except im kind of stuck here.
I got a error message saying something about a folder called "~EXB000" in my temp folder. (Sorry, I closed the message before registering.)
So I went to my temp folder and tried to delete, it says "Cannot delete setup.exe, access is denied."
Outside of this folder are two other files I cannot delete.
These files are Perflib_Perfdata_f00 and etilqs_0kXzMQx9UaIdsgeqLQY0.
The perflib is a dat file and the other random one is just a "file".
I ran a full scan with SUPERAntiSpyware, Windows Live Onecare, and Spybot Search and Destroy.
Everything was negative, nothing was found.
DDS Logs
DDS (Ver_09-06-26.01) - NTFSx86
Run by Owner at 14:05:07.93 on Tue 06/30/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.421 [GMT -6:00]
AV: Windows Live OneCare *On-access scanning enabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: Windows Live OneCare Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
C:\Program Files\ShortKeys2\shklite.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Java\jre6\bin\javaws.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
============== Pseudo HJT Report ===============
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*
http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*
http://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*
http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*
http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*
http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*
http://www.yahoo.com
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {0D624EA8-F36B-4087-B5E1-08D7F17A85B9} - No File
BHO: {37DCAC3E-32BF-4E74-A3B8-D166A5317E15} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Answers.com Toolbar: {6341761b-babe-406d-b0d6-8d99b81c2ee5} - c:\program files\answers.com\tbAnsw.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {7754C418-F62E-44AA-B169-E719E718BCFD} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [FLMOFFICE4DMOUSE] c:\program files\browser mouse\mouse32a.exe
mRun: [20299561] rundll32.exe
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
mRun: [TMRUBottedTray] "c:\program files\trend micro\rubotted\TMRUBottedTray.exe"
mRunOnce: [SpybotDeletingA4778] command /c del "c:\windows\system32\2b0a511f-.txt"
mRunOnce: [SpybotDeletingC4073] cmd /c del "c:\windows\system32\2b0a511f-.txt"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\shortk~1.lnk - c:\program files\shortkeys2\shklite.exe
IE: &AOL Toolbar search
IE: Answers... - file://c:\program files\1-click answers\html\atiemenu.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {3B0EA9E6-7003-4B38-B398-9B1B6DF439C5} - hxxp://download1.answers.com/pub/AnswersSetup.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v6.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} - hxxp://www.instantaction.com/download/iaplayer.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 c:\windows\system32\opnnnnND
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\08k6skyu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-2-17 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-6-20 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-6-20 47640]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2009-3-22 24936]
R2 RUBotted;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\TMRUBotted.exe [2009-6-13 582992]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [2009-6-13 206608]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 MzBot;MzBot;\??\c:\mzbot.sys --> c:\MzBot.sys [?]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys --> c:\windows\system32\drivers\teamviewervpn.sys [?]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [2009-6-13 206608]
S3 XDva037;XDva037;\??\c:\windows\system32\xdva037.sys --> c:\windows\system32\XDva037.sys [?]
S3 XDva098;XDva098;\??\c:\windows\system32\xdva098.sys --> c:\windows\system32\XDva098.sys [?]
S3 XDva134;XDva134;\??\c:\windows\system32\xdva134.sys --> c:\windows\system32\XDva134.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
=============== Created Last 30 ================
2009-06-30 14:01 87,040 ac------ c:\windows\system32\dllcache\nm6wdm.sys
2009-06-30 14:00 229,439 ac------ c:\windows\system32\dllcache\multibox.dll
2009-06-30 14:00 21,888 ac------ c:\windows\system32\dllcache\mxcard.sys
2009-06-30 14:00 103,296 ac------ c:\windows\system32\dllcache\mtxvideo.sys
2009-06-30 14:00 49,024 ac------ c:\windows\system32\dllcache\mstape.sys
2009-06-30 14:00 12,416 ac------ c:\windows\system32\dllcache\msriffwv.sys
2009-06-30 14:00 2,944 ac------ c:\windows\system32\dllcache\msmpu401.sys
2009-06-30 14:00 22,016 ac------ c:\windows\system32\dllcache\msircomm.sys
2009-06-30 14:00 1,875,968 ac------ c:\windows\system32\dllcache\msir3jp.lex
2009-06-30 14:00 98,304 ac------ c:\windows\system32\dllcache\msir3jp.dll
2009-06-30 14:00 35,200 ac------ c:\windows\system32\dllcache\msgame.sys
2009-06-30 14:00 6,016 ac------ c:\windows\system32\dllcache\msfsio.sys
2009-06-30 13:58 802,683 ac------ c:\windows\system32\dllcache\ltsm.sys
2009-06-30 13:57 5,632 ac------ c:\windows\system32\dllcache\OLD27BC.tmp
2009-06-30 13:56 372,824 ac------ c:\windows\system32\dllcache\iconf32.dll
2009-06-30 13:55 10,096,640 ac------ c:\windows\system32\dllcache\hwxcht.dll
2009-06-30 13:54 165,888 ac------ c:\windows\system32\dllcache\hpgt53.dll
2009-06-30 13:53 132,608 ac------ c:\windows\system32\dllcache\OLD26AC.tmp
2009-06-30 13:52 594,238 ac------ c:\windows\system32\dllcache\es56hpi.sys
2009-06-30 13:51 334,208 ac------ c:\windows\system32\dllcache\ds1wdm.sys
2009-06-30 13:50 110,592 ac------ c:\windows\system32\dllcache\dc260usd.dll
2009-06-30 13:49 80,384 ac------ c:\windows\system32\dllcache\OLD2529.tmp
2009-06-30 13:48 82,172 ac------ c:\windows\system32\dllcache\OLD2414.tmp
2009-06-30 13:47 66,048 ac------ c:\windows\system32\dllcache\s3legacy.dll
2009-06-30 13:47 2,145,280 ac------ c:\windows\system32\dllcache\OLD2368.tmp
2009-06-30 10:44 <DIR> --d----- c:\documents and settings\owner\cd
2009-06-30 10:34 <DIR> --d----- c:\docume~1\owner\applic~1\MAXON
2009-06-30 10:20 <DIR> --d----- c:\program files\CINEMA 4D
2009-06-30 00:27 <DIR> --d----- c:\program files\Hamachi
2009-06-29 12:51 <DIR> --d----- c:\documents and settings\owner\.SunDownloadManager
2009-06-26 00:36 <DIR> --d----- c:\program files\KingsIsle Entertainment
2009-06-13 18:20 206,608 a------- c:\windows\system32\drivers\TMPassthru.sys
2009-06-13 18:20 <DIR> --d----- c:\program files\Trend Micro
2009-06-13 14:59 4,672 a------- c:\windows\system32\OEMINFO.PNF
2009-06-13 14:32 91,328 a------- c:\windows\system32\drivers\msfwdrv.sys
2009-06-13 14:32 116,416 a------- c:\windows\system32\drivers\msfwhlpr.sys
2009-06-13 14:31 53,168 a------- c:\windows\system32\drivers\MpFilter.sys
2009-06-13 14:29 <DIR> --d----- c:\program files\Microsoft Windows OneCare Live
2009-06-10 20:17 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-10 20:17 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-08 14:37 2,086 a------- c:\windows\system32\msexcr.ini
2009-06-03 17:44 <DIR> --d----- c:\docume~1\owner\applic~1\aAvgApi
2009-06-03 10:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
==================== Find3M ====================
2009-06-30 00:27 25,280 a------- c:\windows\system32\drivers\hamachi.sys
2009-05-13 20:46 107 a------- c:\docume~1\owner\applic~1\netstat.bat
2009-05-12 23:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 09:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-17 06:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 08:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-08 20:09 34 a------- c:\documents and settings\owner\jagex_runescape_preferences.dat
2008-05-24 22:57 1,019,904 a------- c:\documents and settings\owner\Register3DMaze.exe
2008-05-24 22:57 83,456 a------- c:\documents and settings\owner\mapath.dll
2008-05-24 22:57 83,456 a------- c:\documents and settings\owner\gmap.dll
2008-05-24 22:57 40,960 a------- c:\documents and settings\owner\mazeslib.dll
2005-12-30 12:50 0 ac------ c:\docume~1\owner\applic~1\wklnhst.dat
2008-09-18 18:42 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090120080908\index.dat
2008-09-18 19:03 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091820080919\index.dat
2008-09-19 22:00 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091920080920\index.dat
============= FINISH: 14:05:56.29 ===============