Put the event viewer away an run the the scan below, Use the Kaspersky Lab Online Scanner download from here click here In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.  Click on SCAN NOW  Click Accept.  The program will then begin downloading the latest definition files.  Once the files have been downloaded locate the Scan Settingsand have it scan My Computer.  The scan will take a while, so be patient and let it finish. When the scan is done, in the Scan is complete window, any infection is displayed. There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report: Click on Save Report As  Next, in the Save as prompt, Save in area, select: Desktop.  In the File name area use KScan, or something similar.  In Save as type: click the drop arrow and select: Text file [*.txt]  Then, click: Save Copy and paste the Kaspersky Online Scanner Report in your next reply. Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%. __________________ .

This is the second Malwarebytes scan after I removed everything I could from the first scan results. Malwarebytes' Anti-Malware 1.35 Database version: 1939 Windows 5.1.2600 Service Pack 3 04/03/2009 11:04:36 PM mbam-log-2009-04-03 (23-04-36).txt Scan type: Full Scan (C:\:) Objects scanned: 119355 Time elapsed: 47 minute(s), 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 15 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 8 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\acpi32 (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acpi32 (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\amd64si (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\amd64si (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amd64si (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netsik (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netsik (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nicsk32 (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nicsk32 (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i386si (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i386si (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati64si (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ati64si (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati64si (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fips32cup (Rootkit.Agent) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore"415790D9-BB81-41AF-9469-EEC2DB43FA43>\RP997\A0179839.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\acpi32.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\amd64si.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\netsik.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\nicsk32.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\fips32cup.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\i386si.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\ati64si.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

I would go to the windows update site and try to get your updates directly there from that site, select custom so that you can see the actual updates it says are there. It will run the WGA check on your system right then and there and will let you know if your copy passes or fails. It does not at all mean you have a pirated copy however, many legit copies have been flagged as not legit, dell computers has had a real problem with being flagged as non legit copies. Some times it takes a phone call to MS to get it cleared. Since it was a custom build I would do the updates from the update page and if it still says you have a pirated copy do contact your builder and see if he can assist you. for xp to go to windows update click start, all programs and at the top you should see windows update.

@susieq07, Someone needs to put you in your place. And I'm going to do it! What you are doing is down right wrong. You have not been professionally trained in the removal of malware. If you would have jumped in earlier and told her to boot to Safe Mode and run MBAM this is what would have happened. All programs would have been gone and the malware would have won! Some malware does not even run in Safe Mode. Most of the threats now days installs a rootkit. Tell me..how do you remove a rootkit? If your are as good as you think you are then you would know the answer! If you were a professional then you would know that ASC is bad because it includes a Registry cleaner. A professional would never use that program. Oh an susieq07, Security Tool IS NOT A VIRUS!!! IT IS A ROGUE PROGRAM. Weren't you told that before? There is a really big difference between a Virus and a Rogue program! If you don't know the difference you are doing an injustice to the Seniors you think you are helping!!! See below for definitions of several different types of malware. http://in.answers.yahoo.com/question/index?qid=20110404055408AAZVTKy I'm sorry everybody, but I can not stand around and allow someone who thinks they know what malware is all about take advantage of the uneducated, especially when it involves the elderly. They are the most trusting people in the world. Someone has to protect/educate them to be aware of those who think they know what they say they do. Please accept my apologies. Here is a link that might be useful: Remove Security Tool