MyPictures.exe!?!

[dado]

The winPfind3 logfile is huge !  something like 24000 characters ~!
what should i do with that?

[dado]

is it a good idea to upload the log file?

[essexboy]

Good enough for me Looking now

[essexboy]

OK this will take a while as it looks like you have just re-installed windows on this system

[essexboy]

OK I now see that you have 2 antiviruses on your aystem Sophos and Avast.  One needs to go as they will conflict and play havoc with any fixes I try to do..

Sophos should have caught this worm as it is Outlaw-A covered by their def files.  So I guess your version is out of date. 

And the winpfind log looks to be from a different system or user.  Do you have multiple users ? As both HJT logs show a wild variation in startup programmes

To clear the worm

Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!

• Follow the Instruction Here for installation.
  
• Accept the License Agreement.
• Once the ActiveX installs,Click Full System Scan
  
• Once the download completes,the scan will begin automatically.
• The scan will take some time to finish,so please be patient.
• When the scan completes, click the Automatic cleaning (recommended) button.
  
• Click the Show Report button and Copy&Paste the entire report in your next reply.
  

While I try to make sense of the log

[dado]

first of all i thank u for the effort...

U see 2 antiviruses because i just downloaded the sophos antiv. since they id'd the malware which
is as u already found out outlaws-A

what i did was to run sophos in safemode (affter uninstalling the other), remove the now known malignant files, and tried to fix some of the registry probs and file inputs with advanced windows care (is it any good?)
and manually (bringing back task manager, and otherrs)

i believe there's a better alternative right? i still have my gfriend's pc and my reinfected own pc after working on my brother's laptop (this is officially a rivalry witht the virus now)
since still can't figure out how to bring gpedit.msc function back, how to disable the automatic search of windows startup of the file "tskmager.com" which is nonexistent (sophos deleted it) with an error popup..

this is mostly an adware i believe that alters some registry thingys with autoreplication capabilities... weak though!
an i believe it originated locally... those alleged "outlaws" .. which is in lebanon

[essexboy]

I see you have Superantispyware

Run Superantispyware and select from the right click menu on the system tray (unless you have it to open fully when started) SCAN FOR SPYWARE ADWARE ETC

When the programme is open to the main page select PREFERENCES (bottom Right)
Then select the repair tab.
On the repair tab select the following and click repair:

Enable Task Manager
Internet Zone Security reset
Remove Explorer Policy Restrictions
Reset Desktop Policies
Reset Winlogon Shell
Reset ZoneMap settings 

Reboot:

Re-run Superantispyware

• On the first page select Check for Updates
  
• On completion select SCAN YOUR COMPUTER
  
• On the next page select COMPLETE SCAN and tick ALL your drives
  
• The next stage will take a while as your entire drive(s), memory and registry are scanned
• When it has completed click NEXT
  
• The next screen shows the problems found click OK
  
• On the next screen place a tick against all items and select NEXT
  
• Now to get the log Go to the PREFERENCES button on the right bottom
  
• Select the STATISTICS/LOG tab
  
• Highlight the scan just completed and click VIEW LOG
  
• This will open a notepad text file copy and paste this to your next reply

Also include a fresh Hijackthis log as I need to see what you have removed