Spyware 2009/BankerFox.A/Win32

Every time I try to run the links you originally gave me under "kim" windows blocks it from running..even with McAfee completely disabled..so i tried under the username "rachel" and it worked..so that's what I sent you.

Ah.
Okay, we'll clean that too, but run the OTMoveIt script on Rachel, because there is signs of malware on that account and the Rachel account doesn't seem to be too bad.

Once the OTMoveIt result is done, log-off Rachel and onto Kim and we'll see what we can do about that.

========== FILES ==========
c:\program files\XPPoliceAntivirus\sounds moved successfully.
c:\program files\XPPoliceAntivirus\plugins moved successfully.
c:\program files\XPPoliceAntivirus moved successfully.
c:\windows\system32\sf.ico moved successfully.
c:\windows\system32\m3.ico moved successfully.
c:\windows\system32\c.ico moved successfully.
c:\windows\system32\p.ico moved successfully.
c:\windows\system32\m.ico moved successfully.
c:\windows\system32\s.ico moved successfully.
c:\windows\sysguard.exe moved successfully.
c:\windows\svcho.exe moved successfully.
c:\windows\syssvc.exe moved successfully.
c:\windows\system32\iehelper.dll unregistered successfully.
c:\windows\system32\iehelper.dll moved successfully.
c:\windows\system32\rn.tmp moved successfully.
c:\windows\system32\aybeg.bak1 moved successfully.
c:\windows\system32\aybeg.bak2 moved successfully.
c:\windows\system32\aybeg.ini2 moved successfully.
c:\program files\MyWaySA\SrchAsDe moved successfully.
c:\program files\MyWaySA moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c9c42510-9b21-41c1-9dcd-8382a2d07c61}\\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d25f921-b9fe-4682-bf72-8ab8210d6d75}\\ deleted successfully.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02272009_145610

Okay, logon to Kim now and see if this will run.

Please download SilentRunners from here:
http://www.silentrunners.org/Silent%20Runners.zip
Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, a message will pop up and a logfile will have been created on the desktop. The log will be quite big, so you may need to split it up into several posts.

OK..I am logged on as "kim" and did the download. Saved to desktop. Double clicked to run and windows blocked it. i have mcafee completely disabled.

Hello.
Completely uninstall Mcafee, because it's so annoying when it interferes, because it blocks soooo many tools.

There were no pop-ups or spyware 2009 garbage this time when I logged in under "kim" after running that clean-up on user "rachel"..fyi.

How come McAfee interferes with one user and not another on the same computer?

Dunno.
Go to Start > Control Panel > Add/Remove Programs and remove any Mcafee products.

OK..you want me to go to add/remove programs and get rid of mcafee?

sorry..i was asking this same question as you were telling me.

Haha.
Once Mcafee is uninstalled, see if DDS will run.

new problem.i now cannot even log in. i'm on my son's laptop now. no user will log in now...it just sits saying 'loading personal setting. now what?i

Looking on Google for an answer.
Was the OS Windows XP/2000 server?

sorry. I don't know what you're asking me.

i turned the computer off and tried to reboot again...now all i get is a black screen..can't even get to the windows starting up and user names. Am i totally screwed now?

OS=Operating system.
The system running.

The preference window is usually only on XP/2000/2003 server.

About this infection, if it was or is Virut, it could have caused this.

The new variant of Virut I see a lot of edits the userinit value to add it's own file, if mcafee changed anything of userinit while uninstalling, it could explain it situation.

See here:
http://forums.spybot.info/blog.php?b=14

Look at method 1. If you can get the machine to get to the "loading personal preferences" window again, you may be able to edit the machines registry from your sons laptop.
All info for this is on the method 1.