Poebot.gen, Poebot.dam, gaobot all detected

[redcrowley]

The full scan is running.  Here are the results of the quick scan:

[font=\"Arial\"]mps.exe;c:\program files\mcafee\mps;Probably BACKDOOR.Trojan;;[/font][font=\"Arial\"]mcupdmgr.exe;c:\program files\mcafee\msc;Probably DLOADER.Trojan;;[/font]
Those are Mcafee files.  False positives maybe?  Or worse.  I will post the full results shortly.

[redcrowley]

Here's the full report.  I will run the other scanner tomorrow as I have workerd 60 hours in 4 days and am just too tired.

[font=\"Arial\"]mps.exe;c:\program files\mcafee\mps;Probably BACKDOOR.Trojan;Incurable.Will be moved after reboot.;[/font][font=\"Arial\"][/font][font=\"Arial\"][/font][font=\"Arial\"][/font][font=\"Arial\"]mcupdmgr.exe;c:\program files\mcafee\msc;Probably DLOADER.Trojan;Incurable.Will be moved after reboot.;[/font][font=\"Arial\"][/font][font=\"Arial\"][/font][font=\"Arial\"][/font][font=\"Arial\"]MiniBugTransporter.dll;C:\Program Files\AWS\WeatherBug;Adware.Aws;;[/font][font=\"Arial\"][/font][font=\"Arial\"][/font][font=\"Arial\"][/font][font=\"Arial\"][/font][font=\"Arial\"][/font][font=\"Arial\"][/font][font=\"Arial\"]mirc.exe;C:\Program Files\mIRC;Program.mIRC.616;;[/font][font=\"Arial\"][/font][font=\"Arial\"][/font][font=\"Arial\"][/font][font=\"Arial\"][/font][font=\"Arial\"][/font][font=\"Arial\"][/font][font=\"Arial\"][/font][font=\"Arial\"][/font][font=\"Arial\"]A0074190.reg;C:\System Volume Information\_restore{D11FDFB9-38B1-415A-A262-DE76EF682745}\RP553;Trojan.StartPage.1505;Deleted.;[/font][font=\"Arial\"]A0074333.reg;C:\System Volume Information\_restore{D11FDFB9-38B1-415A-A262-DE76EF682745}\RP553;Trojan.StartPage.1505;Deleted.;[/font][font=\"Arial\"]A0075794.dll;C:\System Volume Information\_restore{D11FDFB9-38B1-415A-A262-DE76EF682745}\RP560;Adware.MegaSearch;;[/font][font=\"Arial\"][/font][font=\"Arial\"][size="2"]popcaploader.dll;C:\WINDOWS\Downloaded Program Files;Program.PopcapLoader;;[/size][/font]

[guestolo]

These 2 definetly look like false postives
mps.exe;c:\program files\mcafee\mps;Probably BACKDOOR.Trojan;Incurable.Will be moved after reboot.;[/size]mcupdmgr.exe;c:\program files\mcafee\msc;Probably DLOADER.Trojan;Incurable.Will be moved after reboot

The 2 files can be moved back to there original location

mps.exe>>Move it back to c:\program files\mcafee\mps folder
mcupdmgr.exe>>Move back to c:\program files\mcafee\msc folder

You can find the 2 files located in
C:\Documents and Settings\Russ\DoctorWeb\Quarantine <-this folder

If the blbeta.exe scan comes clean
I would suggest you consider updating to Service pack 2 for Windows
ReVisit Windows updates and get all latest HIGH PRIORITY updates

After installing SP2 and any other later high priorities, Run the Disk Defragment utility on your computer
Here's some tips for preinstalling SP2
http://www.microsoft.com/windowsxp/sp2/sp2_whattoknow.mspx

[redcrowley]

blbeta came back clean and I have swutched to SP2 as well, as downloading updates.

After that I tried shutting off my firewall to test the buffer overflows.  So far, everything looks great.

[guestolo]

That sounds better

If you moved the 2 quarantined files from Dr.Web to McAfee folder
You can go ahead and delete Dr.Web

Also delete STINGER and blbeta.exe
Chances are if you need any of the above tools again
They will be updated and need to be redownloaded anyways

I noticed in your uninstall list you had older versions of Sun Java installed
But you appear to have updated since then>>Good move
If the following are still in add/remove programs list
Select and remove them
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_06

If you didn't intentionally install either
Viewpoint Manager (Remove Only)
Viewpoint Media Player
PokerStars

Remove any of the above 3 too, they can be unintentionally installed from other programs

You may want to run ATF-Cleaner one more time, with the following instructions
Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

If you use Firefox browser

      Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

      Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

I know you have/had Microsoft Antispyware installed (See note below)
But I would also add the following free scanners to your system

Optionally
Download and Install
Ad-Aware SE Personal 1.06

Open Ad-Aware, ensure to click the  check for updates now link and Connect to download the latest updates
Close out after it is updated, as we will need it later
Open Ad-Aware SE 1.06
Click START >>> NEXT
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

RESTART your computer to finish the cleaning process

Download and Install Spybot 1.4 from
HERE

After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and then download all updates
After update is complete
Click the "Search & Destroy" button on the left
"Check for Problems"---When the Scan is complete
FIX all selected promblems in RED

RESTART the computer to finish any cleaning process

Can you come back here and post one last hijackthis log please
Hopefully, with the needed Windows updates, everything is running better

NOTE: Do you still have Microsoft AntiSpyware installed?
Or is the entry in hijackthis a leftover?