Hi,

I am having a hard time removing what seems to be a combination of rootkits, including the NTSKRNL-HOOK variant on Windows XP.

(this is a friend's computer-- i dont know what kind of things happened to it before this, and I have no idea what is installed, updated, etc. Also, I come from a mac background, my last windows system ran windows 2000-- so bear with me on anything very specific to XP)

STEPS I'VE TAKEN:

- used a linux boot drive to copy ComboFix.exe to the infected computer (usb and internet were no longer working when i received the computer)
- Ran Combofix (forgot if it was first run in Windows Safe Mode, or regular. I DID run it with all virus scanning off, as far as i could tell). This greatly freed up the computer and has allowed me to continue to use it, including downloading the Trend Micro HijackThis v2.0.2 program.
- Using whatever version of Mcafee was on the computer, I re-scanned. As I had feared, the rootkit continued to show up, despite being marked "deleted".
- Later, I re-ran the same combofix, this time dragging the MS windows recovery file (the KB310994) onto combofix.exe. THIS log file is posted along with the HJT below. I am also posting a picture of the files combofix.exe found on this computer, prior to restarting (it asked me to make note of the files). I also noted an error that showed up twice during this run, something to the effect of "nircmdc is not recognized" (sorry, i didn't write that one down)

Sadly, none of this seems to have really helped, and it's extremely difficult for me to tell what the state of the computer is now. I am happy to re-run any of the programs or re-do any of the steps. I am grateful for any help!

Also, as a final note, I hope this post was clear enough and coherent enough. If I missed anything, or egregiously violated some rule of the forum, i sincerely apologize and will try to correct it asap!

Thanks
Nik