TR.crypt.xdr.gen trojan detection

Status
Not open for further replies.
J

jinchi3434

New member
I have been getting alerts by avira antivir saying that it has detected "TR.crypt.xdr.gen trojan". I keep moving the files to quarantine, but it seems like the trogan keeps making more. All the files are located in "C:\WINDOWS\system32\drivers".

The security programs i have are avira antivir, malwarebytes, spybot, and I also have ccleaner.

heres my HJT log file....






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:09:05 PM, on 4/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\Parent\Parent.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.k12.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Parent] C:\Documents and Settings\Parent\Parent.exe /i
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [] C:\Documents and Settings\Parent\.exe /i
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.k12.com
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD7/JSCDL/...6u12-windows-i586-jc.cab&BHost=javadl.sun.com
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6787 bytes


Any help is appreciated :)
 
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

You must have read and followed the "Before you Post" instructions, there are no excuses for not following the directions. TeaTimer is not disabled, so this has not been done?
The junk can be tough to remove, don't expect fast or easy. I suggest you stay offline as much as possilbe until you are clean. There is not a lot showing in the HJT log, we will begin our search and removal like this.

1) We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
* Run Spybot-S&D in Advanced Mode.
* If it is not already set to do this Go to the Mode menu select "Advanced Mode"
* On the left hand side, Click on Tools
* Then click on the Resident Icon in the List
* Uncheck "Resident TeaTimer" and OK any prompts.
* Restart your computer.
(leave TT disabled until we finish)

2) A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use

Download ComboFix from here:

Link 1

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this Link for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.jpg

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Tutorial if needed
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

3) Post also an uninstall list: Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
Image: http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg

Thanks
 
Ok, I've disabled spybot teatimer and avira guard. Also, should I keep my avira guard inactive?



Combo fix log


ComboFix 09-04-04.01 - Parent 2009-04-09 23:02:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.131 [GMT -4:00]
Running from: c:\documents and settings\Parent\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system\oeminfo.ini

.
((((((((((((((((((((((((( Files Created from 2009-03-10 to 2009-04-10 )))))))))))))))))))))))))))))))
.

2009-04-08 17:47 . 2009-04-08 17:47 <DIR> d-------- c:\program files\Trend Micro
2009-04-08 17:17 . 2009-04-08 17:17 <DIR> d--h----- c:\windows\PIF
2009-04-07 17:05 . 2009-04-07 17:05 <DIR> d--hs---- C:\found.000
2009-04-07 04:13 . 2009-04-07 17:55 <DIR> d-------- c:\documents and settings\Parent\.housecall6.6
2009-04-07 04:13 . 2009-04-07 04:13 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2009-04-07 04:02 . 2009-04-07 04:02 <DIR> d-------- c:\program files\iTunes
2009-04-07 04:02 . 2009-04-07 04:02 <DIR> d-------- c:\program files\iPod
2009-04-07 04:02 . 2009-04-07 04:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-07 01:19 . 2009-04-07 01:19 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-04-07 01:16 . 2009-04-07 01:17 <DIR> d-------- c:\windows\ERUNT
2009-04-07 01:09 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix
2009-04-06 20:46 . 2009-04-06 20:46 <DIR> d-------- c:\program files\CCleaner
2009-04-06 05:18 . 2009-04-06 05:18 <DIR> d-------- c:\program files\Avira
2009-04-06 05:18 . 2009-04-06 05:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-04-06 05:18 . 2009-02-13 11:31 55,640 --a------ c:\windows\system32\drivers\avgntflt.sys
2009-04-05 06:35 . 2009-04-05 18:39 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-04-05 06:35 . 2009-04-09 22:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-05 06:12 . 2006-02-23 12:39 186 --a------ c:\windows\myClean.bat
2009-04-04 22:03 . 2009-04-06 20:10 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-04 22:03 . 2009-04-04 22:03 <DIR> d-------- c:\documents and settings\Parent\Application Data\Malwarebytes
2009-04-04 22:03 . 2009-04-04 22:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-04 22:03 . 2009-04-06 15:32 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-04 22:03 . 2009-04-06 15:32 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-02 18:10 . 2008-04-13 13:39 5,504 --a------ c:\windows\system32\drivers\MSTEE.sys
2009-04-02 18:10 . 2008-04-13 13:39 5,504 --a--c--- c:\windows\system32\dllcache\mstee.sys
2009-04-01 23:01 . 2009-04-01 23:01 <DIR> d-------- c:\windows\PixArt
2009-04-01 23:01 . 2009-04-01 23:01 <DIR> d-------- c:\program files\PC Camer@
2009-04-01 23:01 . 2009-04-01 23:01 <DIR> d-------- c:\program files\InstallShield Installation Information
2009-04-01 23:01 . 2009-04-01 23:01 <DIR> d-------- c:\program files\Common Files\PAC207
2009-04-01 23:01 . 2006-11-03 10:59 48,128 --a------ c:\windows\system32\Remove.exe
2009-04-01 23:01 . 2007-02-12 01:06 408 --a------ c:\windows\system32\Remover.ini
2009-04-01 23:00 . 2009-04-01 23:00 <DIR> d-------- c:\windows\Downloaded Installations
2009-04-01 23:00 . 2009-04-01 23:00 <DIR> d-------- c:\program files\Common Files\InstallShield
2009-03-21 17:21 . 2009-04-07 17:12 <DIR> d-------- c:\documents and settings\Parent\Application Data\LimeWire
2009-03-21 17:20 . 2009-03-21 17:21 <DIR> d-------- c:\program files\LimeWire
2009-03-20 17:16 . 2009-03-20 17:16 <DIR> d-------- c:\documents and settings\Parent\Application Data\Apple Computer
2009-03-20 17:16 . 2008-04-17 12:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2009-03-20 17:16 . 2009-03-19 16:32 23,400 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-20 17:15 . 2009-03-20 17:15 <DIR> d-------- c:\program files\Bonjour
2009-03-20 17:15 . 2009-03-20 17:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-20 17:14 . 2009-03-20 17:15 <DIR> d-------- c:\program files\QuickTime
2009-03-20 17:14 . 2009-03-20 17:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-20 17:13 . 2009-04-07 04:02 <DIR> d-------- c:\program files\Common Files\Apple
2009-03-20 17:13 . 2009-03-20 17:13 <DIR> d-------- c:\program files\Apple Software Update
2009-03-20 17:13 . 2009-03-20 17:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-03-18 07:21 . 2009-04-09 21:28 <DIR> d-------- c:\documents and settings\Parent\Application Data\HPAppData
2009-03-17 20:50 . 2009-03-17 20:50 <DIR> d-------- c:\documents and settings\Parent\Application Data\HP
2009-03-17 20:50 . 2009-03-17 20:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\WEBREG
2009-03-17 20:49 . 2009-03-17 20:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-03-17 20:47 . 2009-03-17 20:47 <DIR> d-------- c:\program files\Common Files\HP
2009-03-17 20:47 . 2009-03-17 20:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-03-17 20:46 . 2007-11-09 02:59 271,704 --a------ c:\windows\system32\hpzids01.dll
2009-03-17 20:45 . 2009-03-17 20:50 157,131 --a------ c:\windows\hphins26.dat
2009-03-17 20:45 . 2008-01-19 05:00 787 --------- c:\windows\hphmdl26.dat
2009-03-17 20:20 . 2007-10-20 18:25 117,760 --a------ c:\windows\system32\hpzll5mu.dll
2009-03-17 20:18 . 2009-03-17 20:18 0 --a------ c:\windows\system32\ŸÔŸÔ
2009-03-17 20:17 . 2009-04-04 02:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2009-03-17 19:51 . 2009-03-17 20:29 156,538 --------- c:\windows\hphins26.dat.temp
2009-03-17 19:51 . 2008-01-19 05:00 787 --------- c:\windows\hphmdl26.dat.temp
2009-03-17 19:25 . 2009-03-17 20:17 <DIR> d-------- c:\program files\HP
2009-03-17 18:42 . 2009-03-17 18:42 <DIR> d-------- c:\documents and settings\McAfeeMVSUser
2009-03-16 21:25 . 2009-03-16 21:25 <DIR> d-------- c:\documents and settings\Parent\Application Data\Viewpoint
2009-03-16 10:48 . 2009-03-16 10:48 <DIR> d-------- c:\documents and settings\Parent\Application Data\AdobeUM
2009-03-14 20:37 . 2009-03-15 20:20 <DIR> d-------- c:\windows\system32\Adobe
2009-03-12 20:43 . 2009-03-12 20:43 <DIR> d-------- c:\documents and settings\Parent\Application Data\acccore
2009-03-12 20:30 . 2009-04-07 04:02 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-03-12 20:29 . 2009-03-12 20:29 <DIR> d-------- c:\program files\Common Files\PACE Anti-Piracy
2009-03-12 20:29 . 2009-03-12 20:29 <DIR> d-------- c:\documents and settings\Parent\Application Data\PACE Anti-Piracy
2009-03-12 20:29 . 2009-03-12 20:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2009-03-12 15:23 . 2009-03-12 15:23 <DIR> d-------- c:\program files\Common Files\Software Update Utility
2009-03-12 15:22 . 2009-03-12 15:22 <DIR> d-------- c:\program files\Viewpoint
2009-03-12 15:22 . 2009-03-12 15:22 <DIR> d-------- c:\program files\Common Files\AOL
2009-03-12 15:22 . 2009-03-12 15:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Viewpoint
2009-03-12 15:22 . 2009-03-12 15:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL OCP
2009-03-12 15:22 . 2009-03-12 15:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL
2009-03-12 15:22 . 2009-03-12 15:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore
2009-03-12 15:21 . 2009-03-12 15:24 <DIR> d-------- c:\program files\AIM6
2009-03-12 15:21 . 2009-03-12 15:24 461 --ah----- C:\IPH.PH
2009-03-12 14:48 . 2008-04-13 13:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2009-03-12 14:48 . 2008-04-13 13:45 60,032 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
2009-03-11 19:00 . 2009-03-11 19:00 <DIR> d-------- c:\windows\.jagex_cache_32
2009-03-11 19:00 . 2009-04-09 21:49 34 --a------ c:\documents and settings\Parent\jagex_runescape_preferences.dat
2009-03-11 17:24 . 2009-03-11 17:24 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-11 17:24 . 2009-03-11 17:24 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-11 17:21 . 2009-03-11 17:21 <DIR> d-------- c:\windows\Sun
2009-03-11 02:19 . 2003-03-18 16:20 1,060,864 --a------ c:\windows\system32\MFC71.dll
2009-03-11 00:39 . 2009-03-11 00:39 0 --a------ c:\windows\nsreg.dat
2009-03-11 00:23 . 2008-04-13 13:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-03-11 00:23 . 2008-04-13 13:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2009-03-10 20:35 . 2008-12-20 19:15 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-03-10 20:35 . 2007-04-17 05:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-03-10 20:35 . 2007-03-08 01:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-10 20:35 . 2008-12-20 19:15 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-03-10 20:35 . 2008-12-20 19:15 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-10 20:35 . 2008-12-20 19:15 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-03-10 20:35 . 2008-12-20 19:15 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-03-10 20:35 . 2008-12-20 19:15 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-10 20:35 . 2008-12-19 05:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-03-10 20:25 . 2008-04-13 20:12 221,184 --a------ c:\windows\system32\wmpns.dll
2009-03-10 20:19 . 2009-03-10 20:19 <DIR> d-------- c:\windows\system32\scripting
2009-03-10 20:19 . 2009-03-10 20:19 <DIR> d-------- c:\windows\system32\en
2009-03-10 20:19 . 2009-03-10 20:19 <DIR> d-------- c:\windows\system32\bits
2009-03-10 20:19 . 2009-03-10 20:19 <DIR> d-------- c:\windows\l2schemas
2009-03-10 20:17 . 2009-03-10 20:17 <DIR> d-------- c:\windows\ServicePackFiles
2009-03-10 20:03 . 2004-08-03 23:29 327,040 --------- c:\windows\system32\drivers\ati2mtaa.sys
2009-03-10 19:48 . 2009-03-10 19:48 <DIR> d--hs---- c:\documents and settings\Parent\UserData
2009-03-10 19:42 . 2008-06-13 07:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-03-10 19:41 . 2008-08-14 06:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-10 19:41 . 2008-08-14 06:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-10 19:41 . 2008-08-14 05:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-10 19:41 . 2008-08-14 05:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-10 19:39 . 2008-09-04 13:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2009-03-10 19:39 . 2008-04-11 15:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2009-03-10 19:39 . 2008-10-24 07:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-03-10 19:39 . 2008-10-15 12:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-03-10 19:39 . 2008-12-11 06:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-03-10 19:39 . 2008-05-01 10:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2009-03-10 19:39 . 2008-05-08 10:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2009-03-10 19:38 . 2009-03-10 19:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Network Associates
2009-03-10 19:17 . 2007-08-10 21:46 26,488 --a------ c:\windows\system32\spupdsvc.exe
2009-03-10 17:20 . 2008-04-13 14:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-03-10 17:20 . 2008-04-13 20:11 21,504 --a------ c:\windows\system32\hidserv.dll
2009-03-10 17:20 . 2008-04-13 14:39 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys
2009-03-10 17:20 . 2001-08-17 14:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2009-03-10 17:20 . 2008-04-13 14:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-11 21:23 --------- d-----w c:\program files\Java
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\logon.scr"=
"c:\\Program Files\\Windows NT\\Accessories\\wordpad.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\hpswp_clipbook.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqdirec.exe"=
"c:\\Program Files\\AIM6\\aolsoftware.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqSTE08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqbam08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\WINDOWS\\system32\\ss3dfo.scr"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\WINDOWS\\system32\\verclsid.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\Ati2evxx.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-06 108289]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2009-03-12 24652]
S0 Ivbrwojf;Ivbrwojf;c:\windows\system32\drivers\pqpze.sys --> c:\windows\system32\drivers\pqpze.sys [?]
S2 amd64si;amd64si;\??\c:\windows\system32\drivers\amd64si.sys --> c:\windows\system32\drivers\amd64si.sys [?]
S2 ati64si;ati64si;\??\c:\windows\system32\drivers\ati64si.sys --> c:\windows\system32\drivers\ati64si.sys [?]
S2 port135sik;port135sik;\??\c:\windows\system32\drivers\port135sik.sys --> c:\windows\system32\drivers\port135sik.sys [?]
S2 securentm;securentm;\??\c:\windows\system32\drivers\securentm.sys --> c:\windows\system32\drivers\securentm.sys [?]
S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2006-11-20 506112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16fe1fd3-2100-11db-8e9b-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18cb452d-2102-11db-92fb-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c1d5453-20f6-11db-9d3c-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{681211d3-2108-11db-a9e1-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7705cc53-21bb-11db-a4c5-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b38bc07-2258-11db-862c-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8edfa42d-2122-11db-8d3d-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ccde80d3-225c-11db-ba5f-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3c000ad-219c-11db-834d-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1651c53-20e7-11db-9e0b-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Parent - c:\documents and settings\Parent\Parent.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
uInternet Connection Wizard,ShellNext = hxxp://www.k12.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Parent\Application Data\Mozilla\Firefox\Profiles\i07nbgqy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-09 23:04:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-04-09 23:05:33
ComboFix-quarantined-files.txt 2009-04-10 03:05:26

Pre-Run: 31,458,742,272 bytes free
Post-Run: 31,824,347,136 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

263 --- E O F --- 2009-03-26 12:17:29







HJT log



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:30 PM, on 4/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.k12.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.k12.com
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD7/JSCDL/...6u12-windows-i586-jc.cab&BHost=javadl.sun.com
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6170 bytes





Uninstall list




Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Adobe Shockwave Player
Agere Systems PCI-SV92PP Soft Modem
AIM 6
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
Avira AntiVir Personal - Free Antivirus
Bonjour
CCleaner (remove only)
Download Updater (AOL LLC)
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 10.0
HP Deskjet D1500 Printer Driver Software 10.0 Rel .3
HP Imaging Device Functions 10.0
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
iTunes
Java 2 Runtime Environment, SE v1.4.2_07
Java(TM) 6 Update 12
LimeWire 5.1.2
Malwarebytes' Anti-Malware
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.0.8)
PC Camer@
QuickTime
RealPlayer
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Shop for HP Supplies
Spybot - Search & Destroy
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Viewpoint Media Player
Windows Internet Explorer 7
Windows XP Service Pack 3

P.S. thanks for helping:D:
 
Please follow the directions carefully and in the numbered order.

1) Uninstall list: I look for malware and security issues and will not know all of your programs, but you should.
Hackers are using out of date programs to infect folks more and more,
Here is a small free tool that lets you know when something needs an update if you are interested:
http://secunia.com/vulnerability_scanning/personal/ While PSI runs in the System Tray for realtime notifications, I personally prefer to turn it off in MSConfig and run it from All Programs when I want to do a check.

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe recommends all users of Adobe Flash Player 10.0.12.36 and earlier versions upgrade to the newest version 10.0.22.87
http://www.adobe.com/support/security/bulletins/apsb09-01.html

Adobe Reader 7.0 <<< out of date and unsafe, see this:
http://news.cnet.com/8301-1009_3-10081618-83.html?tag=nl.e433
http://www.filehippo.com/download_adobe_reader/
(if you want a smaller program, look at this one)
Foxit Reader 2.3 for Windows (make sure to uncheck any toolbars)
http://www.foxitsoftware.com/pdf/rd_intro.php

Java 2 Runtime Environment, SE v1.4.2_07 <<< VERY old
Java(TM) 6 Update 12
Both are out of date, see this:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
Be aware of this information so you can opt out of anything you do not want.
Microsoft Does MSN Toolbar Distribution Deal With Java:
http://searchengineland.com/microsoft-does-msn-toolbar-distribution-deal-with-java-15413.php
http://raproducts.org/ <<< this tool will help if you have problems uninstalling that old version.

LimeWire 5.1.2 <<< p2p, uninstall
http://forums.spybot.info/showthread.php?t=282
If your helper detects the presence of such programs on your computer he/she will ask you to remove them. Help will be withdrawn should you not agree to their removal.

Viewpoint Media Player <<< For your information, Viewpoint is installed by aol probably without your knowledge. I suggest you uninstall this resource waster in Add Remove programs.
http://www.spywareinfo.com/newsletter/archives/2005/nov4.php#viewpoint
http://www.clickz.com/news/article.php/3561546
http://vil.nai.com/vil/content/v_137262.htm


Your computer is loaded with rootkit infections, are you using a USB or Flash drive? Let me know as it may be the source of the infection.

2) Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. We will use this later.

3) Open notepad and copy/paste the text in the codebox below into it:

Code: 
Driver::
amd64si
pqpze
ati64si
port135sik
securentm

File::
c:\windows\system32\drivers\amd64si.sys
c:\windows\system32\drivers\pqpze.sys 
c:\windows\system32\drivers\ati64si.sys
c:\windows\system32\drivers\port135sik.sys 
c:\windows\system32\drivers\securentm.sys 

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16fe1fd3-2100-11db-8e9b-806d6172696f}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18cb452d-2102-11db-92fb-806d6172696f}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c1d5453-20f6-11db-9d3c-806d6172696f}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{681211d3-2108-11db-a9e1-806d6172696f}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7705cc53-21bb-11db-a4c5-806d6172696f}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b38bc07-2258-11db-862c-806d6172696f}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8edfa42d-2122-11db-8d3d-806d6172696f}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ccde80d3-225c-11db-ba5f-806d6172696f}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3c000ad-219c-11db-834d-806d6172696f}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1651c53-20e7-11db-9e0b-806d6172696f}]

Folder::
C:\SDFix

Save this as CFScript

CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log. (wait until you finish to post the logs)

4) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

*Cleaning Prefetch may result in a few slow starts until the folder is repopulated:
http://www.windowsnetworking.com/articles_tutorials/Gaining-Speed-Empty-Prefetch-XP.html

Looks like you have MBAM installed, no need to download again, but make sure you UPDATE and run the program as instructed.

5) Download Malwarebytes' Anti-Malware to your Desktop
http://www.malwarebytes.org/

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post the log from CFScript, the log from MBAM and a new HJT log.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Tutorial if needed:
http://www.techsupportteam.org/forum/tutorials/2282-malwarebytes-anti-malware-mbam.html

How is this computer running now.

Thanks
 
Ok, i've followed your directions and there doesn't seem o be anymore detections by avira. And I'm pretty sure that I've never used a flash drive.





CFScript log




ComboFix 09-04-04.01 - Parent 2009-04-10 18:06:32.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.166 [GMT -4:00]
Running from: c:\documents and settings\Parent\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Parent\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\system32\drivers\amd64si.sys
c:\windows\system32\drivers\ati64si.sys
c:\windows\system32\drivers\port135sik.sys
c:\windows\system32\drivers\pqpze.sys
c:\windows\system32\drivers\securentm.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\SDFix
c:\sdfix\Add_DBFix_RunOnce_key.inf
c:\sdfix\apps\assosfix.reg
c:\sdfix\apps\Cghtme.exe
c:\sdfix\apps\cliptext.exe
c:\sdfix\apps\DBFix.inf
c:\sdfix\apps\download.exe
c:\sdfix\apps\dummy.sys
c:\sdfix\apps\Enable_Command_Prompt.inf
c:\sdfix\apps\Enable_Command_Prompt.reg
c:\sdfix\apps\ERDNT.E_E
c:\sdfix\apps\ERDNTDOS.LOC
c:\sdfix\apps\ERDNTWIN.LOC
c:\sdfix\apps\ERUNT.EXE
c:\sdfix\apps\ERUNT.LOC
c:\sdfix\apps\fix.reg
c:\sdfix\apps\FixBeep.reg
c:\sdfix\apps\FixBH.reg
c:\sdfix\apps\FixComponents.reg
c:\sdfix\apps\FIXCU.reg
c:\sdfix\apps\FIXLM.reg
c:\sdfix\apps\FixPath.exe
c:\sdfix\apps\FixRedir.reg
c:\sdfix\apps\FixSchedule.reg
c:\sdfix\apps\FixWebCheck.reg
c:\sdfix\apps\fixXP.reg
c:\sdfix\apps\FixXPsp2.reg
c:\sdfix\apps\grep.exe
c:\sdfix\apps\HaxdFix.reg
c:\sdfix\apps\HPFix.reg
c:\sdfix\apps\HPFix2.reg
c:\sdfix\apps\HPFix3.reg
c:\sdfix\apps\HPFix4.reg
c:\sdfix\apps\HPFix5.reg
c:\sdfix\apps\HPFix6.reg
c:\sdfix\apps\HPFix7.reg
c:\sdfix\apps\HPFix8.reg
c:\sdfix\apps\HPFix9.reg
c:\sdfix\apps\Installed.txt
c:\sdfix\apps\isadmin.exe
c:\sdfix\apps\leg2.txt
c:\sdfix\apps\legacy.txt
c:\sdfix\apps\legacybk.txt
c:\sdfix\apps\locate.com
c:\sdfix\apps\LS.exe
c:\sdfix\apps\MD5File.exe
c:\sdfix\apps\moveex.exe
c:\sdfix\apps\MyGcpvFix.reg
c:\sdfix\apps\MyGkFix2.reg
c:\sdfix\apps\Process.exe
c:\sdfix\apps\procs.exe
c:\sdfix\apps\psservice.exe
c:\sdfix\apps\Rem.txt
c:\sdfix\apps\Rem2.txt
c:\sdfix\apps\Replace\regedit.exe
c:\sdfix\apps\Replace\w2k\AUTOEXEC.NT
c:\sdfix\apps\Replace\w2k\beep.sys
c:\sdfix\apps\Replace\w2k\command.com
c:\sdfix\apps\Replace\w2k\command.PIF
c:\sdfix\apps\Replace\w2k\CONFIG.NT
c:\sdfix\apps\Replace\w2k\null.sys
c:\sdfix\apps\Replace\xp\AUTOEXEC.NT
c:\sdfix\apps\Replace\xp\beep.sys
c:\sdfix\apps\Replace\xp\command.com
c:\sdfix\apps\Replace\xp\command.PIF
c:\sdfix\apps\Replace\xp\CONFIG.NT
c:\sdfix\apps\Replace\xp\null.sys
c:\sdfix\apps\Reset_AppInit_DLLs.reg
c:\sdfix\apps\RestartIt!.exe
c:\sdfix\apps\Restore_SafeBoot_Windows2000.reg
c:\sdfix\apps\Restore_SafeBoot_WindowsXP.reg
c:\sdfix\apps\Restore_SafeBoot_WindowsXP_SP2.reg
c:\sdfix\apps\Restore_SafeBoot_WindowsXP_SP3.reg
c:\sdfix\apps\Restore_SecurityCenter.reg
c:\sdfix\apps\Restore_SharedAccess.reg
c:\sdfix\apps\sc.exe
c:\sdfix\apps\sed.exe
c:\sdfix\apps\SF.exe
c:\sdfix\apps\shutdown.exe
c:\sdfix\apps\srv2.txt
c:\sdfix\apps\srv2bk.txt
c:\sdfix\apps\svc.txt
c:\sdfix\apps\svcbk.txt
c:\sdfix\apps\Swreg.exe
c:\sdfix\apps\swsc.exe
c:\sdfix\apps\UnRAR.exe
c:\sdfix\apps\unzip.exe
c:\sdfix\apps\vfind.exe
c:\sdfix\apps\WINMSG.EXE
c:\sdfix\apps\winsec.reg
c:\sdfix\apps\zip.exe
c:\sdfix\catchme.exe
c:\sdfix\DBFix.bat
c:\sdfix\dummy.sys
c:\sdfix\RunThis.bat
c:\sdfix\SDFIX_ReadMe_Online.url
c:\sdfix\W2K_VirusAlert_Repair.inf
c:\sdfix\XP_VirusAlert_Repair.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AMD64SI
-------\Legacy_ATI64SI
-------\Legacy_PORT135SIK
-------\Legacy_SECURENTM
-------\Service_amd64si
-------\Service_ati64si
-------\Service_port135sik
-------\Service_securentm


((((((((((((((((((((((((( Files Created from 2009-03-10 to 2009-04-10 )))))))))))))))))))))))))))))))
.

2009-04-10 17:59 . 2009-04-10 17:59 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-04-10 17:46 . 2009-04-10 17:48 <DIR> d-------- c:\documents and settings\Parent\.SunDownloadManager
2009-04-10 17:34 . 2009-04-10 17:34 <DIR> d-------- c:\program files\Common Files\Adobe
2009-04-10 17:20 . 2009-04-10 17:20 <DIR> d-------- c:\program files\Secunia
2009-04-08 17:47 . 2009-04-08 17:47 <DIR> d-------- c:\program files\Trend Micro
2009-04-08 17:17 . 2009-04-08 17:17 <DIR> d--h----- c:\windows\PIF
2009-04-07 17:05 . 2009-04-07 17:05 <DIR> d--hs---- C:\found.000
2009-04-07 04:13 . 2009-04-07 17:55 <DIR> d-------- c:\documents and settings\Parent\.housecall6.6
2009-04-07 04:13 . 2009-04-07 04:13 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2009-04-07 04:02 . 2009-04-07 04:02 <DIR> d-------- c:\program files\iTunes
2009-04-07 04:02 . 2009-04-07 04:02 <DIR> d-------- c:\program files\iPod
2009-04-07 04:02 . 2009-04-07 04:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-07 01:19 . 2009-04-07 01:19 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-04-07 01:16 . 2009-04-07 01:17 <DIR> d-------- c:\windows\ERUNT
2009-04-06 20:46 . 2009-04-06 20:46 <DIR> d-------- c:\program files\CCleaner
2009-04-06 05:18 . 2009-04-06 05:18 <DIR> d-------- c:\program files\Avira
2009-04-06 05:18 . 2009-04-06 05:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-04-06 05:18 . 2009-02-13 11:31 55,640 --a------ c:\windows\system32\drivers\avgntflt.sys
2009-04-05 06:35 . 2009-04-05 18:39 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-04-05 06:35 . 2009-04-09 22:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-05 06:12 . 2006-02-23 12:39 186 --a------ c:\windows\myClean.bat
2009-04-04 22:03 . 2009-04-06 20:10 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-04 22:03 . 2009-04-04 22:03 <DIR> d-------- c:\documents and settings\Parent\Application Data\Malwarebytes
2009-04-04 22:03 . 2009-04-04 22:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-04 22:03 . 2009-04-06 15:32 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-04 22:03 . 2009-04-06 15:32 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-02 18:10 . 2008-04-13 13:39 5,504 --a------ c:\windows\system32\drivers\MSTEE.sys
2009-04-02 18:10 . 2008-04-13 13:39 5,504 --a--c--- c:\windows\system32\dllcache\mstee.sys
2009-04-01 23:01 . 2009-04-01 23:01 <DIR> d-------- c:\windows\PixArt
2009-04-01 23:01 . 2009-04-01 23:01 <DIR> d-------- c:\program files\PC Camer@
2009-04-01 23:01 . 2009-04-01 23:01 <DIR> d-------- c:\program files\InstallShield Installation Information
2009-04-01 23:01 . 2009-04-01 23:01 <DIR> d-------- c:\program files\Common Files\PAC207
2009-04-01 23:01 . 2006-11-03 10:59 48,128 --a------ c:\windows\system32\Remove.exe
2009-04-01 23:01 . 2007-02-12 01:06 408 --a------ c:\windows\system32\Remover.ini
2009-04-01 23:00 . 2009-04-01 23:00 <DIR> d-------- c:\windows\Downloaded Installations
2009-04-01 23:00 . 2009-04-01 23:00 <DIR> d-------- c:\program files\Common Files\InstallShield
2009-03-24 07:03 . 2009-03-24 07:03 7,808 --a------ c:\windows\system32\drivers\psi_mf.sys
2009-03-21 17:21 . 2009-04-10 12:13 <DIR> d-------- c:\documents and settings\Parent\Application Data\LimeWire
2009-03-20 17:16 . 2009-03-20 17:16 <DIR> d-------- c:\documents and settings\Parent\Application Data\Apple Computer
2009-03-20 17:16 . 2008-04-17 12:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2009-03-20 17:16 . 2009-03-19 16:32 23,400 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-20 17:15 . 2009-03-20 17:15 <DIR> d-------- c:\program files\Bonjour
2009-03-20 17:15 . 2009-03-20 17:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-20 17:14 . 2009-03-20 17:15 <DIR> d-------- c:\program files\QuickTime
2009-03-20 17:14 . 2009-03-20 17:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-20 17:13 . 2009-04-07 04:02 <DIR> d-------- c:\program files\Common Files\Apple
2009-03-20 17:13 . 2009-03-20 17:13 <DIR> d-------- c:\program files\Apple Software Update
2009-03-20 17:13 . 2009-03-20 17:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-03-18 07:21 . 2009-04-10 17:23 <DIR> d-------- c:\documents and settings\Parent\Application Data\HPAppData
2009-03-17 20:50 . 2009-03-17 20:50 <DIR> d-------- c:\documents and settings\Parent\Application Data\HP
2009-03-17 20:50 . 2009-03-17 20:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\WEBREG
2009-03-17 20:49 . 2009-03-17 20:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-03-17 20:47 . 2009-03-17 20:47 <DIR> d-------- c:\program files\Common Files\HP
2009-03-17 20:47 . 2009-03-17 20:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-03-17 20:46 . 2007-11-09 02:59 271,704 --a------ c:\windows\system32\hpzids01.dll
2009-03-17 20:45 . 2009-03-17 20:50 157,131 --a------ c:\windows\hphins26.dat
2009-03-17 20:45 . 2008-01-19 05:00 787 --------- c:\windows\hphmdl26.dat
2009-03-17 20:20 . 2007-10-20 18:25 117,760 --a------ c:\windows\system32\hpzll5mu.dll
2009-03-17 20:18 . 2009-03-17 20:18 0 --a------ c:\windows\system32\ŸÔŸÔ
2009-03-17 20:17 . 2009-04-04 02:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2009-03-17 19:51 . 2009-03-17 20:29 156,538 --------- c:\windows\hphins26.dat.temp
2009-03-17 19:51 . 2008-01-19 05:00 787 --------- c:\windows\hphmdl26.dat.temp
2009-03-17 19:25 . 2009-03-17 20:17 <DIR> d-------- c:\program files\HP
2009-03-17 18:42 . 2009-03-17 18:42 <DIR> d-------- c:\documents and settings\McAfeeMVSUser
2009-03-16 10:48 . 2009-03-16 10:48 <DIR> d-------- c:\documents and settings\Parent\Application Data\AdobeUM
2009-03-14 20:37 . 2009-03-15 20:20 <DIR> d-------- c:\windows\system32\Adobe
2009-03-12 20:43 . 2009-03-12 20:43 <DIR> d-------- c:\documents and settings\Parent\Application Data\acccore
2009-03-12 20:30 . 2009-04-07 04:02 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-03-12 20:29 . 2009-03-12 20:29 <DIR> d-------- c:\program files\Common Files\PACE Anti-Piracy
2009-03-12 20:29 . 2009-03-12 20:29 <DIR> d-------- c:\documents and settings\Parent\Application Data\PACE Anti-Piracy
2009-03-12 20:29 . 2009-03-12 20:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2009-03-12 15:23 . 2009-03-12 15:23 <DIR> d-------- c:\program files\Common Files\Software Update Utility
2009-03-12 15:22 . 2009-03-12 15:22 <DIR> d-------- c:\program files\Common Files\AOL
2009-03-12 15:22 . 2009-04-10 18:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Viewpoint
2009-03-12 15:22 . 2009-03-12 15:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL OCP
2009-03-12 15:22 . 2009-03-12 15:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL
2009-03-12 15:22 . 2009-03-12 15:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore
2009-03-12 15:21 . 2009-03-12 15:24 <DIR> d-------- c:\program files\AIM6
2009-03-12 15:21 . 2009-03-12 15:24 461 --ah----- C:\IPH.PH
2009-03-12 14:48 . 2008-04-13 13:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2009-03-12 14:48 . 2008-04-13 13:45 60,032 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
2009-03-11 19:00 . 2009-03-11 19:00 <DIR> d-------- c:\windows\.jagex_cache_32
2009-03-11 19:00 . 2009-04-10 08:04 34 --a------ c:\documents and settings\Parent\jagex_runescape_preferences.dat
2009-03-11 17:24 . 2009-04-10 17:59 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-11 17:21 . 2009-03-11 17:21 <DIR> d-------- c:\windows\Sun
2009-03-11 02:19 . 2003-03-18 16:20 1,060,864 --a------ c:\windows\system32\MFC71.dll
2009-03-11 00:39 . 2009-03-11 00:39 0 --a------ c:\windows\nsreg.dat
2009-03-11 00:23 . 2008-04-13 13:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-03-11 00:23 . 2008-04-13 13:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2009-03-10 20:35 . 2008-12-20 19:15 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-03-10 20:35 . 2007-04-17 05:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-03-10 20:35 . 2007-03-08 01:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-10 20:35 . 2008-12-20 19:15 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-03-10 20:35 . 2008-12-20 19:15 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-10 20:35 . 2008-12-20 19:15 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-03-10 20:35 . 2008-12-20 19:15 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-03-10 20:35 . 2008-12-20 19:15 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-10 20:35 . 2008-12-19 05:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-03-10 20:25 . 2008-04-13 20:12 221,184 --a------ c:\windows\system32\wmpns.dll
2009-03-10 20:19 . 2009-03-10 20:19 <DIR> d-------- c:\windows\system32\scripting
2009-03-10 20:19 . 2009-03-10 20:19 <DIR> d-------- c:\windows\system32\en
2009-03-10 20:19 . 2009-03-10 20:19 <DIR> d-------- c:\windows\system32\bits
2009-03-10 20:19 . 2009-03-10 20:19 <DIR> d-------- c:\windows\l2schemas
2009-03-10 20:17 . 2009-03-10 20:17 <DIR> d-------- c:\windows\ServicePackFiles
2009-03-10 20:03 . 2004-08-03 23:29 327,040 --------- c:\windows\system32\drivers\ati2mtaa.sys
2009-03-10 19:48 . 2009-03-10 19:48 <DIR> d--hs---- c:\documents and settings\Parent\UserData
2009-03-10 19:42 . 2008-06-13 07:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-03-10 19:41 . 2008-08-14 06:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-10 19:41 . 2008-08-14 06:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-10 19:41 . 2008-08-14 05:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-10 19:41 . 2008-08-14 05:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-10 19:39 . 2008-09-04 13:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2009-03-10 19:39 . 2008-04-11 15:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2009-03-10 19:39 . 2008-10-24 07:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-03-10 19:39 . 2008-10-15 12:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-03-10 19:39 . 2008-12-11 06:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-03-10 19:39 . 2008-05-01 10:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2009-03-10 19:39 . 2008-05-08 10:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2009-03-10 19:38 . 2009-03-10 19:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Network Associates
2009-03-10 19:17 . 2007-08-10 21:46 26,488 --a------ c:\windows\system32\spupdsvc.exe
2009-03-10 17:20 . 2008-04-13 14:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-03-10 17:20 . 2008-04-13 20:11 21,504 --a------ c:\windows\system32\hidserv.dll
2009-03-10 17:20 . 2008-04-13 14:39 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys
2009-03-10 17:20 . 2001-08-17 14:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2009-03-10 17:20 . 2008-04-13 14:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-10 21:50 --------- d-----w c:\program files\Java
.

((((((((((((((((((((((((((((( SnapShot@2009-04-09_23.04.32.82 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-04-10 01:49:16 315,392 ----a-w c:\windows\.jagex_cache_32\runescape\jogl.dll
+ 2009-04-10 12:04:31 315,392 ----a-w c:\windows\.jagex_cache_32\runescape\jogl.dll
- 2009-04-10 01:49:16 20,480 ----a-w c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
+ 2009-04-10 12:04:31 20,480 ----a-w c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
+ 2005-10-21 00:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2009-04-10 21:24:56 262,144 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
- 2009-03-11 21:24:03 144,792 ----a-w c:\windows\system32\java.exe
+ 2009-04-10 21:59:37 144,792 ----a-w c:\windows\system32\java.exe
- 2009-03-11 21:24:03 144,792 ----a-w c:\windows\system32\javaw.exe
+ 2009-04-10 21:59:37 144,792 ----a-w c:\windows\system32\javaw.exe
- 2009-03-11 21:24:03 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2009-04-10 21:59:37 148,888 ----a-w c:\windows\system32\javaws.exe
- 2009-03-18 17:20:52 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-04-10 21:22:52 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-04-10 22:09:47 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_dc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-10 148888]

c:\documents and settings\Parent\Start Menu\Programs\Startup\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-03-24 748840]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\logon.scr"=
"c:\\Program Files\\Windows NT\\Accessories\\wordpad.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\hpswp_clipbook.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqdirec.exe"=
"c:\\Program Files\\AIM6\\aolsoftware.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqSTE08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqbam08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\WINDOWS\\system32\\ss3dfo.scr"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\WINDOWS\\system32\\verclsid.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\Ati2evxx.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-06 108289]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-03-24 7808]
S0 Ivbrwojf;Ivbrwojf;c:\windows\system32\drivers\pqpze.sys --> c:\windows\system32\drivers\pqpze.sys [?]
S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2006-11-20 506112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-04-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
uInternet Connection Wizard,ShellNext = hxxp://www.k12.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Parent\Application Data\Mozilla\Firefox\Profiles\i07nbgqy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-10 18:11:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-10 18:14:06 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-10 22:14:02
ComboFix2.txt 2009-04-10 03:05:34

Pre-Run: 31,393,398,784 bytes free
Post-Run: 31,330,127,872 bytes free

375 --- E O F --- 2009-03-26 12:17:29







Mbam log





Malwarebytes' Anti-Malware 1.36
Database version: 1963
Windows 5.1.2600 Service Pack 3

4/10/2009 6:39:04 PM
mbam-log-2009-04-10 (18-39-04).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 102235
Time elapsed: 20 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




HJT log



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:45:51 PM, on 4/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.k12.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.k12.com
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 5721 bytes
 
This information may help you help the computer run better.
http://www.netsquirrel.com/msconfig/msconfig_xp.html
http://www.malwareremoval.com/tutorials/runningslowly.php
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/atwork/getstarted/speed.mspx

Let's see if we can wrap up like this.

Remove combofix from the computer like this:

Click START then RUN
Now type or copy Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.

CF_Cleanup.png


Clean the System Restore files like this:

Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot

Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

(you can make this optional since the last scan was clean)
Update MBAM and scan to be sure we missed none of the junk, there is no need to post a clean scan result.
(MBAM is yours to keep if you wish, update it and run it once a month or so)

Update AntiVir Desktop and scan the system, to be sure it is running right and scanning clean.

If all is well at this point, let me know and I will close the topic.

Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

http://www.malwarecomplaints.info/

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

http://users.telenet.be/bluepatchy/miekiemoes/Links.html
http://www.microsoft.com/windows/ie/community/columns/protection.mspx
Improve the safety of your browsing and e-mail activities
http://www.microsoft.com/protect/computer/advanced/browsing.mspx
 
Status
Not open for further replies.
Back
Top