Solved Reoccuring virus/malware even when quaratined

Status
Not open for further replies.

phhege

Posts: 16   +0
recent find using avg free version...did full system scan 36 viruses or unwanted programs found...prompted to restart but computer refused to get OS running...was able to boot from CD with non destructive start when I hit the R key but that's another thread topic.So most detections seem to be in MYBCKUP. I'll attemp to post log files requested in 8 step removal process.

no pop up window when clickin on manage attachments?
 
See if there is a paper clip icon for the attachments. If you can't attach, paste the logs it- you might have to do it in 2 replies. a couple of others have mentioned this problem today.

I'll;l check your logs when you get them up.

Once you put the logs up, please don't run any other cleaning programs, Registry changes, etc.
 
log files

Avira AntiVir Personal
Report file date: Saturday, March 20, 2010 12:00

Scanning for 1878152 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : YOUR-FA4067EFF5

Version information:
BUILD.DAT : 9.0.0.419 21701 Bytes 1/22/2010 18:29:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 15:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 14:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 15:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 14:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 11:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 17:19:25
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 17:21:37
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 17:22:15
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 17:23:15
VBASE005.VDF : 7.10.4.204 2048 Bytes 3/5/2010 17:23:15
VBASE006.VDF : 7.10.4.205 2048 Bytes 3/5/2010 17:23:15
VBASE007.VDF : 7.10.4.206 2048 Bytes 3/5/2010 17:23:15
VBASE008.VDF : 7.10.4.207 2048 Bytes 3/5/2010 17:23:16
VBASE009.VDF : 7.10.4.208 2048 Bytes 3/5/2010 17:23:16
VBASE010.VDF : 7.10.4.209 2048 Bytes 3/5/2010 17:23:16
VBASE011.VDF : 7.10.4.210 2048 Bytes 3/5/2010 17:23:17
VBASE012.VDF : 7.10.4.211 2048 Bytes 3/5/2010 17:23:17
VBASE013.VDF : 7.10.4.242 153088 Bytes 3/8/2010 17:23:23
VBASE014.VDF : 7.10.5.17 99328 Bytes 3/10/2010 17:23:27
VBASE015.VDF : 7.10.5.44 107008 Bytes 3/11/2010 17:23:32
VBASE016.VDF : 7.10.5.69 92672 Bytes 3/12/2010 17:23:36
VBASE017.VDF : 7.10.5.91 119808 Bytes 3/15/2010 17:23:41
VBASE018.VDF : 7.10.5.121 112640 Bytes 3/18/2010 17:03:02
VBASE019.VDF : 7.10.5.138 139776 Bytes 3/18/2010 17:01:09
VBASE020.VDF : 7.10.5.139 2048 Bytes 3/18/2010 17:01:09
VBASE021.VDF : 7.10.5.140 2048 Bytes 3/18/2010 17:01:09
VBASE022.VDF : 7.10.5.141 2048 Bytes 3/18/2010 17:01:13
VBASE023.VDF : 7.10.5.142 2048 Bytes 3/18/2010 17:01:17
VBASE024.VDF : 7.10.5.143 2048 Bytes 3/18/2010 17:01:17
VBASE025.VDF : 7.10.5.144 2048 Bytes 3/18/2010 17:01:18
VBASE026.VDF : 7.10.5.145 2048 Bytes 3/18/2010 17:01:19
VBASE027.VDF : 7.10.5.146 2048 Bytes 3/18/2010 17:01:20
VBASE028.VDF : 7.10.5.147 2048 Bytes 3/18/2010 17:01:21
VBASE029.VDF : 7.10.5.148 2048 Bytes 3/18/2010 17:02:22
VBASE030.VDF : 7.10.5.149 2048 Bytes 3/18/2010 17:02:23
VBASE031.VDF : 7.10.5.154 38912 Bytes 3/19/2010 17:02:25
Engineversion : 8.2.1.196
AEVDF.DLL : 8.1.1.3 106868 Bytes 3/16/2010 17:25:41
AESCRIPT.DLL : 8.1.3.18 1024378 Bytes 3/17/2010 17:44:47
AESCN.DLL : 8.1.5.0 127347 Bytes 3/16/2010 17:25:26
AESBX.DLL : 8.1.2.1 254323 Bytes 3/17/2010 17:44:57
AERDL.DLL : 8.1.4.3 541043 Bytes 3/17/2010 17:44:18
AEPACK.DLL : 8.2.1.1 426358 Bytes 3/19/2010 17:02:42
AEOFFICE.DLL : 8.1.0.41 201083 Bytes 3/17/2010 17:43:59
AEHEUR.DLL : 8.1.1.13 2470262 Bytes 3/17/2010 17:43:50
AEHELP.DLL : 8.1.10.2 237941 Bytes 3/17/2010 17:41:38
AEGEN.DLL : 8.1.3.2 373108 Bytes 3/19/2010 17:02:32
AEEMU.DLL : 8.1.1.0 393587 Bytes 11/8/2009 11:38:26
AECORE.DLL : 8.1.12.3 188789 Bytes 3/17/2010 17:40:28
AEBB.DLL : 8.1.0.3 53618 Bytes 11/8/2009 11:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 12:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 8/26/2009 19:14:02
AVREP.DLL : 8.0.0.7 159784 Bytes 3/16/2010 17:26:18
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 14:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 19:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 14:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 19:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 12:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 14:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 19:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 10/13/2009 16:25:47

Configuration settings for the scan:
Jobname.............................: Local Hard Disks
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\alldiscs.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Saturday, March 20, 2010 12:00

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'PRISMXL.SYS' - '1' Module(s) have been scanned
Scan process 'ForceField.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ISWSVC.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
28 processes with 28 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
 
log file part 2

Avira AntiVir Personal
Report file date: Saturday, March 20, 2010 12:00

Scanning for 1878152 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : YOUR-FA4067EFF5

Version information:
BUILD.DAT : 9.0.0.419 21701 Bytes 1/22/2010 18:29:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 15:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 14:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 15:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 14:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 11:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 17:19:25
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 17:21:37
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 17:22:15
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 17:23:15
VBASE005.VDF : 7.10.4.204 2048 Bytes 3/5/2010 17:23:15
VBASE006.VDF : 7.10.4.205 2048 Bytes 3/5/2010 17:23:15
VBASE007.VDF : 7.10.4.206 2048 Bytes 3/5/2010 17:23:15
VBASE008.VDF : 7.10.4.207 2048 Bytes 3/5/2010 17:23:16
VBASE009.VDF : 7.10.4.208 2048 Bytes 3/5/2010 17:23:16
VBASE010.VDF : 7.10.4.209 2048 Bytes 3/5/2010 17:23:16
VBASE011.VDF : 7.10.4.210 2048 Bytes 3/5/2010 17:23:17
VBASE012.VDF : 7.10.4.211 2048 Bytes 3/5/2010 17:23:17
VBASE013.VDF : 7.10.4.242 153088 Bytes 3/8/2010 17:23:23
VBASE014.VDF : 7.10.5.17 99328 Bytes 3/10/2010 17:23:27
VBASE015.VDF : 7.10.5.44 107008 Bytes 3/11/2010 17:23:32
VBASE016.VDF : 7.10.5.69 92672 Bytes 3/12/2010 17:23:36
VBASE017.VDF : 7.10.5.91 119808 Bytes 3/15/2010 17:23:41
VBASE018.VDF : 7.10.5.121 112640 Bytes 3/18/2010 17:03:02
VBASE019.VDF : 7.10.5.138 139776 Bytes 3/18/2010 17:01:09
VBASE020.VDF : 7.10.5.139 2048 Bytes 3/18/2010 17:01:09
VBASE021.VDF : 7.10.5.140 2048 Bytes 3/18/2010 17:01:09
VBASE022.VDF : 7.10.5.141 2048 Bytes 3/18/2010 17:01:13
VBASE023.VDF : 7.10.5.142 2048 Bytes 3/18/2010 17:01:17
VBASE024.VDF : 7.10.5.143 2048 Bytes 3/18/2010 17:01:17
VBASE025.VDF : 7.10.5.144 2048 Bytes 3/18/2010 17:01:18
VBASE026.VDF : 7.10.5.145 2048 Bytes 3/18/2010 17:01:19
VBASE027.VDF : 7.10.5.146 2048 Bytes 3/18/2010 17:01:20
VBASE028.VDF : 7.10.5.147 2048 Bytes 3/18/2010 17:01:21
VBASE029.VDF : 7.10.5.148 2048 Bytes 3/18/2010 17:02:22
VBASE030.VDF : 7.10.5.149 2048 Bytes 3/18/2010 17:02:23
VBASE031.VDF : 7.10.5.154 38912 Bytes 3/19/2010 17:02:25
Engineversion : 8.2.1.196
AEVDF.DLL : 8.1.1.3 106868 Bytes 3/16/2010 17:25:41
AESCRIPT.DLL : 8.1.3.18 1024378 Bytes 3/17/2010 17:44:47
AESCN.DLL : 8.1.5.0 127347 Bytes 3/16/2010 17:25:26
AESBX.DLL : 8.1.2.1 254323 Bytes 3/17/2010 17:44:57
AERDL.DLL : 8.1.4.3 541043 Bytes 3/17/2010 17:44:18
AEPACK.DLL : 8.2.1.1 426358 Bytes 3/19/2010 17:02:42
AEOFFICE.DLL : 8.1.0.41 201083 Bytes 3/17/2010 17:43:59
AEHEUR.DLL : 8.1.1.13 2470262 Bytes 3/17/2010 17:43:50
AEHELP.DLL : 8.1.10.2 237941 Bytes 3/17/2010 17:41:38
AEGEN.DLL : 8.1.3.2 373108 Bytes 3/19/2010 17:02:32
AEEMU.DLL : 8.1.1.0 393587 Bytes 11/8/2009 11:38:26
AECORE.DLL : 8.1.12.3 188789 Bytes 3/17/2010 17:40:28
AEBB.DLL : 8.1.0.3 53618 Bytes 11/8/2009 11:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 12:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 8/26/2009 19:14:02
AVREP.DLL : 8.0.0.7 159784 Bytes 3/16/2010 17:26:18
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 14:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 19:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 14:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 19:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 12:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 14:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 19:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 10/13/2009 16:25:47

Configuration settings for the scan:
Jobname.............................: Local Hard Disks
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\alldiscs.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Saturday, March 20, 2010 12:00

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'PRISMXL.SYS' - '1' Module(s) have been scanned
Scan process 'ForceField.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ISWSVC.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
28 processes with 28 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
 
hjt log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:03:16 PM, on 3/20/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [Gateway Extended Warranty] "C:\Program Files\Gateway\GWCares\GWCares.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1268712555593
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5770 bytes
 
Okay- I'll work with all 3 logs when you get the other 2 up. Don't need another AV scan.
 
mbam log

Scan type: Quick Scan
Objects scanned: 112428
Time elapsed: 4 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
super log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/20/2010 at 03:26 PM

Application Version : 4.34.1000

Core Rules Database Version : 4702
Trace Rules Database Version: 2514

Scan type : Quick Scan
Total Scan Time : 00:35:44

Memory items scanned : 436
Memory threats detected : 0
Registry items scanned : 423
Registry threats detected : 0
File items scanned : 23223
File threats detected : 62

Adware.Tracking Cookie
C:\My Backup -- 10-03-15 0909AM\Documents and Settings\Owner\Cookies\owner@bestgirlxxx[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@gotacha.rotator.hadj7.adjuggler[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@youpornmovs[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@adserver.adtechus[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@cdn4.specificclick[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@adprotraffic[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@tribalfusion[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@www.rv-finder[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@rv-finder[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@serving-sys[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@2o7[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@realmedia[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@ads.vidsense[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@kontera[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@pornmoviefans[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@adserve.gossipcenter[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@teenmixx[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@****-young[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@dc.tremormedia[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@interclick[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@www.parkteen[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@www.teensporno[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@clickthrough.kanoodle[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@www.porn-o-clock[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@collective-media[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@theclickcheck[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@trafficholder[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@www.long-porn-tube[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@www.teensvidsex[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@yourteenpics[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@specificclick[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@tacoda[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@www.teenbeex[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@specificmedia[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@top5countdown.mevio[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@tsprotraffic[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@at.atwola[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@www.pornshare4u[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@richmedia.yahoo[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@invitemedia[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@nextag[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@bs.serving-sys[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@advertise[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@247realmedia[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@oasn04.247realmedia[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@click.fastpartner[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@****thislady[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@tubexxxmatures[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@tailteens[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@content.yieldmanager[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@content.yieldmanager[3].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@pro-market[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@****ingmoviesonline[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@ads.bridgetrack[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@teenyclips[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@www.icityfind[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@ads.pubmatic[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@girlshardporn[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@www.doppelteens[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@a1.interclick[1].txt

Trojan.Downloader-Gen
C:\MY BACKUP -- 10-03-15 0909AM\WINDOWS\SYSTEM32\TWEXT.EXE

Trojan.Agent/Gen-OnlineGames
C:\TEMP\LAS VEGAS USA CASINO\INSTALL.EXE
 
AV scan part 2...I didn't post it correctly, do you need it as it has detections on it? Should I delete double post of AV scan ? Thanks Bobbye and to all others here in the forum, I'm learning stuff just from reading similar posts!
 
No, please don do another Avast scan now. Looking at the Tracking Cookies in SAS tells me you're running from your backup- is that right? I will mention that some of the kinds of sites you're going to are going to be heavy on malware. The Tracking Cookies can be removed and prevented, but that only one part of it.

Please download ComboFix HERE:
  • With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
    Important! Save the renamed download to your desktop.
  • Please disable all security programs, such as antiviruses, antispywares, and firewalls.
  • Double click on the setup file on the desktop to run
  • If prompted to download and install the Recovery Console, please do so.
    (Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.)
  • If prompted to update, please allow.
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a log.Please include the C:\ComboFix.txt in your next reply.
Notes:

  • 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run.
.
When that has finished, please run this online scan:
Run Eset NOD32 Online AntiVirus Scanner HERE
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the Active X control to install
  • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your Antivirus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

Please note the line in the directions for the online scan that we do NOT want you to check for removal.

Post the Combofix replrt and the Eset log in your next reply.
Please do not visit any porn sites while I am helping clean the system.
 
I went to fast and didn't follow directions for combo fix download...sorry but what shall I do next? Ihaven't run CF because I didn't save it desktop etc. and I'm running on a reinstall I think.
 
I'm using Firefox got it redownloaded to my desk top but still not prompted to a name change, this goes by the name ComboFix(2).exe should I run it?
 
Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg

Now go back to the Combofix instructions and follow carefully.

All the Tracking Cookies are located in "My Backup". All 62 of them have the same time. And the 2 Trojans that were found have same time. All show 10-15-20 indicating some kind of date. It's confusing because if you did a reinstall, it's not the 'backup' any more.
 
I get an error message saying no disc in drive when trying to run combofix, I didn't see anything in your steps to run this program saying to insert disc.
 
Did you do the uninstall first? If so, there shouldn't have been any problem with 'name change'. You're not changing the name, you're giving it a name:

With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
Important! Save the renamed download to your desktop.

If it still won't work, name it monday.exe.
 
You have two antiviruses and two firewalls running:
Avira antivirus
ZoneAlarm Firewall
and a MCAfee Security Suite with AV and firewall

Please decide which you want to keep> one antivirus program, one firewall, and remove the others. Here are tools to help you:
-------------------
McAfee Removal
-------------------
To uninstall Avira:
  • Start> Settings> Control Panel> Add or Remove Programs (Windows 2000/ XP) or Start - Control Panel - Uninstall a program (Windows Vista / 7)
  • Wait for the list of installed programs to load, then click the name of the Avira program.
  • Click Remove next to the program's name (Windows 2000 / XP) or in the menu above the list (Windows Vista / 7).
  • Press Yes, to confirm the removal and then OK.
  • . Click Next until Finish. The software is removed.
-------------------------------------------
To uninstall ZoneAlarm:

  • [1] Go to Control Center> go to the Preferences tab of the Overview panel.
    [2] Clear the check box labeled Load ZoneAlarm at startup.
    [3] Reboot the computer.
    [4] In Windows start menu: Go to Start> Programs> Zone Labs
    [5] Click Uninstall ZoneAlarm.
    [6] During the uninstallation process, you will see a diaglog box titles "This is a security check from the Zone Labs security engine> Click YES in this dialog box.

If you have the full, paid version of McAfee with current subscription, you might want to consider removing the free Avira and free ZoneAlarm if that is the version you have. Having 2 AV programs and 2 firewalls can make you more vulnerable- not less and it can also slow you down.

Please do that while I am preparing the next step.
==========================================
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!! DO NOT make any Registry Changes. And it is recommended that if you are running any Registry editing program, that you either uninstall or disable while we are in the cleaning process
==================================
Instructions posted for this user are customized for phhege only. The tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please start a new thread and follow the preliminary cleaning steps HERE. Attach the logs.
 
After finishing with one antivirus and one firewall removal, continue with this:

The deletion of this one, D:\Autorun.inf suggest you had a possible FlashDrive infection:
Threat Removal Procedure:

  • [1]. Download Flash_Disinfector and save it to your Desktop.
    [2]. After downloading, double-click on Flash_Disinfector to run it.
    [3]. Just follow the prompts and continue until it begin scanning.
    flash-disinfector.jpg

    [4]. If asked to insert your flash drive or any removable device including USB Pen Drive and Memory Stick, please do so.
    [5]. It will scan removable drives, wait for the scan to finish. Done.
==================

  • [1]. Close any open browsers.
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad and copy/paste the text in the code below into it:
Code:
File::
c:\documents and settings\All Users\Application Data\Viewpoint
c:\windows\system32\OOBE\oobebaln.exe
c:\windows\Tasks\ISP signup reminder 2.job
c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
c:\windows\Tasks\ISP signup reminder 3.job
Folder::
c:\program files\Viewpoint

Driver::
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please attach to your next reply.

IF you decided to keep ZoneAlarm, you need to make sure this file c:\windows\system32\zllictbl.dat is set to read only as follows:
Show Hidden Folders/Files
  • Open My Computer.
    [*] Go to Tools > Folder Options.
    [*] Select the View tab.
    [*] Scroll down to Hidden files and folders.
    [*] Select Show hidden files and folders.
    [*] Uncheck (untick) Hide extensions of known file types.
    [*] Uncheck (untick) Hide protected operating system files (Recommended).
    [*] Click Yes when prompted.
    [*] Click OK.
    [*] Close My Computer.


Using Windows Explorer: Windows Key + E, navigate to:
  • C:\ProgramData\CheckPoint\ZoneAlarm\zllictbl.dat
  • Right click on the file> Properties
  • Check the 'read only' box. (leave the hidden box as is)
  • Click apply > OK >
  • Close Windows Explorer> Reboot.

Go back and rehide the files and folders.

Please include a new log from HijackThis with the combofix from above in your next reply.
 
This looks much better! Did you disinfect the flash drive? If you used that to put your backup on the system, that is most likely why the malware seemed to be recurring. The entries in the HijackThis log now are showing as normal entries rather than 'My Backup.'


Please download OTMovit by Old Timer and save to your desktop.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:
    :Processes	
    
    :Services
    
    :Reg
    
    :Files  
    C:\My Backup -- 10-03-15 0909AM\WINDOWS\system32\sdra64.exe
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

An FYI for you: this entry is still loading and running so it means you have not created the system recovery discs. You should go on and do that in case the need come up.
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
Description: HP-specific program that reminds users to create System Recovery CDs. Once they use the Recovery CD Creator (Start -> PC Help & Tools -> Recovery CD Creator) to make the recovery CDs the entry will remove itself from the startup list

You should update the Adobe Reader. You have v7- current is v9.xx and earlier are vulnerabilities.
Visit this Adobe Reader site and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.


Run the Eset online scan once more and if clean, I'll have you remove the cleaning tools and old restore points. Be sure to follow the Flash Disinfector instructions.
 
Flashdrive cleaner has been run, no I don't have one or used one before. As mentioned in post 1 problem with restart...so I threw in OEM CD to get going...(old recovory CD's from 5yr's ago failed) ended up with mybackup stuff so I'm really lost in that department. So that's why some stuff needs updated and or removed like Macfee I uninstalled or so I thought, thanks for all your help. Here are the logs.

View attachment log.txt

View attachment 03232010_121418.txt
 
Nice going! And you got 40MB of 'space' out of it!
Remove all of the tools we used and the files and folders they created
Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg
  • Download OTCleanIt by OldTimer
  • Save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes. If you are prompted to Reboot during the cleanup, select Yes.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
  • Go to Start > All Programs > Accessories > System Tools
  • Click "System Restore".
  • Choose "Create a Restore Point" on the first screen then click "Next".
  • Give the Restore Point a name> click "Create".
  • Go back and follow the path to > System Tools.
    [*]Click "OK" to select the partition or drive you want.
    [*]Click the "More Options" Tab.
    [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


I'm not sure whether your backup files were infected on the source or when you got them back on the system. The following updates are all important so check what you have and update if needed:
[b Updates:
The following updates should be current. If they are not, the system is vulnerable. Please update if needed:

  • windows_media_logo_trans.gif
  • Microsoft Download Site You should get All updates marked Critical and the current SP updates: Windows XP SP3.Vista SP2
    java-icon.gif
  • Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities.
    8196.png
  • Adobe Reader Make sure you have the most current update. Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities.

Please empty the Recycle Bin

Let me know if I can be of further help.
 
In last Eset scan log is this ok?
C:\My Backup -- 10-03-15 0909AM\WINDOWS\system32\sdra64.exe a variant of Win32/Kryptik.CZA trojan 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
removed all tools,files and folders...should I set restore point now?
 
If you look at the bottom of the Eset log, you will see this entry listed again, but with C:\_OTM\MovedFiles. It's out of your system.

Yes, please handle the restore points.

Please follow these simple steps to keep your computer clean and secure:

1.Disable and Enable System Restore: See System Restore Guide This will help you understand what this is, why you need to clean and set restore points and what information is in them.
2.Stay current on updates:previously given
3.Make Internet Explorer safer. Follow the suggestions HERE This Tutorial will help guide you through Configuring Security Settings, Managing Active X Controls and other safety features.
4.Remove Temporary Internet Files regularly: Use ATF Cleaner by Atribune or TFC
5. Use an AntiVirus Software(only one)
See Virus, Spyware, and Malware Protection and Removal Resources

6.Use a good, bi-directional firewall(one software firewall) I recommend either of these software firewalls.- both are free and good:
Comodo or Zone Alarm
7.Consider these programs for Extra Security
  • Spywareblaster: SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
  • IE/Spyad This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
  • Google Toolbar Get the free google toolbar to help stop pop up windows.

If I can be of further assistance, please let me know. .
 
Status
Not open for further replies.
Back