recent find using avg free version...did full system scan 36 viruses or unwanted programs found...prompted to restart but computer refused to get OS running...was able to boot from CD with non destructive start when I hit the R key but that's another thread topic.So most detections seem to be in MYBCKUP. I'll attemp to post log files requested in 8 step removal process.

no pop up window when clickin on manage attachments?

See if there is a paper clip icon for the attachments. If you can't attach, paste the logs it- you might have to do it in 2 replies. a couple of others have mentioned this problem today.

I'll;l check your logs when you get them up.

Once you put the logs up, please don't run any other cleaning programs, Registry changes, etc.

Avira AntiVir Personal
Report file date: Saturday, March 20, 2010 12:00

Scanning for 1878152 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : YOUR-FA4067EFF5

Version information:
BUILD.DAT : 9.0.0.419 21701 Bytes 1/22/2010 18:29:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 15:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 14:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 15:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 14:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 11:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 17:19:25
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 17:21:37
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 17:22:15
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 17:23:15
VBASE005.VDF : 7.10.4.204 2048 Bytes 3/5/2010 17:23:15
VBASE006.VDF : 7.10.4.205 2048 Bytes 3/5/2010 17:23:15
VBASE007.VDF : 7.10.4.206 2048 Bytes 3/5/2010 17:23:15
VBASE008.VDF : 7.10.4.207 2048 Bytes 3/5/2010 17:23:16
VBASE009.VDF : 7.10.4.208 2048 Bytes 3/5/2010 17:23:16
VBASE010.VDF : 7.10.4.209 2048 Bytes 3/5/2010 17:23:16
VBASE011.VDF : 7.10.4.210 2048 Bytes 3/5/2010 17:23:17
VBASE012.VDF : 7.10.4.211 2048 Bytes 3/5/2010 17:23:17
VBASE013.VDF : 7.10.4.242 153088 Bytes 3/8/2010 17:23:23
VBASE014.VDF : 7.10.5.17 99328 Bytes 3/10/2010 17:23:27
VBASE015.VDF : 7.10.5.44 107008 Bytes 3/11/2010 17:23:32
VBASE016.VDF : 7.10.5.69 92672 Bytes 3/12/2010 17:23:36
VBASE017.VDF : 7.10.5.91 119808 Bytes 3/15/2010 17:23:41
VBASE018.VDF : 7.10.5.121 112640 Bytes 3/18/2010 17:03:02
VBASE019.VDF : 7.10.5.138 139776 Bytes 3/18/2010 17:01:09
VBASE020.VDF : 7.10.5.139 2048 Bytes 3/18/2010 17:01:09
VBASE021.VDF : 7.10.5.140 2048 Bytes 3/18/2010 17:01:09
VBASE022.VDF : 7.10.5.141 2048 Bytes 3/18/2010 17:01:13
VBASE023.VDF : 7.10.5.142 2048 Bytes 3/18/2010 17:01:17
VBASE024.VDF : 7.10.5.143 2048 Bytes 3/18/2010 17:01:17
VBASE025.VDF : 7.10.5.144 2048 Bytes 3/18/2010 17:01:18
VBASE026.VDF : 7.10.5.145 2048 Bytes 3/18/2010 17:01:19
VBASE027.VDF : 7.10.5.146 2048 Bytes 3/18/2010 17:01:20
VBASE028.VDF : 7.10.5.147 2048 Bytes 3/18/2010 17:01:21
VBASE029.VDF : 7.10.5.148 2048 Bytes 3/18/2010 17:02:22
VBASE030.VDF : 7.10.5.149 2048 Bytes 3/18/2010 17:02:23
VBASE031.VDF : 7.10.5.154 38912 Bytes 3/19/2010 17:02:25
Engineversion : 8.2.1.196
AEVDF.DLL : 8.1.1.3 106868 Bytes 3/16/2010 17:25:41
AESCRIPT.DLL : 8.1.3.18 1024378 Bytes 3/17/2010 17:44:47
AESCN.DLL : 8.1.5.0 127347 Bytes 3/16/2010 17:25:26
AESBX.DLL : 8.1.2.1 254323 Bytes 3/17/2010 17:44:57
AERDL.DLL : 8.1.4.3 541043 Bytes 3/17/2010 17:44:18
AEPACK.DLL : 8.2.1.1 426358 Bytes 3/19/2010 17:02:42
AEOFFICE.DLL : 8.1.0.41 201083 Bytes 3/17/2010 17:43:59
AEHEUR.DLL : 8.1.1.13 2470262 Bytes 3/17/2010 17:43:50
AEHELP.DLL : 8.1.10.2 237941 Bytes 3/17/2010 17:41:38
AEGEN.DLL : 8.1.3.2 373108 Bytes 3/19/2010 17:02:32
AEEMU.DLL : 8.1.1.0 393587 Bytes 11/8/2009 11:38:26
AECORE.DLL : 8.1.12.3 188789 Bytes 3/17/2010 17:40:28
AEBB.DLL : 8.1.0.3 53618 Bytes 11/8/2009 11:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 12:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 8/26/2009 19:14:02
AVREP.DLL : 8.0.0.7 159784 Bytes 3/16/2010 17:26:18
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 14:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 19:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 14:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 19:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 12:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 14:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 19:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 10/13/2009 16:25:47

Configuration settings for the scan:
Jobname.............................: Local Hard Disks
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\alldiscs.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Saturday, March 20, 2010 12:00

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'PRISMXL.SYS' - '1' Module(s) have been scanned
Scan process 'ForceField.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ISWSVC.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
28 processes with 28 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Avira AntiVir Personal
Report file date: Saturday, March 20, 2010 12:00

Scanning for 1878152 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : YOUR-FA4067EFF5

Version information:
BUILD.DAT : 9.0.0.419 21701 Bytes 1/22/2010 18:29:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 15:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 14:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 15:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 14:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 11:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 17:19:25
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 17:21:37
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 17:22:15
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 17:23:15
VBASE005.VDF : 7.10.4.204 2048 Bytes 3/5/2010 17:23:15
VBASE006.VDF : 7.10.4.205 2048 Bytes 3/5/2010 17:23:15
VBASE007.VDF : 7.10.4.206 2048 Bytes 3/5/2010 17:23:15
VBASE008.VDF : 7.10.4.207 2048 Bytes 3/5/2010 17:23:16
VBASE009.VDF : 7.10.4.208 2048 Bytes 3/5/2010 17:23:16
VBASE010.VDF : 7.10.4.209 2048 Bytes 3/5/2010 17:23:16
VBASE011.VDF : 7.10.4.210 2048 Bytes 3/5/2010 17:23:17
VBASE012.VDF : 7.10.4.211 2048 Bytes 3/5/2010 17:23:17
VBASE013.VDF : 7.10.4.242 153088 Bytes 3/8/2010 17:23:23
VBASE014.VDF : 7.10.5.17 99328 Bytes 3/10/2010 17:23:27
VBASE015.VDF : 7.10.5.44 107008 Bytes 3/11/2010 17:23:32
VBASE016.VDF : 7.10.5.69 92672 Bytes 3/12/2010 17:23:36
VBASE017.VDF : 7.10.5.91 119808 Bytes 3/15/2010 17:23:41
VBASE018.VDF : 7.10.5.121 112640 Bytes 3/18/2010 17:03:02
VBASE019.VDF : 7.10.5.138 139776 Bytes 3/18/2010 17:01:09
VBASE020.VDF : 7.10.5.139 2048 Bytes 3/18/2010 17:01:09
VBASE021.VDF : 7.10.5.140 2048 Bytes 3/18/2010 17:01:09
VBASE022.VDF : 7.10.5.141 2048 Bytes 3/18/2010 17:01:13
VBASE023.VDF : 7.10.5.142 2048 Bytes 3/18/2010 17:01:17
VBASE024.VDF : 7.10.5.143 2048 Bytes 3/18/2010 17:01:17
VBASE025.VDF : 7.10.5.144 2048 Bytes 3/18/2010 17:01:18
VBASE026.VDF : 7.10.5.145 2048 Bytes 3/18/2010 17:01:19
VBASE027.VDF : 7.10.5.146 2048 Bytes 3/18/2010 17:01:20
VBASE028.VDF : 7.10.5.147 2048 Bytes 3/18/2010 17:01:21
VBASE029.VDF : 7.10.5.148 2048 Bytes 3/18/2010 17:02:22
VBASE030.VDF : 7.10.5.149 2048 Bytes 3/18/2010 17:02:23
VBASE031.VDF : 7.10.5.154 38912 Bytes 3/19/2010 17:02:25
Engineversion : 8.2.1.196
AEVDF.DLL : 8.1.1.3 106868 Bytes 3/16/2010 17:25:41
AESCRIPT.DLL : 8.1.3.18 1024378 Bytes 3/17/2010 17:44:47
AESCN.DLL : 8.1.5.0 127347 Bytes 3/16/2010 17:25:26
AESBX.DLL : 8.1.2.1 254323 Bytes 3/17/2010 17:44:57
AERDL.DLL : 8.1.4.3 541043 Bytes 3/17/2010 17:44:18
AEPACK.DLL : 8.2.1.1 426358 Bytes 3/19/2010 17:02:42
AEOFFICE.DLL : 8.1.0.41 201083 Bytes 3/17/2010 17:43:59
AEHEUR.DLL : 8.1.1.13 2470262 Bytes 3/17/2010 17:43:50
AEHELP.DLL : 8.1.10.2 237941 Bytes 3/17/2010 17:41:38
AEGEN.DLL : 8.1.3.2 373108 Bytes 3/19/2010 17:02:32
AEEMU.DLL : 8.1.1.0 393587 Bytes 11/8/2009 11:38:26
AECORE.DLL : 8.1.12.3 188789 Bytes 3/17/2010 17:40:28
AEBB.DLL : 8.1.0.3 53618 Bytes 11/8/2009 11:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 12:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 8/26/2009 19:14:02
AVREP.DLL : 8.0.0.7 159784 Bytes 3/16/2010 17:26:18
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 14:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 19:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 14:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 19:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 12:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 14:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 19:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 10/13/2009 16:25:47

Configuration settings for the scan:
Jobname.............................: Local Hard Disks
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\alldiscs.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Saturday, March 20, 2010 12:00

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'PRISMXL.SYS' - '1' Module(s) have been scanned
Scan process 'ForceField.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ISWSVC.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
28 processes with 28 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:03:16 PM, on 3/20/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [Gateway Extended Warranty] "C:\Program Files\Gateway\GWCares\GWCares.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1268712555593
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5770 bytes

Okay- I'll work with all 3 logs when you get the other 2 up. Don't need another AV scan.

Scan type: Quick Scan
Objects scanned: 112428
Time elapsed: 4 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/20/2010 at 03:26 PM

Application Version : 4.34.1000

Core Rules Database Version : 4702
Trace Rules Database Version: 2514

Scan type : Quick Scan
Total Scan Time : 00:35:44

Memory items scanned : 436
Memory threats detected : 0
Registry items scanned : 423
Registry threats detected : 0
File items scanned : 23223
File threats detected : 62

Adware.Tracking Cookie
C:\My Backup -- 10-03-15 0909AM\Documents and Settings\Owner\Cookies\owner@bestgirlxxx[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@gotacha.rotator.hadj7.adjuggler[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@youpornmovs[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@adserver.adtechus[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@cdn4.specificclick[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@adprotraffic[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@tribalfusion[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@www.rv-finder[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@rv-finder[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@serving-sys[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@2o7[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@realmedia[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@ads.vidsense[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@kontera[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@pornmoviefans[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@adserve.gossipcenter[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@teenmixx[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@****-young[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@dc.tremormedia[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@interclick[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@www.parkteen[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@www.teensporno[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@clickthrough.kanoodle[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@www.porn-o-clock[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@collective-media[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@theclickcheck[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@trafficholder[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@www.long-porn-tube[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@www.teensvidsex[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@yourteenpics[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@specificclick[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@tacoda[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@www.teenbeex[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@specificmedia[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@top5countdown.mevio[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@tsprotraffic[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@at.atwola[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@www.pornshare4u[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@richmedia.yahoo[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@invitemedia[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@nextag[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@bs.serving-sys[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@advertise[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@247realmedia[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@oasn04.247realmedia[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@click.fastpartner[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@****thislady[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@tubexxxmatures[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@tailteens[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@content.yieldmanager[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@content.yieldmanager[3].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@pro-market[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@****ingmoviesonline[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@ads.bridgetrack[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@teenyclips[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@www.icityfind[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@ads.pubmatic[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@girlshardporn[2].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@www.doppelteens[1].txt
C:\My Backup -- 10-03-15 0909AM\WINDOWS\Temp\Cookies\owner@a1.interclick[1].txt

Trojan.Downloader-Gen
C:\MY BACKUP -- 10-03-15 0909AM\WINDOWS\SYSTEM32\TWEXT.EXE

Trojan.Agent/Gen-OnlineGames
C:\TEMP\LAS VEGAS USA CASINO\INSTALL.EXE

AV scan part 2...I didn't post it correctly, do you need it as it has detections on it? Should I delete double post of AV scan ? Thanks Bobbye and to all others here in the forum, I'm learning stuff just from reading similar posts!

No, please don do another Avast scan now. Looking at the Tracking Cookies in SAS tells me you're running from your backup- is that right? I will mention that some of the kinds of sites you're going to are going to be heavy on malware. The Tracking Cookies can be removed and prevented, but that only one part of it.

Please download ComboFix HERE:

• With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
  Important! Save the renamed download to your desktop.
  
• Please disable all security programs, such as antiviruses, antispywares, and firewalls.
  
• Double click on the setup file on the desktop to run
• If prompted to download and install the Recovery Console, please do so.
  (Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.)
• If prompted to update, please allow.
• Click on Yes, to continue scanning for malware.
• When finished, it will produce a log.Please include the C:\ComboFix.txt in your next reply.

Notes:

• 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  2. ComboFix may reset a number of Internet Explorer's settings.
  3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security.
  4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run.

.
When that has finished, please run this online scan:
Run Eset NOD32 Online AntiVirus Scanner HERE

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the Active X control to install
• Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
• Click Scan
• Wait for the scan to finish
• Re-enable your Antivirus software.
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

Please note the line in the directions for the online scan that we do NOT want you to check for removal.

Post the Combofix replrt and the Eset log in your next reply.
Please do not visit any porn sites while I am helping clean the system.

I went to fast and didn't follow directions for combo fix download...sorry but what shall I do next? Ihaven't run CF because I didn't save it desktop etc. and I'm running on a reinstall I think.

I'm using Firefox got it redownloaded to my desk top but still not prompted to a name change, this goes by the name ComboFix(2).exe should I run it?

Uninstall ComboFix and all Backups of the files it deleted

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  

Now go back to the Combofix instructions and follow carefully.

All the Tracking Cookies are located in "My Backup". All 62 of them have the same time. And the 2 Trojans that were found have same time. All show 10-15-20 indicating some kind of date. It's confusing because if you did a reinstall, it's not the 'backup' any more.

I get an error message saying no disc in drive when trying to run combofix, I didn't see anything in your steps to run this program saying to insert disc.

got that problem solved w/combofix but now it dislikes name change...huum

Did you do the uninstall first? If so, there shouldn't have been any problem with 'name change'. You're not changing the name, you're giving it a name:

If it still won't work, name it monday.exe.

here are the log filesComboFix.txt

log.txt

You have two antiviruses and two firewalls running:
Avira antivirus
ZoneAlarm Firewall
and a MCAfee Security Suite with AV and firewall
Please decide which you want to keep> one antivirus program, one firewall, and remove the others. Here are tools to help you:
-------------------
McAfee Removal
-------------------
To uninstall Avira:

• Start> Settings> Control Panel> Add or Remove Programs (Windows 2000/ XP) or Start - Control Panel - Uninstall a program (Windows Vista / 7)
• Wait for the list of installed programs to load, then click the name of the Avira program.
• Click Remove next to the program's name (Windows 2000 / XP) or in the menu above the list (Windows Vista / 7).
• Press Yes, to confirm the removal and then OK.
• . Click Next until Finish. The software is removed.

-------------------------------------------
To uninstall ZoneAlarm:

• [1] Go to Control Center> go to the Preferences tab of the Overview panel.
  [2] Clear the check box labeled Load ZoneAlarm at startup.
  [3] Reboot the computer.
  [4] In Windows start menu: Go to Start> Programs> Zone Labs
  [5] Click Uninstall ZoneAlarm.
  [6] During the uninstallation process, you will see a diaglog box titles "This is a security check from the Zone Labs security engine> Click YES in this dialog box.

If you have the full, paid version of McAfee with current subscription, you might want to consider removing the free Avira and free ZoneAlarm if that is the version you have. Having 2 AV programs and 2 firewalls can make you more vulnerable- not less and it can also slow you down.

Please do that while I am preparing the next step.
==========================================
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!! DO NOT make any Registry Changes. And it is recommended that if you are running any Registry editing program, that you either uninstall or disable while we are in the cleaning process
==================================
Instructions posted for this user are customized for phhege only. The tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please start a new thread and follow the preliminary cleaning steps HERE. Attach the logs.

After finishing with one antivirus and one firewall removal, continue with this:

The deletion of this one, D:\Autorun.inf suggest you had a possible FlashDrive infection:
Threat Removal Procedure:

• [1]. Download Flash_Disinfector and save it to your Desktop.
  [2]. After downloading, double-click on Flash_Disinfector to run it.
  [3]. Just follow the prompts and continue until it begin scanning.
  
  [4]. If asked to insert your flash drive or any removable device including USB Pen Drive and Memory Stick, please do so.
  [5]. It will scan removable drives, wait for the scan to finish. Done.

==================

• [1]. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad and copy/paste the text in the code below into it:

Save this as CFScript.txt, in the same location as ComboFix.exe


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please attach to your next reply.

IF you decided to keep ZoneAlarm, you need to make sure this file c:\windows\system32\zllictbl.dat is set to read only as follows:
Show Hidden Folders/Files

• Open [b]My Computer.
• Go to Tools > Folder Options.
• Select the View tab.
• Scroll down to Hidden files and folders.
• Select Show hidden files and folders.
• Uncheck (untick) Hide extensions of known file types.
• Uncheck (untick) Hide protected operating system files (Recommended).
• Click Yes when prompted.
• Click OK.
• Close My Computer.

Using Windows Explorer: Windows Key + E, navigate to:

• C:\ProgramData\CheckPoint\ZoneAlarm\zllictbl.dat
• Right click on the file> Properties
• Check the 'read only' box. (leave the hidden box as is)
• Click apply > OK >
• Close Windows Explorer> Reboot.

Go back and rehide the files and folders.

Please include a new log from HijackThis with the combofix from above in your next reply.

Here are the logs

hijackthis.txt

ComboFix.txt