Resolved Infected with win32/zbot.g & vbs generic virus

[Bobbye]

Rob, I need a virus scan. If you can get on line, please run the Eset scan. If you cannot, do a scan with AVG and post it. I am concerned that you may have one of file infectors that we consider incurable- maybe Ramnit.

The js entries that continue to be made, even after removal of some, does not bode well.

 

[rob3000]

Ok, I will try to do a virus scan at the weekend.

I don't think I will be using AVG after this problem is resolved, can you recommend any good Anti Virus software? It can be a free version or one I pay for.

 

[Bobbye]

Both of the following antivirus programs are free and known to be good:
[o]Avira-AntiVir-Personal-Free-Antivirus
[o]Avast Free Version
Please reboot the system after the installation is complete.

 

[rob3000]

I couldn't do the online virus check but installed Avira and did a scan with that. There were over 1300 detections, most of which are associated with a game I used to play on my D drive. I quarantined and fixed the problems it found but I am happy to delete anything you feel is necessary. The log is very long, 682866 characters which is going to take about 14 posts so I have not pasted a lot of stuff that seems to be duplicated to do with the football manager game that gives this message [DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus, and also the associated disinfection message




Avira AntiVir Personal
Report file date: 26 February 2011 16:03

Scanning for 2437318 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : Mark's Pc
Computer name : NOVA

Version information:
BUILD.DAT : 10.0.0.611 31824 Bytes 14/01/2011 13:42:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 10/01/2011 14:23:31
AVSCAN.DLL : 10.0.3.0 46440 Bytes 01/04/2010 12:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 10/01/2011 14:23:40
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 23:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 09:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 14:23:50
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09/02/2011 15:59:28
VBASE003.VDF : 7.11.3.1 2048 Bytes 09/02/2011 15:59:28
VBASE004.VDF : 7.11.3.2 2048 Bytes 09/02/2011 15:59:28
VBASE005.VDF : 7.11.3.3 2048 Bytes 09/02/2011 15:59:28
VBASE006.VDF : 7.11.3.4 2048 Bytes 09/02/2011 15:59:28
VBASE007.VDF : 7.11.3.5 2048 Bytes 09/02/2011 15:59:29
VBASE008.VDF : 7.11.3.6 2048 Bytes 09/02/2011 15:59:29
VBASE009.VDF : 7.11.3.7 2048 Bytes 09/02/2011 15:59:29
VBASE010.VDF : 7.11.3.8 2048 Bytes 09/02/2011 15:59:29
VBASE011.VDF : 7.11.3.9 2048 Bytes 09/02/2011 15:59:29
VBASE012.VDF : 7.11.3.10 2048 Bytes 09/02/2011 15:59:29
VBASE013.VDF : 7.11.3.59 157184 Bytes 14/02/2011 15:59:29
VBASE014.VDF : 7.11.3.97 120320 Bytes 16/02/2011 15:59:29
VBASE015.VDF : 7.11.3.148 128000 Bytes 19/02/2011 15:59:30
VBASE016.VDF : 7.11.3.183 140288 Bytes 22/02/2011 15:59:30
VBASE017.VDF : 7.11.3.216 124416 Bytes 24/02/2011 15:59:30
VBASE018.VDF : 7.11.3.217 2048 Bytes 24/02/2011 15:59:30
VBASE019.VDF : 7.11.3.218 2048 Bytes 24/02/2011 15:59:30
VBASE020.VDF : 7.11.3.219 2048 Bytes 24/02/2011 15:59:31
VBASE021.VDF : 7.11.3.220 2048 Bytes 24/02/2011 15:59:31
VBASE022.VDF : 7.11.3.221 2048 Bytes 24/02/2011 15:59:31
VBASE023.VDF : 7.11.3.222 2048 Bytes 24/02/2011 15:59:31
VBASE024.VDF : 7.11.3.223 2048 Bytes 24/02/2011 15:59:31
VBASE025.VDF : 7.11.3.224 2048 Bytes 24/02/2011 15:59:31
VBASE026.VDF : 7.11.3.225 2048 Bytes 24/02/2011 15:59:31
VBASE027.VDF : 7.11.3.226 2048 Bytes 24/02/2011 15:59:31
VBASE028.VDF : 7.11.3.227 2048 Bytes 24/02/2011 15:59:31
VBASE029.VDF : 7.11.3.228 2048 Bytes 24/02/2011 15:59:31
VBASE030.VDF : 7.11.3.229 2048 Bytes 24/02/2011 15:59:31
VBASE031.VDF : 7.11.3.240 62976 Bytes 25/02/2011 15:59:31
Engineversion : 8.2.4.176
AEVDF.DLL : 8.1.2.1 106868 Bytes 10/01/2011 14:23:26
AESCRIPT.DLL : 8.1.3.55 1282426 Bytes 26/02/2011 15:59:36
AESCN.DLL : 8.1.7.2 127349 Bytes 10/01/2011 14:23:26
AESBX.DLL : 8.1.3.2 254324 Bytes 10/01/2011 14:23:26
AERDL.DLL : 8.1.9.2 635252 Bytes 10/01/2011 14:23:25
AEPACK.DLL : 8.2.4.10 520567 Bytes 26/02/2011 15:59:35
AEOFFICE.DLL : 8.1.1.16 205179 Bytes 26/02/2011 15:59:35
AEHEUR.DLL : 8.1.2.81 3314038 Bytes 26/02/2011 15:59:35
AEHELP.DLL : 8.1.16.1 246134 Bytes 26/02/2011 15:59:33
AEGEN.DLL : 8.1.5.2 397683 Bytes 26/02/2011 15:59:32
AEEMU.DLL : 8.1.3.0 393589 Bytes 10/01/2011 14:23:18
AECORE.DLL : 8.1.19.2 196983 Bytes 26/02/2011 15:59:32
AEBB.DLL : 8.1.1.0 53618 Bytes 10/01/2011 14:23:18
AVWINLL.DLL : 10.0.0.0 19304 Bytes 10/01/2011 14:23:32
AVPREF.DLL : 10.0.0.0 44904 Bytes 10/01/2011 14:23:30
AVREP.DLL : 10.0.0.8 62209 Bytes 17/06/2010 14:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 10/01/2011 14:23:31
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 10/01/2011 14:23:31
AVARKT.DLL : 10.0.22.6 231784 Bytes 10/01/2011 14:23:27
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 10/01/2011 14:23:28
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 14:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 10/01/2011 14:23:31
NETNT.DLL : 10.0.0.0 11624 Bytes 17/06/2010 14:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 13:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 10/01/2011 14:23:52

Configuration settings for the scan:
Jobname.............................: Manual Selection
Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\PROFILES\folder.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: D:, A:, C:, E:, F:, G:, H:, I:, J:, K:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: 26 February 2011 16:03

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'NclRSSrv.exe' - '1' Module(s) have been scanned
Scan process 'NclUSBSrv.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'ServiceLayer.exe' - '1' Module(s) have been scanned
Scan process 'CALMAIN.exe' - '1' Module(s) have been scanned
Scan process 'TomTomHOMEService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nokiaaserver.exe' - '1' Module(s) have been scanned
Scan process 'SPUVolumeWatcher.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'NokiaOviSuite.exe' - '1' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'NokiaMServer.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
Master boot sector HD5
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'A:\'
[INFO] In the drive 'A:\' no data medium is inserted!
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!
Boot sector 'G:\'
[INFO] In the drive 'G:\' no data medium is inserted!
Boot sector 'H:\'
[INFO] In the drive 'H:\' no data medium is inserted!
Boot sector 'I:\'
[INFO] In the drive 'I:\' no data medium is inserted!
Boot sector 'K:\'
[INFO] In the drive 'K:\' no data medium is inserted!

Starting to scan executable files (registry).
The registry was scanned ( '1699' files ).


Starting the file scan:

Begin scan in 'D:\' <My Documents>
D:\Games\SteamApps\common\football manager 2009\data\help\pc\czech\affiliate_club.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
D:\Games\SteamApps\common\football manager 2009\data\help\pc\czech\awards.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
D:\Games\SteamApps\common\football manager 2009\data\help\pc\czech\calendar.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
D:\Games\SteamApps\common\football manager 2009\data\help\pc\czech\club_info.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
D:\Games\SteamApps\common\football manager 2009\data\help\pc\czech\community_info.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
D:\Games\SteamApps\common\football manager 2009\data\help\pc\czech\competition_news.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
D:\Games\SteamApps\common\football manager 2009\data\help\pc\czech\confidence.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
D:\Games\SteamApps\common\football manager 2009\data\help\pc\czech\create_profile.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
D:\Games\SteamApps\common\football manager 2009\data\help\pc\czech\detail_level.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
D:\Games\SteamApps\common\football manager 2009\data\help\pc\czech\dev_credits.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
D:\Games\SteamApps\common\football manager 2009\data\help\pc\czech\finances.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
D:\Games\SteamApps\common\football manager 2009\data\help\pc\czech\fixtures.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
D:\Games\SteamApps\common\football manager 2009\data\help\pc\czech\fixtures_results.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
D:\Games\SteamApps\common\football manager 2009\data\help\pc\czech\form.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
D:\Games\SteamApps\common\football manager 2009\data\help\pc\czech\glossary.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
D:\Games\SteamApps\common\football manager 2009\data\help\pc\czech\history_club.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
D:\Games\SteamApps\common\football manager 2009\data\help\pc\czech\history_league.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
D:\Games\SteamApps\common\football manager 2009\data\help\pc\czech\intro.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
D:\Games\SteamApps\common\football manager 2009\data\help\pc\czech\job_centre.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
D:\Games\SteamApps\common\football manager 2009\data\help\pc\czech\job_security.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
D:\Games\SteamApps\common\football manager 2009\data\help\pc\czech\league_comp.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
D:\Games\SteamApps\common\football manager 2009\data\help\pc\czech\make_an_offer.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
Begin scan in 'A:\'
Search path A:\ could not be opened!
System error [21]: The device is not ready.
Begin scan in 'C:\' <Windows>
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinProlacop.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinProlacop1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\27\6e1825b-276553be
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/OpenConnect.AL Java virus
--> Rleh/Fhtagn.class
[DETECTION] Contains recognition pattern of the JAVA/OpenConnect.AL Java virus
C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\57\5e02bcf9-6d61aec2
[DETECTION] Is the TR/Meredrop.A.3342 Trojan
C:\Documents and Settings\Mark's Pc\Application Data\Sun\Java\Deployment\cache\6.0\19\16f80713-72964452
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/OpenConnect.CF Java virus
--> bpac/a.class
[DETECTION] Contains recognition pattern of the JAVA/OpenConnect.CF Java virus
C:\Documents and Settings\Mark's Pc\Application Data\Sun\Java\Deployment\cache\6.0\30\16715d5e-7c43678c
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/OpenConnect.AL Java virus
--> Rleh/Fhtagn.class
[DETECTION] Contains recognition pattern of the JAVA/OpenConnect.AL Java virus
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\15\747d068f-751310d7
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/OpenConnect.AL Java virus
--> Rleh/Fhtagn.class
[DETECTION] Contains recognition pattern of the JAVA/OpenConnect.AL Java virus
C:\Program Files\Safari\Safari.resources\NetworkDiagnosticsErrorPage.html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Program Files\Safari\Safari.resources\ServerNotFoundErrorPage.html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Program Files\Safari\Safari.resources\StandardErrorPage.html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Program Files\Windows Live\Mail\Stationery\Bamboo.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Program Files\Windows Live\Mail\Stationery\Drawing.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Qoobox\Quarantine\C\Documents and Settings\Mark's Pc\Application Data\Mozilla\Firefox\Profiles\u7u54s3s.default\extensions\{5fd6afe3-d2e0-4cfd-ac33-60885246ce04}\chrome\xulcache.jar.vir
[0] Archive type: ZIP
[DETECTION] Is the TR/Spy.B.1 Trojan
--> content/overlay.xul
[DETECTION] Is the TR/Spy.B.1 Trojan
Begin scan in 'D:\' <My Documents>
D:\Games\SteamApps\common\football manager 2009\data\help\pc\czech\affiliate_club.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
D:\Games\SteamApps\common\football manager 2009\data\help\pc\czech\awards.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
D:\Games\SteamApps\common\football manager 2009\data\help\pc\czech\calendar.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
D:\Games\SteamApps\common\football manager 2009\data\help\pc\czech\club_info.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
D:\Games\SteamApps\common\football manager 2009\data\help\pc\czech\community_info.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
D:\Games\SteamApps\common\football manager 2009\data\help\pc\czech\competition_news.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
D:\Games\SteamApps\common\football manager 2009\data\help\pc\czech\confidence.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
D:\Games\SteamApps\common\football manager 2009\data\help\pc\czech\create_profile.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
D:\Games\SteamApps\common\football manager 2009\data\help\pc\czech\detail_level.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
D:\Games\SteamApps\common\football manager 2009\data\help\pc\czech\dev_credits.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
D:\Games\SteamApps\common\football manager 2009\data\help\pc\czech\finances.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
D:\Games\SteamApps\common\football manager 2009\data\help\pc\czech\fixtures.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
D:\Games\SteamApps\common\football manager 2009\data\help\pc\czech\fixtures_results.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
D:\Games\SteamApps\common\football manager 2009\data\help\pc\czech\form.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
D:\Games\SteamApps\common\football manager 2009\data\help\pc\czech\glossary.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
D:\Games\SteamApps\common\football manager 2009\data\help\pc\czech\history_club.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
D:\Games\SteamApps\common\football manager 2009\data\help\pc\czech\history_league.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
D:\Games\SteamApps\common\football manager 2009\data\help\pc\czech\intro.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
Begin scan in 'E:\' <Backup>
Begin scan in 'F:\'
Begin scan in 'G:\'
Search path G:\ could not be opened!
System error [21]: The device is not ready.
Begin scan in 'H:\'
Search path H:\ could not be opened!
System error [21]: The device is not ready.
Begin scan in 'I:\'
Search path I:\ could not be opened!
System error [21]: The device is not ready.
Begin scan in 'J:\'
Search path J:\ could not be opened!
System error [21]: The device is not ready.
Begin scan in 'K:\'
Search path K:\ could not be opened!
System error [21]: The device is not ready.

Beginning disinfection:
C:\Qoobox\Quarantine\C\Documents and Settings\Mark's Pc\Application Data\Mozilla\Firefox\Profiles\u7u54s3s.default\extensions\{5fd6afe3-d2e0-4cfd-ac33-60885246ce04}\chrome\xulcache.jar.vir
[DETECTION] Is the TR/Spy.B.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4e18949f.qua'.
C:\Program Files\Windows Live\Mail\Stationery\Drawing.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '5690bb35.qua'.
C:\Program Files\Windows Live\Mail\Stationery\Bamboo.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '04d3fe2c.qua'.
C:\Program Files\Safari\Safari.resources\StandardErrorPage.html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '62f8ae1d.qua'.
C:\Program Files\Safari\Safari.resources\ServerNotFoundErrorPage.html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '276d9cdc.qua'.
C:\Program Files\Safari\Safari.resources\NetworkDiagnosticsErrorPage.html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '5870aebd.qua'.
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\15\747d068f-751310d7
[DETECTION] Contains recognition pattern of the JAVA/OpenConnect.AL Java virus
[NOTE] The file was moved to the quarantine directory under the name '14b582c7.qua'.
C:\Documents and Settings\Mark's Pc\Application Data\Sun\Java\Deployment\cache\6.0\30\16715d5e-7c43678c
[DETECTION] Contains recognition pattern of the JAVA/OpenConnect.AL Java virus
[NOTE] The file was moved to the quarantine directory under the name '68adc295.qua'.
C:\Documents and Settings\Mark's Pc\Application Data\Sun\Java\Deployment\cache\6.0\19\16f80713-72964452
[DETECTION] Contains recognition pattern of the JAVA/OpenConnect.CF Java virus
[NOTE] The file was moved to the quarantine directory under the name '4598edd8.qua'.
C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\57\5e02bcf9-6d61aec2
[DETECTION] Is the TR/Meredrop.A.3342 Trojan
[NOTE] The file was moved to the quarantine directory under the name '5ca6d671.qua'.
C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\27\6e1825b-276553be
[DETECTION] Contains recognition pattern of the JAVA/OpenConnect.AL Java virus
[NOTE] The file was moved to the quarantine directory under the name '30f9fa41.qua'.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinProlacop1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to the quarantine directory under the name '410dc3d0.qua'.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinProlacop.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to the quarantine directory under the name '4f17f317.qua'.
D:\Games\SteamApps\common\football manager 2009\data\help\pc\swedish\world.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '0a3295ac.qua'.
D:\Games\SteamApps\common\football manager 2009\data\help\pc\swedish\transfer_centre.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '03289104.qua'.
D:\Games\SteamApps\common\football manager 2009\data\help\pc\swedish\transfers.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '5b69886d.qua'.
D:\Games\SteamApps\common\football manager 2009\data\help\pc\swedish\training_overview.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '779df1a1.qua'.
D:\Games\SteamApps\common\football manager 2009\data\help\pc\swedish\training_coaches.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '4963917b.qua'.
D:\Games\SteamApps\common\football manager 2009\data\help\pc\swedish\team_talks.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '2a6da5f5.qua'.
D:\Games\SteamApps\common\football manager 2009\data\help\pc\swedish\team_stats.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '0ca5e5e8.qua'.
D:\Games\SteamApps\common\football manager 2009\data\help\pc\swedish\tactics.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '3e379e41.qua'.
D:\Games\SteamApps\common\football manager 2009\data\help\pc\swedish\start_screen.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '3474aac0.qua'.
D:\Games\SteamApps\common\football manager 2009\data\help\pc\swedish\set_transfer_status.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '0b30d177.qua'.
D:\Games\SteamApps\common\football manager 2009\data\help\pc\swedish\search_shortlist.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '750bdd50.qua'.
D:\Games\SteamApps\common\football manager 2009\data\help\pc\swedish\search_scouting.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '2073d99b.qua'.
D:\Games\SteamApps\common\football manager 2009\data\help\pc\swedish\scout_reports.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '2df7a8b1.qua'.
D:\Games\SteamApps\common\football manager 2009\data\help\pc\swedish\res_credits.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '31aebcba.qua'.
D:\Games\SteamApps\common\football manager 2009\data\help\pc\swedish\profile.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '0079ee87.qua'.
D:\Games\SteamApps\common\football manager 2009\data\help\pc\swedish\press_conferences.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '6c39fab1.qua'.
D:\Games\SteamApps\common\football manager 2009\data\help\pc\swedish\preferences.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '25a3dfb6.qua'.
D:\Games\SteamApps\common\football manager 2009\data\help\pc\swedish\player_stats.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '7e32d76d.qua'.
D:\Games\SteamApps\common\football manager 2009\data\help\pc\swedish\player_interaction.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '1880db84.qua'.
D:\Games\SteamApps\common\football manager 2009\data\help\pc\swedish\player.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '4f0ea92c.qua'.
D:\Games\SteamApps\common\football manager 2009\data\help\pc\swedish\personal.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '6d6fe1a1.qua'.
D:\Games\SteamApps\common\football manager 2009\data\help\pc\swedish\options.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '057984ca.qua'.
D:\Games\SteamApps\common\football manager 2009\data\help\pc\swedish\offer_to_clubs.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '251d9fb5.qua'.
D:\Games\SteamApps\common\football manager 2009\data\help\pc\swedish\notebook.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '702bc6f8.qua'.
D:\Games\SteamApps\common\football manager 2009\data\help\pc\swedish\new_game.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '1136f8be.qua'.
D:\Games\SteamApps\common\football manager 2009\data\help\pc\swedish\news.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '749aba35.qua'.
D:\Games\SteamApps\common\football manager 2009\data\help\pc\swedish\match_preview.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '1170ce90.qua'.
D:\Games\SteamApps\common\football manager 2009\data\help\pc\swedish\match_day.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '0294f203.qua'.
D:\Games\SteamApps\common\football manager 2009\data\help\pc\swedish\manager_snapshot.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The registration for this file was not remedied due to too many multiple detections. For a more exact analysis, please send us this file via Quarantine manager for closer examination.
[NOTE] The file was moved to the quarantine directory under the name '10278ebe.qua'.




End of the scan: 26 February 2011 16:52
Used time: 44:33 Minute(s)

The scan has been done completely.

11432 Scanned directories
226229 Files were scanned
1303 Viruses and/or unwanted programs were found
2 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
659 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
224924 Files not concerned
2092 Archives were scanned
0 Warnings
659 Notes

 

[Bobbye]

I wouldn't worry about the Avira findings. Looks like anything suspecious was quarantined. The entry in Qoobox is where Combofix put the quarantined entries> it is not active on the system.

Can you please refresh me on why you weren't able to do the online virus scan?
==================================
I'd like to see if we can identify any of these mysters js entries:

Please go to VirSCAN.org FREE on-line scan service:
If busy, you can use one of the following: ( you only need one)
VirusTotal
Jotti

• 
  [1]. Copy and pasteeach of the following file path (one at a time) into the Suspicious files to scan box on the top of the page.
  
  

  c:\documents and settings\NetworkService\Application Data\yIDmxJFVnQ.js
  
  c:\windows\system32\345.js
  
  c:\documents and settings\Mark's Pc\Application Data\sr8Mi6GZ.js

  [2]. At the upload site, click once inside the window next to Browse.
  [3]. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
  [4]. Click on the Upload button.
  This will perform a scan across multiple different virus scanning engines.
  Your file will possibly be entered into a queue which normally takes less than a minute to clear.
  Note: If you see a notice that a more current identification is available, click on that
  Important: Wait for all of the scanning engines to complete.
  [5]. Once the Scan is completed scroll down and click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard.
  [6]. Paste the contents of the Clipboard in your next reply.

How is the system doing now?

 

[rob3000]

Can you please refresh me on why you weren't able to do the online virus scan?

Since I had the virus I have not been able to access the internet via Explorer or my ISP link that I used to use. When I try to use these I click on them but nothing happens. Its strange because when I use my AV or Malwarebytes software it will connect to the internet with no problem to do an update. My browser settings must have been changed somehow but I don't know enough about it so I am trying to contact my ISP to check it all through with them. As a result of this I have not been able to run the scans that you requested in your last post, hopefully I will be able to do this over the weekend.

Thanks for all your help, it is really appreciated

 

[Bobbye]

Rob, the setting need to be checked in Internet Options which can be accessed either through Tools in IE or in the Control Panel.

You say when you click on the links, "nothing happens." Do you literally mean nothing? Do you get any kind of message> Does the hour glass display and never go away?

Give this a try- it's possible the shortcuts have been corrupted:

Right click on Taskbar> Explore> My Computer> Double click on Local Drive(C)> Programs> scroll down to Internet Explorer and click on it> processes will display on the right screen> Look for iexplore.exe and double click to open.

If IE starts this way, then the problem is the shortcut and I'll help you create a new one:
Right click on iexplore.exe> Send To> Desktop to create a shortcut. You can do the same thing with the ISP program.

Let me know.

 

[rob3000]

When I click on the IE or ISP icon the screen does not change, there is no hour glass and after about 20 secs a message box comes up with an "unexpected error "message. I am able to access my favourites list and when I click on one of the links there is a message that says windows cannot find '(null)'.

I will give your suggestions a go over the weekend and let you know what happens. I have got an updated installation disk coming from my ISP so will also try installing again.

Apart from the internet problem the system seems to be working ok at the moment.

Have a good weekend.

 

[Bobbye]

Okay. Let me know what you decide.

 

[rob3000]

Hi Bobbye

I have decided to format my system and start again from fresh, you have cleaned up my system enough for me to back up the data I need so I can transfer it back across.

Thank you very much for all your help and patience!

 

[Bobbye]

You're welcome Rob. You can check files and folders you'll put back if you do a right click> scan with the AV.

If you need help:
You will find excellent reformat/reinstall instructions here:
http://www.tech-101.com/tutorials/356-tutorial-windows-install-repair-xp-vista.html

Tips for added security and safer browsing:

1. Browser Security Settings: Custom is fine if the user did the settings. Mine are Custom. Default is okay too, but sometimes too restrictive.
   This Tutorial will help guide you through Configuring Security Settings, Managing Active X Controls and other safety features: Make Internet Explorer safer.
   
2. Have layered Security:
   • Antivirus Software(only one):Both of the following programs are free and known to be good:
     [o]Avira-AntiVir-Personal-Free-Antivirus
     [o]Avast Free Version
     
     [o]Avira Free
     [o]Avast Home
   • Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
     [o]Comodo
     [o]Zone Alarm
   • Antispyware: I recommend all of the following:
     [o]Spywareblaster: SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
   [o]Download ZonedOut and save to your desktop. this replaces IE/Spyad and manages the Zones in Internet explorer. This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
   For IE7 and IE8, Windows 2000 thru Vista. No Windows 7 yet.
   IE/Spyad is not longer being supported. If you have this on your system, you should replace it with the following program. Make sure your IE8 is Up-to-date before adding sites to your restricted zone.
   Known issue: If you have "immunized" your computer with Spybot Search and Destroy, and use ZonedOut to "Remove All" restricted sites - ZonedOut will remove your trusted sites as well. Note that if you remove Spybot Search and Destroys Immunization the problem goes away...
   [o]Replace the Host Files
   MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
   [o]Google Toolbar Get the free google toolbar to help stop pop up windows.
   
3. Stay current on updates:
   [o] Visit the Microsoft Download Sitefrequently. You should get All updates marked Critical and the current SP updates.
   [o]Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
   [o]Check this site .Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.
   
4. Reset Cookies to prevent Tracking Cookies:
   [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
   [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
   I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
   AdBlock Plus
   Easy List
   
5. Do regular Maintenance
   Remove Temporary Internet Files regularly:
   [o]ATF Cleaner by Atribune
   OR
   [o]TFC
   Disable and Enable System Restore:
   [o]See System Restore Guide This will help you understand what this is, why you need to clean and set restore points and what information is in them.
   
6. Practice Safe Email Handling
   [o] Don't open email from anyone you don't know.
   [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
   [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.

Use a Site Advisor!
The Web of Trust (WOT) add-on is a safe surfing tool for your browser. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.Your online email account – Google Mail, Yahoo! Mail and Hotmail is also protected.
Give it a try- http://www.mywot.com/en/download