Antivirus System Pro and Bankerfox.a & Win

Remove the Proxy setting in Internet Explorer and/or in FireFox.

In Internet Explorer

1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.
   

In Firefox

1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
   
2. Click the apply button and restart that computer in normal mode.
   

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

thanks so much for responding.
i've run the malware several times now. everyother time it identifies/allows me to deal with items.
problem is that the notepad.exe disappears too fast to read/copy it.
I can see seven log.text files now, but each time i try to open one, i get the message that notepad.exe is infected.
??

Hello.

Lets try and get a Hijack This log.

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.
  

If Hijack This wont run, run this next tool below, then try Hijack This again.

Please download exeHelper from one of the two links.
Link 1
Link 2

• Double-click on exeHelper.com or exeHelper.scr to run the fix.
  
• A black window should pop up, press any key to close once the fix is completed.
  
• Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
  

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

ok, couldn't install Hijack It ( a message that hjtinstall.exe was infected) and when I run exehelper.com, the black window appears every so briefly and then i get exehelperlog.txt. I can't open it long enough to read, but i *can* print the file. luckily (or not), it's only one line that says:
exehelper by Raktor.

oy.

Try running exeHelper more than once, I've had a few users where it says that top line over and over for the first 5 times or so, then it works.

I've run it dozens of times now. The dos window never stays longer than a second. I see only 2 lines of text.
when i open the exehelperlog.txt, it says:
exeHelper by Raktor
exeHelper by Raktor
Build 20091122
exeHelper by Raktor
exeHelper by Raktor
Build 20091122
Run at exeHelper by Raktor
Build 20091122
Run at exeHelper by Raktor
exeHelper by Raktor
Build 20091122
Run at 17:59:40exeHelper by Raktor
exeHelper by Raktor
exeHelper by Raktor
Build 20091122
exeHelper by Raktor
exeHelper by Raktor
Build 20091122
exeHelper by Raktor
Build 20091122
Run at 18:00:46

and, i worked around the notepad being infected and have this text from the Malwarebyte's Anti-Malware file mbam-info.txt - if it helps- :

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Executable location: C:\Program Files\Malwarebytes' Anti-Malware
Database location: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref

Username: Buff
Windows folder: C:\WINDOWS
System folder: C:\WINDOWS\system32
Root drive: C:
Program Files: C:\Program Files
Common Files: C:\Program Files\Common Files

Desktop: C:\Documents and Settings\Administrator\Desktop
Desktop: C:\Documents and Settings\All Users\Desktop
Desktop: C:\Documents and Settings\Buff\Desktop
Desktop: C:\Documents and Settings\Default User\Desktop
Desktop: C:\Documents and Settings\LocalService\Desktop

Start Menu: C:\Documents and Settings\All Users\Start Menu
Start Menu: C:\Documents and Settings\Administrator\Start Menu
Start Menu: C:\Documents and Settings\Buff\Start Menu
Start Menu: C:\Documents and Settings\Default User\Start Menu
Start Menu: C:\Documents and Settings\LocalService\Start Menu

User Root: C:\Documents and Settings\Administrator
User Root: C:\Documents and Settings\All Users
User Root: C:\Documents and Settings\Buff
User Root: C:\Documents and Settings\Default User
User Root: C:\Documents and Settings\LocalService
User Root: C:\Documents and Settings\NetworkService

Favorite: C:\Documents and Settings\Administrator\Favorites
Favorite: C:\Documents and Settings\All Users\Favorites
Favorite: C:\Documents and Settings\Buff\Favorites
Favorite: C:\Documents and Settings\Default User\Favorites

Application Data: C:\Documents and Settings\All Users\Application Data
Application Data: C:\Documents and Settings\Administrator\Application Data
Application Data: C:\Documents and Settings\Buff\Application Data
Application Data: C:\Documents and Settings\Default User\Application Data
Application Data: C:\Documents and Settings\LocalService\Application Data
Application Data: C:\Documents and Settings\NetworkService\Application Data

Quick Launch: C:\Documents and Settings\Buff\Application Data\Microsoft\Internet Explorer\Quick Launch

Temporary Folder: C:\WINDOWS\Temp
Temporary Folder: C:\Documents and Settings\Buff\Local Settings\Temp
Temporary Folder: C:\Documents and Settings\Default User\Local Settings\Temp
Temporary Folder: C:\Documents and Settings\LocalService\Local Settings\Temp
Temporary Folder: C:\Documents and Settings\NetworkService\Local Settings\Temp

Programs: C:\Documents and Settings\Administrator\Start Menu\Programs
Programs: C:\Documents and Settings\All Users\Start Menu\Programs
Programs: C:\Documents and Settings\Buff\Start Menu\Programs
Programs: C:\Documents and Settings\Default User\Start Menu\Programs
Programs: C:\Documents and Settings\LocalService\Start Menu\Programs

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
Startup: C:\Documents and Settings\Buff\Start Menu\Programs\Startup
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup

Documents: C:\Documents and Settings\All Users\Documents
Documents: C:\Documents and Settings\Administrator\My Documents
Documents: C:\Documents and Settings\Buff\My Documents
Documents: C:\Documents and Settings\Default User\My Documents
Documents: C:\Documents and Settings\LocalService\My Documents

thanks again for your help. b

Hello.
When you download Hijack This, rename it to explorer.scr, see if it will run then.

Whew! finally got the hijack this log - which is below
One question: am i endangering everyone else - and my private info by keeping this infected computer on?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:29:17 PM, on 11/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134844876\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "E:\Itunes storage\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [atktrhnm] C:\Documents and Settings\Buff\Local Settings\Application Data\aegius\ugalsysguard.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe /start
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [atktrhnm] C:\Documents and Settings\Buff\Local Settings\Application Data\aegius\ugalsysguard.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/197701d6c51fdbcd2920/netzip/RdxIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125860716562
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/sj/en/check/qdiagh.cab?322
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ASUS Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9387 bytes
thanks thanks thanks again!

Hello.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

In Internet Explorer

1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.
   

In Firefox

1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
   
2. Click the apply button and restart that computer in normal mode.
   

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
  O4 - HKLM\..\Run: [atktrhnm] C:\Documents and Settings\Buff\Local Settings\Application Data\aegius\ugalsysguard.exe
  O4 - HKCU\..\Run: [atktrhnm] C:\Documents and Settings\Buff\Local Settings\Application Data\aegius\ugalsysguard.exe
  
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

By George, that might have done it!
no Antivirus System Pro icon on the task bar.
and no extra windows popping open.
here's the log:
Malwarebytes' Anti-Malware 1.41
Database version: 3181
Windows 5.1.2600 Service Pack 3 (Safe Mode)

12/1/2009 9:21:47 PM
mbam-log-2009-12-01 (21-21-47).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 187216
Time elapsed: 1 hour(s), 0 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Buff\Desktop\explorer.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Thank you so much for the guidance.
hopefully this will hold. if not, i'll write again. happy holidays!

Can you update MBAM again? 3181 is fairly recent, but still quite the way behind in updates.

first time around i got an error code 732(0,0).
but i uninstalled and reinstalled MBAM and could update.

Malwarebytes' Anti-Malware 1.42
Database version: 3300
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/5/2009 9:35:11 AM
mbam-log-2009-12-05 (09-35-10).txt

Scan type: Quick Scan
Objects scanned: 118572
Time elapsed: 13 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\vinelewe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.42
Database version: 3300
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/5/2009 9:35:11 AM
mbam-log-2009-12-05 (09-35-10).txt

Scan type: Quick Scan
Objects scanned: 118572
Time elapsed: 13 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\vinelewe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

thanks

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

Here's the log file. fwiw, everytime my computer was re-started, i had to manually disable AVIRA antivirus. there was no permanent setting.
again, thanks.

ComboFix 09-12-04.05 - Buff 12/05/2009 12:03.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.605 [GMT -8]
Running from: c:\documents and settings\Buff\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Outdated) {8615ACC4-FFA4-0122-0D24-347CA8A3377C}

** please note: there were many of these lines of text, but the file was too large to post **

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {86E77A5C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {86E7A4BC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {86ED8604-FFA4-0110-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {BADB0D00-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {FFDFF121-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {FFFFFFFF-FFA4-00DE-0D24-347CA8A3377C}
AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\documents and settings\Buff\Local Settings\Application Data\aegius
c:\documents and settings\Buff\Local Settings\Application Data\aegius\ugalsysguard.exe
c:\windows\Downloaded Program Files\RdxIE.dll
c:\windows\Tasks\pnxvuest.job

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2009-11-05 to 2009-12-05 )))))))))))))))))))))))))))))))
.

2009-12-05 17:18 . 2009-12-04 00:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-05 17:17 . 2009-12-05 17:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-05 17:17 . 2009-12-04 00:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-03 15:17 . 2009-10-30 19:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-12-03 15:17 . 2009-11-09 19:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-12-03 15:17 . 2009-10-07 00:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-12-03 15:17 . 2009-09-03 17:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-12-01 01:59 . 2009-12-01 01:59 -------- d-----w- c:\program files\Trend Micro
2009-11-29 19:32 . 2009-12-05 16:57 -------- d-----w- c:\program files\Enigma Software Group
2009-11-29 06:56 . 2009-11-29 06:56 -------- d-----w- c:\documents and settings\Buff\Application Data\Malwarebytes
2009-11-29 06:24 . 2009-11-29 06:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-29 00:04 . 2009-11-29 00:04 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-11-29 00:04 . 2009-11-29 00:04 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-11-29 00:04 . 2009-11-29 00:04 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-11-29 00:03 . 2009-11-29 00:03 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-11-28 23:55 . 2009-11-28 23:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AOL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-05 20:16 . 2006-12-12 15:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-05 20:13 . 2009-10-31 02:47 -------- d-----w- c:\program files\Spyware Doctor
2009-12-05 20:13 . 2005-06-19 15:32 17242 ----a-w- c:\windows\system32\tablet.dat
2009-12-05 19:34 . 2004-09-03 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-03 15:26 . 2009-10-29 01:13 -------- d-----w- c:\program files\Common Files\PC Tools
2009-11-10 18:28 . 2009-10-31 02:55 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-11-10 18:28 . 2009-10-31 02:55 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-11-10 18:28 . 2009-10-31 02:55 1640400 ----a-w- c:\windows\PCTBDCore.dll
2009-11-10 18:26 . 2009-10-31 02:55 767952 ----a-w- c:\windows\BDTSupport.dll
2009-10-31 02:47 . 2009-10-31 02:47 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-10-29 01:16 . 2009-10-29 01:16 -------- d-----w- c:\documents and settings\Buff\Application Data\Registry Mechanic
2009-10-28 09:36 . 2009-10-31 02:55 1152444 ----a-w- c:\windows\UDB.zip
2009-10-07 22:21 . 2009-06-21 05:13 -------- d-----w- c:\program files\AOL 9.1
2009-10-02 17:15 . 2008-05-01 06:20 2341 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\qbbackup.sys
2009-10-02 16:03 . 2008-05-01 06:15 816392 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\Components\DownloadQB17\Patch\qbpatch2.exe
2009-09-11 14:18 . 2008-11-15 20:51 136192 ----a-w- c:\windows\system32\msv1_0.dll
2007-05-19 02:39 . 2006-11-18 17:16 848 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\\SmartDoctor.exe " [X]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"IMONTRAY"="c:\program files\Intel\Intel(R) Active Monitor\imontray.exe" [2003-11-03 32768]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-02 4640768]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2003-12-01 892928]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-10 188416]
"HostManager"="c:\program files\Common Files\AOL\1134844876\ee\AOLSoftware.exe" [2008-06-24 41824]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"iTunesHelper"="e:\itunes storage\iTunesHelper.exe" [2009-06-05 292136]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-05-02 323584]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-11-07 19968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-8-8 113664]
Adobe Gamma Loader.lnk - c:\fonts\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-13 113664]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-3-18 972064]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2005-6-19 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\acsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1134844876\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI CD-Maker\\LiveUpdate.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Common Files\\AOL\\1134844876\\EE\\aolsoftware.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"e:\\more utils\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Intuit\\QuickBooks Pro\\QBDBMgrN.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"e:\\Itunes storage\\iTunes.exe"=
"c:\\Program Files\\Logitech\\MouseWare\\system\\EM_EXEC.EXE"=
"c:\\Program Files\\Avira\\AntiVir Desktop\\avgnt.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [12/3/2009 7:17 AM 207792]
R1 ANVIOCTL;ANVIOCTL;c:\windows\system32\drivers\anvioctl.sys [8/8/2004 11:05 PM 233280]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/27/2009 6:18 PM 108289]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [10/30/2009 6:55 PM 112592]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [10/28/2009 5:13 PM 583640]
R2 sdauxservice;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [12/3/2009 7:17 AM 359624]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/12/2008 6:41 PM 24652]
S3 Ndppogoo;Ndppogoo; [x]

--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32
.
Contents of the 'Scheduled Tasks' folder

2009-10-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Buff\Application Data\Mozilla\Firefox\Profiles\c8p4awzl.Default User\
FF - prefs.js: browser.startup.homepage - hxxp://www.mckinleyink.com
FF - component: c:\documents and settings\Buff\Application Data\Mozilla\Firefox\Profiles\c8p4awzl.Default User\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: e:\itunes storage\Mozilla Plugins\npitunes.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AddRemove-_{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91} - c:\program files\Corel\CorelDRAW Graphics Suite 13\Programs\MSILauncher {7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}
AddRemove-{08082022-2a50-4196-8196-a6f86d6e8f12} - c:\program files\Installshield Installation Information\{08082022-2a50-4196-8196-a6f86d6e8f12}\QBReplace.exe {08082022-2a50-4196-8196-a6f86d6e8f12}#{01288593-26bb-4b3a-a04e-0a4ed28cc937}



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-05 12:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\tabhook.dll

- - - - - - - > 'explorer.exe'(2472)
c:\windows\system32\WININET.dll
c:\program files\Spyware Doctor\pctgmhk.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\windows\system32\tabhook.dll
c:\program files\Common Files\AOL\ACS\WLHook.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WS_FTP Pro\nsftpch.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\System32\nvsvc32.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\Tablet.exe
c:\windows\wanmpsvc.exe
c:\program files\Intel\Intel(R) Active Monitor\imonnt.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Logitech\MouseWare\system\em_exec.exe
c:\program files\ASUS\SmartDoctor\SmartDoctor.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\MDM.EXE
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
.
**************************************************************************
.
Completion time: 2009-12-05 12:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-05 20:19

Pre-Run: 4,044,537,856 bytes free
Post-Run: 4,090,617,856 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 44F23DBEFD3CBFD8DF816B711F90AD3C

Next,

• Open HijackThis.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

thanks....

Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe InDesign 1.5
Adobe Photoshop 6.0
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.0.9
AIM 6
Aladdin DropStuff 5.0
Aladdin Expander 5.0
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
ASUS Display Drivers
ASUS SmartDoctor
Avira AntiVir Personal - Free Antivirus
Browser Defender 2.0.6.11
CorelDRAW Graphics Suite X3
Critical Update for Windows Media Player 11 (KB959772)
EN
ESPN Java Check
FFLM version 6.04
FontNav
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
hp deskjet 5550 series
hp deskjet 5550 series (Remove only)
HP Document Viewer 5.3
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP Memories Disc
HP Scanjet 4800 series
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
iAUDIO U2 User's Guide
Intel(R) Active Monitor
Intel(R) PRO Network Adapters and Drivers
iPod for Windows 2005-03-23
Ipswitch WS_FTP Pro
Ipswitch WS_FTP Pro
iTunes
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 7
JetShell for iAUDIO U2
Logitech iTouch Software
Logitech MouseWare 9.79
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Data Access Components KB870669
Microsoft Office 2000 Premium
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MobileMe Control Panel
Mozilla Firefox (3.0.15)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Netflix Movie Viewer
NTI DVD-Maker Gold
Picasa 2
Picture Package Music Transfer
PowerDVD
QuickBooks Pro 2007
QuickTime
Registry Mechanic 9.0
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Sony Picture Utility
Sony USB Driver
SoundMAX
Spybot - Search & Destroy 1.3
Spyware Doctor 7.0
SupportSoft Assisted Service
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Manager
USB-IDE Bridge Driver
VBA
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Wacom Tablet
Windows Genuine Advantage v1.3.0254.0
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Music Jukebox

Hello.

You are running two antivirus', I see from the uninstall list you have Avast installed, along with Spyware Doctor. This is a bad idea as they can conflict and cause more problems. I would recommend that you remove Spyware Doctor to avoid conflict and other future problems.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Registry Mechanic 9.0
Spyware Doctor 7.0
Viewpoint Manager (Remove Only)
Viewpoint Media Player

Update Avast because it's outdated at the moment.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?

Avast is a freeware and I have a paid subscription to Spyware Doctor and a paid subscription to Reg Mechanic.
do you think it would be alright to remove the Avira Antiviral instead?

once more. thank you so much.

Yes, remove Avira instead.

OK.
I uninstalled as you described - except AVIRA instead of Spyware Docter and RegMechanic.
I also removed Spybot Search& Destroy - was that a mistake?
I think the computer's running better.
No more porn - which is a huge relief.
the only problem is that before I was able to see this computer (xp) on my laptop (vista) - which is necessary, since I use files on my E drive and I use the printer attached to the XP.
Do you have any idea if any of the steps I followed to get rid of the virus would have fried my home network?

one more time. thank your for all your time and effort.
b

Spybots TeaTimer is a rather good defence module, but their removal methods aren't that great.

As for the network, I doubt it, this malware doesn't spread via networks.