virus software keeps finding but not removing

Welcome I understand that this is your daughter's computer. It has a lot of old infections on it and I'm not sure what we'll see once we look deeper.  It may be time to reformat and reinstall the operating system.

A few questions:

1. Have you tried going to Microsoft Updates and seeing if any patches are needed?

2. At what point did you install AVG?

3. Does your daughter do Peer-to-Peer file sharing?

We need to see some additional information about what is happening in this machine.

1. DDS.txt
2. Attach.txt

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE.

Yes, I have been able to download up-dates

I just loaded AVG within the last week

No- no peer tp peer ( that I know of )

DDS files to follow

DS (Ver_09-10-26.01) - NTFSx86 
Run by Brenda Zandy at 14:55:59.17 on Wed 11/04/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.127.36 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)   {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Brenda Zandy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://smbusiness.dellnet.com/
uInternet Connection Wizard,ShellNext = hxxp://smbusiness.dellnet.com/
uInternet Settings,ProxyOverride = hxxp://localhost;
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe
mRun: [windows auto update] msblast.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {197AB1D7-A7DD-4C86-A938-1FCC0DB21B85} - hxxp://dm.cometsystems.com/dm/dm_286.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256681846328
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256681554578
DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} - hxxp://autos.msn.com/components/ocx/exterior/Outside.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: I0GDDADH - {7DF963FD-73C6-3F5D-6A78-03765DBC4295} - c:\windows\system32\Kpkhqkjo.dll

============= SERVICES / DRIVERS ===============

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-2 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-2 285392]
S0 ndisrd;ndisrd; [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-2 333192]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-11-2 906520]

=============== Created Last 30 ================

2009-11-04 16:22:30 0 d-----w- c:\program files\Trend Micro
2009-11-03 21:48:52 0 d-----w- c:\windows\pss
2009-11-02 19:01:12 0 d--h--w- C:\$AVG
2009-11-02 19:00:12 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-02 19:00:09 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-02 18:59:34 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-02 18:59:00 0 d-----w- c:\windows\system32\drivers\Avg
2009-11-02 18:58:41 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-11-02 18:57:28 1409 ----a-w- c:\windows\QTFont.for
2009-11-02 18:57:27 54156 ---ha-w- c:\windows\QTFont.qfn
2009-11-02 18:56:58 0 d-----w- c:\program files\AVG
2009-11-02 18:56:49 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-10-29 21:50:41 0 d-sh--w- c:\documents and settings\brenda zandy\IECompatCache
2009-10-29 20:38:11 0 d-sh--w- c:\documents and settings\brenda zandy\PrivacIE
2009-10-29 16:48:02 0 d-----w- c:\windows\system32\scripting
2009-10-29 16:47:48 0 d-----w- c:\windows\l2schemas
2009-10-29 16:47:42 0 d-----w- c:\windows\system32\en
2009-10-29 16:24:16 0 d-----w- c:\windows\network diagnostic
2009-10-29 14:21:32 0 d-sh--w- c:\documents and settings\brenda zandy\IETldCache
2009-10-29 14:04:48 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-10-29 14:01:43 0 d-----w- c:\windows\ie8updates
2009-10-29 14:00:30 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-10-29 14:00:26 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-29 14:00:25 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-29 14:00:24 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-29 14:00:24 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-10-29 14:00:19 11069440 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-10-29 13:53:32 0 dc-h--w- c:\windows\ie8
2009-10-29 03:23:48 346112 ------w- c:\windows\system32\windowscodecsext.dll
2009-10-29 03:23:46 712704 ------w- c:\windows\system32\windowscodecs.dll
2009-10-29 03:23:28 5290 ------w- c:\windows\system32\dllcache\vidsamp.gif
2009-10-29 03:23:28 300969 ------w- c:\windows\system32\dllcache\viz.wmv
2009-10-29 03:23:27 17489 ------w- c:\windows\system32\dllcache\videobg.gif
2009-10-29 03:23:04 208896 ------w- c:\windows\system32\dllcache\unregmp2.exe
2009-10-29 03:21:56 572557 ------w- c:\windows\system32\dllcache\rtuner.wmv
2009-10-29 03:20:36 375519 ------w- c:\windows\system32\dllcache\nuskin.wmv
2009-10-29 03:20:09 10240 ------w- c:\windows\system32\dllcache\npwmsdrm.dll
2009-10-29 03:20:08 403 ------w- c:\windows\system32\dllcache\npdrmv2.zip
2009-10-29 03:20:08 364544 ------w- c:\windows\system32\dllcache\npdsplay.dll
2009-10-29 03:20:08 22060 ------w- c:\windows\system32\dllcache\npds.zip
2009-10-29 03:20:07 226816 ------w- c:\windows\system32\dllcache\npdrmv2.dll
2009-10-29 03:18:37 844314 ------w- c:\windows\system32\dllcache\msdxm.ocx
2009-10-29 03:17:54 786432 ------w- c:\windows\system32\dllcache\migrate.exe
2009-10-29 03:17:43 457607 ------w- c:\windows\system32\dllcache\mdlib.wmv
2009-10-29 03:17:33 6656 ------w- c:\windows\system32\dllcache\laprxy.dll
2009-10-29 03:17:14 37376 ------w- c:\windows\system32\l2gpstore.dll
2009-10-29 03:17:14 290816 ------w- c:\windows\system32\dllcache\l3codeca.acm
2009-10-29 03:17:11 61440 ------w- c:\windows\system32\kmsvc.dll
2009-10-29 03:17:08 6144 ------w- c:\windows\system32\kbdpash.dll
2009-10-29 03:17:08 6144 ------w- c:\windows\system32\kbdnepr.dll
2009-10-29 03:17:07 6144 ------w- c:\windows\system32\kbdiultn.dll
2009-10-29 03:17:07 6144 ------w- c:\windows\system32\kbdbhc.dll
2009-10-29 03:15:54 87040 ------w- c:\windows\system32\dllcache\drmstor.dll
2009-10-29 03:14:57 760 ------w- c:\windows\system32\dllcache\cloapph.gif
2009-10-29 03:14:57 717 ------w- c:\windows\system32\dllcache\cloapp.gif
2009-10-29 03:14:44 159232 ------w- c:\windows\system32\dllcache\cewmdm.dll
2009-10-29 03:14:28 999 ------w- c:\windows\system32\dllcache\bktrh.gif
2009-10-29 03:14:28 7168 ------w- c:\windows\system32\bitsprx4.dll
2009-10-29 03:14:28 286720 ------w- c:\windows\system32\dllcache\blackbox.dll
2009-10-29 03:14:26 233472 ------w- c:\windows\system32\azroles.dll
2009-10-29 03:14:03 8192 ------w- c:\windows\system32\dllcache\asferror.dll
2009-10-29 03:13:37 136192 ------w- c:\windows\system32\aaclient.dll
2009-10-28 21:58:57 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-10-28 21:47:52 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2009-10-28 21:47:05 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-10-28 21:46:21 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-10-28 21:44:56 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-10-28 21:40:21 333952 ------w- c:\windows\system32\dllcache\srv.sys
2009-10-28 21:20:22 128512 ------w- c:\windows\system32\dllcache\dhtmled.ocx
2009-10-28 21:19:33 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-28 21:16:13 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2009-10-28 21:16:12 35328 ------w- c:\windows\system32\dllcache\sc.exe
2009-10-28 21:16:11 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-10-28 21:16:05 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-10-28 21:16:03 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-10-28 21:16:00 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-10-28 21:15:54 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-10-28 21:15:44 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2009-10-28 21:15:37 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-10-28 21:15:31 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-10-28 21:15:10 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-10-28 21:14:44 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-10-28 21:14:23 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-10-28 21:07:50 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-10-28 21:06:04 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-10-28 21:02:42 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-10-28 20:46:27 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-10-28 20:46:20 1203922 ------w- c:\windows\system32\dllcache\sysmain.sdb
2009-10-28 20:46:10 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-10-28 19:10:28 0 d-----w- c:\windows\system32\wbem\AutoRecover
2009-10-28 15:46:36 316640 ----a-w- c:\windows\WMSysPr9.prx
2009-10-28 15:38:48 0 d-----w- c:\windows\peernet
2009-10-28 15:38:41 0 d-----w- c:\windows\provisioning
2009-10-28 15:29:27 0 d-----w- c:\windows\ServicePackFiles
2009-10-28 15:07:33 0 d-----w- c:\windows\EHome
2009-10-28 02:11:17 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-10-27 23:33:53 11264 ------w- c:\windows\system32\spnpinst.exe
2009-10-27 23:33:49 7208 ------w- c:\windows\system32\secupd.sig
2009-10-27 23:33:49 67866 ------w- c:\windows\system32\drivers\netwlan5.img
2009-10-27 23:33:49 4569 ------w- c:\windows\system32\secupd.dat
2009-10-27 22:25:42 27496 ----a-w- c:\windows\system32\mucltui.dll.mui
2009-10-27 22:23:59 31768 ----a-w- c:\windows\system32\wucltui.dll.mui
2009-10-27 22:23:58 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2009-10-27 22:23:56 23576 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2009-10-27 22:23:51 23576 ----a-w- c:\windows\system32\wuapi.dll.mui
2009-10-27 22:23:51 0 d-----w- c:\windows\system32\SoftwareDistribution
2009-10-26 21:27:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2009-10-26 21:26:48 0 d-----w- c:\program files\common files\Symantec Shared
2009-10-22 19:16:05 0 d-----w- c:\docume~1\brenda~1\applic~1\Malwarebytes
2009-10-22 19:15:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-22 19:15:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-22 19:15:46 18520 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-22 19:15:45 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M  ====================

2009-10-26 21:10:25 17727 ----a-w- c:\windows\system32\datkkq32.dll
2009-10-22 09:19:04 5939712 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 08:08:21 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2009-08-29 08:08:21 1208832 ------w- c:\windows\system32\dllcache\urlmon.dll
2009-08-29 08:08:20 206848 ------w- c:\windows\system32\dllcache\occache.dll
2009-08-29 08:08:18 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2009-08-29 08:08:17 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2009-08-29 08:08:13 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2009-08-28 10:35:52 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:00:21 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2003-04-01 13:13:22 207758 ----a-w- c:\program files\INSTALL.LOG

============= FINISH: 14:57:18.03 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 11/16/2003 9:39:50 AM
System Uptime: 11/4/2009 11:52:45 AM (3 hours ago)

Motherboard: Dell Computer Corp. |  | 0J0592
Processor:               Intel(R) Pentium(R) 4 CPU 2.53GHz | Microprocessor | 2525/533mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 28 GiB total, 17.65 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP237: 10/28/2009 1:12:06 PM - Installed Windows XP KB902400.
RP238: 10/28/2009 1:16:53 PM - Installed Windows XP KB904706.
RP239: 10/28/2009 1:20:57 PM - Installed Windows XP KB905414.
RP240: 10/28/2009 1:24:27 PM - Installed Windows XP KB905749.
RP241: 10/28/2009 1:28:11 PM - Installed Windows XP KB908519.
RP242: 10/28/2009 1:31:39 PM - Installed Windows XP KB908531.
RP243: 10/28/2009 1:35:24 PM - Installed Windows XP KB910437.
RP244: 10/28/2009 1:40:03 PM - Installed Windows XP KB911280.
RP245: 10/28/2009 1:43:30 PM - Installed Windows XP KB911562.
RP246: 10/28/2009 1:47:04 PM - Installed Windows XP KB911927.
RP247: 10/28/2009 1:50:40 PM - Installed Windows XP KB912919.
RP248: 10/28/2009 1:54:10 PM - Installed Windows XP KB913580.
RP249: 10/28/2009 1:57:54 PM - Installed Windows XP KB914388.
RP250: 10/28/2009 2:01:37 PM - Installed Windows XP KB914389.
RP251: 10/28/2009 2:04:17 PM - Installed Windows XP KB917344.
RP252: 10/28/2009 2:09:50 PM - Installed Windows XP KB917422.
RP253: 10/28/2009 2:13:21 PM - Installed Windows XP KB917953.
RP254: 10/28/2009 2:16:49 PM - Installed Windows XP KB919007.
RP255: 10/28/2009 2:20:20 PM - Installed Windows XP KB920670.
RP256: 10/28/2009 2:24:03 PM - Installed Windows XP KB920683.
RP257: 10/28/2009 2:27:35 PM - Installed Windows XP KB920685.
RP258: 10/28/2009 2:31:27 PM - Installed Windows XP KB921398.
RP259: 10/28/2009 2:35:10 PM - Installed Windows XP KB921883.
RP260: 10/28/2009 2:37:46 PM - Installed Windows XP KB922616.
RP261: 10/28/2009 2:43:29 PM - Installed Windows XP KB922819.
RP262: 10/28/2009 2:47:00 PM - Installed Windows XP KB923191.
RP263: 10/28/2009 2:50:50 PM - Installed Windows XP KB923414.
RP264: 10/28/2009 2:54:29 PM - Installed Windows XP KB924191.
RP265: 10/28/2009 2:58:08 PM - Installed Windows XP KB924496.
RP266: 10/28/2009 3:56:08 PM - Software Distribution Service 3.0
RP267: 10/29/2009 4:00:47 AM - Software Distribution Service 3.0
RP268: 10/29/2009 9:42:57 AM - Software Distribution Service 3.0
RP269: 10/29/2009 10:54:14 AM - Software Distribution Service 3.0
RP270: 10/29/2009 4:14:50 PM - Software Distribution Service 3.0
RP271: 10/31/2009 3:04:10 AM - Software Distribution Service 3.0
RP272: 11/1/2009 3:35:26 AM - System Checkpoint
RP273: 11/2/2009 3:48:41 AM - System Checkpoint
RP274: 11/2/2009 11:24:34 AM - Removed Digital Line Detect
RP275: 11/2/2009 2:28:25 PM - Software Distribution Service 3.0
RP276: 11/2/2009 2:56:46 PM - Installed AVG Free 9.0
RP277: 11/3/2009 4:27:23 PM - System Checkpoint
RP278: 11/4/2009 11:47:21 AM - Software Distribution Service 3.0

==== Installed Programs ======================

ATI Display Driver
AVG Free 9.0
Banctec Service Agreement
Conexant SmartHSFi V92 56K DF PCI Modem
DAO
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Dell Support
Help and Support Customization
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Intel(R) PRO Ethernet Adapter and Software
Intel(R) PROSet II
Malwarebytes' Anti-Malware
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft Visual C++ 2005 Redistributable
Modem Helper
QuickTime
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951978)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Viewpoint Media Player
WebFldrs XP
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

11/3/2009 5:59:19 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/3/2009 5:58:55 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/3/2009 5:54:39 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD AvgLdx86 AvgMfx86 AvgTdiX eeCtrl Fips intelppm IPSec MRxSmb ndisrd NetBIOS NetBT RasAcd Rdbss Tcpip
11/3/2009 5:54:39 PM, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error:  A device attached to the system is not functioning.
11/3/2009 5:54:39 PM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.
11/3/2009 5:54:39 PM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
11/3/2009 5:54:39 PM, error: Service Control Manager [7001]  - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:  A device attached to the system is not functioning.
11/2/2009 6:46:06 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AvgLdx86 ndisrd
10/29/2009 5:14:00 AM, error: Service Control Manager [7000]  - The SAVRT service failed to start due to the following error:  A device attached to the system is not functioning.
10/29/2009 5:13:46 AM, error: SAVRT [20]  -
10/29/2009 5:12:57 AM, error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  This operation returned because the timeout period expired.
10/29/2009 5:08:41 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
10/29/2009 5:08:41 AM, error: Service Control Manager [7000]  - The IMAPI CD-Burning COM Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/29/2009 10:24:45 AM, error: Service Control Manager [7023]  - The Security Center service terminated with the following error:  %%16389
10/29/2009 10:18:21 PM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service navapsvc with arguments "-Service" in order to run the server: {142FB276-7C38-4BB4-B475-3F9233B3EFF8}
10/28/2009 3:28:32 PM, error: Service Control Manager [7024]  - The SPBBCSvc service terminated with service-specific error 4294967295 (0xFFFFFFFF).

==== End Of File ===========================
thanks

lsz

Good work!

As long as you have MBAM and are familiar with running it, please update it and run a scan. Please post the log from that scan in your next reply.

Thanks.

up-dated and scanned......

Malwarebytes' Anti-Malware 1.41
Database version: 3101
Windows 5.1.2600 Service Pack 3

11/4/2009 6:15:54 PM
mbam-log-2009-11-04 (18-15-54).txt

Scan type: Full Scan (C:\|)
Objects scanned: 169307
Time elapsed: 52 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

painfully slo.......

lsz

Regarding this entry:

2009-10-26 21:10:25 17727 ----a-w- c:\windows\system32\datkkq32.dll

Info here: http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FBerbew.J

Considering that this involves an information stealer, I would not want to risk leaving any remnant of it on my computer, and I were you, for peace of mind, I would back up documents, pictures, and music, and do a reformat/reinstall of windows. Following that change passwords.

In addition, among other problems, the registry is also showing [windows auto update] msblast.exe

http://www.bleepingcomputer.com/startups/msblast.exe-6406.html

http://www.symantec.com/security_response/writeup.jsp?docid=2003-081315-0500-99

You should also understand that once a system has been compromised by a Trojan backdoor, it can never really be trusted again unless you completely reformat the hard drives and reinstall Windows fresh. While we usually can successfully remove malware like this, we cannot guarantee that it is totally gone, and that your system is completely safe to use for future financial information and/or transactions. We therefore usually recommend that you do a full reformat and reinstall of Windows rather than clean the system. There are so many changes that could have been done if that backdoor was used.

I will leave that decision up to you. If you decide to proceed with trying to clean the trojan in this forum, I cannot guarantee that we will be able to COMPLETELY clean all components of such a dangerous infection.

Here are some informative links to use to help you make a decision:

Danger: Remote Access Trojans

Consumers ? Identity Theft

When should I re-format? How should I reinstall?

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Rootkits: The Obscure Hacker Attack

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

Microsoft Says Recovery from Malware Becoming Impossible

However, if you do not have the resources to reformat the computer and reinstall the operating system and programs and would like me to attempt to clean it, I will be happy to do so. It will take a while, however.

Please let us know what you have decided to do in your next post.

thanks bugbatter... I have taken this computer and will assign it to work duty. ( work duty is very limited )

so,,, if we could go the re-format route, that would be great.

Just not sure how to go about it....

lsz

I can provide you with a link to Dell's good instructions for reinstalling XP, but I will have to send you to the Dell Microsoft OS Forum to post any additional questions that you might want answered regarding that process.

Basically, you'll need your operating system CD's that came with the computer. It would be good to print the instructions that Dell supplies on their pages at the link here:

http://tinyurl.com/5j2b62

 Make a note of in which order you'll need to install the drivers. After you get XP installed, go to Microsoft Updates and update with as many of the patches that Microsoft offers you. After that install your anti-virus >other security >other programs.

The process may take you an entire day, so make sure you have plenty of time.

Best of luck for all to go well.