It will. If it returned once.... Okay, there are files there that I cannot see, to protect and regenerate malware. I suspect a rootkit, and this tool will flush out most problems:
==Download this file to your DESKTOP: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
.....or this file: http://subs.geekstogo.com/ComboFix.exe
-IMPORTANT! : disconnect from the web, turn off your Antivirus, Antispyware and Firewall for the duration of this scan. Don't forget to reset them before you go back on the web!
- to run it dclick the Combofix.exe icon and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.
Just before starting the scan I was told to install that recovery console system but accidentally hit 'okay' before my net could reconnect :(
Wasn't sure if I should do another scan with the recovery console system installed... anyway, here is the scan report:
ComboFix 09-07-12.03 - User 13/07/2009 18:06.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1574 [GMT 10:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\OPTIONS\CABS\_desktop.ini
c:\windows\system32\dumphive.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
((((((((((((((((((((((((( Files Created from 2009-06-13 to 2009-07-13 )))))))))))))))))))))))))))))))
.
2009-07-11 12:13 . 2009-06-17 01:27 38160 ----a-r- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-11 12:13 . 2009-07-11 12:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-11 12:13 . 2009-06-17 01:27 19096 ----a-r- c:\windows\system32\drivers\mbam.sys
2009-07-10 12:57 . 2009-07-11 01:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-07 18:17 . 2009-06-26 00:36 1008896 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-07-07 17:15 . 2009-07-07 17:15 -------- d-----w- c:\documents and settings\User\Application Data\GlarySoft
2009-07-07 17:09 . 2009-07-07 17:09 -------- d-----w- c:\program files\Glary Utilities
2009-07-05 11:06 . 2009-07-05 11:06 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\PunkBuster
2009-07-05 04:59 . 2009-07-05 04:58 2054424 ----a-w- c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgcorex.dll
2009-07-05 04:59 . 2009-07-05 04:58 2167576 ----a-w- c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgresf.dll
2009-07-05 04:59 . 2009-06-24 06:45 327688 ----a-w- c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgldx86.sys
2009-07-05 04:59 . 2009-06-24 06:45 906520 ----a-w- c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgemc.exe
2009-07-05 04:59 . 2009-06-24 06:45 3402008 ----a-w- c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgui.exe
2009-07-05 04:59 . 2009-06-24 06:45 1204504 ----a-w- c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgabout.dll
2009-07-05 04:59 . 2009-06-24 06:45 337176 ----a-w- c:\documents and settings\All Users\Application Data\Avg8\update\backup\avglogx.dll
2009-07-05 04:59 . 2009-06-24 06:45 829208 ----a-w- c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgcfgx.dll
2009-07-05 04:59 . 2009-06-24 06:45 3298072 ----a-w- c:\documents and settings\All Users\Application Data\Avg8\update\backup\setup.exe
2009-07-05 04:57 . 2009-06-24 06:12 1454360 ----a-w- c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgupd.dll
2009-07-05 04:57 . 2009-06-24 06:12 1085208 ----a-w- c:\documents and settings\All Users\Application Data\Avg8\update\backup\avgupd.exe
2009-06-26 13:31 . 2009-06-26 13:31 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\AVG Security Toolbar
2009-06-24 06:46 . 2009-06-24 06:45 832144 ----a-w- c:\documents and settings\All Users\Application Data\Avg8\update\backup\AVGToolbarInstall.exe
2009-06-24 06:45 . 2009-07-07 18:17 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-24 06:45 . 2009-06-24 06:45 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-16 17:03 . 2009-07-13 05:42 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-16 14:26 . 2009-06-16 14:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-13 02:23 . 2007-12-25 09:57 138736 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-13 02:22 . 2007-12-25 09:57 188968 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-13 01:22 . 2006-12-31 15:22 16608 ----a-w- c:\windows\gdrv.sys
2009-07-12 09:56 . 2008-11-02 08:11 -------- d-----w- c:\program files\Warcraft III
2009-07-10 13:07 . 2008-02-28 08:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-05 11:06 . 2007-12-25 09:57 75064 ----a-r- c:\windows\system32\PnkBstrA.exe
2009-07-05 04:58 . 2009-04-21 05:00 335752 ----a-r- c:\windows\system32\drivers\avgldx86.sys
2009-06-24 06:45 . 2009-04-21 05:00 11952 ----a-r- c:\windows\system32\avgrsstx.dll
2009-06-24 06:45 . 2009-04-21 05:00 27784 ----a-r- c:\windows\system32\drivers\avgmfx86.sys
2009-06-08 01:23 . 2007-09-25 18:31 -------- d-----w- c:\documents and settings\User\Application Data\Azureus
2009-06-06 00:02 . 2009-06-06 00:02 -------- d-----w- c:\program files\Ubisoft
2009-06-06 00:02 . 2006-12-31 15:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-05 08:07 . 2006-12-31 16:17 -------- d-----w- c:\program files\World of Warcraft
2009-05-29 18:55 . 2007-09-25 17:30 -------- d-----w- c:\program files\Azureus
2009-05-04 01:55 . 2009-04-21 05:00 108552 ----a-r- c:\windows\system32\drivers\avgtdix.sys
2009-05-02 11:13 . 2007-09-26 10:22 107888 ----a-r- c:\windows\system32\CmdLineExt.dll
2009-04-22 18:56 . 2006-12-31 23:32 19376 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-26 00:36 1008896 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tsnp2std"="c:\windows\tsnp2std.exe" [2006-11-29 258048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-05 136600]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-14 13680640]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Launch LgDevAgt"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2008-11-06 358920]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2008-11-06 2816520]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2008-11-06 1548296]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Diamondback"="c:\program files\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-24 1948440]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2007-02-06 1953792]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2008-06-18 77824]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-06-27 16875008]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-14 1657376]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\alcwzrd.exe [2008-06-19 2808832]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-24 06:45 11952 ----a-r- c:\windows\system32\avgrsstx.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\program files\NetMeter
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold Legends\\StrongholdLegends.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Sierra\\SWAT 4\\Content\\System\\Swat4.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Warcraft III\\War3.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.EXE"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Civilization4.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"4000:TCP"= 4000:TCP:Diablo 2
"6112:TCP"= 6112:TCP:Blizzard Downloader: 6112
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [21/04/2009 3:00 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [21/04/2009 3:00 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [21/04/2009 3:00 PM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [21/04/2009 3:00 PM 298776]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [23/01/2009 1:06 PM 80392]
R3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [3/02/2009 12:39 AM 13225]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - PNKBSTRB
*NewlyCreated* - PNKBSTRK
.
Contents of the 'Scheduled Tasks' folder
2009-07-06 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 00:20]
2009-07-11 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-07-07 06:55]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uStart Page = hxxp://www.bigpond.com/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\xzjvews6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/webhp?sourceid=navclient-ff&ie=UTF-8&rlz=1B3DVFC_enAU242AU243
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-13 18:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1659004503-1383384898-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:07,5f,3c,ce,f9,50,ed,01,52,a8,77,37,1f,80,e2,dd,82,ec,0c,0c,f7,a7,26,
45,b5,75,bd,a4,90,27,74,7c,80,36,e8,b6,5d,3e,66,6a,a4,bf,97,4d,3b,a4,82,74,\
"??"=hex:25,65,bb,27,8b,92,55,34,10,3f,d9,49,2f,0e,31,37
[HKEY_USERS\S-1-5-21-1659004503-1383384898-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:e2,60,37,54,a4,90,e1,42,bf,ea,6d,3b,3a,32,a6,a2,f0,24,e6,6e,26,
9a,62,5c,0a,a6,62,8a,0d,55,f8,27,ae,53,07,e8,1e,be,d6,3e,3f,0a,83,02,27,71,\
"rkeysecu"=hex:e0,54,41,8e,97,1f,4c,69,53,47,06,ea,08,ba,32,11
.
Completion time: 2009-07-13 18:12
ComboFix-quarantined-files.txt 2009-07-13 08:12
Pre-Run: 122,519,105,536 bytes free
Post-Run: 122,553,536,512 bytes free
232 --- E O F --- 2008-11-02 16:53
Good morning.
Installing Recovery Console is a precaution in case Combofix breaks your sys. If you have a bootable XP cd you do not need it on your hard drive- it is then just a convenience.
This one, c:\windows\OPTIONS\CABS\_desktop.ini is associated with various worms, virii. The other deletions were of SMitfraudfix files.
I see no other problems there.... you certainly threw some stuff at it.. :)
You can remove that AVG8 browser toolbar if you so wish... a space waste.
Tell me how things are, please.
Over a day has passed and still haven't had iexplore open in background. Thanks again gerbil :)
