I have Avast antivirus. I had formatted my computer a while back and made a mistake of not installing an antivirus program immediately. *After I did get down to installing it Avast kept giving me warnings about viruses. *However when I chose the 'Delete' or 'Move to Chest' option it said that the file could not be found. Very few viruses could actually be found and deleted. *All or most of these viruses seem to be in C:\Win|System32 folder. *A few times these warnings used to pop up with such a high frequency that my computer used to hang. *My browsing speed went down. *I cannot access antivirus websites. At this point I came across this page on your site: http://www.computing.net/answers/se... I downloaded and ran a scan with SDFix. I have the report. It said that it has deleted a few files. Then I also ran Hijack this. I'm posting both the log files below. Any help is greatly appreciated. Thanking you in anticipation.

The report from SDFix: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX [b]SDFix: Version 1.240 [/b] Run by Administrator on Fri 08/14/2009 at 06:24 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix [b]Checking Services [/b]: Restoring Default Security Values Restoring Default Hosts File Restoring Missing Security Center Service Restoring Missing SharedAccess Service Rebooting [b]Checking Files [/b]: Trojan Files Found: C:\Documents and Settings\NetworkService\Application Data\sysproc64\sysproc32.sys - Deleted C:\Documents and Settings\Administrator\smss.exe - Deleted C:\WINDOWS\csrss.exe - Deleted C:\WINDOWS\system\Update.exe - Deleted C:\WINDOWS\system32\drivers\csrss.exe - Deleted C:\WINDOWS\system32\setting.ini - Deleted C:\WINDOWS\system32\oembios.exe - Deleted C:\WINDOWS\system32\sysproc64\sysproc32.sys - Deleted C:\WINDOWS\system32\sysproc64\sysproc32.sys.cla - Deleted C:\WINDOWS\system32\sysproc64\sysproc86.sys - Deleted Folder C:\Documents and Settings\NetworkService\Application Data\sysproc64 - Removed Folder C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 - Removed Folder C:\WINDOWS\system32\sysproc64 - Removed Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-14 18:29:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aesbvcnk] "DisplayName"="Server Monitor" "Type"=dword:00000020 "Start"=dword:00000002 "ErrorControl"=dword:00000000 "ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs" "ObjectName"="LocalSystem" "Description"="Loads files to memory for later printing." [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aesbvcnk\Parameters] "ServiceDll"=str(2):"C:\WINDOWS\system32\lcjotp.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\aesbvcnk] "DisplayName"="Server Monitor" "Type"=dword:00000020 "Start"=dword:00000002 "ErrorControl"=dword:00000000 "ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs" "ObjectName"="LocalSystem" "Description"="Loads files to memory for later printing." [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\aesbvcnk\Parameters] "ServiceDll"=str(2):"C:\WINDOWS\system32\lcjotp.dll" scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\Program Files\\Common Files\\yrujg2wn\\ginder86.exe"="C:\\Program Files\\Common Files\\yrujg2wn\\ginder86.exe:*:Enabled:b0tgh7678" "%windir%"="mssrv32.exe" "C:\\Program Files\\Common Files\\System\\gfdert.exe"="C:\\Program Files\\Common Files\\System\\gfdert.exe:*:Enabled:GFdert" "C:\\Documents and Settings\\LocalService\\Application Data\\microsoft\\download.exe"="C:\\Documents and Settings\\LocalService\\Application Data\\microsoft\\download.exe:*:Enabled:GFdert" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [b]Remaining Files [/b]: File Backups: - C:\SDFix\backups\backups.zip [b]Files with Hidden Attributes [/b]: Wed 12 Aug 2009 57,344 ..SH. --- "C:\cmofy.exe" Tue 28 Jul 2009 36,864 ..SH. --- "C:\jpvhc.exe" Sun 2 Aug 2009 36,864 ..SH. --- "C:\lxfll.exe" Fri 24 Jul 2009 24,576 ..SH. --- "C:\nnfdr.exe" Fri 24 Jul 2009 24,576 ..SH. --- "C:\nsfha.exe" Sun 2 Aug 2009 36,864 ..SH. --- "C:\qgxux.exe" Tue 28 Jul 2009 36,864 ..SH. --- "C:\zlzbr.exe" Wed 22 Jul 2009 61,440 ..SH. --- "C:\smss\smss.exe" Sun 2 Aug 2009 81,920 ..SH. --- "C:\system13\smss.exe" Wed 22 Jul 2009 81,920 ..SH. --- "C:\system32\smss.exe" Sat 8 Aug 2009 98,304 ..SHR --- "C:\WINDOWS\mssrv32.exe" Fri 24 Jul 2009 117,372 ..SHR --- "C:\Documents and Settings\LocalService\winlogon.exe" Tue 28 Jul 2009 1,548,120 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll" Mon 26 Jan 2009 1,740,632 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Mon 26 Jan 2009 5,365,592 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Thu 5 Mar 2009 2,260,480 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" Wed 4 Aug 2004 128,480 A.SHR --- "C:\WINDOWS\system32\lcjotp.dll" Tue 11 Aug 2009 109,568 ..SHR --- "C:\Program Files\Common Files\System\gfdert.exe" Sat 18 Jul 2009 48,128 ..SHR --- "C:\Program Files\Common Files\yrujg2wn\ginder86.exe" Tue 11 Aug 2009 109,568 ..SHR --- "C:\Documents and Settings\LocalService\Application Data\Microsoft\download.exe" Wed 12 Aug 2009 200,192 ...H. --- "C:\Documents and Settings\LocalService\Application Data\Microsoft\winlog.exe" Thu 23 Jul 2009 117,372 ..SHR --- "C:\WINDOWS\system32\config\systemprofile\winlogon.exe" [b]Finished![/b] XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Report from HijackThis: XXXXXXXXXXXXXXXXXXXXXX Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:08:15 AM, on 8/15/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\yrujg2wn\ginder86.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\System\gfdert.exe C:\WINDOWS\Explorer.exe C:\Program Files\Alias\Maya7.0\docs\wrapper.exe C:\system13\smss.exe C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\mssrv32.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Autodesk\SketchBookPro2009\SketchBookSnapshot.ex e C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\Program Files\VideoLAN\VLC\vlc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\s ystem32\sdra64.exe, O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (file missing) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Windows Login System Agent v2] C:\Documents and Settings\Administrator\smss.exe O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [{sys_service}5315548472616459807097872855788902431856 234451663055577984112553856674793783740370565452822713 510119292303271367789448366691690121128133517565594880 549915119659114022849569497356111848371801777318961296 251046021083242075595029403608336816068301574428546177 98] system key O4 - HKLM\..\Run: [Windows Updates] c:\windows\system\Update.exe O4 - HKLM\..\RunOnce: [SpybotDeletingA8331] command.com /c del "C:\WINDOWS\system32\vcmgcd32.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingC8359] cmd.exe /c del "C:\WINDOWS\system32\vcmgcd32.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingA9362] command.com /c del "C:\WINDOWS\system32\vcmgcd32.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingC3038] cmd.exe /c del "C:\WINDOWS\system32\vcmgcd32.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingA7270] command.com /c del "C:\WINDOWS\system32\vcmgcd32.dll" O4 - HKLM\..\RunOnce: [SpybotDeletingC7149] cmd.exe /c del "C:\WINDOWS\system32\vcmgcd32.dll" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Windows Updates] c:\windows\system\Update.exe O4 - HKCU\..\RunOnce: [SpybotDeletingB7284] command.com /c del "C:\WINDOWS\system32\vcmgcd32.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingD6836] cmd.exe /c del "C:\WINDOWS\system32\vcmgcd32.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingB4865] command.com /c del "C:\WINDOWS\system32\vcmgcd32.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD9930] cmd.exe /c del "C:\WINDOWS\system32\vcmgcd32.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingB9648] command.com /c del "C:\WINDOWS\system32\vcmgcd32.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD8821] cmd.exe /c del "C:\WINDOWS\system32\vcmgcd32.dll" O4 - HKUS\S-1-5-21-1801674531-1123561945-839522115-500\..\R un: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?') O4 - HKUS\S-1-5-21-1801674531-1123561945-839522115-500\..\R un: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe" (User '?') O4 - HKUS\S-1-5-21-1801674531-1123561945-839522115-500\..\R un: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?') O4 - HKUS\S-1-5-21-1801674531-1123561945-839522115-500\..\R un: [Windows Updates] c:\windows\system\Update.exe (User '?') O4 - HKUS\S-1-5-21-1801674531-1123561945-839522115-500\..\R unOnce: [SpybotDeletingB7284] command.com /c del "C:\WINDOWS\system32\vcmgcd32.dll_old" (User '?') O4 - HKUS\S-1-5-21-1801674531-1123561945-839522115-500\..\R unOnce: [SpybotDeletingD8821] cmd.exe /c del "C:\WINDOWS\system32\vcmgcd32.dll" (User '?') O4 - HKUS\S-1-5-18\..\Run: [Windows Updates] c:\windows\system\Update.exe (User '?') O4 - HKUS\.DEFAULT\..\Run: [Windows Updates] c:\windows\system\Update.exe (User 'Default user') O4 - Global Startup: SketchBook Snapshot.lnk = C:\Program Files\Autodesk\SketchBookPro2009\SketchBookSnapshot.ex e O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: 8hut56u (7truityui) - Unknown owner - C:\Program Files\Common Files\yrujg2wn\ginder86.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: GF dert (GFdert) - Creabit Development - C:\Program Files\Common Files\System\gfdert.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 7754 bytes XXXXXXXXXXXXXXXXXXXXXXXXXXXX