Ok so, there has been a virus circulating around my house and it finally hit my laptop, i had taken my antivirus off of it to put a new one from System mechanic on it. Then, my computer rebooted itself and the new background said i had a spyware on my computer, the background is blue and i keep getting a popup from my system saying its slow or that its infected. Also XPAntivirus 2009 has been downloaded magically onto my comp and keeps trying to get me to buy it which i do not. Ive tried everything that i can think of to get rid of it so then i broke down and decided may as well wipe the drive. Well, i cannot use boot with cd rom drive so thats aparently out of the question. Can anyone help me with this malicious virus? Spyware whatever it is, its really annoying me.

Download SDFix.exe and save it to your Desktop. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with SDFix or remove some of its embedded files which may cause "unpredictable results". Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask. Remember to re-enable the protection again afterwards before connecting to the Internet. 1.Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account. 2. Open the c:\SDFix folder and double click RunThis.cmd to start the script. Type Y to begin the script. It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot. Press any Key and it will restart the PC. 3. Your system will take longer that normal to restart as the fixtool will be running and removing files. When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons. 4. Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt Please download Malwarebytes' Anti-Malware from one of these sites: MalwareBytes1 MalwareBytes2 1. Double Click mbam-setup.exe to install the application. 2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. 3. If an update is found, it will download and install the latest version. 4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. 5. When the scan is complete, click OK, then Show Results to view the results. 6. Make sure that everything found is checked, and click Remove Selected. 7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. 8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. 9. Copy&Paste the entire report in your next reply. Please download and install the latest version of HijackThis v2.0.2: Download the "HijackThis" Installer from this link: Hijack This 1. Save " HJTInstall.exe" to your desktop. 2. Double click on HJTInstall.exe to run the program. 3. By default it will install to C:\Program Files\Trend Micro\HijackThis. 4. Accept the license agreement by clicking the "I Accept" button. 5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log. 6. Click "Save log" to save the log file and then the log will open in Notepad. 7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. 8. Paste the log in your next reply. 9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Well, ive read up on some peoples problems and downloaded the sd and the hijackthis, but neither of them open on my computer at all even in safe mode, ideas?

i think i beat it, the second one worked for me so here are my log files SDFix has been extracted to %systemdrive%\SDFix\ (Drive that contains the Windows directory - typically C:\SDFix) Open the SDFix folder in Safe Mode and double click the RunThis.bat file to start the fixtool If RunThis.bat is started in Normal Mode, options to download and run Anti-Virus command line scanners are displayed Catchme.exe Stealth Malware Detector by GMER is also included in the SDFix folder Additional SDFix Instructions & screen shots can be found here - http://www.bleepingcomputer.com/for... SDFix a été extrait dans %systemdrive%\SDFix\ (Le disque qui contient le répertoire Windows - typiquement C:\SDFix) Ouvrez le dossier SDFix en mode sans échec et double cliquez sur le fichier RunThis.bat pour démarrer l'outil. Si RunThis.bat est lancé en mode normal, les options pour télécharger et lancer les scanners Antivirus en ligne de commande seront affichées Catchme.exe Stealth Malware Detector de GMER est également inclus dans le dossier SDFix Instructions supplémentaires pour SDFix & captures d'écran peuvent être trouvées ici - http://www.bleepingcomputer.com/for... Malwarebytes' Anti-Malware 1.30 Database version: 1325 Windows 5.1.2600 Service Pack 2 10/26/2008 9:23:50 PM mbam-log-2008-10-26 (21-23-50).txt Scan type: Quick Scan Objects scanned: 66202 Time elapsed: 47 minute(s), 47 second(s) Memory Processes Infected: 1 Memory Modules Infected: 3 Registry Keys Infected: 18 Registry Values Infected: 2 Registry Data Items Infected: 3 Folders Infected: 7 Files Infected: 51 Memory Processes Infected: C:\Program Files\AntiSpywareXP2009\antispywarexp2009.exe (Rogue.AntispywareXP) -> Unloaded process successfully. Memory Modules Infected: C:\Program Files\AntiSpywareXP2009\AVEngn.dll (Rogue.AntispywareXP) -> Delete on reboot. C:\Program Files\AntiSpywareXP2009\htmlayout.dll (Rogue.AntispywareXP) -> Delete on reboot. C:\Program Files\AntiSpywareXP2009\pthreadVC2.dll (Rogue.AntispywareXP) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\antispywarexp2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{a0442dfa-1f7e-4dce-b75c-a90993d6e7fc} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{268706f0-841c-446a-b757-8c1ef84527dc} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{32fd16dc-537c-4186-9bd6-c718a308342b} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{27861bda-a645-491d-8599-dcab5969dc34} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{4cf05127-d66d-4125-b2d9-15909b83842a} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{475a8380-dc57-448b-8d9f-5600df0a8476} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\getsn32.msiesn (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\smwin32.mdr (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\videoaccessactivex.Chl (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Desktop) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: msansspc.dll -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\Video ActiveX Access (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\iCheck (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\GetModule (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\AntiSpywareXP2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully. C:\Documents and Settings\randy\Application Data\Facegame (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\randy\Application Data\GetModule (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\randy\Start Menu\Programs\AntiSpywareXP2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\uesiuqcr.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wpv374.cpx (Adware.ISM) -> Quarantined and deleted successfully. C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\KARNA.DAT.del (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\KARNA.del (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\randy\Local Settings\Temp\mmmatt.exe (Spyware.Banker) -> Quarantined and deleted successfully. C:\Documents and Settings\randy\Local Settings\Temp\3nick568.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\Video ActiveX Access\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Video ActiveX Access\Thumbs.db (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\Video ActiveX Access\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Program Files\iCheck\iCheck.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\AntiSpywareXP2009\AntiSpywareXP2009.exe (Rogue.AntispywareXP) -> Quarantined and deleted successfully. C:\Program Files\AntiSpywareXP2009\AVEngn.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully. C:\Program Files\AntiSpywareXP2009\htmlayout.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully. C:\Program Files\AntiSpywareXP2009\pthreadVC2.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully. C:\Program Files\AntiSpywareXP2009\Uninstall.exe (Rogue.AntispywareXP) -> Quarantined and deleted successfully. C:\Documents and Settings\randy\Application Data\GetModule\dicik.gz (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\randy\Application Data\GetModule\kwdik.gz (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\randy\Application Data\GetModule\ofadik.gz (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\randy\Start Menu\Programs\AntiSpywareXP2009\AntiSpywareXP2009.lnk (Rogue.AntispywareXP) -> Quarantined and deleted successfully. C:\Documents and Settings\randy\Start Menu\Programs\AntiSpywareXP2009\Uninstall.lnk (Rogue.AntispywareXP) -> Quarantined and deleted successfully. C:\WINDOWS\default.htm (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msansspc.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\getsn32.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\superiorads-uninst.exe (Adware.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully. C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\smwin32.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\av.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wini10803.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Delete on reboot. C:\Documents and Settings\randy\Desktop\AntiSpywareXP2009.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully. C:\Documents and Settings\randy\Local Settings\Temp\TDSS617b.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\randy\Local Settings\Temp\TDSS638e.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\randy\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TDSSbubx.log (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TDSScfum.dll (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TDSSfxwp.dll (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TDSSnmxh.log (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TDSSnrsr.dll (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TDSSofxh.dll (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TDSSrhym.dll (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TDSSriqp.dll (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\TDSSmaxt.sys (Rootkit.Agent) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:40:50 PM, on 10/26/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\gearsec.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe C:\WINDOWS\system32\wuauclt.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin... R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.antispyware-xp2009.com/b... O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic Professional 6\delay.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - file://D:\win\setup\iaieplay.dll O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} - file:///D:/components/hidinputmonitorx.ocx O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///D:/components/A9.ocx O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///D:/components/wmvhdrating.ocx O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Player... O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Player... O20 - AppInit_DLLs: karna.dat O20 - Winlogon Notify: mljjh - C:\WINDOWS\ O22 - SharedTaskScheduler: farrandly - {8aa7a4d2-73c7-4fca-bef7-7923e38a3b1c} - (no file) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing) O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe -- End of file - 5542 bytes Thats my logs after i ran the malwarebytes, which worked really well, tell me if there is anything wrong and anything left to fix since im not savvy enough to understand this too well. thank you so much for helping me out.

malwarebytes's antimalware is pretty good at removing this type of infections, so think your computer is clean now. BUT if you want to be sure, you can search for infected files on your computer and see if they are still there. here's xpantivirus 2009 removal there is a list of all filenames that indicate xp antivirus infection. well, i hope your computer is malware-free and you won't find a thing. tc;

Please download ComboFix to the desktop from one of the following links: Link1 Link 2 Link 3 Combofix is a powerful tool so follow the instructions exactly or you could damage your computer. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results". Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask. In your case to run Combofix do the following: 1. Go offline turn off your antivirus, and any antispyware that you may have. 2. Run Combofix and save its log. 3. Restart the computer to get the antivirus running again but leave the antispyware programs off until we get the computer cleaned. 4. Post the Combofix log. Remember to re-enable the protection again afterwards before connecting to the Internet. Double-click combofix.exe Follow the prompts. (Don't click on the window while the program is running or move the mouse, it will cause your system to hang.) Please post the log it produces.