Steve

Sorry so long getting back. First it's a no on Jacee's bank site. I ran a scan with Super antispyware and Malwarebytes - found nothing. I went to Kaspersky and virus scanner is down so I ran just the file through the scanner and it said it was clean. So I guess it was a false Positive. Thanks.

Yes TX, I just upgraded to avg 2011 and it was the first scan I ran. Little concerned when I saw "Potentially dangerous object". Is it just a false positive--no concern file? Thanks Again Steve

"";"C:\Windows\SMINST\xerces-depdom_2_7.dll";"Corrupted executable file";"Potentially dangerous object" What is this and what should I do? Thanks Steve

Thanks again. You've been a huge help.

The computer is doing pretty good now. Thanks for all of your help in cleaning up all the infections. Here is the latest hijack this log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:03:28 PM, on 10/18/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Pr

Any idea why I can't install Adobe Reader on this machine? Here is the log of the error message I got: ----------------- Adobe has detected a corrupt file (checksum error). The program has been closed without installing. Info ID: 6800.338.14.2.20024 Please send the Info ID to http://www.adobe.com/misc/bugreport.html

New Hijack This Log for 10-10-09: ------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:43:10 PM, on 10/10/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Appl

User accounts are fixed. I had to change the settings to Automatically detect LAN settings. I ran the Panda ActiveScan and the log is below. It said it disinfected one file (Rootkit....) ----------------------------------------- ;*********************************************************************************************************************************************************************************** ANALYSIS: 2009-10-10 16:41:24 PROTECTIONS: 1 MALWARE: 15 SUSPECTS: 0 ;*********************************************************************************************

I am posting the CF log again but I think it is the same as before. As far as I know, I only opened it in Notepad, Selected All, and copied. If I moved something, I was not aware of it. But here it is again. Should I continue with the instructions you gave me before using Inherit and Panda ActiveScan? ----------------- vation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0

I was able to do the first part of your last instructions and I'm attaching the combofix log but I was not able to download the Kaspersky Online Scanner because of the neighbor's satellite broadband connection. We downloaded for over 2 hours and the database was still only about 50% downloaded so we stopped. Is there something else I can use instead? Some of the user accounts still cannot use IE, Firefox, and Safari. One account is OK it seems. I wonder if we should delete the other 4 accounts? Three of them are not used very often anyway since they were for her teenagers who now ha

Juliet, Thank you for your continued help. Steve

Hijack This Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:23:56 PM, on 9/26/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\

Combo-Fix Log: ComboFix 09-09-25.01 - Emily 09/26/2009 21:57.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.143 [GMT -4:00] Running from: E:\Combo-Fix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Janice\My Documents\ZbThumbnail.info c:\windows\kb913800.exe c:\windows\Microsoft.NET\wcvms.bak1 c:\windows\system32\bszip.dll c:\windows\system32\cd

Last but not least... As I mentioned, there are 5 user accounts on this Win XP machine. There are 3 browsers installed: IE, Firefox, and Safari. There is only 1 account where all 3 browsers work. For the other 4 accounts, the user might be able to use IE but not Firefox or Safari or might be able to use Safari and IE but not Firefox, etc. There are actually 5 different combinations of what works/doesn't work. None are the same. If this is related, could you help me fix this as well? The Internet connection is satellite.

The new log for HijackThis is below: --------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:14:08 PM, on 9/20/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe