firefox & spybot results gone mad!!!

Those are just cookies! They are not problems. Most spyware applications flag all kinds of cookies. Many cookies are good things.

If you do not want any cookies (not really a good idea), disable them from being put on your PC in FireFox's Options --> Privacy screen.

A better choice would be to allow cookies and only keep them until you close FireFox. Personally I don't do that either. I do not really worry to much about them. I use CCleaner to run cleanups and I configure it to keep the cookies that I do not want to remove. (Like majorgeeks and many others).

 

Which online scanner? No they are not cookies but the items in your Norton Quarantine are not problems. They were quarantined by Norton. That does not stop other scanners from looking at them. Just like when you fix things with HijackThis, it makes backups just in case things go wrong. Any malware in the backups is still detected by some scanners because they are not smart enough to realize where they are at is a backup or quarantine folder from another program.

The ones in System Restore are surprising. Did you have System Restore disabled last time we worked on your PC. How do you already have 58 restore points saved (some of which contain malware)?

 

That's strange. With system restore store disable, the items found in C:\System Volume Information should not exist.

 

The online scans and Spybot are not finding the same things. Spybot is reporting cookies which can occur if you are using any browsers at all and going to any websites. You will even get some cookies from MG's

 

That file is not a problem. It is because you use Symantec/Norton and have the erase protection program (Nprotect) running. Things you have deleted are being backed up just like quarantine folders for virus scanners do. There are always problems like this when scanning. You need to learn to recognize what you have installed and running and what folders the programs use. These kind of detections are not truly false detections (sometime called false positives) but they are detections of items that have already been fixed. If you want to stop this from happening, you have to remove all backups/quarantines etc that have been made. Also, you must either disable this Nprotect program or tell it to dump anything it has saved.

 

I would still like to know what the below is for:

O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe

I asked you this in your previous thread but you did not know what it was. I would like to get some more info on the RUNXMLPL.exe file. Locate it using Windows Explorer and then right click on it and select Properties. Now see if there is a Version tab in the window. If so, select the Version tab and on the next window select each of the listed Item names (one at a time) to get more info about the file. The most important Item is the company name. If there is no Version tab, tell me that too.

The only items in your HJT log they can be fixed are below and they are not malware related problems.
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

Go back and double check to make sure System Restore is truly disable. Also look for the following folder C:\System Volume Information and tell me if you see it.


The below steps can be used to delete either all restore points except the latest one, or all the restore points. I would have expected all of them to already be deleted after doing step 1 in the READ ME FIRST.

•To delete all restore points except the latest one, use the Disk Cleanup utility. Click Start, All Programs, Accessories, System Tools, and then Disk Cleanup. Click on the More Options tab and then select Clean up in the System Restore dialog box.


•To delete all the restore points on your computer, disable and re-enable System Restore on the system. Click Start, Control Panel, and then the System icon. Click on the System Restore tab in the dialog box, select the Turn off System Restore check box, and click Apply. Clear the check box again to re-enable System Restore and then click OK.


•You can reduce the number of restore points saved by decreasing the total amount of disk space available to System Restore. Note that less available disk space will decrease the relative number of restore points.

 

Okay! Looks like it may be for a graphics card.

That tells you where to look for it. Its drive C and the folder name is System Volume Information

It is normally a hidden folder, so if viewing of hidden files it enabled you should be able to see it in Windows Explorer.

You did not say whether you double checked that system restore was disabled.

 

Do you mean it is set to Show Hidden files and folders? I would interprete Off as Do not show hidden files and folders.

Also make sure you DO NOT have a check on the setting that reads: Hide protected operating system files (Recommended).


If there is no System Volume Information folder, why would you get the below messages from the scan you ran in message number 5?


Deleted
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP58\A0009867.scr

Infected with: Trojan.Downloader.Small.AXR
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP58\A0009867.scr

Disinfection failed
C:\System Volume Information\_restore{DBC7BF2C-7EA5-4E93-A1A8-F5F60F9746C0}\RP58\A0009867.scr

 

Please always give exact error messages. While I'm not sure right now why you got this error, I see no reason to run ADS Spy anyway.

 

If things were set correctly, why couldn't you see it before?

But if it is empty, your problems with infected files there are gone.

So what problems if any are you still having?

 

You may need to uninstall your Symantec/Norton AV program, reboot and then reinstall.

I repeat for ADS Spy:

 

Open up a command prompt window by click Start, Run and enter cmd and click OK.

Now enter the following command at the command prompt follow by the enter key.
chkdsk

Tell me what the first line you see says after hitting the enter key. Let the command run to completion and tell me if you see any problems.

 

Just run chkdks /f and it will fixed the errors.

As an alternative you can do an Error-Check on your drive by right clicking on the C drive from explorer and then select Properties and Tools. Then click Error-Checking Check Now. Select Automatically fix file system errors.