Possible Infection

Hello, around two weeks ago I was composing a reply on a blog when something started to act up and I found I couldn't delete some parts of my potential post which I wanted to edit or scroll what I had already written, frustrated, I copied what I had done and saved it to a text file on the desktop in order to finish and post at a later date.

The next day when I got home from work(the machine having been left on during the night and day) I noticed the Jabbim icon in my tray though I haven't used it in over a year and wondered if it was my cat's feet on the keyboard which had pulled up Jabbim but when I went on-line I was having serious problems scrolling web pages. I closed the browser to try a restart and now found that my desktop was going crazy--icons on my desktop were being randomly highlighted at an extremely fast speed. When I tried to use the pointer it was as if someone else was remotely controlling it as it fought what I was attempting to do with it, for example, somehow the task-bar at the bottom got enlarged and I was trying to get the pointer down to it to set it right and as I was trying to shrink it the pointer was fighting me pulling the bar up and making it larger.

I then decided to go into the start menu to shut the computer off, I got the menu opened but couldn't shutdown because options on the menu were being highlighted,again at amazing speed. I had to shut the machine down at the button. When restarted it seemed to run normally(and has since).

I have Malwarebytes and ran a quick scan which found nothing. I also ran a full scan with Avast that found nothing. A week or so went by and I was still thinking about what had happened so I decided to run a full scan with Malwarebytes and this was found and quarantined:

"Registry Data Items Detected: 1
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and repaired successfully."

I ran another full scan a couple days later and it found nothing.

This computer has acted bizarrely in this same manner in the past and had malware which was detected by Malwarebytes and all guaranteed and removed. However the items came back upon the next scan and for some reason all were deleted except this:

"Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Not selected for removal."

Not sure why it wasn't selected for removal as this was back in 2011 and I don't remember but when checking scan logs I see subsequent quick and full scans show the system as clean. Maybe I used some other method to remove it? I do remember learning about shutting off and restarting system restore after malware removal to keep from being re-infected. I am not sure if that is the same registry data as was recently quarantined so I included it just in case it is relevant.

I didn't use this machine for about a year as one day after a storm that knocked the power out it wouldn't start after trying numerous times. I recently decided to give it a try again and it worked.

I want to make sure this machine is clean. It seems to be working ok but when I looked at the logs from MGtools it indicated a possible haxdoor. I am planning on installing a Linux distro and keeping xp just for a couple of music programs I have so I would like to be really sure this machine is clean before I do so.

I am sorry this is so long and greatly appreciate any help I receive.

Also, Rouge Killer left a quarantine file on my desktop in addition to the log. I am not sure why because I didn't tell it to quarantine anything and it didn't find any infections as far as I can tell.

Thanks again,

Shody

 

Hello TimW, thanks for your quick response. I think I may have made a mistake running the scans because I am pretty sure I didn't check "show files and hidden folders" first. I am a novice so not sure if it matters that files and folders were hidden during the scans.

Would you like me to run the scans again with files and folders unhidden? If so should I do so before running the Junk Removal Tool? I will go ahead and download JRT to the desktop and await your reply before running anything.

Yes, I am aware support for xp is ending soon so I plan on updating to sp3 . I didn't update because I read so many complaints about system problems stemming from the update and I have had issues with other major updates such as Firefox and Comodo, both of which quit working correctly after updates so I uninstalled them and chose alternates. Also, I didn't have the resources to do a full backup before the update, my CD-Rw drive doesn't recognize when a disc is inserted anymore and I am poor so spending money on some other external storage is difficult.

I know I need to research my options thoroughly to find a free or cheap means of backing up and then go ahead with the sp3 update. I then plan on finding a Linux distro for most of my needs because I admire the open source and free paradigm and I can't afford a more modern Windows anyway. I am looking at Puppy or Bodhi possibly because they are said to work well on old machines. I want to keep my windows mostly because I am not sure if Mariopaint Composer will work on Linux and I need to find out if I can ascend the Linux learning curve.

One thing I forgot to mention was that recently in "my computer" it is showing I have a floppy disc drive but I don't(there is a space for one) and it never indicated I did have one before. Also, when Rouge Killer was running the pre-scan a windows box popped up saying that the floppy drive was not ready for use and that the door might be open and please insert a disc and close the door. I just clicked continue and the pre-scan finished.

Thanks~
shody

 

I have attached the Junk Removal Tool log. I thank you for the help you gave me and will ask over in the software forum about a back-up program.