Trojan/Virus?

Please return the files to where they belong. You should not be removing anything unless we direct you to do it!!!

Please read this:
Don't Bump! It Only Hurts You!!!

You are missing system files!

Now go to start / run / and type:
sfc /scannow
Have your xp cd handy and run it twice.

What is this on your desktop:
C:\Documents and Settings\Administrator\Desktop\7hk48t4y.exe ???

Now download and save this XPsp3bu.exe to your C:\ root folder. You must do this properly. Now run the XPsp2bu.exe program by double clicking on it. You may or may not notice a quick flash of a black window. This is normal. The program runs quickly and just extracts some files we need.

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

* Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
If it is not on your Desktop, the below will not work.
* Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
* If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
* Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

KILLALL::

File::
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\b.exe

FCopy::
C:\MGtools\temp\ctfmon.exemg | c:\windows\System32\ctfmon.exe
C:\MGtools\temp\eventlog.dllmg | c:\windows\System32\eventlog.dll

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MailBlocker]

* Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
* At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
* You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
If it asks you to overide the prvevious file with the same name, click YES.
* Now use your mouse to drag CFscript.txt on top of ComboFix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
* Follow the prompts.
* When it finishes, a log will be produced named c:\combofix.txt
* I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

* C:\ComboFix.txt
* C:\MGlogs.zip

 

Hummm.....then the only thing that you had posted about was in your system restore files. Is that all that you are having reported?

 

First off, ComboFix is asking you to install the Recovery Console, not system restore. The Recovery console allows you to be able to fix your system without having to use your xp disc. So there is no reason to not allow it to do that.

"Comodo antivurs detected, Trojware.Win32.Hacktool.Prockill" that tells me nothing. I would need to know the exact path of the file it is reporting. It may be reporting PocketKill Box which is a legit program.

You did not attach the logs that I requested. Please do that now.