p.s. I am sorry for the long thread
Don't worry. When we run into a new malware, thread know to go at least three pages.
four - five pages is an average for a new malware.
Hm ... something keeps files from deleting.
How FRST is deadly on Vista and above systems and you have XP, we will use Combofix and his CFScript because CF is big daddy for XP.
=========================================Delete old copy of Combofix, you need to download fresh copy of Combofix from here:
http://download.bleepingcomputer.com/sUBs/ComboFix.exeTemporarily disable your
AntiVirus program.
If you are unsure how to do this please read this or this Instruction.Open notepad and copy/paste the text present inside the code box below:
KillAll::
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"usbAl"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"usbAl"=-
File::
C:\DOCUME~1\WINDOW~1\LOCALS~1\Temp\usbAl.vbs
c:\documents and settings\Windows XP Pro\Start Menu\Programs\Startup\usbAl.vbs
Save this as
CFScript.txt Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:\
ComboFix.txt )
----- next ----Re-run FRST and post me frech created FRST log to see what is going on after running Combofix.