Which is more difficult searching the registry using regedit and the find tool or formatting your system, I know what I would choose.
1) Disabled the System Restore on Windows XP (You should reboot now before doing anything else)
2) Cleaned the temporary files.
3) Also deleted the virus
But
I had this problem before as well.It always comes back when i turn my pc on or restart.
Also useful as a diagnostic tool - Download
HiJackThis.zip - HJT Information
HiJackThis Tutorial 1 or
HiJackThis Tutorial 2 or
HiJackThis Tutorial 3On-line analysis -
HiJackThis Log file - On-line Analysis OR
HiJackThis Log file - On-line Analysis 2Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.
This should show all running processes or registry entries (run commands, etc.) so you should hopefully see mention of that file name.
If you haven't already got this software (freeware), download, install, update and run it, preferably in safe mode.
1.
Ewido, a.k.a. avg anti-spyware If using winXP. or
a-Squared free if using win98/ME.
2.
Ad-Aware SE Personal Edition - Ad-Aware Product Comparison Chart
http://www.lavasoft.de/download_and_buy/product_comparison_chart.php3.
Spybot Search and Destroy4.
Spywareblaster Don't install this until you are clean.
I think you need to review your security as prevention is better and easier than cure.
You might also consider proactive protection, in order to place files in the system folders and create registry entries you need permission. Prevention is much better and theoretically easier than cure.
Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can't put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.
Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.
The Windows Vista version of IE 7 will provide a Protected Mode that gives the browser sufficient rights to browse the Web, but not enough rights to modify user settings or data. Protected Mode will only be available to Vista users because the functionality depends on the reworked user account system in Windows Vista. Vista's version of IE 7 will also be able to automatically install security and other updates; that will not be the case in the XP version.
