I'm helping my parents out with an older computer that has WinXP SP3. I am not sure whether their system is infected. The system is setup with two users, Admin and a user, g-brea. They use the g-brea to log in, which has a custom local policy to keep it from generally installing programs (it only works sometimes, but I've found it helps mitigate some issues).
Last month, it had a popup on startup, when logging in as the user, g-brea:
Content: "Windows cannot find 'C:\DOCUME~1\G-Brea\LOCALS~1\Temp\dubmnaxxx.scr'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search. OK"
Logging in as admin does not create said popup, only as the user.
I rebooted to safe-mode with networking, then installed and ran malewarebytes as administrator, and also tdskiller. The system already had MS security essentials, which was up to date, but I ran it anyway. Rebooting back and logging in as the user, the popup persisted. From memory, the programs did not result in anything unusual.
Searching the registry for "dubmnaxxx" reveals the following key, which I am unable to delete or modify:
The string is labled "load" with value, "C:\DOCUME~1\G-Brea\LOCALS~1\Temp\dubmnaxxx.scr"
I did a simultaneous login as admin (windows-key L), found the string and was still unable to modify or delete it.
The computer runs slower than expected with certain tasks; they have a second, identical computer, which runs snappier for the hardware present on the system.
What should I do to determine wether this system infected?
I appreciate any help and happy holidays.
Edited by General Public, 25 December 2012 - 01:00 PM.