infected system

hi
when i install avira on it , avir try delete his file !!
that means i infected badly !
plz help


this is dds.txt

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.20583
Run by Dear-User at 17:40:44 on 2014-08-16
Microsoft Windows XP Professional 5.1.2600.3.1256.981.1033.18.1938.868 [GMT 4.5:30]
.
AV: Avira Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Sheed AntiVirus *Enabled/Updated* {1B2C78D0-7F17-4587-8F75-554CCC260541}
.
============== Running Processes ================
.
C:\WINXPSP3\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINXPSP3\Explorer.EXE
C:\WINXPSP3\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
C:\WINXPSP3\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Sheed AntiVirus\shgrprot.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
C:\WINXPSP3\system32\wbem\wmiprvse.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINXPSP3\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINXPSP3\System32\svchost.exe -k netsvcs
C:\WINXPSP3\system32\svchost.exe -k NetworkService
C:\WINXPSP3\system32\svchost.exe -k LocalService
C:\WINXPSP3\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = hxxp://192.168.1.181/
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
uRun: [CTFMON.EXE] c:\winxpsp3\system32\ctfmon.exe
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Avira Systray] c:\program files\avira\my avira\Avira.OE.Systray.exe
dRun: [CTFMON.EXE] c:\winxpsp3\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: EnableQuickReboot = 1
mPolicies-System: EnableLUA = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0AB562B9-0A66-4CA6-97D9-9E81246304C2} - hxxp://192.168.226.201/SuperClient2.exe
DPF: {D639FA00-CB11-4F67-82F2-C0A87EAECDF3} - hxxp://192.168.226.2/old/IVSWeb.cab
TCP: Interfaces\{04D8ACDC-FFE9-4505-A3DB-606D08353B3E} : NameServer = 4.2.2.4,8.8.8.8
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: Antiwpa - <no file>
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winxpsp3\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.143\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 mpa.one.microsoft.com
Hosts: 127.0.0.1 mpa.one.microsoft.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dear-user\application data\mozilla\firefox\profiles\ik0luguj.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\superclient2\NPicture2.dll
FF - plugin: c:\windows\system32\superclient2\npSuperClient.dll
FF - ExtSQL: 2014-07-24 17:53; {20a82645-c095-46ed-80e3-08825760534b}; c:\winxpsp3\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - ExtSQL: 2014-08-12 11:16; mozilla_cc@internetdownloadmanager.com; c:\documents and settings\dear-user\application data\idm\idmmzcc5
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\winxpsp3\system32\drivers\avkmgr.sys [2014-8-16 37352]
R1 IDMTDI;IDMTDI;c:\winxpsp3\system32\drivers\idmtdi.sys [2011-9-15 101616]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2014-8-16 430160]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2014-8-16 430160]
R2 avgntflt;avgntflt;c:\winxpsp3\system32\drivers\avgntflt.sys [2014-8-16 97648]
R2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\avira\my avira\Avira.OE.ServiceHost.exe [2014-7-14 141392]
R2 ShavProt;shavprot;c:\program files\sheed antivirus\shgrprot.exe [2012-6-12 44032]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2014-7-24 2656536]
R3 MEI;Intel(R) Management Engine Interface ;c:\winxpsp3\system32\drivers\HECI.sys [2014-7-24 41216]
S1 ArtaFilter;artafilter;c:\winxpsp3\system32\drivers\arta.sys --> c:\winxpsp3\system32\drivers\arta.sys [?]
S2 odclsxr;Network Microsoft;c:\winxpsp3\system32\svchost.exe -k netsvcs [2011-11-20 14336]
S2 SheedMon;SHEEDMON;c:\winxpsp3\system32\drivers\sheedmon.sys --> c:\winxpsp3\system32\drivers\sheedmon.sys [?]
S3 Ambfilt;Ambfilt;c:\winxpsp3\system32\drivers\Ambfilt.sys [2014-7-24 1691480]
S3 amsint32;amsint32;\??\c:\winxpsp3\system32\drivers\nqsjp.sys --> c:\winxpsp3\system32\drivers\nqsjp.sys [?]
.
=============== Created Last 30 ================
.
2014-08-16 12:48:46 -------- d-----w- c:\winxpsp3\system32\NtmsData
2014-08-16 12:48:22 -------- d-----w- c:\documents and settings\all users\application data\Package Cache
2014-08-16 12:48:03 -------- d-----w- c:\documents and settings\dear-user\application data\Avira
2014-08-16 12:46:35 97648 ----a-w- c:\winxpsp3\system32\drivers\avgntflt.sys
2014-08-16 12:46:35 37352 ----a-w- c:\winxpsp3\system32\drivers\avkmgr.sys
2014-08-16 12:46:33 -------- d-----w- c:\program files\Avira
2014-08-16 12:46:33 -------- d-----w- c:\documents and settings\all users\application data\Avira
2014-08-16 12:05:01 -------- d--h--w- c:\winxpsp3\PIF
2014-08-16 11:16:30 -------- d-----w- c:\program files\NardOnline
2014-08-16 05:07:57 99044 --sh--r- C:\sieh.exe
2014-08-12 12:29:12 99044 --sh--r- C:\qmwh.exe
2014-08-12 12:28:45 99044 --sh--r- C:\jybc.pif
2014-08-12 12:28:18 99044 --sh--r- C:\yhffgb.exe
2014-08-12 12:27:51 99044 --sh--r- C:\drmaq.pif
2014-08-12 12:27:24 99044 --sh--r- C:\rpubd.exe
2014-08-12 12:26:57 99044 --sh--r- C:\bajcco.pif
2014-08-12 12:26:30 99044 --sh--r- C:\xydob.exe
2014-08-12 12:26:03 99044 --sh--r- C:\vekd.pif
2014-08-12 12:25:36 99044 --sh--r- C:\bmjo.exe
2014-08-12 12:25:09 99044 --sh--r- C:\yuiis.exe
2014-08-12 12:24:42 99044 --sh--r- C:\jffc.pif
2014-08-12 12:20:45 99044 --sh--r- C:\xrafmv.exe
2014-08-12 12:20:18 99044 --sh--r- C:\yfqkuj.exe
2014-08-12 12:19:51 99044 --sh--r- C:\ufrn.exe
2014-08-12 12:19:24 99044 --sh--r- C:\kjbth.pif
2014-08-12 12:18:57 99044 --sh--r- C:\ksnip.pif
2014-08-12 12:18:29 99044 --sh--r- C:\luyrow.pif
2014-08-12 12:17:08 99044 --sh--r- C:\xiscg.exe
2014-08-12 12:16:41 99044 --sh--r- C:\nqul.pif
2014-08-12 12:16:14 99044 --sh--r- C:\bwbqw.pif
2014-08-12 12:15:20 99044 --sh--r- C:\fxuqny.pif
2014-08-12 12:14:53 99044 --sh--r- C:\tjefx.exe
2014-08-12 12:13:59 99044 --sh--r- C:\woqa.pif
2014-08-12 12:13:32 99044 --sh--r- C:\tixx.exe
2014-08-12 12:13:05 99044 --sh--r- C:\ybrkga.pif
2014-08-12 12:12:38 99044 --sh--r- C:\pevn.pif
2014-08-12 12:12:11 99044 --sh--r- C:\gmdf.pif
2014-08-12 12:11:44 99044 --sh--r- C:\ckiw.pif
2014-08-12 12:10:50 99044 --sh--r- C:\qvhe.pif
2014-08-12 12:09:56 99044 --sh--r- C:\whhqgx.pif
2014-08-12 12:08:47 99044 --sh--r- C:\vesmt.exe
2014-08-12 11:47:44 129808 ----a-w- c:\winxpsp3\system32\comdlg32.ocx
2014-08-12 11:47:43 192569 ----a-w- c:\winxpsp3\system32\msrpjt40.dll
2014-08-12 11:47:37 274489 ----a-w- c:\winxpsp3\system32\ntwdblib.dll
2014-08-12 11:47:35 97552 ----a-w- c:\winxpsp3\system32\rdocurs.dll
2014-08-12 11:47:35 376592 ----a-w- c:\winxpsp3\system32\msrdo20.dll
2014-08-12 11:47:35 32830 ----a-w- c:\winxpsp3\system32\dbmsshrn.dll
2014-08-12 11:46:34 306688 ----a-w- c:\winxpsp3\IsUninst.exe
2014-08-12 10:43:00 99044 --sh--r- C:\pnao.pif
2014-08-12 06:45:58 -------- d-----w- c:\documents and settings\dear-user\application data\IDM
2014-08-12 06:45:58 -------- d-----w- c:\documents and settings\dear-user\application data\DMCache
2014-08-12 06:45:55 -------- d-----w- c:\program files\Internet Download Manager
2014-08-09 14:15:14 -------- d-----w- C:\WINDOWS
2014-08-09 14:12:55 -------- d-----w- c:\program files\IVSWeb
2014-08-09 10:37:48 99044 --sh--r- C:\yqumpy.exe
2014-08-09 06:41:39 99044 --sh--r- C:\qdhfsc.exe
2014-08-02 04:13:13 -------- d-----w- c:\documents and settings\dear-user\application data\TeamViewer
2014-07-30 06:45:03 -------- d-sh--w- c:\documents and settings\all users\DRM
2014-07-26 13:46:25 -------- d-----w- c:\documents and settings\dear-user\local settings\application data\Google
2014-07-26 12:29:41 492248 ------w- c:\winxpsp3\system32\fpres832.dll
2014-07-26 12:29:41 453336 ------w- c:\winxpsp3\system32\fpmon8.dll
2014-07-26 12:23:12 26368 -c--a-w- c:\winxpsp3\system32\dllcache\usbstor.sys
2014-07-26 12:22:00 401408 ------w- c:\winxpsp3\system32\fpres632.dll
2014-07-26 12:21:59 389120 ------w- c:\winxpsp3\system32\fpmon6.dll
2014-07-26 04:03:37 -------- d-----w- c:\documents and settings\dear-user\local settings\application data\Mozilla
2014-07-24 15:42:55 -------- d-----w- c:\documents and settings\dear-user\local settings\application data\Temp
2014-07-24 15:42:55 -------- d-----w- c:\documents and settings\dear-user\local settings\application data\Adobe
2014-07-24 13:24:46 -------- d-----w- c:\program files\Business Objects
2014-07-24 13:09:00 -------- d-----w- c:\program files\MSXML 6.0
.
==================== Find3M ====================
.
2014-08-16 12:50:59 106496 ----a-w- c:\winxpsp3\Dream Aquarium.scr
2014-08-12 12:23:48 99044 --sh--r- C:\yvhhx.exe
2014-07-24 07:54:57 784604 ----a-w- c:\winxpsp3\unins001.exe
2014-07-24 07:54:21 716122 ----a-w- c:\winxpsp3\unins000.exe
.
============= FINISH: 17:41:16.87 ===============

Attached Files

Desktop.rar (4.9 KB)